基于角色对称加密的云数据安全去重

熊金波; 张媛媛; 田有亮; 应作斌; 李琦; 马蓉

doi:10.11959/j.issn.1000-436x.2018077

您当前的位置：

首页 >

文章列表页 >

基于角色对称加密的云数据安全去重

学术论文 | 更新时间：2024-06-05

- 基于角色对称加密的云数据安全去重
- Cloud data secure deduplication scheme via role-based symmetric encryption
- 通信学报 2018年39卷第5期页码：59-73
- 作者机构：
  
  1. 贵州省公共大数据重点实验室（贵州大学），贵州贵阳，550025
  2. 福建师范大学数学与信息学院，福建福州 350117
  3. 安徽大学计算机科学与技术学院,安徽合肥 230601
  4. 南京邮电大学计算机学院，江苏南京 210023
- 作者简介：
  
  [ "熊金波（1981-），男，湖南益阳人，博士，福建师范大学副教授、硕士生导师，主要研究方向为云数据安全、移动数据安全等。" ]
  [ "张媛媛（1992-），女，河南南阳人，福建师范大学硕士生，主要研究方向为云数据安全、移动数据安全等。" ]
  [ "田有亮（1982-），男，贵州六盘水人，博士，贵州大学教授、博士生导师，主要研究方向为算法博弈论、密码学与安全协议、大数据安全与隐私保护、区块链与电子货币等。" ]
  [ "应作斌（1982-），男，安徽芜湖人，博士，安徽大学讲师，主要研究方向为密码学与信息安全、基于位置的隐私保护等。" ]
  [ "李琦（1989-），男，江苏淮安人，博士，南京邮电大学讲师，主要研究方向为基于属性的密码学与访问控制技术。" ]
  [ "马蓉（1992-），女，甘肃兰州人，福建师范大学硕士生，主要研究方向为云数据安全、移动数据安全等。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61772008);国家自然科学基金资助项目(U1405255);国家自然科学基金资助项目(61502248);国家自然科学基金资助项目(61402109);国家自然科学基金—青年科学基金资助项目(61502489);国家自然科学基金资助项目(61502103);贵州省科技重大专项计划基金资助项目(20183001);贵州省公共大数据重点实验室开放课题基金资助项目(2017BDKFJJ028)
- DOI：10.11959/j.issn.1000-436x.2018077
  中图分类号： TP309
- 网络首发：2018-05，
  
  纸质出版：2018-05-25
- 稿件说明：
移动端阅览
熊金波, 张媛媛, 田有亮, 等. 基于角色对称加密的云数据安全去重[J]. 通信学报, 2018,39(5):59-73.

Jinbo XIONG, Yuanyuan ZHANG, Youliang TIAN, et al. Cloud data secure deduplication scheme via role-based symmetric encryption[J]. Journal on Communications, 2018, 39(5): 59-73.
熊金波, 张媛媛, 田有亮, 等. 基于角色对称加密的云数据安全去重[J]. 通信学报, 2018,39(5):59-73. DOI： 10.11959/j.issn.1000-436x.2018077.

Jinbo XIONG, Yuanyuan ZHANG, Youliang TIAN, et al. Cloud data secure deduplication scheme via role-based symmetric encryption[J]. Journal on Communications, 2018, 39(5): 59-73. DOI： 10.11959/j.issn.1000-436x.2018077.

摘要

云计算和大数据技术的飞速发展促使人们进入大数据时代，越来越多的企业和个人选择将数据外包至云服务提供商。数据量的爆炸式增长态势、占据大量存储空间以及庞大的管理开销给云存储带来巨大压力。同时，如何有效防止个人隐私泄露、实现授权访问、云数据安全去重以及密钥更新与权限撤销问题也给云服务提供商提出更大挑战。针对上述问题，提出一种角色对称加密算法，利用角色对称加密将用户角色与密钥相关联，构建角色密钥树，不同角色可根据访问控制策略访问对应权限的文件；同时，提出一种基于角色对称加密的云数据安全去重方案，有效保护个人隐私信息、实现分层结构下的云数据授权去重，并通过群组密钥协商解决角色与密钥映射关系中密钥更新与权限撤销等带来的安全问题。安全性分析表明所提角色对称加密算法和云数据安全去重方案是安全的，性能分析和实验结果表明所提安全去重方案是高效的。

Abstract

The rapid development of cloud computing and big data technology brings prople to enter the era of big data

more and more enterprises and individuals outsource their data to the cloud service providers.The explosive growth of data and data replicas as well as the increasing management overhead bring a big challenge to the cloud storage space.Meanwhile

some serious issues such as the privacy disclosure

authorized access

secure deduplication

rekeying and permission revocation should also be taken into account.In order to address these problems

a role-based symmetric encryption algorithm was proposed

which established a mapping relation between roles and role keys.Moreover

a secure deduplication scheme was proposed via role-based symmetric encryption to achieve both the privacy protection and the authorized deduplication under the hierarchical architecture in the cloud computing environment.Furthermore

in the proposed scheme

the group key agreement protocol was utilized to achieve rekeying and permission revocation.Finally

the security analysis shows that the proposed role-based symmetric encryption algorithm is provably secure under the standard model

and the deduplication scheme can meet the security requirements.The performance analysis and experimental results indicate that the proposed scheme is effective and efficient.

关键词

Keywords

references

XIA W , JIANG H , FENG D , et al . A comprehensive study of the past,present,and future of data deduplication [J ] . Proceedings of the IEEE , 2016 , 104 ( 9 ): 1681 - 1710 .

XIONG J B , ZHANG Y Y , LI F H , et al . Research progress on secure data deduplication in cloud [J ] . Journal on Communications , 2016 , 37 ( 11 ): 169 - 180 .

LIU J , ASOKAN N , PINKAS B . Secure deduplication of encrypted data without additional independent servers [C ] // ACM SIGSAC Conference on Computer and Communications Security . 2015 : 874 - 885 .

XIONG J , ZHANG Y , LI X , et al . RSE-PoW:a role symmetric encryption PoW scheme with authorized deduplication for multimedia data [J ] . Mobile Networks and Applications , 2017 : 1 - 14 .

DOUCEUR J , ADYA A , BOLOSKY W , et al . Reclaiming space from duplicate files in a serverless distributed file system [C ] // International Conference on Distributed Computing Systems . 2002 : 617 - 624 .

PUZIO P , MOLVA R , ONEN M , et al . ClouDedup:secure deduplication with encrypted data for cloud storage [C ] // 5th International Conference on Cloud Computing Technology and Science (CloudCom) . 2013 : 363 - 370 .

LI M , QIN C , LI J , et al . CDStore:toward reliable,secure,and cost-efficient cloud storage via convergent dispersal [J ] . IEEE Internet Computing , 2016 , 20 ( 3 ): 45 - 53 .

STANEK J , SORNIOTTI A , ANDROULAKI E , et al . A secure data deduplication scheme for cloud storage [C ] // International Conference on Financial Cryptography and Data Security,Springer Berlin Heidelberg,2014 , 8437 : 99 - 118 .

BELLARE M , KEELVEEDHI S , RISTENPART T . Message-locked encryption and secure deduplication [C ] // Annual International Conference on the Theory and Applications of Cryptographic Techniques . Springer Berlin Heidelberg,2013 , 7881 : 296 - 312 .

CHEN R , MU Y , YANG G , et al . Bl-MLE:block-level messagelocked encryption for secure large file deduplication [J ] . IEEE Transactions on Information Forensics and Security , 2015 , 10 ( 12 ): 2643 - 2652 .

JIANG T , CHEN X , WU Q , et al . Secure and efficient cloud data deduplication with randomized tag [J ] . IEEE Transactions on Information Forensics and Security , 2017 , 12 ( 3 ): 532 - 543 .

LI J , QIN C , LEE P P C , et al . Rekeying for encrypted deduplication storage [C ] // 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) . 2016 : 618 - 629 .

QIN C , LI J , LEE P P C . The design and implementation of a rekeying-aware encrypted deduplication storage system [J ] . ACM Transactions on Storage (TOS) , 2017 , 13 ( 1 ):9.

PUZIO P , MOLVA R , ÖNEN M , , et al . PerfectDedup:secure data deduplication [C ] // International Workshop on Data Privacy Management . Springer International Publishing , 2015 : 150 - 166 .

BELLARE M , KEELVEEDHI S . Interactive message-locked encryption and secure deduplication [C ] // IACR International Workshop on Public Key Cryptography . Springer Berlin Heidelberg,2013 , 7881 : 296 - 312 .

LI J , CHEN X F , LI M Q , et al . Secure deduplication with efficient and reliable convergent key management [J ] . IEEE Transactions on Parallel and Distributed Systems , 2014 , 25 ( 6 ): 1615 - 1625 .

MIAO M , WANG J , LI H , et al . Secure multi-server-aided data deduplication in cloud computing [J ] . Pervasive and Mobile Computing , 2015 , 24 : 129 - 137 .

HALEVI S , HARNIK D , PINKAS B , et al . Proofs of ownership in remote storage systems [C ] // 18th ACM conference on Computer and Communications Security,ACM , 2011 : 491 - 500 .

DI PIETRO R , SORNIOTTI A . Boosting efficiency and security in proof of ownership for deduplication [C ] // 7th ACM Symposium on Information,Computer and Communications Security . ACM , 2012 : 81 - 82 .

DI PIETRO R , SORNIOTTI A . Proof of ownership for deduplication systems:a secure,scalable,and efficient solution [J ] . Computer Communications , 2016 , 82 : 71 - 82 .

BLASCO J , ROBERTO D P , ALEJANDRO O , et al . A tunable proof of ownership scheme for deduplication using bloom filters [C ] // IEEE Conference on Communications and Network Security (CNS) . 2014 : 481 - 489 .

GONZÁLEZ-MANZANO L , AGUSTIN O . An efficient confidentiality-preserving proof of ownership for deduplication [J ] . Journal of Network and Computer Applications , 2015 , 50 : 49 - 59 .

LI J , LI Y K , CHEN X , et al . A hybrid cloud approach for secure authorized deduplication [J ] . IEEE Transactions on Parallel and Distributed Systems , 2015 , 26 ( 5 ): 1206 - 1216 .

GONZÁLEZ-MANZANO L , FUENTES J M D , CHOO K K R . ase-POW:a proof of ownership mechanism for cloud deduplication in hierarchical environments [C ] // 12th EAI International Conference on Security and Privacy in Communication Networks . 2016 : 412 - 428 .

ZHANG Y , XIONG J , REN J , et al . A novel role symmetric encryption algorithm for authorized deduplication in cloud [C ] // 10th EAI International Conference on Mobile Multimedia Communications (EAI MOBIMEDIA) . 2017 : 104 - 110 .

王宏远 , 祝烈煌 , 李龙一佳 . 云存储中支持数据去重的群组数据持有性证明 [J ] . 软件学报 , 2016 , 27 ( 6 ): 1417 - 1431 .

WANG H Y , ZHU L H , LI L Y J . Group provable data possession with deduplication in cloud storage [J ] . Journal of Software , 2016 , 27 ( 6 ): 1417 - 1431 .

SANTIS A D , FERRARA A L , MASUCCI B . Efficient provably-secure hierarchical key assignment schemes [J ] . Theoretical Computer Science , 2011 , 412 ( 41 ): 5684 - 5699 .

ATALLAH M , BLANTON M , FAZIO N , et al . Dynamic and efficient key management for access hierarchies [J ] . ACM Transactions on Information and System Security (TISSEC) , 2009 , 12 ( 3 ): 1 - 43 .

马骏 , 郭渊博 , 马建峰 , 等 . 物联网感知层一种分层访问控制方案 [J ] . 计算机研究与发展 , 2013 , 50 ( 6 ): 1267 - 1275 .

MA J , GUO Y B , MA J F , et al . A hierarchical access control scheme for perceptual layer of IoT [J ] . Journal of Computer Research and Development , 2013 , 50 ( 6 ): 1267 - 1275 .

宋建业 , 何暖 , 朱一明 , 等 . 基于阿里云平台的密文数据安全去重系统的设计与实现 [J ] . 信息网络安全 , 2017 ( 3 ): 39 - 45 .

SONG J Y , HE N , ZHU Y M , et al . Design and implementation of secure deduplication system for ciphertext data based on Aliyun [J ] . Netinfo Security , 2017 ( 3 ): 39 - 45 .

浏览量

2086

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

云环境中数据安全去重研究进展

基于SM9的周期性可否认环签密方案的设计

基于SM4算法的隐私保护轻量化人脸认证方案

支持类型验证的多维数据选择性聚合方案

基于群签名的慈善捐赠身份隐私安全保护方案