對於雲端計算服務以及雲端儲存服務而言,稽核是相當重要的。其中,行動裝置上對於雲端儲存服務的稽核方法必須支持動態群組以及個人隱私保護。為了達到個人身分隱私保護,Yu 等學者提出他們支援動態群組的方法。然而,我們針對動態群體的攻擊明確指出他們的方法,當群體成員與群體金鑰變動時、無法滿足前向與後向的安全性要求。為了改正這個安全缺失,提出我們的第一個方法,除了前向與後向的安全性要求外,還提供最大化的個人身分隱私保護。 對於雲端計算稽核方面,Wei等學者提出他們的雲端計算稽核方法。然而,他們針對攻擊者的行為假設是不實際的。移除不實際的假設後,將導致稽核所需的數量大增,稽核者的計算需求將變得龐大,導致可能無法在合理的時間內回應稽核結果。同時,發現不正確的計算結果的稽核機率也無法達到使用者的要求。針對改善線上稽核的效能或是稽核機率,我們提出一些策略有效地增加稽核驗證子的數量,透過稽核驗證子數量增加,可以改善效能或是稽核的機率。我們的策略利用了離線計算或是利用雲端計算伺服器計算能力,藉以提升線上稽核效能和稽核機率。根據我們的效能分析與探討,我們的策略不只是提升線上效能,也能用來提升線上稽核機率。 Auditing is important both for cloud computing services and cloud storage services. The audit scheme of cloud storage services for mobile devices should support dynamic groups and identity privacy protection. To audit uploading files for the dynamic mobile groups, Yu et al. proposed their scheme to protect identity-privacy. However, our dynamic group attacks shows that their scheme does not satisfy the forward and backward privacy for the group secret key change after some members leave. To provide forward and backward privacy for the group secret keys, our first protocol is proposed. Besides, our protocol provides the maximal identify-privacy protection. For cloud computation, Wei et al. proposed their cloud computation auditing scheme. However, their assumption about the adversary’s behaviors is impractical. After removing this impractical assumption, auditors’ computation load becomes so heavy that auditors may not return the auditing results in reasonable time. The probability of finding out incorrect computed results cannot reach the users’ requirement. To improve the on-line audit performance or probability, some improving strategies are proposed to increase the number of auditors efficiently. Then the increase of the number of auditors will improve either audit performance or audit probability. Our strategies utilize the off-line computation and cloud computation server help to improve the online audit performance and the audit probability. According to our performance analysis and the discussion, our strategies improve not only the online audit performance but also the audit probability for cloud computation.
