基于变长认证跳表的分布式动态数据持有证明模型
|
摘要
动态数据持有证明(Dynamic Provable Data Possession, DPDP)是云存储中数据完整性验证的重要方法。但是,DPDP在分布式环境中应用时存在代价开销较高、对客户端不透明等问题。为此,文章将变长认证跳表(Flexible Length-based Authenticated Skip List, FlexList)可以很好地支持DPDP动态更新的优势与分布式环境结合,构建了基于Flex List的分布式动态数据持有证明模型(D-DPDP-Flex List)。该模型包括3种实体:中控服务器、存储服务器以及用户。存储服务器和中控服务器构成服务器端,其内部结构对用户是透明的,只通过中控服务器向用户提供服务。因此,用户无需针对服务器结构执行预处理操作,服务器端的可扩展性得到了有效增强。分布式变长认证跳表部署方法和多副本存储方式的采用降低了服务器的响应时间,提高了数据的可用性。文章给出了模型的形式化描述、实体间交互协议以及模型的安全性分析。相关测试验证了文章模型在分布式环境中的可用性。
Dynamic provable data possession(DPDP) is an important method of data integrity verification in cloud storage. However, DPDP still has some problems when applied in distributed environment, such as high cost, opacity to client and so on. Therefore, this paper uses flexible length-based authenticated skip list(FlexList) which has the advantage of DPDP dynamic updating to construct a distributed dynamic provable data possession model(D-DPDP-FlexList). This model includes three entities which are center control server,storage server and user. Center control server and some storage servers form the serverside. The internal structure of the server-side is transparent to the user and services are provided to users only through the central control server. Users don't need to preprocess their data according to the structure of the server-side. The adoption of distributed FlexList and multiple-replica storage improves server response time and data availability. This paper also gives the formal description, interaction protocols among the entities and security analysis.Relevant tests verify the availability of the model in distributed environment.
Dynamic provable data possession(DPDP) is an important method of data integrity verification in cloud storage. However, DPDP still has some problems when applied in distributed environment, such as high cost, opacity to client and so on. Therefore, this paper uses flexible length-based authenticated skip list(FlexList) which has the advantage of DPDP dynamic updating to construct a distributed dynamic provable data possession model(D-DPDP-FlexList). This model includes three entities which are center control server,storage server and user. Center control server and some storage servers form the serverside. The internal structure of the server-side is transparent to the user and services are provided to users only through the central control server. Users don't need to preprocess their data according to the structure of the server-side. The adoption of distributed FlexList and multiple-replica storage improves server response time and data availability. This paper also gives the formal description, interaction protocols among the entities and security analysis.Relevant tests verify the availability of the model in distributed environment.
引文
[1]TAN Shuang,JIA Yan,HAN Weihong.Research and Development of Provable Data Integrity in Cloud Storage[J].Chinese Journal of Computers,2015,38(1):164-177.谭霜,贾焰,韩伟红.云存储中的数据完整性证明研究及进展[J].计算机学报,2015,38(1):164-177.
[2]LI Bo,HUANG Yanyu,LIU Zheli,et al.HybridORAM:Practical Oblivious Cloud Storage with Constant Bandwidth[J].Information Sciences,2019,479:651-663.
[3]LV Congdong,HAN Zhen,MA Wei.Design and Implementation of Data Storage Encryption Mechanism in Cloud Storage[J].Netinfo Security,2014,14(6):1-5.吕从东,韩臻,马威.云存储服务端数据存储加密机制的设计和实现[J].信息网络安全,2014,14(6):1-5.
[4]STANEK J,KENCL L.Enhanced Secure Thresholded Data Deduplication Scheme for Cloud Storage[J].IEEE Transactions on Dependable and Secure Computing,2018,15(4):694-707.
[5]LEI Lei CAI Quanwei JING Jiwu,et al.Enforcing Access Controls on Encrypted Cloud Storage with Policy Hiding[J].Journal of Software,2016,27(6):1432-1450.雷蕾,蔡权伟,荆继武,等.支持策略隐藏的加密云存储访问控制机制[J].软件学报,2016,27(6):1432-1450.
[6]PENG Su,ZHOU Fucai,XU Jian,et al.Comments on IdentityBased Distributed Provable Data Possession in Multicloud Storage[J].IEEE Transactions on Services Computing,2016,9(6):996-998.
[7]ZHAO Yang,CHEN Yang,XIONG Hu,et al.A Revocable Authorization Provable Data Possession Scheme in Clouds[J].Netinfo Security,2015,15(8):1-7.赵洋,陈阳,熊虎,等.云环境下一种可撤销授权的数据拥有性证明方案[J].信息网络安全,2015,15(8):1-7.
[8]JUELS A,KALISKI Jr B S.PORs:Proofs of Retrievability for Large Files[C]//ACM.The 14th ACM Conference on Computer and Communications Security,October 29-November 2,2007,Alexandria,Virginia,USA.New York:ACM,2007:584-597.
[9]ATENIESE G,BURNS R,CURTMOLA R,et al.Provable Data Possession at Untrusted Stores[C]//ACM.The 14th ACM Conference on Computer and Communications Security,October 29-November 2,2007,Alexandria,Virginia,USA.New York:ACM,2007:598-609.
[10]SHACHAM H,WATERS B.Compact Proofs of Retrievability[J].Journal of Cryptology,2012,26(3):442-483.
[11]ATENIESE G,PIETRO R D,MANCINI L V,et al.Scalable and Efficient Provable Data Possession[C]//ACM.The 4th International Conference on Security and Privacy in Communication Netowrks,September 22-25,2008,Istanbul,Turkey.New York:ACM,2008.
[12]ERWAY C,KüP04üA,PAPAMANTHOU C,et al.Dynamic Provable Data Possession[C]//ACM.The 16th ACM Conference on Computer and Communications Security,November 9-13,2009,Illinois,USA.New York:ACM,2009:213-222.
[13]ESINER E,KACHKEEV A,BRAUNFELD S,et al.FlexDPDP:FlexList-based Optimized Dynamic Provable Data Possession[J].ACMTransactions on Storage,2016,12(4):1-44.
[14]CURTMOLA R,KHAN O,BURNS R,et al.MR-PDP:Multiple-replica Provable Data Possession[C]//IEEE.The 28th International Conference on Distributed Computing Systems,July 17-20,2008,Beijing,China.NJ:IEEE,2008:411-420.
[15]BARSOUM A F,HASAN M A.On Verifying Dynamic Multiple Data Copies over Cloud Servers[EB/OL].https://eprint.iacr.org/2011/447.pdf,2011-8-15.
[16]ZHU Yan,HU Hongxin,AHN G J,et al.Cooperative Provable Data Possession for Integrity Verification in Multicloud Storage[J].IEEE Transactions on Parallel&Distributed Systems,2012,23(12):2231-2244.
[17]XU Jian,LI Mingjie,LI Fuxiang,et al.Optimized Algorithms for Flexible Length-Based Authenticated Skip List[J].China Communications,2016,13(1):124-138.
[2]LI Bo,HUANG Yanyu,LIU Zheli,et al.HybridORAM:Practical Oblivious Cloud Storage with Constant Bandwidth[J].Information Sciences,2019,479:651-663.
[3]LV Congdong,HAN Zhen,MA Wei.Design and Implementation of Data Storage Encryption Mechanism in Cloud Storage[J].Netinfo Security,2014,14(6):1-5.吕从东,韩臻,马威.云存储服务端数据存储加密机制的设计和实现[J].信息网络安全,2014,14(6):1-5.
[4]STANEK J,KENCL L.Enhanced Secure Thresholded Data Deduplication Scheme for Cloud Storage[J].IEEE Transactions on Dependable and Secure Computing,2018,15(4):694-707.
[5]LEI Lei CAI Quanwei JING Jiwu,et al.Enforcing Access Controls on Encrypted Cloud Storage with Policy Hiding[J].Journal of Software,2016,27(6):1432-1450.雷蕾,蔡权伟,荆继武,等.支持策略隐藏的加密云存储访问控制机制[J].软件学报,2016,27(6):1432-1450.
[6]PENG Su,ZHOU Fucai,XU Jian,et al.Comments on IdentityBased Distributed Provable Data Possession in Multicloud Storage[J].IEEE Transactions on Services Computing,2016,9(6):996-998.
[7]ZHAO Yang,CHEN Yang,XIONG Hu,et al.A Revocable Authorization Provable Data Possession Scheme in Clouds[J].Netinfo Security,2015,15(8):1-7.赵洋,陈阳,熊虎,等.云环境下一种可撤销授权的数据拥有性证明方案[J].信息网络安全,2015,15(8):1-7.
[8]JUELS A,KALISKI Jr B S.PORs:Proofs of Retrievability for Large Files[C]//ACM.The 14th ACM Conference on Computer and Communications Security,October 29-November 2,2007,Alexandria,Virginia,USA.New York:ACM,2007:584-597.
[9]ATENIESE G,BURNS R,CURTMOLA R,et al.Provable Data Possession at Untrusted Stores[C]//ACM.The 14th ACM Conference on Computer and Communications Security,October 29-November 2,2007,Alexandria,Virginia,USA.New York:ACM,2007:598-609.
[10]SHACHAM H,WATERS B.Compact Proofs of Retrievability[J].Journal of Cryptology,2012,26(3):442-483.
[11]ATENIESE G,PIETRO R D,MANCINI L V,et al.Scalable and Efficient Provable Data Possession[C]//ACM.The 4th International Conference on Security and Privacy in Communication Netowrks,September 22-25,2008,Istanbul,Turkey.New York:ACM,2008.
[12]ERWAY C,KüP04üA,PAPAMANTHOU C,et al.Dynamic Provable Data Possession[C]//ACM.The 16th ACM Conference on Computer and Communications Security,November 9-13,2009,Illinois,USA.New York:ACM,2009:213-222.
[13]ESINER E,KACHKEEV A,BRAUNFELD S,et al.FlexDPDP:FlexList-based Optimized Dynamic Provable Data Possession[J].ACMTransactions on Storage,2016,12(4):1-44.
[14]CURTMOLA R,KHAN O,BURNS R,et al.MR-PDP:Multiple-replica Provable Data Possession[C]//IEEE.The 28th International Conference on Distributed Computing Systems,July 17-20,2008,Beijing,China.NJ:IEEE,2008:411-420.
[15]BARSOUM A F,HASAN M A.On Verifying Dynamic Multiple Data Copies over Cloud Servers[EB/OL].https://eprint.iacr.org/2011/447.pdf,2011-8-15.
[16]ZHU Yan,HU Hongxin,AHN G J,et al.Cooperative Provable Data Possession for Integrity Verification in Multicloud Storage[J].IEEE Transactions on Parallel&Distributed Systems,2012,23(12):2231-2244.
[17]XU Jian,LI Mingjie,LI Fuxiang,et al.Optimized Algorithms for Flexible Length-Based Authenticated Skip List[J].China Communications,2016,13(1):124-138.