云存储中具有隐私保护和无证书完整性审计功能的安全数据共享方案

IF 4.5 3区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Computer Communications Pub Date : 2024-06-27 DOI:10.1016/j.comcom.2024.06.013
Xuening Guan , Jinyong Chang , Wei Zhang
{"title":"云存储中具有隐私保护和无证书完整性审计功能的安全数据共享方案","authors":"Xuening Guan ,&nbsp;Jinyong Chang ,&nbsp;Wei Zhang","doi":"10.1016/j.comcom.2024.06.013","DOIUrl":null,"url":null,"abstract":"<div><p>With cloud storage services becoming wildspread and low-cost, individuals and organizations select outsourcing large amounts of document to cloud. Cloud storage applications provide data sharing services with varying functionality. In some cloud storage systems that provide data sharing, such as e-health systems, hiding sensitive information fields is a necessity. Meanwhile, in sharing process, unauthorized entities may have access to these privacy fields. The resource-constrained computation capability for data owner (DO) is universal. To tackle above problems, we propose a sanitizer-based secure data sharing scheme where sanitizer performs most computations of encryption and signature after receiving the partially blinded data from DO. It also checks the legitimacy of visitors before CSP returns stored data file. Besides, adopting an attribute-based access policy guarantees further privacy and fine-grained access authorization. After verification, cloud will return the required data to the legitimate visitors. Moreover, integrity auditing to shared data file is based on certificateless authentication technique, which removes certificates issue of traditional cryptographic technique, avoids key-escrow attack risk caused by identity-based cryptography. Finally, the performance analysis and experimental results show that our proposed scheme is competitive in practical applications since it reduces the authenticator generation overhead by up to 21.6% and proof generation overhead by up to 12% compared with related schemes.</p></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"224 ","pages":"Pages 285-301"},"PeriodicalIF":4.5000,"publicationDate":"2024-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Secure data sharing scheme with privacy-preserving and certificateless integrity auditing in cloud storage\",\"authors\":\"Xuening Guan ,&nbsp;Jinyong Chang ,&nbsp;Wei Zhang\",\"doi\":\"10.1016/j.comcom.2024.06.013\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>With cloud storage services becoming wildspread and low-cost, individuals and organizations select outsourcing large amounts of document to cloud. Cloud storage applications provide data sharing services with varying functionality. In some cloud storage systems that provide data sharing, such as e-health systems, hiding sensitive information fields is a necessity. Meanwhile, in sharing process, unauthorized entities may have access to these privacy fields. The resource-constrained computation capability for data owner (DO) is universal. To tackle above problems, we propose a sanitizer-based secure data sharing scheme where sanitizer performs most computations of encryption and signature after receiving the partially blinded data from DO. It also checks the legitimacy of visitors before CSP returns stored data file. Besides, adopting an attribute-based access policy guarantees further privacy and fine-grained access authorization. After verification, cloud will return the required data to the legitimate visitors. Moreover, integrity auditing to shared data file is based on certificateless authentication technique, which removes certificates issue of traditional cryptographic technique, avoids key-escrow attack risk caused by identity-based cryptography. Finally, the performance analysis and experimental results show that our proposed scheme is competitive in practical applications since it reduces the authenticator generation overhead by up to 21.6% and proof generation overhead by up to 12% compared with related schemes.</p></div>\",\"PeriodicalId\":55224,\"journal\":{\"name\":\"Computer Communications\",\"volume\":\"224 \",\"pages\":\"Pages 285-301\"},\"PeriodicalIF\":4.5000,\"publicationDate\":\"2024-06-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Communications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S014036642400224X\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Communications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S014036642400224X","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

随着云存储服务的普及和低成本化,个人和组织纷纷选择将大量文件外包到云端。云存储应用程序提供功能各异的数据共享服务。在一些提供数据共享的云存储系统(如电子医疗系统)中,必须隐藏敏感信息字段。同时,在共享过程中,未经授权的实体可能会访问这些隐私字段。数据所有者(DO)的计算能力普遍受到资源限制。为解决上述问题,我们提出了一种基于消毒器的安全数据共享方案。在该方案中,消毒器在收到数据所有者提供的部分盲数据后,执行大部分加密和签名计算。在 CSP 返回存储的数据文件之前,它还会检查访问者的合法性。此外,采用基于属性的访问策略可进一步保证隐私和细粒度访问授权。经过验证后,云会将所需数据返回给合法访问者。此外,共享数据文件的完整性审计基于无证书认证技术,消除了传统密码技术的证书问题,避免了基于身份的密码技术所带来的密钥逃避攻击风险。最后,性能分析和实验结果表明,与相关方案相比,我们提出的方案减少了 21.6% 的验证器生成开销和 12% 的证明生成开销,因此在实际应用中很有竞争力。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Secure data sharing scheme with privacy-preserving and certificateless integrity auditing in cloud storage

With cloud storage services becoming wildspread and low-cost, individuals and organizations select outsourcing large amounts of document to cloud. Cloud storage applications provide data sharing services with varying functionality. In some cloud storage systems that provide data sharing, such as e-health systems, hiding sensitive information fields is a necessity. Meanwhile, in sharing process, unauthorized entities may have access to these privacy fields. The resource-constrained computation capability for data owner (DO) is universal. To tackle above problems, we propose a sanitizer-based secure data sharing scheme where sanitizer performs most computations of encryption and signature after receiving the partially blinded data from DO. It also checks the legitimacy of visitors before CSP returns stored data file. Besides, adopting an attribute-based access policy guarantees further privacy and fine-grained access authorization. After verification, cloud will return the required data to the legitimate visitors. Moreover, integrity auditing to shared data file is based on certificateless authentication technique, which removes certificates issue of traditional cryptographic technique, avoids key-escrow attack risk caused by identity-based cryptography. Finally, the performance analysis and experimental results show that our proposed scheme is competitive in practical applications since it reduces the authenticator generation overhead by up to 21.6% and proof generation overhead by up to 12% compared with related schemes.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Computer Communications
Computer Communications 工程技术-电信学
CiteScore
14.10
自引率
5.00%
发文量
397
审稿时长
66 days
期刊介绍: Computer and Communications networks are key infrastructures of the information society with high socio-economic value as they contribute to the correct operations of many critical services (from healthcare to finance and transportation). Internet is the core of today''s computer-communication infrastructures. This has transformed the Internet, from a robust network for data transfer between computers, to a global, content-rich, communication and information system where contents are increasingly generated by the users, and distributed according to human social relations. Next-generation network technologies, architectures and protocols are therefore required to overcome the limitations of the legacy Internet and add new capabilities and services. The future Internet should be ubiquitous, secure, resilient, and closer to human communication paradigms. Computer Communications is a peer-reviewed international journal that publishes high-quality scientific articles (both theory and practice) and survey papers covering all aspects of future computer communication networks (on all layers, except the physical layer), with a special attention to the evolution of the Internet architecture, protocols, services, and applications.
期刊最新文献
Editorial Board A deep dive into cybersecurity solutions for AI-driven IoT-enabled smart cities in advanced communication networks The pupil outdoes the master: Imperfect demonstration-assisted trust region jamming policy optimization against frequency-hopping spread spectrum High-performance BFT consensus for Metaverse through block linking and shortcut loop Automating 5G network slice management for industrial applications
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1