Upload
constance-carroll
View
218
Download
1
Embed Size (px)
Citation preview
A Double-Efficient Integrity Verification Scheme to
Cloud Storage DataDeng Hongyao, Song Xiuli, Tao jingsong
2014 TELKOMNIKA Indonesian Journal of Electrical Engineering
Presenter : 陳昱安Date : 2014/10/6
Outline• Introduction
• Schnorr Signature Scheme
• Safety Integrity Verification Scheme Based on Schnorr Signature
• Efficient Integrity Verification Scheme Based on Schnorr Signature
• Security and Performance Analysis
• Conclusion
2
Outline• Introduction
• Schnorr Signature Scheme
• Safety Integrity Verification Scheme Based on Schnorr Signature
• Efficient Integrity Verification Scheme Based on Schnorr Signature
• Security and Performance Analysis
• Conclusion
3
Introduction This paper proposed two integrity verification schemes based on Schnorr Signature Scheme.
4
Safety integrity verification scheme (SIVS).
Efficient integrity verification scheme (EIVS).
Outline• Introduction
• Schnorr Signature Scheme
• Safety Integrity Verification Scheme Based on Schnorr Signature
• Efficient Integrity Verification Scheme Based on Schnorr Signature
• Security and Performance Analysis
• Conclusion
5
Schnorr Signature Scheme (1/3)
Supposed and are two big prime, and is a multiple of ; is a generator of , and .
is private key of .
is a public key and .
() is an approved cryptographic hash function.
6
Schnorr Signature Scheme (2/3)
If a signer signs the message , then he chooses randomly a secret number and computes
The signer sends the message and the signatures to the receiver.
7
Schnorr Signature Scheme (3/3)
If the receiver has received and , then he first
Computes
And checks the following equation:
If the equation is true, then the signature is valid. Otherwise, the signature is invalid.
8
?
Outline• Introduction
• Schnorr Signature Scheme
• Safety Integrity Verification Scheme Based on Schnorr Signature
• Efficient Integrity Verification Scheme Based on Schnorr Signature
• Security and Performance Analysis
• Conclusion
9
Safety Integrity Verification Scheme Based on Schnorr Signature
USER
message
Safety Integrity Verification Scheme Based on Schnorr Signature
USER
Challenge
Response
Safety Integrity Verification Scheme Based on Schnorr Signature
USER
Request
Response
Safety Integrity Verification Scheme Based on Schnorr Signature (1/8)
Notation is 1024-bit prime; is 160-bit prime
is private key of .
is a public key and .
() is an approved cryptographic hash function.
() is a pseudo-random function.
() is a pseudo-random permutation
are three keys, where k is the length of the
three keys.
13
Safety Integrity Verification Scheme Based on Schnorr Signature (2/8)
Pro-processing Phase
The user sends and
to the cloud storage server.
The user stores and hash value on the local.
14
Safety Integrity Verification Scheme Based on Schnorr Signature (3/8)
Challenge Phase
The user‘s challenge values are , where is identity number of the file ;
is the number of challenged blocks ;
and re chosen randomly for each challenge;
is the user’s public key.
15
Safety Integrity Verification Scheme Based on Schnorr Signature (4/8)
Response Phase After the cloud storage server has received the challenge values , he uses pseudo-random permutation to generate indices of challenged blocks
.
Also, he uses pseudo-random function to derive coefficients
.
16
Safety Integrity Verification Scheme Based on Schnorr Signature (5/8)
In pro-processing phase, the cloud storage server holds the set of file blocks and the set of verification blocks .
Grounded on the block indices, he chooses the subset of file blocks and the subset of
verification blocks , then computes:
The cloud storage server sends response values to the user, and takes them as the proofs of possessing file .
17
Safety Integrity Verification Scheme Based on Schnorr Signature (6/8)
Verification Phase The user computes indices of challenged blocks and random coefficients .
Then the user chooses the subset of the signatures
from which has been saved previously on the local.
Further, the user computes
Then he checks the following equation: .
18
?
Safety Integrity Verification Scheme Based on Schnorr Signature (7/8)
19
Safety Integrity Verification Scheme Based on Schnorr Signature (8/8)
20
Retrieve File Phase
At a later time, when the user needs his file , he sends a request message to the cloud storage server.
Then the cloud server sends back file blocks
to the user.
The user uses hash function to compute
to check.
Outline• Introduction
• Schnorr Signature Scheme
• Safety Integrity Verification Scheme Based on Schnorr Signature
• Efficient Integrity Verification Scheme Based on Schnorr Signature
• Security and Performance Analysis
• Conclusion
21
Efficient Integrity Verification Scheme Based on Schnorr Signature (1/3)
Pro-processing Phase
Here, EIVS doesn't use file blocks to compute signatures , but uses hash values to compute signatures.
22
Efficient Integrity Verification Scheme Based on Schnorr Signature (2/3)
Response Phase
In response phase, all values of are set to 1, here, the cloud storage server computes:
Now, the scheme doesn't add all file blocks to generate , but add all hash values to generate it.
23
Efficient Integrity Verification Scheme Based on Schnorr Signature (3/3)
Verification Phase
In verification phase, all values of are set to 1 , then the user computes:
Here, the user checks if below equation holds:
24
Outline• Introduction
• Schnorr Signature Scheme
• Safety Integrity Verification Scheme Based on Schnorr Signature
• Efficient Integrity Verification Scheme Based on Schnorr Signature
• Security and Performance Analysis
• Conclusion
25
Security and Performance Analysis
EIVS scheme substitutes hash values for file blocks to generate signatures and also, all values of coefficients are set to 1, so it improves operation speed and reduces computational costs.
But EIVS scheme can only verify the cloud storage server stores well the sum of hash values, and cannot guarantee that the cloud storage server preserves intact all file blocks.
26
Security Analysis (1/4) SIVS scheme gives double integrity verification guarantee to cloud storage data.
1. in response and verification phase, the user checks response values to judge whether all file blocks are preserved intact in the cloud storage server.
2. In retrieve file phase, the user compares hash values with to judge whether some file blocks have been altered in network transmitting or on cloud storage.
27
Security Analysis (2/4) If the user and the cloud storage server chooses the subset of file blocks as challenged blocks, but the cloud storage server has lost file blocks , where .
Accordingly, the cloud storage server falsifies file blocks with replacement, then he computes:
28
Security Analysis (3/4) After the user has received response values , he computes the value of , and verifies the relation :
If the relation is true, then (mod ), this means
.
If we could find out to let (mod ),
Then (mod ), but this is impossible.
29
Security Analysis (4/4) In retrieve file phase, we suppose the cloud storage server has lost original file blocks .
The cloud storage server substitutes fake file blocks for file blocks and send them to the user.
The user first computes hash value
and check equation :
30
Performance Analysis
31
In the four schemes, if we suppose the size of each file block
is the same, and total number of file blocks is also the same. Moreover, the number of challenged file blocks is also the same.
Outline• Introduction
• Schnorr Signature Scheme
• Safety Integrity Verification Scheme Based on Schnorr Signature
• Efficient Integrity Verification Scheme Based on Schnorr Signature
• Security and Performance Analysis
• Conclusion
32
Conclusion
33
In view of communication costs and computation costs of current integrity verification schemes are too high, this paper proposes two integrity verification schemes SIVS and EIVS based on Schnorr Signature.
If the files need to be stored in cloud for a long time, SIVS scheme will be used to verify the integrity of the file. But in short term, EIVS scheme will be used.