支持访问控制与密钥更新的加密去重方案

哈冠雄; 贾巧雯; 陈杭; 贾春福; 刘兰清

doi:10.19665/j.issn1001-2400.20230306

您当前的位置：

首页 >

文章列表页 >

支持访问控制与密钥更新的加密去重方案

网络空间安全 | 更新时间：2024-01-22

- 支持访问控制与密钥更新的加密去重方案
- 暂无标题
- 西安电子科技大学学报 2023年50卷第6期页码：195-206
- 作者机构：
  
  1. 南开大学网络空间安全学院,天津 300350
  2. 天津市网络与数据安全技术重点实验室,天津 300350
  3. 中国科学院软件研究所,北京 100190
- 作者简介：
  
  [ "哈冠雄(1995—),男,南开大学博士研究生,E-mail:[email protected];" ]
  [ "贾巧雯(1992—),女,中国科学院软件研究所博士研究生,E-mail:[email protected];" ]
  [ "陈杭(1998—),女,南开大学硕士研究生,E-mail:[email protected];" ]
  贾春福(1966—),男,教授,E-mail:[email protected]
  [ "刘兰清(2000—),男,南开大学硕士研究生,E-mail:[email protected]。" ]
- 基金信息：
  
  国家重点研发计划(2018YFA0704703);国家自然科学基金(61972215);国家自然科学基金(62172238);国家自然科学基金(61972073);天津市自然科学基金(20JCZDJC00640);中央高校基本科研业务费专项资金
- DOI：10.19665/j.issn1001-2400.20230306
  中图分类号：
扫描看全文
哈冠雄, 贾巧雯, 陈杭, 等. 支持访问控制与密钥更新的加密去重方案[J]. 西安电子科技大学学报, 2023,50(6):195-206.
哈冠雄, 贾巧雯, 陈杭, 等. 支持访问控制与密钥更新的加密去重方案[J]. 西安电子科技大学学报, 2023,50(6):195-206. DOI： 10.19665/j.issn1001-2400.20230306.

DOI：

摘要

在数据外包的场景中,访问控制与密钥更新具有重要的应用价值。然而,现有的加密去重方案难以为用户外包数据提供灵活有效的访问控制与密钥更新。针对此问题,提出一个支持访问控制与密钥更新的加密去重方案。首先,基于密文策略属性基加密和所有权证明技术设计了加密去重场景下的高效访问控制方案,其将访问控制与所有权证明相结合,仅需通过客户端与云服务器之间的一轮交互,便可同时验证客户端是否具有正确的访问权限以及是否具有完整的数据内容,可有效防止敌手的数据未授权访问和所有权欺骗攻击,具有计算开销低和通信轮数少等特性;其次,结合服务器辅助加密和随机收敛加密的设计思路,设计了适用于加密去重场景的可更新加密方案,并将其与所提的访问控制方案相结合,实现了多层次且用户透明的密钥更新。安全分析与性能评估的结果表明,所提方案可为用户外包数据提供机密性和完整性,同时可实现高效的数据加解密和密钥更新。

Abstract

In the scenario of data outsourcing,access control and key update have an important application value.However,it is hard for existing encrypted deduplication schemes to provide flexible and effective access control and key update for outsourcing user data.To solve this problem,an encrypted deduplication scheme with access control and key updates is proposed.First,an efficient access control scheme for encrypted deduplication is designed based on the ciphertext-policy attribute-based encryption and the proof of ownership.It combines access control with proof of ownership and can simultaneously detect whether a client has the correct access right and whole data content only through a round of interaction between the client and the cloud server,effectively preventing unauthorized access and ownership fraud attacks launched by adversaries.The scheme has features such as low computation overhead and few communication rounds.Second,by combining the design ideas of server-aided encryption and random convergent encryption,an updatable encryption scheme suitable for encrypted deduplication is designed.It is combined with the proposed access control scheme to achieve hierarchical and user-transparent key updates.The results of security analysis and performance evaluation show that the proposed scheme can provide confidentiality and integrity for outsourcing user data while achieving efficient data encryption,decryption,and key update.

关键词

云存储加密去重访问控制密钥更新可更新加密

Keywords

cloud storageencrypted deduplicationaccess controlkey updateupdatable encryption

references

熊金波, 张媛媛, 李凤华, 等. 云环境中数据安全去重研究进展[J]. 通信学报, 2016, 37(11):169-180. DOI:10.11959/j.issn.1000-436x.2016238http://doi.org/10.11959/j.issn.1000-436x.2016238

XIONG Jinbo, ZHANG Yuanyuan, LI Fenghua, et al. Research Progress on Secure Data Deduplication in Cloud[J]. Journal on Communications, 2016, 37(11):169-180. DOI:10.11959/j.issn.1000-436x.2016238http://doi.org/10.11959/j.issn.1000-436x.2016238

曾辉祥, 习宁, 谢晴晴, 等. 抗属性篡改的去中心化密文数据安全共享[J]. 西安电子科技大学学报, 2022, 49(2):135-145.

ZENG Huixiang, XI Ning, XIE Qingqing, et al. Decentralized Ciphertext Sharing Based on Blockchain[J]. Journal of Xidian University, 2022, 49(2):135-145.

闫玺玺, 赵强, 汤永利, 等. 支持灵活访问控制的多关键字搜索加密方案[J]. 西安电子科技大学学报, 2022, 49(1):55-66.

YAN Xixi, ZHAO Qiang, TANG Yongli, et al. Multi-Keyword Search Encryption Scheme Supporting Flexible Access Control[J]. Journal of Xidian University, 2022, 49(1):55-66.

BELLARE M, KEELVEEDHI S, RISTENPART T. Message-Locked Encryption and Secure Deduplication[C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques.Berlin:Springer, 2013:296-312.

KEELVEEDHI S, BELLARE M, RISTENPART T. DupLESS:Server-Aided Encryption for Deduplicated Storage[C]// Proceedings of the 22nd USENIX Conference on Security.Berkeley:USENIX, 2013:179-194.

贾春福, 哈冠雄, 李瑞琪. 密文去重系统中的数据访问控制策略[J]. 通信学报, 2020, 41(5):72-83. DOI:10.11959/j.issn.1000-436x.2020062http://doi.org/10.11959/j.issn.1000-436x.2020062

JIA Chunfu, HA Guanxiong, LI Ruiqi. Data Access Control Policy of Encrypted Deduplication System[J]. Journal on Communications, 2020, 41(5):72-83. DOI:10.11959/j.issn.1000-436x.2020062http://doi.org/10.11959/j.issn.1000-436x.2020062

HARNIK D, PINKAS B, SHULMAN-PELEG A. Side Channels in Cloud Services:Deduplication in Cloud Storage[J]. IEEE Security & Privacy, 2010, 8(6):40-47.

XU J, CHANG E C, ZHOU J. Weak Leakage-Resilient Client-Side Deduplication of Encrypted Data in Cloud Storage[C]// Proceedings of the 8th ACM SIGSAC Symposium on Information,Computer and Communications Security. New York: ACM, 2013:195-206.

HALEVI S, HARNIK D, PINKAS B, et al. Proofs of Ownership in Remote Storage Systems[C]// Proceedings of the 18th ACM Conference on Computer and Communications Security. New York: ACM, 2011:491-500.

BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-Policy Attribute-Based Encryption[C]// 2007 IEEE Symposium on Security and Privacy(SP'07).Piscataway:IEEE, 2007:321-334.

LEHMANN A, TACKMANN B. Updatable Encryption with Post-Compromise Security[C]// EUROCRYPT 2018.Berlin:Springer, 2018:685-716.

CHEN H, FU S, LIANG K. No-Directional and Backward-Leak Uni-Directional Updatable Encryption are Equivalent[C]// European Symposium on Research in Computer Security.Berlin:Springer, 2022:387-407.

BOYD C, DAVIES G T, GJØSTEEN K, et al. Fast and Secure Updatable Encryption[C]// Advances in Cryptology(CRYPTO 2020).Berlin:Springer, 2020:464-493.

DOUCEUR J R, ADYA A, BOLOSKY W J, et al. Reclaiming Space from Duplicate Files in a Serverless Distributed File System[C]// Proceedings 22nd International Conference on Distributed Computing Systems.Piscataway:IEEE, 2002:617-624.

SHIN Y, KOO D, YUN J, et al. Decentralized Server-Aided Encryption for Secure Deduplication in Cloud Storage[J]. IEEE Transactions on Services Computing, 2020, 13(6):1021-1033.

ZHOU Y, FENG D, XIA W, et al. SecDep:A User-Aware Efficient Fine-Grained Secure Deduplication Scheme with Multi-Level Key Management[C]// 2015 31st Symposium on Mass Storage Systems and Technologies(MSST).Piscataway:IEEE, 2015:1-14.

QIN C, LI J, LEE PP C. The Design and Implementation of a Rekeying-Aware Encrypted Deduplication Storage System[J]. ACM Transactions on Storage, 2017, 13(1):1-30.

贾春福, 哈冠雄, 武少强, 等. 加密去重场景下基于AONT和NTRU的密钥更新方案[J]. 通信学报, 2021, 42(10):67-80. DOI:10.11959/j.issn.1000-436x.2021187http://doi.org/10.11959/j.issn.1000-436x.2021187

JIA Chunfu, HA Guanxiong, WU Shaoqiang, et al. AONT-and-NTRU-Based Rekeying Scheme for Encrypted Deduplication[J]. Journal on Communications, 2021, 42(10):67-80. DOI:10.11959/j.issn.1000-436x.2021187http://doi.org/10.11959/j.issn.1000-436x.2021187

ZHOU Y, FENG D, HUA Y, et al. A Similarity-Aware Encrypted Deduplication Scheme with Flexible Access Control in the Cloud[J]. Future Generation Computer Systems, 2018, 84:177-189. DOI:10.1016/j.future.2017.10.014http://doi.org/10.1016/j.future.2017.10.014https://linkinghub.elsevier.com/retrieve/pii/S0167739X17309238https://linkinghub.elsevier.com/retrieve/pii/S0167739X17309238

XU R, JOSHI J, KRISHNAMURTHY P. An Integrated Privacy Preserving Attribute-Based Access Control Framework Supporting Secure Deduplication[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 18(2):706-721. DOI:10.1109/TDSC.8858http://doi.org/10.1109/TDSC.8858https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=8858https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=8858

MIAO M, TIAN G, SUSILO W. New Proofs of Ownership for Efficient Data Deduplication in the Adversarial Conspiracy Model[J]. International Journal of Intelligent Systems, 2021, 36(6):2753-2766. DOI:10.1002/int.v36.6http://doi.org/10.1002/int.v36.6https://onlinelibrary.wiley.com/toc/1098111x/36/6https://onlinelibrary.wiley.com/toc/1098111x/36/6

LI J, LEE PP C, TAN C, et al. Information Leakage in Encrypted Deduplication via Frequency Analysis:Attacks and Defenses[J]. ACM Transactions on Storage, 2019, 16(1):1-30.

LI J, WEI G, LIANG J, et al. Revisiting Frequency Analysis against Encrypted Deduplication via Statistical Distribution[C]// IEEE INFOCOM 2022-IEEE Conference on Computer Communications.Piscataway:IEEE, 2022:290-299.

LI J, YANG Z, REN Y, et al. Balancing Storage Efficiency and Data Confidentiality with Tunable Encrypted Deduplication[C]// Proceedings of the Fifteenth European Conference on Computer Systems(EuroSys 2020). New York: ACM,2020:(22)1-15.

REN Y, LI J, YANG Z, et al. Accelerating Encrypted Deduplication via SGX[C]// 2021 USENIX Annual Technical Conference.Berkeley:USENIX, 2021:957-971.

YANG Z, LI J, LEE PP C. Secure and Lightweight Deduplicated Storage via Shielded Deduplication-Before-Encryption[C]// 2022 USENIX Annual Technical Conference.Berkeley:USENIX, 2022:37-52.

ZHANG Y, XU C, CHENG N, et al. Secure Password-Protected Encryption Key for Deduplicated Cloud Storage Systems[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 19(4):2789-2806. DOI:10.1109/TDSC.2021.3074146http://doi.org/10.1109/TDSC.2021.3074146https://ieeexplore.ieee.org/document/9409703/https://ieeexplore.ieee.org/document/9409703/

LI J, HUANG S, REN Y, et al. Enabling Secure and Space-Efficient Metadata Management in Encrypted Deduplication[J]. IEEE Transactions on Computers, 2022, 71(4):959-970. DOI:10.1109/TC.2021.3067326http://doi.org/10.1109/TC.2021.3067326https://ieeexplore.ieee.org/document/9381688/https://ieeexplore.ieee.org/document/9381688/

LIU J, ASOKAN N, PINKAS B. Secure Deduplication of Encrypted Data without Additional Independent Servers[C]// Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2015:874-885.

YU C M. POSTER:Efficient Cross-User Chunk-Level Client-Side Data Deduplication with Symmetrically Encrypted Two-Party Interactions[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2016:1763-1765.

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

采用随机块附加策略的云数据安全去重方法

一种改进的短签名云数据审计方案

抗属性篡改的去中心化密文数据安全共享

无双线性对的高效云存储数据审计方案

一种支持动态可验证的密文检索方案