支持错误定位与数据恢复的多云关键词审计  

作　　者：薛婧婷 罗抒琴 张文政 李发根[3] 周宇 张晓均[2] XUE Jing-Ting;LUO Shu-Qin;ZHANG Wen-Zheng;LI Fa-Gen;ZHOU Yu;ZHANG Xiao-Jun(National Key Laboratory of Security Communication(Institute of Southwestern Communication,China Electronics Technology Cyber Security Co.Ltd.),Chengdu 610041,China;School of Computer Science and Software Engineering,Southwest Petroleum University,Chengdu 610500,China;School of Computer Science&Engineering,University of Electronic Science and Technology of China,Chengdu 611731,China)

机构地区：[1]保密通信全国重点实验室(中国电子科技网络信息安全有限公司中国电子科技集团公司第三十研究所),四川成都610041 [2]西南石油大学计算机与软件学院,四川成都610500 [3]电子科技大学计算机科学与工程学院,四川成都611731

出　　处：《软件学报》2025年第3期1268-1288,共21页Journal of Software

基　　金：国家自然科学基金(61902327);通信安全重点实验室科技基金(61421030107012102);四川省自然科学基金(2023NSFSC1398,2022YFG0172,2022JDRC0061);成都市重点研发项目(2021-YF05-00965-SN)。

摘　　要：基于关键词的审计(KA)技术是保障云审计经济适用性的重要手段.不同于概率性审计对外包数据进行随机抽样验证,KA考虑多用户多属性数据的审计需求,执行关键词检索和定向审计,能有效降低审计开销.然而,现有的KA方案通常聚焦于目标数据的审计效率,而很少关注审计失败后的错误定位及数据恢复等补救措施;这无益于保障数据的可用性.因此,提出基于关键词的多云审计方案(简称KMCA),结合智能合约技术实现定向审计、批量错位定位与数据恢复功能.具体来说,定向审计模块借鉴可搜索加密技术的索引结构,定义关键词-文件数据映射关系,并利用布隆过滤器的误报率特性来隐藏审计词频,保护关键词隐私;错误定位模块采用二分思想实现出错云服务器批量定位和受损数据细粒度定位;数据恢复模块提出多云冗余存储与数据恢复策略,避免单点故障,提升存储容错率.在随机预言机模型下,KMCA是可证明安全的.性能分析表明,KMCA具备可行性.Keyword-based auditing(KA)technology is a crucial measure to achieve cost-effectiveness in cloud auditing applications.Different from probabilistic auditing,which verifies outsourced data by random sampling and verification,KA considers the auditing requirements of multi-user and multi-attribute data by performing keyword searches and targeted audits.KA can significantly reduce auditing costs.However,existing KA schemes usually focus only on auditing the efficiency of target data while paying little attention to remedial measures such as fault localization and data recovery after audit failures.This lack of attention to remediation measures does not guarantee data availability.Therefore,this study proposes a keyword-based multi-cloud auditing scheme(referred to as KMCA)that leverages smart contracts to enable targeted auditing,batch fault localization,and data recovery.Specifically,the targeted auditing module defines the keyword-file mapping based on the searchable encryption index structure and employs Bloom filters’false-positive rate characteristic to hide keyword frequency and protect privacy.The fault localization module uses a binary search approach to locate error-prone cloud servers in batches and fine-grained localization of corrupted data.The data recovery module formulates multi-cloud redundant storage and data recovery strategies to avoid single-point failure and improve storage fault tolerance.Under the random oracle model,KMCA is provably secure.Performance analysis shows that KMCA is feasible.

关 键 词：基于关键词的审计 批量错误定位 数据恢复 智能合约 多云存储 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]