计算机研究与发展
計算機研究與髮展
계산궤연구여발전
JOURNAL OF COMPUTER RESEARCH AND DEVELOPMENT
2015年
7期
1672-1681
,共10页
付伟%吴晓平%叶清%肖侬%卢锡城
付偉%吳曉平%葉清%肖儂%盧錫城
부위%오효평%협청%초농%로석성
云存储%云安全%多副本%持有性证明%公钥分割
雲存儲%雲安全%多副本%持有性證明%公鑰分割
운존저%운안전%다부본%지유성증명%공약분할
cloud storage%cloud security%multiple replica%possession proving%public key partition
在数据外包的云存储环境中,如何验证存储服务方是否忠诚地按照客户需求保存足够数量的副本数据是一个挑战性问题。现有方案只能对各个副本逐一进行验证,存在验证效率低、计算开销大和对数据更新支持弱等缺点。提出一种带 Collector 的多副本云存储模型,在此基础上给出一种基于公钥分割的多副本持有性证明方案(multiple replica possession proving scheme based on public key partition , MRP‐PKP)。该方案将公钥分割为多个份额并分配给对应的副本存储节点;在验证时,能够一次性对所有副本的持有性进行高效验证。此外,该方案可有效防御同谋攻击,能够方便地支持数据块级更新操作。进一步理论分析和模拟实验表明:与传统方案相比,MRP‐PKP 方案具有安全性高、通信开销低、运算代价小等优势。
在數據外包的雲存儲環境中,如何驗證存儲服務方是否忠誠地按照客戶需求保存足夠數量的副本數據是一箇挑戰性問題。現有方案隻能對各箇副本逐一進行驗證,存在驗證效率低、計算開銷大和對數據更新支持弱等缺點。提齣一種帶 Collector 的多副本雲存儲模型,在此基礎上給齣一種基于公鑰分割的多副本持有性證明方案(multiple replica possession proving scheme based on public key partition , MRP‐PKP)。該方案將公鑰分割為多箇份額併分配給對應的副本存儲節點;在驗證時,能夠一次性對所有副本的持有性進行高效驗證。此外,該方案可有效防禦同謀攻擊,能夠方便地支持數據塊級更新操作。進一步理論分析和模擬實驗錶明:與傳統方案相比,MRP‐PKP 方案具有安全性高、通信開銷低、運算代價小等優勢。
재수거외포적운존저배경중,여하험증존저복무방시부충성지안조객호수구보존족구수량적부본수거시일개도전성문제。현유방안지능대각개부본축일진행험증,존재험증효솔저、계산개소대화대수거경신지지약등결점。제출일충대 Collector 적다부본운존저모형,재차기출상급출일충기우공약분할적다부본지유성증명방안(multiple replica possession proving scheme based on public key partition , MRP‐PKP)。해방안장공약분할위다개빈액병분배급대응적부본존저절점;재험증시,능구일차성대소유부본적지유성진행고효험증。차외,해방안가유효방어동모공격,능구방편지지지수거괴급경신조작。진일보이론분석화모의실험표명:여전통방안상비,MRP‐PKP 방안구유안전성고、통신개소저、운산대개소등우세。
In outsourcing cloud storage environment ,users cannot completely trust storage service providers .It is a challenge problem to validate whether storage service providers are faithfully maintaining enough replicas complying its promise with users .Most of existing solutions have several disadvantages ,such as low efficiency ,high computation overload and the absence of supporting for dynamic data updating .A multiple replica cloud storage model with Collector is presented ,and a novel multiple replica possession proving scheme , namely MRP‐PKP (multiple replica possession proving scheme based on public key partition) ,is proposed based on public key partition .In preparing phrase ,a public key is divided into several private shares and distributed to corresponding storage servers .In validating phrase ,only after all storage servers show their possession evidences can the challenge be admitted as success . The scheme is designed to defeat collude adversaries , and can support dynamic data updating operations at block level easily .It is the first scheme to validate all replica’s possessions with just one challenge .Both theoretical analysis and simulating experiment show that MRP‐PKP scheme has higher secure guarantee ,lower communication cost and computation overload than existing schemes .