云存储环境下数据持有性证明研究综述

doi:10.3969/j.issn.1000-1565.2021.05.017

摘要/Abstract

摘要： 随着网络存储技术的发展,越来越多的用户选择将数据存储到云端,从而用户失去对数据的直接控制.如何验证存储在云端的数据完整性便成为用户最关心的问题之一.学术界和工业界普遍认为数据持有性证明(provable data possession,PDP)机制是解决该问题的重要手段,本文对现有的部分经典数据持有性证明方案进行了梳理.给出了数据持有性证明系统模型和审计框架;分析了数据持有性证明系统的功能特性和安全需求;分别从实现原理、应用场景和不同实体3个不同的视角,对目前主要的数据持有性证明方案进行了总结归纳,并对未来的研究趋势进行了展望.

关键词: 云存储, 数据完整性, 数据持有性证明

Abstract: With the development of network storage technology, more and more users choose to store data in the cloud, thus users lose direct control of the data. How to verify the integrity of the data stored in the cloud becomes one of the most concerned issue. Proof of Data Possession(PDP)mechanism is considered to be an important means to solve this problem in academia and industry. This paper discusses- DOI:10.3969/j.issn.1000-1565.2021.05.017云存储环境下数据持有性证明研究综述田俊峰,宋倩倩,王浩宁(河北大学网络空间安全与计算机学院,河北保定 071002)田俊峰河北大学教授,博士生导师,现任网络空间安全与计算机学院院长,河北省高可信信息系统重点实验室主任.1986年毕业于河北大学电子系,2004年博士毕业于中国科技大学计算机科学与技术专业.河北省网络安全学会理事长,《通信学报》《网络与信息安全学报》《信息安全研究》编委,中国计算机学会分布式计算与系统委员会委员.先后被评为河北省具有突出贡献的中青年专家,河北省具有突出贡献的中青年教师,河北省“三三三人才工程”人选,2016年度宝钢奖优秀教师.多年来一直从事分布计算、网络安全与可信计算等方向的教学和科研工作.主持国家自然科学基金、河北省杰出青年科学基金、河北省自然科学基金、军地委托开发项目等基金项目30余项.在国内外重要学术期刊和会议上发表学术论文80余篇,主编出版专著2部,课程教材3部.获河北省科技进步奖4项,军队科技进步奖1项,河北省优秀教学成果二等奖1项. 摘要:随着网络存储技术的发展,越来越多的用户选择将数据存储到云端,从而用户失去对数据的直接控制.如何验证存储在云端的数据完整性便成为用户最关心的问题之一.学术界和工业界普遍认为数据持有性证明(provable data possession,PDP)机制是解决该问题的重要手段,本文对现有的部分经典数据持有性证明方案进行了梳理.给出了数据持有性证明系统模型和审计框架;分析了数据持有性证明系统的功能特性和安全需求;分别从实现原理、应用场景和不同实体3个不同的视角,对目前主要的数据持有性证明方案进行了总结归纳,并对未来的研究趋势进行了展望.关键词:云存储;数据完整性;数据持有性证明中图分类号:TP301 文献标志码:A 文章编号:1000-1565(2021)05-0599-13A review of proof of data possession in cloud storage environmentTIAN Junfeng, SONG Qianqian, WANG Haoning( School of Cyberspace Security and Computer, Hebei University, Baoding 071002, China )Abstract: With the development of network storage technology, more and more users choose to store data in the cloud, thus users lose direct control of the data. How to verify the integrity of the data stored in the cloud becomes one of the most concerned issue. Proof of Data Possession(PDP)mechanism is considered to be an important means to solve this problem in academia and industry. This paper discusses- 收稿日期:2021-04-28 基金项目:河北省自然科学基金重点项目(F2016201244) 第一作者:田俊峰(1965—),男,河北蠡县人,河北大学教授,博士生导师,主要从事可信计算和信息安全方向研究.E-mail:tjf@hbu.cn 通信作者:宋倩倩(1996—),女,河北邯郸人,河北大学在读硕士研究生,主要从事信息安全方向研究.E-mail:songqianhbu@163.com第5期田俊峰等:云存储环境下数据持有性证明研究综述some of the existing major PDP schemes. Firstly, this paper describes the data possession attestation system model and audit framework, analyzes the functional characteristics and security requirements of the data possession attestation system. Secondly, from the three different perspectives of implementation principles, application scenarios and different entities, the current main data ownership certification schemes have been carried out. Finally, this paper introduces the future research trends in this field.

Key words: cloud storage, data integrity, proof of data possession

中图分类号:

TP301

田俊峰,宋倩倩,王浩宁. 云存储环境下数据持有性证明研究综述[J]. 河北大学学报(自然科学版), 2021, 41(5): 599-611.

TIAN Junfeng, SONG Qianqian, WANG Haoning. A review of proof of data possession in cloud storage environment[J]. Journal of Hebei University(Natural Science Edition), 2021, 41(5): 599-611.

参考文献

[1] 杨青.50亿条公民信息泄露京东前员工牵涉其中[EB/OL]. [2017-3-11]. https://www.chinacourt.org/article/detail/2017/03/id/2576962.shtml.
[2] 数安时代GDCA.企业陷入数据泄露的启示公民信息泄露[EB/OL]. [2019-6-5]. https://m.sohu.com/a/318749838_604699.
[3] 首席知产官.腾讯云丢失数据遭千万索赔,腾讯:抱歉!13万不能再多了 [EB/OL]. [2018-8-7]. https://baijiahao.baidu.com/s?id=1608142183319333964.
[4] DESWARTE Y, QUISQUATER J J, SAïDANE A. Remote integrity checking[M] //Integrity and Internal Control in Information Systems VI, Boston: Kluwer Academic Publishers,2004: 1-11. DOI:10.1007/1-4020-7901-x_1.
[5] ATENIESE G, BURNS R, CURTMOLA R, et al. Provable data possession at untrusted stores[M] //Proceedings of the 14th ACM Conference on Computer and Communications Security - CCS'07, 2007,New York: ACM Press, 2007: 598-610. DOI:10.1145/1315245.1315318
[6] BONEH D, LYNN B, SHACHAM H. Short signatures from the Weil pairing[M] //Advances in Cryptology — ASIACRYPT 2001, Berlin, Heidelberg: Springer Berlin Heidelberg, 2001: 514-532. DOI:10.1007/3-540-45682-1_30.
[7] GENTRY C, RAMZAN Z. Identity-based aggregate signatures[M] //9th International Conference on Theory and Practice of Public-Key Cryptography, New York: Springer-Verlag, 2006.
[8] ZHAO J N, XU C X, LI F G, et al. Identity-based public verification with privacy-preserving for data storage security in cloud computing[J]. IEICE Trans Fundamentals, 2013, E96,A(12): 2709-2716. DOI:10.1587/transfun.e96.a.2709.
[9] LI Y N, YU Y, MIN G Y, et al. Fuzzy identity-based data integrity auditing for reliable cloud storage systems[J]. IEEE Trans Dependable Secure Comput, 2019, 16(1): 72-83. DOI:10.1109/TDSC.2017.2662216.
[10] WANG X D, JIAO W Z, YANG H, et al. Algebraic signature based data possession checking method with cloud storage[Z]. 11th International Conference on Prognostics and System Health Management(PHM-2020 Jinan), 2020, Jinan, China. DOI:10.1109/PHM-Jinan48558.2020.00010.
[11] ATENIESE G, DI PIETRO R, MANCINI L V, et al. Scalable and efficient provable data possession[Z].The 4th International Conference on Security and Privacy in Communication Netowrks, Istanbul, Turkey,2008. DOI:10.1145/1460877.1460889.
[12] ERWAY C C, KÜPÇÜ A, PAPAMANTHOU C, et al. Dynamic provable data possession[J]. ACM Trans Inf Syst Secur, 2015, 17(4): 1-29. DOI:10.1145/2699909.
[13] WANG Q, WANG C, LI J, et al. Enabling public verifiability and data dynamics for storage security in cloud computing[M] //Computer Security - ESORICS 2009, Berlin, Heidelberg: Springer Berlin Heidelberg, 2009: 355-370. DOI:10.1007/978-3-642-04444-1_22.
[14] ZHU Y, AHN G J, HU H X, et al. Dy-namic audit services for outsourced storage in clouds[J]. IEEE Trans on Services Computing, 2013,6(2): 227-238. DOI: 10.1109/TSC.2011.51.
[15] TIAN H, CHEN Y X, CHANG C C, et al. Dynamic-hash-table based public auditing for secure cloud storage[J]. IEEE Trans Serv Comput, 2017, 10(5): 701-714. DOI:10.1109/tsc.2015.2512589.
[16] JIN H, JIANG H, ZHOU K. Dynamic and public auditing with fair arbitration for cloud data[J]. IEEE Trans Cloud Comput, 2018, 6(3): 680-693. DOI:10.1109/TCC.2016.2525998.
[17] WANG C, WANG Q, REN K, et al. Privacy-preserving public auditing for data storage security in cloud computing[C] //Proceedings IEEE INFOCOM, San Diego, USA, 2010: 1-9. DOI:10.1109/INFCOM.2010.5462173.
[18] WANG C, CHOW S S M, WANG Q, et al. Privacy-preserving public auditing for secure cloud storage[J]. IEEE Trans Comput, 2013, 62(2): 362-375. DOI:10.1109/TC.2011.245.
[19] WANG B Y, LI B C, LI H. Oruta: privacy-preserving public auditing for shared data in the cloud[J]. IEEE Trans Cloud Comput, 2014, 2(1): 43-56. DOI:10.1109/TCC.2014.2299807.
[20] PATIL J M, CHAUDHARI S S. Efficient privacy preserving and dynamic public auditing for storage cloud[Z]. International Conference on Nascent Technologies in Engineering(ICNTE)Navi Mumbai, India, 2019. DOI:10.1109/ICNTE44896.2019.8945817.
[21] KUMAR A. A novel privacy preserving HMAC algorithm based on homomorphic encryption and auditing for cloud[Z]. Fourth International Conference on I-SMAC(IoT in Social, Mobile, Analytics and Cloud)(I-SMAC), Palladam, India, 2020. DOI:10.1109/I-SMAC49090.2020.9243340.
[22] CURTMOLA R, KHAN O, BURNS R, et al. MR-PDP: multiple-replica provable data possession[Z].The 28th International Conference on Distributed Computing Systems, Beijing, China, 2008. DOI:10.1109/ICDCS.2008.68.
[23] MERKLE R C. A certified digital signature[M] // Conference on the Theory and Application of Cryptology,New York:Springer, 1989:218-238.
[24] LIU C, RANJAN R, YANG C, et al. MuR-DPA: top-down levelled multi-replica merkle hash tree based secure public auditing for dynamic big data storage on cloud[J].IEEE Transactions on Computers,2015,64(9): 2609-2622. DOI: 10.1109/TC.2014.2375190.
[25] GUO W, QIN S J, GAO F, et al. Dynamic proof of data possession and replication with tree sharing and batch verification in the cloud[J]. IEEE Trans Serv Comput, 2020,9:1-1. DOI:10.1109/TSC.2020.3022812.
[26] ZHAO Y L, LI S Q. Dynamic flexible multiple-replica provable data possession in cloud[Z].17th International Computer Conference on Wavelet Active Media Technology and Information Processing(ICCWAMTIP), Chengdu, China, 2020. DOI:10.1109/ICCWAMTIP51612.2020.9317378.
[27] QI Y, XIN T, HUANG Y. Enabling efficient verification of dynamic data possession and batch updating in cloud storage[J]. KSII Trans Internet Inf Syst, 2018, 12(6): 2429-2449. DOI:10.3837/tiis.2018.06.001.
[28] GUO W, ZHANG H, QIN S J, et al. Outsourced dynamic provable data possession with batch update for secure cloud storage[J]. Future Gener Comput Syst, 2019, 95: 309-322. DOI:10.1016/j.future.2019.01.009.
[29] WANG B Y, LI B C, LI H. Panda: public auditing for shared data with efficient user revocation in the cloud[J]. IEEE Trans Serv Comput, 2015, 8(1): 92-106. DOI:10.1109/TSC.2013.2295611.
[30] TRUEMAN T E, NARAYANASAMY P. Ensuring privacy and data freshness for public auditing of shared data in cloud[Z]. IEEE International Conference on Cloud Computing in Emerging Markets(CCEM), Bangalore, India, 2015. DOI:10.1109/CCEM.2015.36.
[31] YANG G Y, YU J, SHEN W T, et al. Enabling public auditing for shared data in cloud storage supporting identity privacy and traceability[J]. J Syst Softw, 2016, 113: 130-139. DOI:10.1016/j.jss.2015.11.044.
[32] MASOOD R, PANDEY N, RANA Q P. DHT-PDP: a distributed hash table based provable data possession mechanism in cloud storage[Z]. 8th International Conference on Reliability, Infocom Technologies and Optimization(Trends and Future Directions)(ICRITO), Noida, India, 2020. DOI:10.1109/ICRITO48877.2020.9198019.
[33] YUAN J W, YU S C. Public integrity auditing for dynamic data sharing with multiuser modification[J]. IEEE Trans Inf Forensics Secur, 2015, 10(8): 1717-1726. DOI:10.1109/TIFS.2015.2423264.
[34] ZHU Y, HU Z X, WANG H X, et al. A collaborative framework for privacy protection in online social networks[Z].The 6th International ICST Conference on Collaborative Computing: Networking, Applications, Worksharing, Chicago, USA, 2010. DOI:10.4108/icst.collaboratecom.2010.52.
[35] ZHU Y, HU H X, AHN G J, et al. Collaborative integrity verification in hybrid clouds[Z].The 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing, Orlando, USA, 2011. DOI:10.4108/icst.collaboratecom.2011.247089.
[36] ZHU Y, WANG H X, HU Z X, et al. Efficient provable data possession for hybrid clouds[Z].The 17th ACM conference on Computer and communications security- CCS'10, Chicago, USA,2010. DOI:10.1145/1866307.1866421.
[37] XU Y, REN J, ZHANG Y, et al. Blockchain empowered arbitrable data auditing scheme for network storage as a service[J]. IEEE Trans Serv Comput, 2020, 13(2): 289-300. DOI:10.1109/TSC.2019.2953033. (