基于密码学的云数据确定性删除研究进展

熊金波; 李凤华; 王彦超; 马建峰; 姚志强

doi:10.11959/j.issn.1000-436x.2016167

您当前的位置：

首页 >

文章列表页 >

基于密码学的云数据确定性删除研究进展

综述 | 更新时间：2024-10-11

- 基于密码学的云数据确定性删除研究进展
- Research progress on cloud data assured deletion based on cryptography
- 通信学报 2016年37卷第8期页码：167-184
- 作者机构：
  
  1.中国科学院信息工程研究所信息安全国家重点实验室，北京 100093;2.福建师范大学软件学院，福建福州350117;3.西安电子科技大学计算机学院，陕西西安710071
- 作者简介：
  
  [ "熊金波（1981-），男，湖南益阳人，中国科学院信息工程研究所博士后，福建师范大学副教授、硕士生导师，主要研究方向为云数据安全与隐私保护技术。" ]
  [ "李凤华（1966-），男，湖北浠水人，博士，中国科学院信息工程研究所副总工、研究员、博士生导师，主要研究方向为网络与系统安全、信息保护、隐私计算。" ]
  [ "王彦超（1980-），男，河北邯郸人，中国科学院信息工程研究所博士生，主要研究方向为访问控制与云数据安全。" ]
  [ "马建峰（1963-），男，陕西西安人，博士，西安电子科技大学教授、博士生导师，主要研究方向为密码学、计算机网络与信息安全。" ]
  [ "姚志强（1967-），男，福建莆田人，博士，福建师范大学教授、硕士生导师，主要研究方向为信息安全。" ]
- 基金信息：
  
  国家高技术研究发展计划(“863”计划）基金资助项目;The National High Technology Research and Development Program (863 Program)(2015AA016007);国家自然科学基金资助项目;The National Natural Science Foundation of China(61402109);国家自然科学基金资助项目;The National Natural Science Foundation of China(61370078);福建省自然科学基金资助项目;The Natural Science Foundation of Fujian Province(2015J05120);福建省网络安全与密码技术重点实验室(福建师范大学)开放课题基金资助项目;Fujian Provincial Key Laboratory of Network Security and Cryptology Research Fund(15008);福建省高校杰出青年科研人才培育计划基金资助项目;Distinguished Young Scientific Research Talents Plan in Universities of Fujian Province
- DOI：10.11959/j.issn.1000-436x.2016167
  中图分类号： TP309
- 网络出版日期：2016-08，
  
  纸质出版日期：2016-08-25
- 稿件说明：
移动端阅览
熊金波, 李凤华, 王彦超, 等. 基于密码学的云数据确定性删除研究进展[J]. 通信学报, 2016,37(8):167-184.

Jin-bo XIONG, Feng-hua LI, Yan-chao WANG, et al. Research progress on cloud data assured deletion based on cryptography[J]. Journal on communications, 2016, 37(8): 167-184.
熊金波, 李凤华, 王彦超, 等. 基于密码学的云数据确定性删除研究进展[J]. 通信学报, 2016,37(8):167-184. DOI： 10.11959/j.issn.1000-436x.2016167.

Jin-bo XIONG, Feng-hua LI, Yan-chao WANG, et al. Research progress on cloud data assured deletion based on cryptography[J]. Journal on communications, 2016, 37(8): 167-184. DOI： 10.11959/j.issn.1000-436x.2016167.

摘要

系统分析云环境中数据确定性删除面临的主要挑战，指出云计算虚拟化与多租户的特征，以及租赁、按需交付的商业模式是云环境中存在诸多安全问题需要确定性删除服务的根本原因，并给出云数据确定性删除的深层次含义；面向安全的角度从基于可信执行环境的确定性删除、基于密钥管理的确定性删除和基于访问控制策略的确定性删除3个方面对近年来相关研究工作进行深入分析和评述，并指出各种关键技术与方法的优势及存在的共性问题；最后给出云数据确定性删除领域未来的发展趋势。

Abstract

The major challenges faced by the data assured deletion in cloud computing was analyzed

it was observed the main reasons of performing cloud data assured deletion were the characteristics of cloud virtualization and multi-tenancy

as well as the business models of lease and on-demand delivery in cloud computing

and point out three levels of meaning of the cloud data assured deletion.Secondly

the state-of-the-art works on cloud data assured deletion was systematically surveyed from security-oriented view in terms of trusted execution environments

key managements and access control policies.It is also pointed out their highlights

limitations and general problems.Finally

some developing trends of this emerging research field were introduced.

关键词

Keywords

references

冯朝胜，秦志光，袁丁 . 一云数据安全存储技术 [J ] . 计算机学报， 2015 ， 38 ( 1 ): 150 - 163 .

FENG Z S , QIN Z G , YUAN D . Techniques of secure storage for cloud data [J ] . Chinese Journal of Computers , 2015 , 38 ( 1 ): 150 - 163 .

李晖，孙文海，李凤华 , 等 . 公共云存储服务数据安全及隐私保护技术综述 [J ] . 计算机研究与发展， 2014 ， 51 ( 7 ): 1397 - 1409 .

LI H , SUN W H , LI F H , et al . Secure and privacy-preserving data storage service in public cloud [J ] . Journal of Computer Research and Development , 2014 , 51 ( 7 ): 1397 - 1409 .

谭霜，贾焰，韩伟红 . 云存储中的数据完整性证明研究及进展 [J ] . 计算机学报， 2015 ， 38 ( 1 ): 164 - 176 .

TAN Z S , JIA Y , HAN W H . Research and development of provable data integrity in cloud storage [J ] . Chinese Journal of Computers , 2015 , 38 ( 1 ): 164 - 176 .

傅颖勋，罗圣美，舒继武 . 安全云存储系统与关键技术综述 [J ] . 计算机研究与发展， 2013 ， 50 ( 1 ): 136 - 145 .

FU Y X , LUO S M , SHU J W . Survey of secure cloud storage system and key technologies [J ] . Journal of Computer Research and Devel-opment , 2013 , 50 ( 1 ): 136 - 145 .

李晖，李凤华，曹进 , 等 . 移动互联服务与隐私保护的研究进展 [J ] . 通信学报， 2014 ， 35 ( 11 ): 1 - 11 .

LI H , LI F H , CAO J , et al . Survey on security and privacy preserving for mobile Internet service [J ] . Journal on Communications , 2014 , 35 ( 11 ): 1 - 11 .

丁滟，王怀民，史佩昌 , 等 . 可信云服务 [J ] . 计算机学报， 2015 ， 38 ( 1 ): 133 - 149 .

DING Y , WANG H M , SHI P C , et al . Trusted cloud services [J ] . Chi-nese Journal of Computers , 2015 , 38 ( 1 ): 133 - 149 .

DIESBURG S M , WANG A I A . A survey of confidential data storage and deletion methods [J ] . ACM Computing Surveys(CSUR) , 2010 , 43 ( 1 ): 1 - 37 .

JOUKOV N , PAPAXENOPOULOS H , ZADOK E . Secure deletion myths,issues,and solutions [C ] // The Second ACM Workshop on Stor-age Security and Survivability (StorageSS) . Alexandria,VA,USA c 2006 : 61 - 66 .

WEI M Y C , GRUPP L M , SPADA F E . Reliably erasing data from flash-based solid state drives [C ] // USENIX Conference on File and Stor-age Technologies (FAST) . Berkeley,CA,USA c 2011 : 105 - 117 .

PÖPPER C , BASIN D , ČAPKUN S . Keeping data secret under full compromise using porter devices [C ] // 26th Annual Computer Se-curity Applications Conference (ACM SAC) . Austin,Texas,USA c 2010 : 241 - 250 .

YU S , WANG C , REN K , et al . Achieving secure,scalable,and fine-grained data access control in cloud computing [C ] // 29th Confer-ence on Computer Communications (IEEE INFOCOM) . San Diego,CA,USA c 2010 : 1 - 9 .

PERLMAN R . File system design with assured delete [C ] // Third IEEE International Security in Storage Workshop (SISW) . San Francisco,CA,USA c 2005 : 83 - 88 .

PERLMAN R . File system design with assured delete [C ] // The 14th Annual Network ＆ Distributed System Security (ISOC NDSS) . San Diego,CA,USA c 2007 : 1 - 7 .

MO Z , XIAO Q , ZHOU Y , et al . On deletion of outsourced data in cloud computing [C ] // The 7th International Conference on Cloud Computing (IEEE CLOUD) . Alaska,USA c 2014 : 344 - 351 .

JREARDON J , BASIN D , CAPKUN S , et al . Sok:secure data dele-tion [C ] // The 34th IEEE Symposium on Security ＆Privacy (IEEE S＆P) . San Francisco,CA,USA c 2013 : 301 - 315 .

REARDON J , RITZDORF H , BASIN D , et al . Secure data deletion from persistent media [C ] // The 2013 ACM SIGSAC Conference on Computer ＆ Communications Security (ACM CCS) . New York,NY,USA c 2013 : 301 - 315 .

ZHAO L , MANNAN M . The 22th Annual Network ＆ Distributed System Security (ISOC NDSS) [C ] // The 22th Annual Network ＆ Distributed System Security (ISOC NDSS) . San Diego,CA,USA c 2015 : 1 - 13 .

张逢喆，陈进，陈海波 , 等 . 云计算中的数据隐私性保护与自我销毁 [J ] . 计算机研究与发展， 2011 ， 48 ( 7 ): 1155 - 1167 .

ZHANG F Z , CHEN J , CHEN H B , et al . Lifetime privacy and self-destruction of data in the cloud [J ] . Journal of Computer Research and Development , 2011 , 48 ( 7 ): 1155 - 1167 .

PERLMAN R . The ephemerizer:making data disappear [J ] . Journal of Information Systems Security , 2005 , 1 ( 11 ): 21 - 32 .

TANG Q , MANNAN M . Timed-ephemerizer:make assured data appear and disap-pear [C ] // The Public Key Infrastructures,Services and Applications . Springer Berlin Heidelberg c 2010 : 195 - 208 .

TANG Q . From ephemerizer to timed-ephemerizer:achieve assured lifecycle enforcement for sensitive data [J ] . The Computer Journal , 2014 : 1 - 18 .

NAIR S K , DASHTI M T , CRISPO B , et al . A hybrid PKI-IBC based ephemerizer system [C ] // The International Information Security Con-ference.Sandton . South Africa c 2007 : 251 - 252 .

TANG Y , LEE P P , LUI J C , et al . FADE:secure overlay cloud storage with file assured deletion [C ] // The Security and Privacy in Communica-tion Networks (SecureComm) . River Valley,Singapore c 2010 : 380 - 397 .

BADRE R . Cloud storage with improved access control and assured deletion [J ] . International Journal of Innovations in Engineering and Technology (IJIET) , 2014 , 3 ( 3 ): 92 - 97 .

TANG Y , LEE P P , LUI J C . Secure overlay cloud storage with access control and assured deletion [J ] . IEEE Transactions on De-pendable and Secure Computing , 2012 , 9 ( 6 ): 903 - 916 .

SHAMIR A . How to share a secret [J ] . Communications of the ACM , 1979 , 22 ( 11 ): 612 - 613 .

GEAMBASU R , KOHNO T , LEVY A , et al . Vanish:increasing data privacy with self-destructing data [C ] // The 18th USENIX Security Symposium . Montreal,Canada c 2009 : 299 - 315 .

WANG G , YUE F , LIU Q . A secure self-destructing scheme for elec-tronic data [J ] . Journal of Computer and System Sciences , 2013 , 79 ( 2 ): 279 - 290 .

WOLCHOK S , HOFMANN O S , HENINGER N , et al . Defeating vanish with low-cost sybil attacks against large DHTs [C ] // The 17th Annual Network ＆ Distributed System Security Conference (ISOC NDSS) . San Diego,CA,USA c 2010 : 1 - 15 .

ZENG L , SHI Z , XU S , et al . SafeVanish:an improved data self-destruction for protecting data privacy [C ] // The IEEE Second In-ternational Conference on Cloud Computing Technology and Science (CloudCom) . Athens,Greece c 2010 : 521 - 528 .

熊金波，姚志强，马建峰 , 等 . 基于行为的结构化文档多级访问控制 [J ] . 计算机研究与发展， 2013 ， 50 ( 7 ): 1399 - 1408 .

XIONG J B , YAO Z Q , MA J F , et al . Action-based multilevel access control for structured document [J ] . Journal of Computer Research and Development , 2013 , 50 ( 7 ): 1399 - 1408 .

BONEH D , FRANKLIN M . Identity-based encryption from the weil pairing [J ] . SIAM Journal on Computing , 2003 , 32 ( 3 ): 586 - 615 .

XIONG J , YAO Z , MA J , et al . secure document self-destruction scheme with identity based encryption [C ] // The 5th International Con-ference on Intelligent Networking and Collaborative Systems (IEEE INCoS) . Xi'an,China c 2013 : 239 - 243 .

熊金波，姚志强，马建峰 , 等 . 面向网络内容隐私的基于身份加密的安全自毁方案 [J ] . 计算机学报， 2014 ， 37 ( 1 ): 139 - 150 .

XIONG J B , YAO Z Q , MA J F , et al . A secure self-destruction scheme with IBE for the internet content privacy [J ] . Chinese Journal of Com-puters , 2014 , 37 ( 1 ): 139 - 150 .

LIU X , MA J , XIONG J , et al . Threshold attribute based encryption with attribute hierarchy for lattices in the standard model [J ] . IET In-formation Security , 2014 , 8 ( 4 ): 217 - 223 .

LI Q , MA J , LI R , et al . Secure,efficient and revocable multi-authority access control system in cloud storage [J ] . Computers ＆ Security , 2016 , 59 ( 6 ): 45 - 59 .

XIONG J , YAO Z , MA J , et al . A secure document self-destruction scheme:an ABE approach [C ] // The 10th International Conference on High Performance Computing and Communications ＆ IEEE Interna-tional Conference on Embedded and Ubiquitous Computing (HPCC_EUC) . Zhangjiajie,China c 2013 : 59 - 64 .

熊金波，姚志强，马建峰 , 等 . 基于属性加密的组合文档安全自毁方案 [J ] . 电子学报， 2013 ， 42 ( 2 ): 366 - 376 .

XIONG J B , YAO Z Q , MA J F , et al . A secure self-destruction scheme for composite documents with attribute based encryption [J ] . Acta Electronica Sinica , 2013 , 42 ( 2 ): 366 - 376 .

CHAN A F , BLAKE I F . Scalable,server-passive,user-anonymous timed release cryptography [C ] // The 25th International Conference on Distributed Computing Systems . Piscataway,USA c 2005 : 504 - 513 .

姚志强，熊金波，马建峰 , 等 . 云计算中一种安全的电子文档自毁方案 [J ] . 计算机研究与发展， 2014 ， 51 ( 7 ): 1417 - 1423 .

YAO Z Q , XIONG J B , MA J F , et al . A secure electronic document self-destructing scheme in cloud computing [J ] . Journal of Computer Research and Development , 2014 , 51 ( 7 ): 1417 - 1423 .

XIONG J , LI F , MA J , et al . A full lifecycle privacy protection scheme for sensitive data in cloud computing [J ] . Peer-to-Peer Networking and Applications , 2015 , 8 ( 6 ): 1025 - 1037 .

REIMANN S , DÜRMUTH M . Timed revocation of user data:long expiration times from existing infrastructure [C ] // The 2012 ACM Workshop on Privacy in the Electronic Society (WPES),Raleigh . NC,USA c 2012 : 65 - 74 .

ROESNER F , GILL B T , KOHNO T , et al . Sex,lies,or kittens? Investigating the use of snapchat's self-destructing messages [C ] // The 18th International Conference on Financial Cryptography and Data Security (FC) . Springer Berlin Heidelberg,Christ Church,Barbados c 2014 : 64 - 76 .

BACKES J , BACKES M , DÜRMUTH M , et al . X-pire!-a digital expiration date for images in social networks [C ] // arXiv preprint arXiv:1112.2649 , 2011 : 1 - 22 .

BACKES M , GERLING S , LORENZ S , et al . X-pire 2.0:a user-controlled expiration date and copy protection mecha-nism [C ] // The 29th Annual ACM Symposium on Applied Computing (ACM SAC) . Gyeongju,Korea c 2014 : 1633 - 1640 .

LUO W , XIE Q , HENGARTNER U , et al . Facecloak:an architecture for user privacy on social networking sites [C ] // The International Conference on Computational Science and Engineering (IEEE CSE) . Van-couver,Canada c 2009 : 26 - 33 .

SIGURBJÖRNSSON B , VAN ZWOL R . Flickr tag recommendation based on collective knowledge [C ] // The 17th International Conference on World Wide Web (ACM WWW) . Beijing,China c 2008 : 327 - 336 .

CASTELLUCCIA C , DE CRISTOFARO E , FRANCILLON A , et al . Ephpub:toward robust ephemeral publishing [C ] // he 19th IEEE In-ternational Conference on Network Protocols (IEEE ICNP) . Vancou-ver,BC Canada c 2011 : 165 - 175 .

ZENG L , CHEN S , WEI Q , et al . Sedas:a self-destructing data system based on active storage framework [J ] . IEEE Transactions on Magnet-ics , 2013 , 49 ( 6 ): 2548 - 2554 .

ATALLAH M J , BLANTON M , FAZIO N , et al . Dynamic and effi-cient key management for access hierarchies [J ] . ACM Transactions on Information and System Security (TISSEC) , 2009 , 12 ( 3 ): 1 - 43 .

WANG W , LI Z , OWENS R , et al . Secure and efficient access to outsourced data [C ] // The ACM Workshop on Cloud Computing Secu-rity . Chicago,IL,USA c 2009 : 55 - 56 .

VIANA W , ANDRADE R , MONTEIRO A J . PEARL:a performance evaluator of cryptographic algorithms for mobile devices [C ] // The In-ternational Workshop on Mobility Aware Technologies and Applica-tions (MATA) . Florianopolis,Brazil c 2004 : 275 - 284 .

王丽娜，任正伟，余荣威 , 等 . 一种适于云存储的数据确定性删除方法 [J ] . 电子学报， 2012 ， 40 ( 2 ): 266 - 272 .

WANG L N , REN Z W , YU R W , et al . A data assured deletion ap-proach adapted for cloud storage [J ] . Acta Electronica Sinica , 2012 , 40 ( 2 ): 266 - 272 .

MO Z , QIAO Y , CHEN S . Two-party fine-grained assured deletion of outsourced data in cloud systems [C ] // The 34th IEEE International Conference on Distributed Computing Systems (IEEE ICDCS) . Ma-drid,Spain c 2014 : 308 - 317 .

LI C , CHEN Y , ZHOU Y . A data assured deletion scheme in cloud storage [J ] . China Communications , 2014 , 11 ( 4 ): 98 - 110 .

CACHIN C , HARALAMBIEV K , HSIAO H C , et al . Policy-based secure deletion [C ] // The ACM SIGSAC Conference on Computer ＆Communications Security (ACM CCS) . New York,NY,USA c 2013 : 259 - 270 .

LI Q , MA J , LI R , et al . Large universe decentralized key-policy at-tribute-based encryption [J ] . Security and Communication Networks , 2015 , 8 ( 3 ): 501 - 509 .

KASAMATSU K , MATSUDA T , EMURA K , et al . Time-specific encryption from forward-secure encryption [C ] // The 8th Conference on Security and Cryptography for Networks (SCN) . Amalfi,Italy c 2012 : 184 - 204 .

XIONG J , LIU X , YAO Z , et al . A secure data self-destructing scheme in cloud computing [J ] . IEEE Transactions on Cloud Computing , 2014 , 2 ( 4 ): 448 - 458 .

ZENG L , WANG Y , FENG D . CloudSky:a controllable data self-destruction system for untrusted cloud storage networks [C ] // The 15th IEEE/ACM International Symposium on Cluster,Cloud and Grid Computing (CCGrid) . Shenzhen,China c 2015 : 352 - 361 .

张坤，杨超，马建峰 , 等 . 基于密文采样分片的云端数据确定性删除方法 [J ] . 通信学报， 2015 ， 36 ( 11 ): 108 - 117 .

ZHANG K , YANG C , MA J F , et al . Novel cloud data assured deletion approach based on ciphertext sample slice [J ] . Journal on Communica-tions , 2015 , 36 ( 11 ): 108 - 117 .

熊金波，沈薇薇，黄阳群 , 等 . 云环境下的数据多副本安全共享与关联删除方案 [J ] . 通信学报， 2015 ， 36 ( z1 ): 136 - 140 .

XIONG J B , SHEN W W , HUANG Y Q , et al . Security sharing and associated deleting scheme for multi-replica in cloud [J ] . Journal on Communications , 2015 , 36 ( z1 ): 136 - 140 .

李凤华，李晖，贾焰 , 等 . 隐私计算研究范畴及发展趋势 [J ] . 通信学报， 2016 ， 37 ( 4 ): 1 - 11 .

LI F H , LI H , JIA Y , et al . Privacy computing:concept,connotation and its research trend [J ] . Journal on Communications , 2016 , 37 ( 4 ): 1 - 11 .

LIU J , ASOKAN N , PINKAS B . Secure deduplication of encrypted data without additional independent servers [C ] // 22nd ACM SIGSAC Conference on Computer and Communications Security (ACM CCS) . Colorado,USA c 2015 : 874 - 885 .

ARMKNECHT F , BOHLI J M , KARAME G O , et al . Transparent data deduplication in the cloud [C ] // The 22nd ACM SIGSAC Confer-ence on Computer and Communications Security (ACM CCS) . Colo-rado,USA c 2015 : 886 - 900 .

ZAYCHIK M V , STOYANOVICH J , ABITEBOUL S , et al . Collabo-rative access control in webdamlog [C ] // The 2015 ACM SIGMOD In-ternational Conference on Management of Data (ACM SIGMOD) . Melbourne,Australia c 2015 : 197 - 211 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于加性秘密共享的洗牌协议的设计

基于秘密共享的轻量级隐私保护ViT推理框架

基于函数加密的密文卷积神经网络模型

K-Modes聚类数据收集和发布过程中的混洗差分隐私保护方法

室内定位隐私保护综述