Future Generation Computer Systems ( IF 7.5 ) Pub Date : 2021-06-08 , DOI: 10.1016/j.future.2021.05.039 Haiyang Yu , Zhen Yang , Muhammad Waqas , Shanshan Tu , Zhu Han , Zahid Halim , Richard O. Sinnott , Udaya Parampalli
Data backup is a pervasive strategy adopted by cloud service providers (CSPs) to avoid potential risks of data loss. As a result, a CSP normally maintains multiple replicas for each piece of data on geographically distributed servers to improve reliability. A key problem of this replication technique is that users will be charged more when more replicas are stored. Therefore, an auditing service is desired to help users verify whether an untrusted CSP stores all their replicas in different geographic locations or not. In this paper, we propose a dynamic multi-replica auditing scheme that has the following features: (1) it can verify both the integrity and geographic locations of a cloud user’s data replicas; (2) the proposed scheme can identify different copies with geographic locations, which reduces the complexity in data preprocessing, dynamic operations and backup recovery; (3) by introducing an Indexed Merkle Hash Tree (IMHT), we can reduce overall costs of existing Merkle Hash Trees. We prove the security of the proposed scheme under the random oracle model, and further provide a comprehensive comparison between the proposed scheme and existing schemes. The theoretical analysis and experiment evaluation show that our scheme reduces both the communication and computation costs compared with existing schemes. The analysis also shows that the proposed scheme can achieve 99% verification probability by challenging only 90 data blocks.
中文翻译:
具有地理位置的云的高效动态多副本审计
数据备份是云服务提供商 (CSP) 为避免潜在数据丢失风险而采用的普遍策略。因此,CSP 通常会在地理分布的服务器上为每条数据维护多个副本,以提高可靠性。这种复制技术的一个关键问题是,当存储更多的副本时,用户将被收取更多的费用。因此,需要审计服务来帮助用户验证不受信任的 CSP 是否将其所有副本存储在不同的地理位置。在本文中,我们提出了一种动态多副本审计方案,具有以下特点:(1)它可以验证云用户数据副本的完整性和地理位置;(2) 所提出的方案可以识别具有地理位置的不同副本,从而降低了数据预处理的复杂度,动态操作和备份恢复;(3) 通过引入索引默克尔哈希树(IMHT),我们可以降低现有默克尔哈希树的总体成本。我们在随机预言机模型下证明了所提出方案的安全性,并进一步提供了所提出方案与现有方案之间的综合比较。理论分析和实验评估表明,与现有方案相比,我们的方案降低了通信和计算成本。分析还表明,该方案仅挑战 90 个数据块即可达到 99% 的验证概率。并进一步提供拟议方案与现有方案之间的综合比较。理论分析和实验评估表明,与现有方案相比,我们的方案降低了通信和计算成本。分析还表明,该方案仅挑战 90 个数据块即可达到 99% 的验证概率。并进一步提供拟议方案与现有方案之间的综合比较。理论分析和实验评估表明,与现有方案相比,我们的方案降低了通信和计算成本。分析还表明,该方案仅挑战 90 个数据块即可达到 99% 的验证概率。
京公网安备 11010802027423号