基于工业云存储系统的数据防篡改批量审计方案  

作　　者：张晓均[1,2,3] 郝云溥 李磊 李晨阳[1] 周子玉[1] ZHANG Xiaojun;HAO Yunpu;LI Lei;LI Chenyang;ZHOU Ziyu(School of Computer Science and Software Engineering,Southwest Petroleum University,Chengdu Sichuan 610500,China;Bureau of Geophysical Prospecting Inc.,China National Petroleum Corporation,Zhuozhou Hebei 072751,China;National Engineering Research Center of Oil and Gas Exploration Computer Software,Zhuozhou Hebei 072750,China)

机构地区：[1]西南石油大学计算机与软件学院,成都610500 [2]中国石油集团东方地球物理勘探有限责任公司,河北涿州072751 [3]油气勘探计算机软件国家工程研究中心,河北涿州072750

出　　处：《计算机应用》2025年第3期891-895,共5页journal of Computer Applications

基　　金：国家自然科学基金资助项目(61902327);油气勘探开发软件国家工程研究中心开放课题(DFWT-ZYRJ-2024-JS-81);四川省自然科学基金资助项目(2025ZNSFSC0495)。

摘　　要：为解决工业云存储系统数据遭受篡改等网络主动攻击问题,实现工业数据云端安全共享的目标,并确保工业数据传输与存储过程的机密性、完整性与可用性,提出基于工业云存储系统的数据防篡改批量审计方案。在该方案中,设计基于双线性对映射的同态数字签名算法,使第三方审计者实现对工业云存储系统数据的批量防篡改完整性检测,并及时将防篡改完整性审计结果反馈给工程服务终端用户;此外,通过加入审计者减轻工程服务终端用户的计算负担,同时确保工业加密数据在传输与存储过程中的完整性。安全性分析与性能比较结果表明,所提方案通过设计防篡改检测向量,使得第三方审计者的计算量从O(n)次双线性对操作减少到O(1)次常量级双线性对操作,极大地降低了第三方审计者的计算开销。可见,所提方案适用于需要对大量工业云存储系统核心数据文件进行防篡改检测的轻量级批量审计场景。To address the issue of network active attacks such as tampering for industrial cloud storage system data,to achieve the goal of secure sharing of industrial data in cloud storage,and to ensure the confidentiality,integrity,and availability of industrial data transmission and storage processes,a data tamper-proof batch auditing scheme based on industrial cloud storage systems was proposed.In this scheme,a homomorphic digital signature algorithm based on bilinear pairing mapping was proposed,enabling a third-party auditor to achieve batch tamper-proof integrity detection of industrial cloud storage system data,and feedback the tamper-proof integrity auditing results to engineering service end users timely.Besides,the computational burden on engineering service end users was reduced by adding auditors,while ensuring the integrity of industrial encrypted data during transmission and storage processes.Security analysis and performance comparison results demonstrate that the proposed scheme reduces the third-party auditing computational cost significantly by reducing the third-party auditor’s computational cost from O(n)bilinear pairing operations to O(1)constant-level bilinear pairing operations through the design of tamper-proof detection vectors.It can be seen that the proposed scheme is suitable for lightweight batch auditing scenarios that require tamper-proof detection of a large number of core data files of industrial cloud storage systems.

关 键 词：工业云存储 防篡改 同态数字签名 数据完整性 批量审计 

分 类 号：TP399[自动化与计算机技术—计算机应用技术]