{"title":"云存储中具有隐私保护和无证书完整性审计功能的安全数据共享方案","authors":"Xuening Guan , Jinyong Chang , Wei Zhang","doi":"10.1016/j.comcom.2024.06.013","DOIUrl":null,"url":null,"abstract":"<div><p>With cloud storage services becoming wildspread and low-cost, individuals and organizations select outsourcing large amounts of document to cloud. Cloud storage applications provide data sharing services with varying functionality. In some cloud storage systems that provide data sharing, such as e-health systems, hiding sensitive information fields is a necessity. Meanwhile, in sharing process, unauthorized entities may have access to these privacy fields. The resource-constrained computation capability for data owner (DO) is universal. To tackle above problems, we propose a sanitizer-based secure data sharing scheme where sanitizer performs most computations of encryption and signature after receiving the partially blinded data from DO. It also checks the legitimacy of visitors before CSP returns stored data file. Besides, adopting an attribute-based access policy guarantees further privacy and fine-grained access authorization. After verification, cloud will return the required data to the legitimate visitors. Moreover, integrity auditing to shared data file is based on certificateless authentication technique, which removes certificates issue of traditional cryptographic technique, avoids key-escrow attack risk caused by identity-based cryptography. Finally, the performance analysis and experimental results show that our proposed scheme is competitive in practical applications since it reduces the authenticator generation overhead by up to 21.6% and proof generation overhead by up to 12% compared with related schemes.</p></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"224 ","pages":"Pages 285-301"},"PeriodicalIF":4.5000,"publicationDate":"2024-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Secure data sharing scheme with privacy-preserving and certificateless integrity auditing in cloud storage\",\"authors\":\"Xuening Guan , Jinyong Chang , Wei Zhang\",\"doi\":\"10.1016/j.comcom.2024.06.013\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>With cloud storage services becoming wildspread and low-cost, individuals and organizations select outsourcing large amounts of document to cloud. Cloud storage applications provide data sharing services with varying functionality. In some cloud storage systems that provide data sharing, such as e-health systems, hiding sensitive information fields is a necessity. Meanwhile, in sharing process, unauthorized entities may have access to these privacy fields. The resource-constrained computation capability for data owner (DO) is universal. To tackle above problems, we propose a sanitizer-based secure data sharing scheme where sanitizer performs most computations of encryption and signature after receiving the partially blinded data from DO. It also checks the legitimacy of visitors before CSP returns stored data file. Besides, adopting an attribute-based access policy guarantees further privacy and fine-grained access authorization. After verification, cloud will return the required data to the legitimate visitors. Moreover, integrity auditing to shared data file is based on certificateless authentication technique, which removes certificates issue of traditional cryptographic technique, avoids key-escrow attack risk caused by identity-based cryptography. Finally, the performance analysis and experimental results show that our proposed scheme is competitive in practical applications since it reduces the authenticator generation overhead by up to 21.6% and proof generation overhead by up to 12% compared with related schemes.</p></div>\",\"PeriodicalId\":55224,\"journal\":{\"name\":\"Computer Communications\",\"volume\":\"224 \",\"pages\":\"Pages 285-301\"},\"PeriodicalIF\":4.5000,\"publicationDate\":\"2024-06-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Communications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S014036642400224X\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Communications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S014036642400224X","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Secure data sharing scheme with privacy-preserving and certificateless integrity auditing in cloud storage
With cloud storage services becoming wildspread and low-cost, individuals and organizations select outsourcing large amounts of document to cloud. Cloud storage applications provide data sharing services with varying functionality. In some cloud storage systems that provide data sharing, such as e-health systems, hiding sensitive information fields is a necessity. Meanwhile, in sharing process, unauthorized entities may have access to these privacy fields. The resource-constrained computation capability for data owner (DO) is universal. To tackle above problems, we propose a sanitizer-based secure data sharing scheme where sanitizer performs most computations of encryption and signature after receiving the partially blinded data from DO. It also checks the legitimacy of visitors before CSP returns stored data file. Besides, adopting an attribute-based access policy guarantees further privacy and fine-grained access authorization. After verification, cloud will return the required data to the legitimate visitors. Moreover, integrity auditing to shared data file is based on certificateless authentication technique, which removes certificates issue of traditional cryptographic technique, avoids key-escrow attack risk caused by identity-based cryptography. Finally, the performance analysis and experimental results show that our proposed scheme is competitive in practical applications since it reduces the authenticator generation overhead by up to 21.6% and proof generation overhead by up to 12% compared with related schemes.
期刊介绍:
Computer and Communications networks are key infrastructures of the information society with high socio-economic value as they contribute to the correct operations of many critical services (from healthcare to finance and transportation). Internet is the core of today''s computer-communication infrastructures. This has transformed the Internet, from a robust network for data transfer between computers, to a global, content-rich, communication and information system where contents are increasingly generated by the users, and distributed according to human social relations. Next-generation network technologies, architectures and protocols are therefore required to overcome the limitations of the legacy Internet and add new capabilities and services. The future Internet should be ubiquitous, secure, resilient, and closer to human communication paradigms.
Computer Communications is a peer-reviewed international journal that publishes high-quality scientific articles (both theory and practice) and survey papers covering all aspects of future computer communication networks (on all layers, except the physical layer), with a special attention to the evolution of the Internet architecture, protocols, services, and applications.