基于身份代理离线签名的数据完整性审计协议

为解决移动边缘设备进行数据完整性审计时在计算、存储等方面存在限制的问题,提出一种可降低用户计算量和网络通信开销的数据完整性审计方案(IBPOS-PDP)。在基于身份的密码体制上将数据签名分为轻量级在线签名和复杂离线签名,采用代理方帮助用户完成离线签名。分析当前数据完整性审计的研究方向,提出方案模型,在随机预言机模型下证明方案可靠性,攻击者伪造证书、数据签名、完整性验证证据是困难的。利用PCB库进行仿真实验,在已委托代理方生成离线签名的情况下,IBPOS-PDP方案用户计算代价小于IBPS-PDP方案。实验和性能分析结果表明,IBPOS-PDP方案在整个数据完整性审计过程中使用户计算量和系统通信量达到了较好的平衡。

Data integrity audit protocol based on identity proxy off-line signature

To solve the problem that the mobile edge device has limitations in computing and storage capacity during data integrity auditing,a data integrity auditing scheme(IBPOS-PDP)was proposed to reduce the amount of user computing and network communication overhead.Data signatures were classified into lightweight online signatures and complex offline signatures in the identity-based cryptosystem,and the agent generated the offline signature for the user.The research direction of current data integrity audit was analyzed,and the scheme model was proposed.The reliability of the scheme was proved under the random oracle model.It is difficult for the attackers to forge the certificate,the data signature,and the integrity verification evidence.The PCB library was used in the simulation experiments,in which the user calculation cost of the IBPOS-PDP scheme is lower than that of the IBPS-PDP scheme on the premise that the agent has been commissioned to generate an offline signature.The results of the experiments and the performance analysis show that the IBPOS-PDP scheme achieves better balance between user computing and system traffic throughout in the data integrity audit process.