-
再生码是近年来提出的一种适用于分布式数据存储的冗余编码机制,已被证明可以达到存储和修复带宽的最优权衡[1].基于再生码技术的分布式云存储系统,在数据修复时的带宽利用方面具有明显的性能优势.然而,如何保证存储数据的安全可靠性是基于再生码的大数据云存储系统有待解决的关键问题之一[2].
迄今为止,学者们已经提出了众多云计算数据审计方案,但这些方案大多依赖于公钥密码技术,具有很高的计算复杂度,存在着验证效率低下和安全实现条件过于苛刻等问题[3-4],难以适用于需要进行频繁代数编码操作的基于再生码的云存储系统.
当前,基于再生码技术的云存储数据审计也取得一些代表性的成果. Chen等[5]首先利用网络编码和随机采样技术提出了一种远程数据检测方案,但该方案不仅需要将编码向量进行加密操作,而且也要对所有的外包存储向量进行采样编码,计算量和通信量都很高,严重影响了系统存储性能. Chen等[6]采用最大距离可分码(MDS,Maximum Distance Separable)实现了抗拜占庭攻击的编码方案. Ren等[7]利用网络编码(外码)和纠错编码(内码)技术对数据进行双重编码,有效提升了数据的可用性. Sengupta等[8]将网络编码抗污染方案和公钥密码技术进行结合,实现了一种可公开审计的机制,但该方案和文献[6-7]都没有考虑数据的隐私保护. Liu等[9]利用BLS签名设计了一种审计方案,预编码操作代价很大,但被发现存在着一些安全缺陷[10].考虑到存储系统效能,选择私有审计策略是当前基于再生码的云存储系统较为合理的选择. Le等[11]利用消息认证码和线性加密的思想提出了一种性能高效的分布式隐私保护审计方案NC-Audit,但需要服务器知道用户的主密钥,显然是不合理的.此外,该方案Setup阶段的参数设计方法是不安全的. Lakshmi等[12]针对再生码存储系统提出了一种基于纠错码的同态加密方案,可以实现节点数据的加密和纠错,但该方案需要对存储数据进行预加密,同时审计和纠错过程中涉及大量的矩阵乘法计算,计算开销很大.最近,Liang等[13]将区块链技术与再生码技术进行融合,提出了一种区块链网络中的安全数据存储和恢复方案,有效地拓展了再生码的应用领域,但该方案并未考虑存储数据审计问题.
综上所述,现有面向再生码存储的数据审计研究工作虽具有一定的可行性,但在计算开销或安全性能上还很不理想,仍然没有克服分布式存储系统实现效率的性能瓶颈.因此,如何利用代数编码方法能同时实现数据审计和在线隐私保护仍是当前基于再生码技术的分布式安全存储领域一个重要的挑战.
不同于现有离线加密实现隐私保护的云存储审计机制,本文的主要贡献是在审计过程中借助一种隐私计算部分外包的策略,采用基于随机线性掩码的隐私安全技术,提出了一种高效适用于分布式云存储系统具有隐私保护功能的云审计机制.该方案有效地实现了质询响应数据的隐私保护,同时也给出了云存储节点隐私安全计算协同外包的审计策略,与现有方案相比,该方案可以在服务器端在线实施动态隐私加密,不仅具有完备的安全性,而且具有计算量小和通信开销少的特征,可以有效部署在用户资源有限的应用场景.
An Efficient Privacy-Preserving Data Auditing Scheme for Regenerating-Code-Based Cloud Storage
-
摘要: 再生码技术在大数据分布式云存储中具有重要的应用价值,如何利用编码技术构造轻量型的隐私保护和审计机制仍然是基于再生码的分布式云存储系统尚未解决的问题.采用质询响应计算安全外包的策略和动态随机线性掩码技术,提出了一种适用于再生码云存储系统隐私保护数据审计方案,方案不仅能实时完成服务器质询响应数据的在线动态加密,而且在云存储节点和审计者之间构造了一种隐私计算协同外包的审计策略.理论分析和实验表明,该方案实现了完备的隐私保护机制和审计安全性,与现有工作相比,具有较快的实现效率.Abstract: The technology of regenerating codes is of important application value in big data distributed cloud storage. How to construct a mechanism of effective privacy-preservation and remote auditing by resorting to coding for a regenerating-code-based cloud storage system remains an unsolved issue. In this paper, by integrating a secure outsourcing strategy for challenge-response computation and a dynamic random linear mask technique, an efficient data auditing scheme is proposed with online privacy protection. The solution can not only achieve dynamic random real-time encryption to the response to the challenges from adversaries, but also construct an audit paradigm by which the privacy-computing can be cooperatively outsourced to the auditor. Theoretical analysis and experimental results show that this scheme achieves complete privacy protection and auditing security, and is more efficient in realization than the existing schemes.
-
Key words:
- data auditing /
- regenerating code /
- privacy protection /
- distributed storage /
- big data .
-
表 1 方案系统性能比较
方案名称 审计安全性 隐私保护 通信开销 TPA计算量 CSP计算量 NC-Audit 否 是 m+n+2ξ+3 m+n+1 (n-1)2+ξ(m+n+1) 文献[12] 是 是 2n+2ξ O(n2s) nξMs-1+ξ 本文方案 是 是 m+n+2ξ+1 m+n+3 n(n+1)+ξ(m+n+1) 注:*ξ=|Δ|. 表 2 审计方案在线计算时间比较
方案名称 T/ms(TPA,200) T/ms(TPA,300) T/ms(CSP,200) T/ms(CSP,300) NC-Audit 7.453 7.456 2.927 3.002 文献[12] 12.50 15.74 1.310 1.694 本文方案 7.454 7.460 2.930 3.011 *T(i,j)表示当ξ取j时实体i的审计操作计算的平均时间. -
[1] DIMAKIS A G, GODFREY P B, Wu Y N, et al. Network Coding for Distributed Storage Systems [J]. IEEE Transactions on Information Theory, 2010, 56(9): 4539-4551. doi: 10.1109/TIT.2010.2054295 [2] TAN C B, HIJAZI M H A, LIM Y, et al. A Survey on Proof of Retrievability for Cloud Data Integrity and Availability: Cloud Storage State-of-the-art, Issues, Solutions and Future Trends [J]. Journal of Network and Computer Applications, 2018, 110: 75-86. doi: 10.1016/j.jnca.2018.03.017 [3] THAKUR N, SINGH A, SANGAL A L. Data Integrity Authentication Techniques in Cloud Computing: A Survey [M]//Soft Computing: Theories and Applications. Springer, 2020: 1255-1267. [4] doi: http://www.researchgate.net/publication/331310032_Review_of_remote_data_integrity_auditing_schemes_in_cloud_computing_Taxonomy_analysis_and_open_issues GUDEME J R, PASUPULETI S K, KANDUKURI R. Review of Remote Data Integrity Auditing Schemes in Cloud Computing: Taxonomy, Analysis, and Open Issues [J]. International Journal of Cloud Computing, 2019, 8(1): 20-49. [5] CHEN B, CURTMOLA R, ATENIESE G, et al. Remote Data Checking for Network Coding-Based Distributed Storage Systems [C] //Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop-CCSW '10. October 8, 2010. Chicago, Illinois, USA. New York: ACM Press, 2010: 31-42. [6] CHEN H C H, LEE P P C. Enabling Data Integrity Protection in Regenerating-Coding-Based Cloud Storage: Theory and Implementation [J]. IEEE Transactions on Parallel and Distributed Systems, 2014, 25(2): 407-416. doi: 10.1109/TPDS.2013.164 [7] REN Z W, WANG L N, WANG Q, et al. Dynamic Proofs of Retrievability for Coded Cloud Storage Systems [J]. IEEE Transactions on Services Computing, 2018, 11(4): 685-698. doi: 10.1109/TSC.2015.2481880 [8] SENGUPTA B, RUJ S. Publicly Verifiable Secure cloud Storage for Dynamic Data Using Secure Network Coding [C] //Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security-1ASIA CCS'16. May 30-1June 3, 2016. Xi'an, China. New York: ACM Press, 2016: 107-118. [9] LIU J, HUANG K, RONG H, et al. Privacy-Preserving Public Auditing for Regenerating-Code-based Cloud Storage [J]. IEEE Transactions on Information Forensics and Security, 2015, 10(7): 1513-1528. doi: 10.1109/TIFS.2015.2416688 [10] LIU M P, JIANG R, KONG H F. Cryptanalysis and Countermeasures on Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage [C] //Proceedings of the International Conference on Communication and Electronic Information Engineering (CEIE 2016). October 15-16, 2016. Guangzhou, China. Paris, France: Atlantis Press, 2016. [11] LE A, MARKOPOULOU A, DIMAKIS A G. Auditing for Distributed Storage Systems [J]. IEEE/ACM Transactions on Networking, 2016, 24(4): 2182-2195. doi: 10.1109/TNET.2015.2450761 [12] LAKSHMI V S, PP D. A Secure Regenerating Code-Based Cloud Storage with Efficient Integrity Verification [J]. International Journal of Communication Systems, 2019, 32(9): e3948. doi: 10.1002/dac.3948 [13] LIANG W, FAN Y K, LI K C, et al. Secure Data Storage and Recovery in Industrial Blockchain Network Environments [J]. IEEE Transactions on Industrial Informatics, 2020, 16(10): 6543-6552. doi: 10.1109/TII.2020.2966069 [14] RASHMI K V, SHAH N B, KUMAR P V. Optimal Exact-Regenerating Codes for Distributed Storage at the MSR and MBR Points via a Product-Matrix Construction [J]. IEEE Transactions on Information Theory, 2011, 57(8): 5227-5239. doi: 10.1109/TIT.2011.2159049 [15] HU Y, CHEN H C H, LEE P P C, et al. NCCloud: Applying Network Coding for the Storage Repair in a Cloud-of-Clouds [C] // Proceedings of the 10th USENIX Conf. File Storage Technol. (FAST), 2012: 265-272. [16] MENEZES A J, VAN OORSCHOT P C, VANSTONE S A. Handbook of Applied Cryptography [M]. Boca Raton: CRC Press, 2018.