Append-only Authenticated Data Sets based on RSA accumulators for transparent log system

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Standards & Interfaces Pub Date : 2025-02-06 DOI:10.1016/j.csi.2025.103978

Qiang Tong, Long Yin, Yulong Liu, Jian Xu

{"title":"Append-only Authenticated Data Sets based on RSA accumulators for transparent log system","authors":"Qiang Tong, Long Yin, Yulong Liu, Jian Xu","doi":"10.1016/j.csi.2025.103978","DOIUrl":null,"url":null,"abstract":"<div><div>Authenticated Data Structures (ADS) play a vital role in ensuring data authenticity in cloud computing environments, particularly in Public Key Infrastructure (PKI). Despite their importance, significant concerns remain about cloud computing security, such as the risk of hijacking certification authorities to issue fraudulent certificates or tampering with log entries. While Certificate Transparency (CT) improves server certificate credibility, CT log servers remain vulnerable, risking data integrity and trust. This paper proposes the Append-only Authenticated Data Sets (AADS) model, which enhances cloud computing security by supporting append-only properties and fork consistency in transparent logs, preventing malicious modifications and preserving divergent log views. Formally defined using RSA accumulators, the model includes efficient algorithms for initialization, data addition, search, and evidence verification, ensuring security under strong RSA and adaptive root assumptions while reducing space complexity. Additionally, Append-only Authenticated Dictionaries (AAD) offer better space and communication efficiency. A prototype transparent log system demonstrates how these structures mitigate identity authentication risks caused by missing append-only features and fork consistency. Key challenges remain, including scalability, cryptographic weaknesses, and coordinated attacks by compromised log servers and malicious entities.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"93 ","pages":"Article 103978"},"PeriodicalIF":4.1000,"publicationDate":"2025-02-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Standards & Interfaces","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0920548925000078","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Authenticated Data Structures (ADS) play a vital role in ensuring data authenticity in cloud computing environments, particularly in Public Key Infrastructure (PKI). Despite their importance, significant concerns remain about cloud computing security, such as the risk of hijacking certification authorities to issue fraudulent certificates or tampering with log entries. While Certificate Transparency (CT) improves server certificate credibility, CT log servers remain vulnerable, risking data integrity and trust. This paper proposes the Append-only Authenticated Data Sets (AADS) model, which enhances cloud computing security by supporting append-only properties and fork consistency in transparent logs, preventing malicious modifications and preserving divergent log views. Formally defined using RSA accumulators, the model includes efficient algorithms for initialization, data addition, search, and evidence verification, ensuring security under strong RSA and adaptive root assumptions while reducing space complexity. Additionally, Append-only Authenticated Dictionaries (AAD) offer better space and communication efficiency. A prototype transparent log system demonstrates how these structures mitigate identity authentication risks caused by missing append-only features and fork consistency. Key challenges remain, including scalability, cryptographic weaknesses, and coordinated attacks by compromised log servers and malicious entities.

查看原文本刊更多论文

透明日志系统中基于RSA累加器的仅追加认证数据集

在云计算环境中，特别是在PKI （Public Key Infrastructure）中，ADS （Authenticated Data Structures）在保证数据真实性方面起着至关重要的作用。尽管它们很重要，但云计算安全性仍然令人担忧，例如劫持证书颁发机构颁发欺诈性证书或篡改日志条目的风险。虽然证书透明度（Certificate Transparency， CT）提高了服务器证书的可信度，但CT日志服务器仍然存在漏洞，可能会影响数据的完整性和信任度。本文提出了仅追加认证数据集（AADS）模型，该模型通过支持透明日志的仅追加属性和分叉一致性，防止恶意修改和保留不同的日志视图，增强了云计算的安全性。该模型使用RSA累加器进行正式定义，包括初始化、数据添加、搜索和证据验证的高效算法，确保了强RSA和自适应根假设下的安全性，同时降低了空间复杂度。此外，仅追加身份验证字典（AAD）提供了更好的空间和通信效率。一个原型透明日志系统演示了这些结构如何减轻由于缺少仅追加特性和分叉一致性而导致的身份验证风险。关键的挑战仍然存在，包括可伸缩性、加密弱点以及受到入侵的日志服务器和恶意实体的协同攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Standards & Interfaces 工程技术-计算机：软件工程

CiteScore

11.90

自引率

16.00%

发文量

审稿时长

6 months

期刊介绍： The quality of software, well-defined interfaces (hardware and software), the process of digitalisation, and accepted standards in these fields are essential for building and exploiting complex computing, communication, multimedia and measuring systems. Standards can simplify the design and construction of individual hardware and software components and help to ensure satisfactory interworking. Computer Standards & Interfaces is an international journal dealing specifically with these topics. The journal • Provides information about activities and progress on the definition of computer standards, software quality, interfaces and methods, at national, European and international levels • Publishes critical comments on standards and standards activities • Disseminates user''s experiences and case studies in the application and exploitation of established or emerging standards, interfaces and methods • Offers a forum for discussion on actual projects, standards, interfaces and methods by recognised experts • Stimulates relevant research by providing a specialised refereed medium.