Research On Key Technologies Of Data Authentication For Multi-environments

Data authentication is an important means of realizing data authenticity in open networks, and has all the time attracted widespread attention from academia and industry. Threats against data reality are growing, especially in recent years, but conventional methods which adopt isolated and static attributes to depict data reality often lead to data and its structure characteristics being analyzed separately. Therefore conventional methods are unable to adapt to the increasingly complex situation of data security effectively. Therefore, it is of great significance to explore the internal relationships, rules and cryptography performance of data reality authentication, for discovering and describing threats against data reality and improving safety defense abilities of data reality.Lots of research results have been obtained in technologies about data reality authentication at present, including digital signature, message authentication codes, authenticated data structures and so on. These technologies have already been widely used in the field of data reality authentication and played a significant role. But with network application environment expanding, there is no way that a specific data reality authentication technology applies to all network environments. Thus, different data reality authentication methods should be proposed to their corresponding network application scenarios. This paper starts with practical situation and the requirements of data reality authentication in various network application environments, studies the data reality authentication technologies for multiple network environments. The main work of this thesis includes:(1) This paper proposes an authenticated skip list algorithm based on directed hash tree. It points out that there are some issues with the traditional skip list, such as hash values redundancy of skip nodes and high storage and computational cost. This article puts forward a directed hash tree scheme based on the separation of hash algorithm and data storage mode, and designs a new algorithm of authenticated skip list on this basis. It also carried on theory analysis to the cost of ASL-DHT algorithm using mathematical methods such as hierarchical data processing and probability analysis, and performance comparison with the pre-existing Goodrich authenticated Skip List algorithm. The results show that ASL-DHT algorithm has great advantages in calculation, communication and storage cost.(2) This paper proposes a distributed query authentication scheme based on hierarchical hash list in C/S data dissemination environment. In view of the insufficiency of skip list scheme and signature chain scheme, the article studies the distributed query authentication technologies in C/S data dissemination environment. The formal definition of distributed query authentication and requirements for reliability it should satisfy is presented. It designs a hierarchical hash list which meets the requirements of completeness and privacy protection, gives the formal definition, construction technique and key algorithm description of HHL. Theory analysis was carried on to the cost of HHL, which point out that the cost of its calculation and communication is O(log n). Safety analysis was also carried on to HHL through simulating various means adversaries may use to damage data reality, the results show that HHL can detect activities damaging the data reality of query results, such as inject and tampering. Comparing HHL with signature chain scheme, the results show that HHL is clearly better than signature chain scheme in the respect of authentication cost.(3) This paper proposes a data authentication model based on distributed authenticated B+tree in a P2P environment. In view that the existing research methods can't solve elegantly the problem of data reality authentication after data is highly dispersed in a P2P environment, the article constructs a P2P data authentication model based on DABT. It also gives the formal definition, communication protocol and key algorithm description of DABT. The implementation of DABT is independent of the implementation details of location operation, so the simplicity, expandability and availability are easily to gain. Theory analysis was carried on to the security and cost of DABT, the results show that this model can realize data reality authentication at a lower cost. Compared with distributed Merkle tree scheme, DABT is better than DMT scheme in the respect of communication, storage and authentication calculation cost.(4) This paper proposes a data outsourcing authentication model based on ADS in the cloud computing environments. In view that most of the data authentication schemes can only solve the data reality authentication problems of static archive files, this paper exploits the security characteristics of authenticated data structures, and designs a new data outsourcing authentication model. The formal definition, communication protocol and key algorithm description of the model are also presented. It analyzes the crucial problems of ADS when conscientiously applied in the cloud computing environments, and designs a new extended coherence proof generation algorithm and a new extended verifying algorithm, which can meet the requirements of data outsourcing reality authentication. Theory analysis was carried on to the security of DOAM-ADS, the results show that this model can guarantee the data reality of query-and-answer in the cloud computing environments. Compared DOAM-ADS with other typical data authentication models, this model can support all the dynamic operations of outsourcing storage objects, at the cost of communication and calculation overhead, which is an advantage that other typical schemes do not have.(5) This paper proposes a data authentication model based on RS erasure code in wireless sensor networks. In view of the data losing and tampering problems in WSN, it presents a model called WSN controlled by an adversary, and describes the ability of adversary using packet survival rate a, so as to better simulate the actual WSN environment. Based on WSN-CA, the formal definition, communication protocol, authentication algorithm and the verification algorithm of DAM-RS are presented. Through the simulation of the enemies' attack activities, this thesis analyzes the correctness and security of DAM-RS. The results show that all the valid packets will pass the verification of receivers as long as the packet survival rate a can meet specified requirements, and WSN-CA model can resist the deleted and tampered attacks from adversaries, recover the data packets deleted by the adversaries. Compared with the existing schemes, this model can get a better security at the cost of computational overhead.