Key-exposure resilient integrity auditing scheme with encrypted data deduplication

For the problems of key-exposure,encrypted data duplication and integrity auditing in cloud data storage,a public auditing scheme was proposed to support key update and encrypted data deduplication.Utilizing Bloom filters,the proposed scheme could achieve client-side deduplication,and guaranteed that the key exposure in one time period didn’t effect the users’ private key in other time periods.The proposed scheme could solve the conflict between key-exposure resilient and encrypted data deduplication in public auditing scheme for the first time.Security analysis indicates that the proposed scheme is strong key-exposure resilient,confidentiality,detectability,and unforgeability of authentication tags and tokens under the computation Diffie-Hellman hardness assumption in the random oracle model.     

基于多分支认证树的多用户多副本数据持有性证明方案

在云存储环境下,如何高效、动态地完成对多用户多副本数据的完整性验证是一个挑战性问题。基于双线性代数映射的签名机制和多分支认证树特性,提出了一种新的多用户多副本数据持有性证明方案。该方案通过使用随机掩码技术对密文进行处理确保数据隐私性,采用多分支认证树来提高数据分块的签名效率,能够支持数据动态更新操作。此外,引入第三方审计者对多用户多副本数据进行批量审计以减少计算开销。最后,分析表明本方案具有较高的安全性和效率。     

支持条件身份匿名的云存储医疗数据轻量级完整性验证方案

医疗云存储服务是云计算技术的一个重要应用,同时外包医疗数据的完整性和用户的身份隐私保护已变得越来越重要。该文提出适用于无线医疗传感器网络的支持条件身份匿名的外包云存储医疗数据轻量级完整性验证方案。方案结合同态哈希函数设计了聚合签名,通过第三方审计者(TPA)对外包云存储医疗数据进行完整性验证,在TPA端存放审计辅助信息,利用同态哈希函数的同态性质将TPA端的计算优化为常量运算,大大降低了第三方审计者的计算开销,同时支持TPA对多个数据文件执行批量验证,其验证开销几乎是恒定的,与医疗数据文件的数量无关。方案有效防止了第三方审计者通过求解线性方程恢复原始医疗数据,并且设计了条件身份匿名算法,密钥生成中心(PKG)根据用户唯一标识的身份信息为用户生成匿名身份及对应的签名私钥。即使攻击者截获到用户传输的医疗数据,也无法获知拥有此数据的真实身份,有效避免了对公钥证书的复杂管理,同时使得密钥生成中心可以有效追踪医疗信息系统中具有恶意行为的用户。安全性分析与性能评估结果表明该方案能够安全高效地部署在云辅助无线医疗传感器网络。     

基于属性加密的高效密文去重和审计方案

针对当前支持去重的属性加密方案既不支持云存储数据审计,又不支持过期用户撤销,且去重搜索和用户解密效率较低的问题,该文提出一种支持高效去重和审计的属性加密方案。该方案引入了第3方审计者对云存储数据的完整性进行检验,利用代理辅助用户撤销机制对过期用户进行撤销,又提出高效去重搜索树技术来提高去重搜索效率,并通过代理解密机制辅助用户解密。安全性分析表明该方案通过采用混合云架构,在公有云达到IND-CPA安全性,在私有云达到PRV-CDA安全性。性能分析表明该方案的去重搜索效率更高,用户的解密计算量较小。     

Trusted auditing method of virtual machine based on improved expectation decision method

Whether the cloud computing environment is credible is the key factor in the promotion and effective use of cloud computing.For this reason,the expected value decision method in risk decision-making was improved.The usage scenarios was redefined,the cost and benefit of audit scheme was digitized,and a virtual machine trusted auditing strategy based on improved expectation decision method was proposed.Several levels of security protection for the user virtual machine was provided,and the optimal audit scheme was selected autonomously according to the security protection level chosen by the user for the virtual machine.The virtual machine introspection (VMI) technology was used to obtain the virtual machine information that needs to be audited.The designed encryption mechanism was used to protect the security of users selected security protection level,so as to ensure the security of user virtual machine selection audit strategy.Finally,the simulation results show that the scheme has good performance and validity.     

Cross-domain data cloud storage auditing scheme based on certificateless cryptography

With the development of Internet of things (IoT), more and more intelligent terminal devices outsource data to cloud servers (CSs). However, the CS is not fully trusted, and the heterogeneity among different domains makes it difficult for third-party auditor (TPA) to conduct an efficient integrity auditing of outsourced data. Therefore, the cross-domain data cloud storage auditing scheme based on certificateless cryptography is proposed, which can effectively avoid the big burden of certificate management or key escrow problems in identity-based cryptography. At the same time, TPA can effectively audit the integrity of outsourced data in different domains. Formal security proof and analysis show that the cloud storage auditing scheme satisfies the security and privacy requirements. Performance analysis demonstrates that the efficiency is acceptable.     

A survey on blockchain-based integrity auditing for cloud data

With the rapid advancement of cloud computing, cloud storage services have developed rapidly. One issue that has attracted particular attention in such remote storage services is that cloud storage servers are not enough to reliably save and maintain data, which greatly affects users’ confidence in purchasing and consuming cloud storage services. Traditional data integrity auditing techniques for cloud data storage are centralized, which faces huge security risks due to single-point-of-failure and vulnerabilities of central auditing servers. Blockchain technology offers a new approach to this problem. Many researchers have endeavored to employ the blockchain for data integrity auditing. Based on the search of relevant papers, we found that existing literature lacks a thorough survey of blockchain-based integrity auditing for cloud data. In this paper, we make an in-depth survey on cloud data integrity auditing based on blockchain. Firstly, we cover essential basic knowledge of integrity auditing for cloud data and blockchain techniques. Then, we propose a series of requirements for evaluating existing Blockchain-based Data Integrity Auditing (BDIA) schemes. Furthermore, we provide a comprehensive review of existing BDIA schemes and evaluate them based on our proposed criteria. Finally, according to our completed review and analysis, we explore some open issues and suggest research directions worthy of further efforts in the future.     

面向6G的雾无线接入网内生安全数据共享机制研究

为解决6G移动通信系统中雾无线接入网中数据共享的数据安全问题,提出了一种实现本地差分隐私和动态批量审计的内生安全数据共享机制。首先,用户本地对数据运行RAPPOR算法保护数据隐私;其次,雾接入点对数据进行缓存和预处理;再次,大功率节点对雾接入点上的数据进行基于BLS签名和Merkle哈希树的数据完整性审计;最后,BBU池通过统计分析推断出共享数据的原始分布。安全性分析和仿真表明,所提机制实现了用户的本地差分隐私,并支持安全的多客户端批量审计和数据动态操作,同时具有较高的时间、空间和通信效率。     

Provable data possession scheme with authentication

To satisfy the requirements of identity authentication and data possession proven in the cloud application scenarios,a provable data possession scheme with authentication was proposed.Based on data tag signature and randomness reusing,the proposed scheme could accomplish several issues with three interactions,including the possession proof of cloud data,the mutual authentication between user and cloud computing server,the session key agreement and confirmation.Compared to the simple combination of authentication key agreement and provable data possession schemes,the proposed scheme has less computation and interactions,and better provable securities.In the random oracle model,the security proof of the proposed scheme is given under the computational Diffie-Hellman assumption.     

Identity‐and‐data privacy forward security public auditing protocol in the standard model

To ensure the intactness of the stored data in cloud, numerous data public auditing mechanisms have been presented. However, most of these existing solutions suffer from several flaws: (a) identity privacy and data privacy of data owner are inevitably revealed to the auditor in the auditing process; (b) the existing public auditing mechanisms with resisting key exposure are only proved in the random oracle model. To address the problems above, in this paper, we propose an achieving identity‐and‐data privacy public auditing protocol with forward security in the standard model by incorporating knowledge proof signature, ring signature, and forward security technique. And then, we formalize the security model of forward security and anonymity of identity, in which the adversary is allowed to query private keys of some ring members. It can provide stronger security. Thus, our proposed scheme can not only achieve data owner's identity privacy and data privacy but also provide forward security for data owner's secret key. To the best of our knowledge, it is the first preserving privacy of identity‐and‐data public auditing scheme with forward security that is provably secure in the standard model. The security of the scheme is related to the computational Diffie–Hellman (CDH) problem and the subgroup decision problem. Finally, our scheme is simulatively tested; experimental results demonstrate that our mechanism is very efficient in terms of overall performance.