为了认证跨云环境下用户数据的完整性,该文提出了一种协同的动态数据持有CDDP (cooperative dynamic data possession)方案。首先,利用分层Hash索引技术,将多个云存储服务提供商的响应消息聚合为一个消息,通过云存储服务提供商、组织者和可信第三方之间的交互通信实现了数据的持有性认证。其次,通过对Hash索引表(index-Hash table)中只涉及更新数据块的索引记录和标签信息的更新,实现了数据修改、数据插入和数据删除等用户数据的动态更新。结果表明:该方案降低了计算时间,具有完备性和抵抗伪造攻击等属性。
User data integrity across cloud storage can be verified by a cooperative dynamic data possession (CDDP) scheme presented here. A layered Hash index is used to aggregate the response messages of the cloud storage service providers into one message with the communications among the cloud service providers, the organizer and a trusted third party used to verify the data possession. Dynamic updates of the user data, such as data modifications, data insertions, and data deletions, only require updating of the index records and the data block tags in the index-Hash table. This scheme reduces the computation times and resists forgery attacks.
[1] 冯登国, 张敏, 张妍, 等. 云计算安全研究[J]. 软件学报, 2011, 22(1):71-88.FENG Dengguo, ZHANG Min, ZHANG Yan, et al. Study on cloud computing security[J]. Journal of Software, 2011, 22(1):71-88. (in Chinese)[2] ZHU Yan, HU Hongxin, Ahn G J, et al. Collaborative integrity verification in hybrid clouds[C]//Proceedings of the 7th International Conference on Collaborative Computing:Networking, Applications and Worksharing. Orlando, FL, USA:IEEE, 2011:197-206.[3] ZHU Yan, HU Hongxin, Ahn G J, et al. Cooperative provable data possession for integrity verification in multicloud storage[J]. IEEE Transactions on Parallel and Distributed Systems, 2012, 23(12):2231-2244.[4] Shacham H, Waters B. Compact proofs of retrievability[J]. Joural of Cryptology, 2013, 26(3):442-483.[5] WANG Huaqun, ZHANG Yuqing. On the knowledge soundness of a cooperative provable data possession scheme in multicloud storage[J]. IEEE Transactions on Parallel and Distributed Systems, 2014, 25(1):264-267.[6] 周恩光, 李舟军, 郭华, 等. 一个改进的混合云环境下协同的可证明数据持有方案[J]. 清华大学学报(自然科学版), 2013, 53(12):1731-1736.ZHOU Enguang, LI Zhoujun, GUO Hua, et al. Cooperative provable data possession scheme for multicloud storage[J]. Journal of Tsinghua University (Science and Technology), 2013, 53(12):1731-1736. (in Chinese)[7] WANG Huaqun. Identity-based distributed provable data possession in multicloud storage[J]. IEEE Transactions on Services Computing, 2015, 8(2):328-340.[8] WANG Cong, WANG Qian, REN Kui, et al. Privacy-preserving public auditing for data storage security in cloud computing[J]. IEEE Transactions on Computers, 2013, 62(2):362-375.[9] Barsoum A F, Hasan M A. Integrity verification of multiple data copies over untrusted cloud servers[C]//Proceedings of the 12th IEEE/ACM International Symposium on Cluster. Piscataway, NJ, USA:IEEE, 2012:829-834.[10] ZHU Yan, WANG Huaixi, HU Zexing, et al. Dynamic audit services for integrity verification of outsourced storages in clouds[C]//Proceedings of the 2011 ACM Symposium on Applied Computing (SAC'11). New York, NY, USA:ACM, 2011:1550-1557.
