面向轻量级设备的云存储场景数据完整性校验方案  

作　　者：韩冰 王昊 方敏 张永超 周璐 葛春鹏 Han Bing;Wang Hao;Fang Min;Zhang Yongchao;Zhou Lu;Ge Chunpeng(College of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 211106;School of Data Science and Engineering,East China Normal University,Shanghai 200062;School of Cyberspace Security,Southeast University,Nanjing 211189;School of Software,Shandong University,Jinan 250101;Joint SDU-NTU Centre for Artificial Intelligence Research(C-FAIR),Software School,Shandong University,Jinan 250101)

机构地区：[1]南京航空航天大学计算机科学与技术学院,南京211106 [2]华东师范大学数据科学与工程学院,上海200062 [3]东南大学网络空间安全学院,南京211189 [4]山东大学软件学院,济南250101 [5]山东大学-南洋理工大学人工智能国际联合研究院,济南250101

出　　处：《计算机研究与发展》2024年第10期2467-2481,共15页Journal of Computer Research and Development

基　　金：国家重点研发计划项目(2021YFB2700503);国家自然科学基金项目(62071222,62032025,U21A20467,U20A20176,U22B2030);江苏省自然科学基金项目(BK20220075);深圳市科学技术计划项目(JCYJ20210324134810028)。

摘　　要：资源受限的轻量级移动设备往往可以通过将大规模数据外包至云存储服务器中从而卸载自身的计算和存储压力.然而该云存储模式存在自私云服务器丢弃数据以节省存储资源的可能性.因此需要能够对云储存数据进行有效的完整性校验以确保数据正确完好地存储着.然而现有的云存储完整性校验机制在缺乏可靠且能够满足数据隐私保护的前提下对数据进行即时、多次校验的机制.提出了一种基于可信执行环境的完整性校验机制,通过在隔离区域中对数据产生可信证明,保证了云服务器在全过程中对数据以及产生证明的全过程的不可见,从而不得不诚实地保证存储数据的完整性.为了进一步提高方案的安全性,引入了区块链智能合约以提供证明的可信存证和验证.此外,还考虑到了端侧设备的资源不足问题,提出了基于布谷鸟过滤器的高效验证机制.实验结果表明,该方法能够在保证隐私数据的完整性校验的基础上,实现较高的执行效率和实用性.Lightweight mobile devices with limited resources often alleviate their computational and storage burdens by outsourcing large-scale data to cloud storage servers.However,this cloud storage model is susceptible to the possibility of selfish cloud servers discarding data to conserve storage resources.Therefore,there is a need for effective integrity verification of cloud-stored data to ensure its correct and intact storage.Existing cloud storage integrity verification mechanisms lack a reliable approach to perform real-time,multiple verifications of data under the premise of data privacy protection.We propose an integrity verification mechanism based on a trusted execution environment.It generates trustworthy proofs in isolated areas to ensure that the cloud server remains unaware of the data and the entire proof generation process,thereby compelling honest assurance of data integrity throughout the process.To further enhance the security of the proposed solution,we introduce blockchain smart contracts to provide trustworthy storage and verification of proofs.Additionally,we address the issue of resource scarcity on the client side by proposing an efficient verification mechanism based on cuckoo filters.Experimental results demonstrate that this method can achieve high execution efficiency and practicality while ensuring the integrity verification of private data.

关 键 词：完整性校验 云存储 可信执行环境 区块链 布谷鸟过滤器 隐私保护 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]