Beruflich Dokumente
Kultur Dokumente
KEYWORDS
Authenticated group key agreement protocol, Data
integrity, Provable data possession, Secure cloud
storage service, Data storage outsourcing.
1 INTRODUCTION
In recent years, a lot of cloud service providers,
such as Amazon, Yahoo!, Google, Dropbox, and
Apple, have provided efficient and scalable data
storage services at a considerably lower
marginal cost in comparison with traditional
data storage providers [1]. Applications for
cloud-based data storage services include online
data backup, photo storage and sharing, email
access and documents sharing. However, data
221
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
222
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
2 PRELIMINARIES
2.1 Bilinear Pairings
Let
and
be a cyclic additive group and a
cyclic multiplicative group of the same order ,
and let e:
be a pairing operation
satisfying the following properties:
, , ,
,
,
Bilinear:
,
,
=
,
= (
, )=
),
( ,
+ ,
= ( , )
,
,
,
+
= ( , )
( , )
Non-degenerate:
( , )1
Computable:
, , ,
,
( , )
2.2 Bilinear Maps
be three multiplicative cyclic
Let , , and
groups of prime order . Let
and
be
generators of
and , respectively. A bilinear
map is a map :
with the
following properties:
,
,
Bilinear:
, ( ,
) = ( , )
Non-degenerate: ( ,
) 1
Computable: There exists an ecient
algorithm for computing .
2.3 Short Signature Model
Zhang et al. [16] proposed the short signature
model in 2004. This model has been proved to
be secure against the adaptive chosen-message
attacks in the random oracle model. The protocol
can be divided into three phases: key generation,
signing, and verification. The procedures of the
execution of Zhangs short signature protocol
are described as follows:
G1,G2
Description
A prime number and the order of the
elliptic curve
A cyclic additive group and a cyclic
multiplicative group of the same order q
223
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
Public point
H(.)
Xi, x1, x2 . . .
computes the group key K = H (
xn, Sn) = H( P,
P,
P, . . . ,
P,
Sn).
Xi
Yi
powerful user
The public key of the ordinary user and
powerful user
Notation
Description
key (.)
powerful user .
Step 2. Once the powerful user
receives (Ui,
(1
A i, S i)
1), the powerful user Un
evaluates the following verification equation to
decide whether the computed values from both
side of assignment symbol are equivalent:
( (Ai) + Yi, Si)? = ( , ), where 1
1.
If the signature is verified, i.e., two computed
values are equivalent to each other, then each
ordinary user Ui becomes a legal user. After all
(Ui, Ai, Si) (1 1) are verified, the
powerful user
computes xi = Ai, where an
Z*q is a random number. Subsequently, Un
computes = H(Un,
,
, ,
), the
, and the group key GK =
signature =
, , ,. . . , , ) = (
,
,
,...,
P, Sn). The powerful user Un
then distributes (Un, x1, x2, , xn-1, Sn) to each
ordinary user Ui (1 1).
Step 3. Upon receiving the distributed
information (Un, x1, x2, , xn-1, Sn) from the
powerful user Un, each ordinary user Ui
(1 1) must compute C = H(Un , x1 ,
x2 , , xn-1 ) and then evaluate the following
verification equation: e(CP + Yn, Sn ) ? = e(P, P).
If the distributed information is validated, then
the powerful user Un becomes a legal user. Once
the identity of the powerful user is confirmed,
each ordinary user Ui (1 1)
(
G3, G4
u,
x Z*q
g G4
A group key
H(.)
EK
G3 , =
b Zp
224
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
225
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
226
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
( )
, )
= (
( )
, )
= (
, y)
= ( ( )
= (H(Fm)Ru, y)
227
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
228
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
( )
, )
= (
( )
, )
= (
, y)
= ( ( )
R
= (H(Fm) u , y)
After determining that the CSP still possesses
the correct file, the group member can again
verify this possession, as shown in Fig. 6.
(1) Group member CSP: data request, Fm
The CSP receives the data request and Fm
from a group member
(2) CSP group member: EK(S), EK(F)
The CSP submits EK(S) and EK(F) to the
group member. Once the group member
,
ECDL problem: Given P, Q
identifying an integer n Zq such that P =
nQ is difficult.
BCDH problem: Given P, aP, bP, cP ,
it is difficult to compute e(P,P)abc without
the knowledge of a, b, or c, where a, b, and
c Z*q.
229
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
3.
230
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
231
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
ACKNOWLEDGMENT
The authors gratefully acknowledge the support
from Ministry of Science and Technology,
Taiwan, under the grant numbers MOST 1032221-E-011-091-MY2 and MOST 103-2221-E011-090-MY2.
REFERENCES
[1]
[2]
[3]
[4]
[5]
232
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
233