一种具有访问控制的云平台下外包数据流动态可验证方法

摘要

针对云平台下外包数据流不可信、验证范围不可控等问题,该文提出一种具有访问控制的外包数据流动态可验证方法.该方法的核心思想是利用任意的Hash函数、双陷门Hash函数和CP-ABE(Cipertext Policy-Attribute Based Encryption)算法构成一种具有访问控制的动态可认证数据结构(AC-MTAT).该可认证结构可以实现对外包数据流的实时增加、更新和细粒度动态验证.此外,该可认证数据结构不仅能够验证外包数据流的完整性,还能够验证数据流序列的正确性.由于在传统默克尔Hash树(MHT)中引入双陷门Hash函数,AC-MTAT的构建过程可以分为两个阶段:离线阶段和在线阶段.这样构建AC-MTAT所需的主要代价可以放在离线阶段完成,大大提高了AC-MTAT在线实时构建效率.该文首先给出AC-MTAT方案的形式化定义和具体构建算法;然后,对AC-MTAT方案的安全性进行证明,证明其满足正确性、可验证安全性和访问安全性;最后,分析了方案的实现效率,并通过实现一个AC-MTAT原型来评估算法的耗费时间,实验结果显示作者的方案对于外包数据流的验证是高效的和可行的,而且与现有方案相比,该方案在实时增长、高效更新、可控验证以及对数据流的适应性等方面更有优势.%Aiming at the problem of untrusted outsourcing data stream and uncontrollable authentic scale,this paper proposes a dynamic authenticated method for outsourcing data stream with access control (AC-MTAT).This method is essentially an authenticated data structure that is composed of arbitrary Hash function,double trapdoor Hash function and CP-ABE (cipertext policy-attribute based encryption),which can support data stream with real time adding,updating and verification with fine-grained access control.Besides,the authenticated data structure can not only verify the integrity of the data stream but also the order of the data stream.Due to the introduction of the double trapdoor Hash function on traditional Merkle Hash Tree,we can make the process of constructing the authenticated data structure into two phases:off-line and on-line stages.In this way,the main cost to construct the authenticated data structure can be put in the off-line phase,which greatly improves the efficiency of constructing for the authenticated data structure in on-line phase.First of all,this paper put forward the formalized definition and construction of AC-MTAT;Then,the security of the scheme is proved,including correctness,verifiability and access control security.Finally,this paper analyzes the efficiency of the scheme and estimates the calculation time through an experiment on an AC-MTAT model.The experiment also indicates the high efficiency and feasibility in authentication on outsourcing data stream.Comparing to existing scheme,AC-MTAT scheme has absolute superiority in instant adding,effective updating,controllable verification,and data stream applicability.