共查询到20条相似文献,搜索用时 15 毫秒
1.
In order to protect the security of the data stored in the cloud by group users,a data integrity verification scheme was designed which can protect the privacy of the group users.The scheme can efficiently detect the shared data in the cloud and support the dynamic updating of the data,and use the characteristic of the ring signature to hide the iden-tity of the signer corresponding to the data block.That is,the third-party verifier can not spy on the users identity and other private information when validating.The aggregated approach is used to generate data labels,which reduces the storage cost of labels and supports the dynamic operation of group data,so that the users in the group can easily modify the cloud group data. 相似文献
2.
With the rapid development of cloud storage,more and more users are storing their data in the cloud.To verify whether the users’ data stored in the cloud is corrupted,one effective method is to adopt cloud storage integrity checking schemes.An identity-based cloud storage integrity checking scheme was proposed on the small integer solution problem over ideal lattices,and it was proven to be secure against the adaptive identity attacks of clouds in the random oracle model.To validate the efficiency of the scheme,extensive experiments were conducted to make performance-comparisons between the scheme and the existing two identity-based cloud storage integrity checking schemes.The experimental results show that the online tag-generation time and the proof-verification time of the scheme are respectively reduced by 88.32%~93.74% and 98.81%~99.73%. 相似文献
3.
To solve the problem of data integrity in cloud storage,an aggregated privacy-preserving auditing scheme was proposed.To preserve data privacy against the auditor,data proof and tag proof were encrypted and combined by using the bilinearity property of the bilinear pairing on the cloud server.Furthermore,an efficient index mechanism was designed to support dynamic auditing,which could ensure that data update operations did not lead to high additional computation or communication cost.Meanwhile,an aggregation method for different proofs was designed to handle multiple auditing requests.Thus the proposed scheme could also support batch auditing for multiple owners and multiple clouds and multiple files.The communication cost of batch auditing was independent of the number of auditing requests.The theoretical analysis and experimental results show that the proposed scheme is provably secure.Compared with existing auditing scheme,the efficacy of the proposed individual auditing and batch auditing improves 21.5% and 31.8% respectively. 相似文献
4.
Cloud storage is gaining popularity as it relieves the data owners from the burden of data storage and maintenance cost. However, outsourcing data to third‐party cloud servers raise several concerns such as data availability, confidentiality, and integrity. Recently, regenerating codes have gained popularity because of their low repair bandwidth while ensuring data availability. In this paper, we propose a secure regenerating code‐based cloud storage (SRCCS) scheme, which utilizes the verifiable computation property of homomorphic encryption scheme to check the integrity of outsourced data. In this work, an error‐correcting code (ECC)–based homomorphic encryption scheme (HES) is employed to simultaneously provide data privacy as well as error correction while supporting efficient integrity verification. In SRCCS, server regeneration process is initiated on detection of data corruption events in order to ensure data availability. The ECC‐based HES significantly reduces the probability of server regeneration and minimizes the repair cost. Extensive theoretical analysis and simulation results validate the security, efficiency, and practicability of the proposed scheme. 相似文献
5.
For the problems of key-exposure,encrypted data duplication and integrity auditing in cloud data storage,a public auditing scheme was proposed to support key update and encrypted data deduplication.Utilizing Bloom filters,the proposed scheme could achieve client-side deduplication,and guaranteed that the key exposure in one time period didn’t effect the users’ private key in other time periods.The proposed scheme could solve the conflict between key-exposure resilient and encrypted data deduplication in public auditing scheme for the first time.Security analysis indicates that the proposed scheme is strong key-exposure resilient,confidentiality,detectability,and unforgeability of authentication tags and tokens under the computation Diffie-Hellman hardness assumption in the random oracle model. 相似文献
6.
由于社会分工和资源共享的必然,公共云平台必将成为和电网、互联网等同等重要的国家基础设施。云计算面临的安全问题制约着云计算的广泛使用。数据安全在云计算中尤为重要,如何保证数据的安全性是云计算安全的核心。从数据的隐私保护计算、数据处理结果的完整性认证、数据访问权限控制以及数据的物理安全4个方面对已有研究工作进行了分类和总结,为后续云计算中数据的安全性研究提供参照。 相似文献
7.
8.
In order to solve the problem that the communication overhead of date update was too large on network-coding-based cloud storage system,a new differential data update scheme was proposed.By encoding and compressing the updated part of file,the communication overhead was reduced significantly.A network-coding-based storage prototype system was designed and implemented,and update scheme was deployed in the real network settings.Experimental results show that the proposed scheme has less communication overhead and better scalability than the existing schemes. 相似文献
9.
More and more users choose to transfer their applications and data into the cloud.Data security is a key issue for cloud storage systems.To ensure the integrity and validity of the data stored in the cloud,provable data possession (PDP) scheme is particularly important.In order to verify whether the cloud storage service provider had stored the data of the user completely,a scheme on the basis of NRPDP (non-repudiable PDP) was improved and extended,and a data retention scheme based on public authentication and private authentication was proposed.The scheme can verify the trustworthiness of the service provider and the user in the cloud storage at the same time,which satisfies the non-repudiation of the verification.The theory proves the non-repudiation of the proposed scheme.The experiment proves that the efficiency of each stage is better than that of the existing single public verification method or private authentication method. 相似文献
10.
To resist the attacks from the malicious Cloud service providers and the organizer, an integrality verification of completeness and zero‐knowledge property (IVCZKP) scheme for multi‐Cloud environment is proposed. First, the bilinear pairing maps are adopted as a basis of theoretical support for IVCZKP scheme. Second, the change of file blocks is recorded, and the hash value of each block is generated through the index‐hash table in the verification process. Finally, the hash value of each block is updated through this index‐hash table to support the dynamic updates to user's data, such as data modification, data insertion, and data deletion. Compared with the original scheme, IVCZKP scheme can resist the forgery attacks and has the completeness and zero‐knowledge property. Theory analysis and the experimental results show that this scheme can reduce the computation time and has more performance on integrity verification in multi‐Cloud environment. 相似文献
11.
考虑多副本数据安全和数据动态更新的应用需求,提出一个支持数据动态更新的多副本数据持有性证明方案。本方案中原数据文件采用动态认证结构进行动态更新与管理,其他多个副本采用追加日志记录的方式记录数据的动态更新,支持公开聚合验证。若原数据文件或副本数据损坏或丢失,可恢复到最新状态。由此分析了方案的安全性、通信性能、存储性能,结果表明新方案是高效的、安全的。 相似文献
12.
“确定性删除”技术旨在保障云服务器内过期或备份数据的确定性删除,使数据被彻底删除或者是永远不可解密和访问的,以保护用户的数据隐私性。但现有方案仅仅只删除了密钥,云端密文依旧完整,一旦密钥被窃取,会威胁数据隐私性,因此未实现“真正”意义上的确定性删除。针对上述问题,提出了一种基于密文采样分片的方案,来实现云端数据的确定性删除。利用密文采样分片思想,使云端存储不完整的密文,即使在密钥被泄露的情况下,也能保证数据的高机密性。而对采样密文的销毁,也实现了云端数据的即时确定性删除。理论分析以及实验结果表明,所提方法能够满足云存储系统中机密数据的确定性删除要求,并且在性能开销低的同时能提供比现有方案更高的安全性。 相似文献
13.
Aiming at the untrustworthiness of third-party auditor (TPA) in the publicity verification model,a data integrity verification model based on the cloud federation of TPA was proposed.Firstly,the cloud federation of TPA’s architecture was designed and the main functional components and function of the system platform was defined.The federation could manage and control the TPA cloud members.Secondly,TPA was designed in detail by using trusted computing technology and blockchain technology to ensure the credibility of the TPA execution environment and workflow.Finally,the data integrity verification model was built by using cloud federation of TPA.The correctness,security and effectiveness of the model were analyzed theoretically and experimentally. 相似文献
14.
针对云存储完整性审计公正性问题,提出一种基于联盟区块链的云存储完整性审计模型(CSACB,Cloud Storage Integrity Auditing Model Based on Consortium Blockchains).首先,该模型以树型结构描述审计联盟(AC,Audit Consortium)构成,同时利用层级证书链(LCC, Layer Certificate Chain)对联盟成员进行身份标识和权限控制.其次,采用完整性审计链与动态操作链的双链形式支持可变云存储审计.最后,利用智能合约(SC, Smart Contract)并结合数据块标签索引机制构建公正的动态操作审计模型,理论分析和实验结果表明该模型在安全性和性能上具备明显优势. 相似文献
15.
当前的云平台数据存储方案忽略了数据的重复性,易产生大量冗余数据,为优化数据存储性能,基于PaaS云平台设计数据存储方案并实现应用.分区删减云平台冗余数据,计算各分区剩余数据权重因子,基于权重因子设计PaaS云平台数据存储顺序,动态生成数据存储方案,将Proxmox VE的虚拟环境模拟系统作为虚拟节点,通过底层服务器实现... 相似文献
16.
云存储环境下的密文安全共享机制 总被引:1,自引:0,他引:1
With the convenient of storing and sharing data in cloud storage environment,the concerns about data security arised as well.To achieve data security on untrusted servers,user usually stored the encrypted data on the cloud storage environment.How to build a cipertext-based access control scheme became a pot issue.For the access control problems of ciphertext in cloud storage environment,a CP-ABE based data sharing scheme was proposed.Novel key generation and distribution strategies were proposed to reduce the reliance on a trusted third party.Personal information was added in decryption key to resistant conclusion attacks at the same time.Moreover,key revocation scheme was proposed to provide the data backward secrecy.The security and implement analysis proves that proposed scheme is suit for the real application environment. 相似文献
17.
Based on provable data possession(PDP)model,a more perfect data integrity checking model for mobile cloud computing was proposed,in which there was an additional proxy party with stronger computing power to help the mobile users to calculate the block tags.Furthermore,for the proposed model,an identity-based proxy signature PDP(IBPS-PDP)protocol was presented.By using identity-based signatures,the system did not need to manage public key certificates and further the users did not need to take the additional computations to verify the other’s certificates yet.Finally,the security of the proposed IBPS-PDP protocol is proved in the random oracle model. 相似文献
18.
19.
Deepnarayan Tiwari Gayatri K Chaturvedi G. R. Gangadharan 《International Journal of Communication Systems》2019,32(15)
Cloud storage services require cost‐effective, scalable, and self‐managed secure data management functionality. Public cloud storage always enforces users to adopt the restricted generic security consideration provided by the cloud service provider. On the contrary, private cloud storage gives users the opportunity to configure a self‐managed and controlled authenticated data security model to control the accessing and sharing of data in a private cloud. However, this introduces several new challenges to data security. One critical issue is how to enable a secure, authenticated data storage model for data access with controlled data accessibility. In this paper, we propose an authenticated controlled data access and sharing scheme called ACDAS to address this issue. In our proposed scheme, we employ a biometric‐based authentication model for secure access to data storage and sharing. To provide flexible data sharing under the control of a data owner, we propose a variant of a proxy reencryption scheme where the cloud server uses a proxy reencryption key and the data owner generates a credential token during decryption to control the accessibility of the users. The security analysis shows that our proposed scheme is resistant to various attacks, including a stolen verifier attack, a replay attack, a password guessing attack, and a stolen mobile device attack. Further, our proposed scheme satisfies the considered security requirements of a data storage and sharing system. The experimental results demonstrate that ACDAS can achieve the security goals together with the practical efficiency of storage, computation, and communication compared with other related schemes. 相似文献
