基于BLS的多用户多副本数据持有性批量审计  被引量：8

作　　者：陈何峰[1,2] 林柏钢[1,2] 杨旸 吴阳[1,2] 

机构地区：[1]福州大学数学与计算机科学学院,福州350108 [2]网络系统信息安全福建省高校重点实验室,福州350108

出　　处：《密码学报》2014年第4期368-378,共11页Journal of Cryptologic Research

基　　金：国家自然科学基金项目(60175022);福建省科技厅重点项目(2012H0025)

摘　　要：为了保证用户数据的可靠性和可用性,云服务提供商会根据用户需求对数据进行多副本存储.但是服务提供商往往是不可信的.为检查远程数据完整性,现有方案大多解决如何高效的完成单用户对单份数据的完整性验证,尚缺少如何高效的完成多用户同时验证多副本数据.若将这些方案直接应用于多用户多副本环境中,将带来的成倍于单份数据的持有性证明方案的计算开销与通信开销问题.为了解决该问题,本文提出了一种基于BLS的2M-PDP审计方案.该方案采用双线性对聚集签名技术构造2M-PDP算法,在不泄露用户隐私信息的前提下引入第三方审计者,将多用户的审计申请批量发送给云服务提供商,减少交互次数和降低通信开销;服务提供商计算持有性证明和第三方审计者验证过程中采用双线性对聚集签名技术,降低计算开销.在安全性上,所引入的审计第三方不会带来新的安全风险,并且本方案能够抵抗云服务器重放攻击、合谋攻击和替换攻击.最后通过实验验证了该方案的可行性和高效性.In cloud storage system, to ensure the reliability and availability of user's data, cloud service providers(CSPs) usually store multiple copies of user's data according to user's need. However, CSPs are often semi-trusted. In order to check whether they actually spend storage for multiple replicas, current schemes mostly solve how the single user to efficiently verify the single-copy, but do not work well for multi-user to simultaneously verify multi-copy. If these schemes directly applied to a multi-user multi-copy environment, it will bring double computational and communication overhead than that in provable data procession verification of single-copy. In order to solve the problem, the 2M-PDP based on BLS with public batch auditing is proposed. The scheme uses the technique of bilinear aggregate signature to construct 2M-PDP, third party audit is introduced with the prerequisite of non-disclosure of user privacy information, the batch of multi-user application is sent to cloud service providers for audit to reduce the number of interactions and reduce communication overhead. CSPs computing holds proof and third-party auditors verification process for gathering signatures bilinear technology to reduce computational overhead. In security, the third party auditing process should bring in no vulnerabilities towards user data privacy, and the scheme can resist the cloud server replay attacks, collusion attacks, and replacement attacks. Finally, experiments verify the feasibility and efficiency.

关 键 词：云存储 多副本批量审计 数据持有性验证 公开验证 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]