密文去重系统中的数据访问控制策略

贾春福; 哈冠雄; 李瑞琪

doi:10.11959/j.issn.1000-436x.2020062

您当前的位置：

首页 >

文章列表页 >

密文去重系统中的数据访问控制策略

学术论文 | 更新时间：2024-06-05

- 密文去重系统中的数据访问控制策略
- Data access control policy of encrypted deduplication system
- 通信学报 2020年41卷第5期页码：72-83
- 作者机构：
  
  1. 南开大学网络空间安全学院，天津 300350
  2. 天津市网络与数据安全技术重点实验室，天津 300350
- 作者简介：
  
  [ "贾春福（1967- ），男，河北文安人，博士，南开大学教授、博士生导师，主要研究方向为计算机网络与信息安全、可信计算、恶意代码分析等" ]
  [ "哈冠雄（1995- ），男，回族，天津人，南开大学硕士生，主要研究方向为云数据安全、密码学应用等" ]
  [ "李瑞琪（1993- ），男，黑龙江尚志人，南开大学博士生，主要研究方向为同态加密、格密码学等" ]
- 基金信息：
  
  国家重点研发计划基金资助项目(2018YFA0704703);国家自然科学基金资助项目(61972215);国家自然科学基金资助项目(61772291);国家自然科学基金资助项目(61702399);国家自然科学基金资助项目(61972073);天津市自然科学基金资助项目(17JCZDJC30500)
- DOI：10.11959/j.issn.1000-436x.2020062
  中图分类号： TP309.2
- 网络出版日期：2020-05，
  
  纸质出版日期：2020-05-25
- 稿件说明：
移动端阅览
贾春福, 哈冠雄, 李瑞琪. 密文去重系统中的数据访问控制策略[J]. 通信学报, 2020,41(5):72-83.

Chunfu JIA, Guanxiong HA, Ruiqi LI. Data access control policy of encrypted deduplication system[J]. Journal on communications, 2020, 41(5): 72-83.
贾春福, 哈冠雄, 李瑞琪. 密文去重系统中的数据访问控制策略[J]. 通信学报, 2020,41(5):72-83. DOI： 10.11959/j.issn.1000-436x.2020062.

Chunfu JIA, Guanxiong HA, Ruiqi LI. Data access control policy of encrypted deduplication system[J]. Journal on communications, 2020, 41(5): 72-83. DOI： 10.11959/j.issn.1000-436x.2020062.

摘要

针对云存储中现有密文去重系统大多使用收敛加密，数据所有者无法对外包数据进行有效访问控制的问题，设计了支持身份认证、授权去重、权限更新等访问控制功能的密文去重系统。外包数据仅与授权用户去重，未授权用户无法获取数据信息；通过CP-ABE与ElGamal私钥的动态拆分更新数据的访问权限；使用自我控制对象封装用户数据及其访问策略，对数据访问者进行身份认证并确保访问控制策略有效执行。安全性分析与仿真实验表明，所提系统实现了数据访问控制且具有较高的执行效率。

Abstract

To solve the problem that convergent encryption was commonly used in existing encrypted deduplication systems in cloud storage and data owner couldn’t effectively enforce access control on their outsourced data

an encrypted deduplication system was proposed to support access control functions such as identity authentication

authorization deduplication and the update of access control policy.The outsourced data was only deduplicated with the authorized users

and the unauthorized users couldn’t obtain any data information.CP-ABE and the partition of the ElGamal private key were used to update the access control policy of data.Self-control objects was used to encapsulate user’s data and its access policy

providing authentication for data visitors and ensuring the access control policies enforced effectively.Security analysis and simulation results demonstrate that the proposed system enables data access control and executes efficiently.

关键词

Keywords

references

熊金波 , 张媛媛 , 李凤华 , 等 . 云环境中数据安全去重研究进展 [J ] . 通信学报 , 2016 , 37 ( 11 ): 169 - 180 .

XIONG J B , ZHANG Y Y , LI F H , et al . Research progress on secure data deduplication in cloud [J ] . Journal on Communications , 2016 , 37 ( 11 ): 169 - 180 .

DOUCEUR J , ADYA A , BOLOSKY W , et al . Reclaiming space from duplicate files in a serverless distributed file system [C ] // 22nd International Conference on Distributed Computing Systems . Piscataway:IEEE Press , 2002 : 617 - 624 .

BELLARE M , KEELVEEDHI S , RISTENPART T . DupLESS:server-aided encryption for deduplicated storage [C ] // 22nd USENIX Security Symposium . Berkeley:USENIX Association , 2013 : 179 - 194 .

BELLARE M , KEELVEEDHI S , RISTENPART T . Message-locked encryption and secure deduplication [M ] . Berlin : SpringerPress , 2013 : 296 - 312 .

LI J , QIN C , LEE P , et al . Information leakage in encrypted deduplication via frequency analysis [C ] // 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks . Piscataway:IEEE Press , 2017 : 2110 - 2118 .

HARNIK D , PINKAS B , SHULMAN-PELEG A . Side channels in cloud services:deduplication in cloud storage [J ] . IEEE Security ＆Privacy , 2010 , 8 ( 6 ): 40 - 47 .

HALEVI S , HARNIK D , PINKAS B , et al . Proofs of ownership in remote storage systems [C ] // The 18th ACM conference on Computer and Communications Security (CCS 2011) . New York:ACM Press , 2011 : 491 - 500 .

LI M , QIN C , LEE P . CDStore:toward reliable,secure,and cost-efficient cloud storage via convergent dispersal [C ] // USENIX Annual Technical Conference . Berkeley:USENIX Association , 2015 : 111 - 124 .

SHIN Y , KIM K . Differentially private client-side data deduplication protocol for cloud storage services [J ] . Security and Communication Networks , 2015 , 8 ( 12 ): 2114 - 2123 .

XU J , CHANG E C , ZHOU J . Weak leakage-resilient client-side deduplication of encrypted data in cloud storage [C ] // 8th ACM SIGSAC Symposium on Information,Computer and Communications Security . New York:ACM Press , 2013 : 195 - 206 .

LI J , LI Y K , CHEN X , et al . A hybrid cloud approach for secure authorized deduplication [J ] . IEEE Transactions on Parallel and Distributed Systems , 2015 , 26 ( 5 ): 1206 - 1216 .

QIN C , LI J , LEE P . The design and implementation of a rekeying-aware encrypted deduplication storage system [J ] . ACM Transactions on Storage , 2017 , 13 ( 1 ): 1 - 30 .

SQUICCIARINI A , PETRACCA G , BERTINO E . Adaptive data protection in distributed systems [C ] // Third ACM Conference on Data and Application Security and Privacy . New York:ACM Press , 2013 : 365 - 376 .

THILAKANATHAN D , CALVO R , CHEN S , et al . Secure and controlled sharing of data in distributed computing [C ] // Proceedings of the 16th IEEE International Conference on Computational Science and Engineering . Piscataway:IEEE Press , 2013 : 825 - 832 .

ZAFAR F , KHAN A , MALIK S U R , et al . A survey of cloud computing data integrity schemes:design challenges,taxonomy and future trends [J ] . Computers ＆ Security , 2017 ( 65 ): 29 - 49 .

BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption [C ] // 2007 IEEE Symposium on Security and Privacy (S＆P 2007) . Piscataway:IEEE Press , 2007 : 321 - 334 .

GAMAL T E . A public key cryptosystem and a signature scheme based on discrete logarithms [J ] . IEEE Transactions on Information Theory , 1985 , 31 ( 4 ): 469 - 472 .

林婷婷 , 来学嘉 . 白盒密码研究 [J ] . 密码学报 , 2015 , 2 ( 3 ): 258 - 267 .

LIN T T , LAI X J . Research on white-box cryptography [J ] . Journal of Cryptologic Research , 2015 , 2 ( 3 ): 258 - 267 .

王鹃 , 樊成阳 , 程越强 , 等 . SGX 技术的分析和研究 [J ] . 软件学报 , 2018 , 29 ( 9 ): 2778 - 2798 .

WANG J , FAN C Y , CHENG Y Q , et al . Analysis and research on SGX technology [J ] . Journal of Software , 2018 , 29 ( 9 ): 2778 - 2798 .

杨超 , 张俊伟 , 董学文 , 等 . 云存储加密数据去重删除所有权证明方法 [J ] . 计算机研究与发展 , 2015 , 52 ( 1 ): 248 - 258 .

YANG C , ZHANG J W , DONG X W , et al . Proving method of ownership of encrypted files in cloud de-duplication deletion [J ] . Journal of Computer Research and Development , 2015 , 52 ( 1 ): 248 - 258 .

浏览量

827

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

面向云存储且支持重加密的多关键词属性基可搜索加密方案

基于区块链的噪声化数据分享控制协议

雾计算中基于无配对CP-ABE可验证的访问控制方案

雾计算中细粒度属性更新的外包计算访问控制方案

基于区块链的可溯源访问控制机制