基于阈值重加密的抗边信道攻击云数据安全去重方法
Threshold re-encryption based secure deduplication method for cloud data with resistance against side channel attack
- 通信学报 2020年41卷第6期 页码:98-111
- 作者机构:
1. 国际关系学院信息科技学院,北京 100091
2. 北京邮电大学网络空间安全学院,北京 100084
- 作者简介:
[ "唐鑫(1987- ),男,江苏南京人,博士,国际关系学院讲师,主要研究方向为数字内容安全、信息隐藏、云数据安全" ]
[ "周琳娜(1972- ),女,湖南衡阳人,博士,北京邮电大学教授,主要研究方向为信息内容安全、行为分析、数字取证、信息隐藏" ]
[ "单伟杰(1996- ),男,河南周口人,国际关系学院硕士生,主要研究方向为信息隐藏、云数据安全" ]
[ "刘丹(1995- ),女,河北石家庄人,国际关系学院硕士生,主要研究方向为信息隐藏、云数据安全" ]
- 基金信息:国际关系学院国家安全高精尖学科建设科研专项基金资助项目(2019GA36);国家自然科学基金资助项目(U1536207);国家重点研发计划基金资助项目(2016QY04W0803)
DOI:10.11959/j.issn.1000-436x.2020103
中图分类号: TP302-
网络首发:2020-06,
纸质出版:2020-06-25
- 稿件说明:
移动端阅览
唐鑫, 周琳娜, 单伟杰, 等. 基于阈值重加密的抗边信道攻击云数据安全去重方法[J]. 通信学报, 2020,41(6):98-111.
Xin TANG, Linna ZHOU, Weijie SHAN, et al. Threshold re-encryption based secure deduplication method for cloud data with resistance against side channel attack[J]. Journal on Communications, 2020, 41(6): 98-111.
唐鑫, 周琳娜, 单伟杰, 等. 基于阈值重加密的抗边信道攻击云数据安全去重方法[J]. 通信学报, 2020,41(6):98-111. DOI: 10.11959/j.issn.1000-436x.2020103.
Xin TANG, Linna ZHOU, Weijie SHAN, et al. Threshold re-encryption based secure deduplication method for cloud data with resistance against side channel attack[J]. Journal on Communications, 2020, 41(6): 98-111. DOI: 10.11959/j.issn.1000-436x.2020103.
摘要
针对加密云数据阈值去重中的安全性和效率问题,提出一种基于阈值重加密的抗边信道攻击云数据安全去重方法。设计了一种轻量级的阈值重加密机制,将用户端的密文分割转变为密钥分割,并且把二次加密转移到云端执行,从而大大减少了用户端的计算开销。所提机制允许用户从一次加密密文和重加密密文中均可解密出明文,从而避免了对同一文件多次加密的开销。同时,所提方法支持云服务提供商和用户端双向的数据完整性验证,直接确保密文副本和用户端明文数据的对应性。实验结果表明,所提方法大大降低了用户端的计算开销,且同时取得了较好的云端存储性能。
Abstract
For security and efficiency problems in threshold based deduplication for cloud data
a novel method based on threshold re-encryption was proposed to deal with side channel attacks.A lightweight threshold re-encryption mechanism was presented to transfer the secondary encryption to the cloud for execution and allow clients to generate ciphertext based on key segmentation instead of ciphertext segmentation
both of which largely reduce computational overhead of clients.Also
the proposed mechanism enables clients to decrypt from both one-time encrypted and re-encrypted ciphertext
thus avoiding the overhead of redundant encryption of the same file.Mutual integrity verification between cloud service provider and clients was also supported by the proposed method
which directly ensured the correctness of the correspondence between ciphertext and plaintext on client side.Experiments show that the proposed method not only largely reduces the computational overhead on client side
but also achieves superior storage performance on cloud side simultaneously.
关键词
Keywords
references
GAI K K , QIU M K . Blend arithmetic operations on tensor-based fully homomorphic encryption over real numbers [J ] . IEEE Transactions on Industrial Informatics , 2017 , 14 ( 8 ): 3590 - 3598 .
LIU J , ASOKAN N , PINKAS B . Secure deduplication of encrypted data without additional independent servers [C ] // Proceedings of the 22nd ACM Conference on Computer and Communications Security . New York:ACM Press , 2015 : 874 - 855 .
YAN Z , DING W X , YU X X , et al . Deduplication on encrypted big data in cloud [J ] . IEEE Transactions on Big Data , 2016 , 2 ( 2 ): 138 - 150 .
BELLARE M , KEELVEEDHI S , RISTENPART T . DepLess:server-aided encryption for deduplicated storage [C ] // Proceedings of the 22nd USENIX Security Symposium . Berkeley:USENIX Association , 2013 : 179 - 194 .
KWON H , HAHN C , KOO D Y , et al . Scalable and reliable key management for secure deduplication in cloud storage [C ] // Proceedings of IEEE the 10th International Conference on Cloud Computing . Piscataway:IEEE Press , 2017 : 391 - 398 .
DUAN Y , . Distributed key generation for encrypted deduplication:achieving the strongest privacy [C ] // Proceedings of the 21st ACM Conference on Computer and Communications Security Workshop . New York:ACM Press , 2014 : 57 - 68 .
YU C M , . Poster:efficient cross-user chunk-level client-side data deduplication with symmetrically encrypted two-party interactions [C ] // Proceedings of the 23rd ACM Conference on Computer and Communications Security . New York:ACM Press , 2016 : 1763 - 1765 .
ZUO P F , HUA Y , WANG C , et al . Mitigating traffic-based side channel attacks in bandwidth-efficient cloud storage [C ] // Proceedings of the 32nd IEEE International Parallel & Distributed Processing Symposium . Piscataway:IEEE Press , 2018 : 1153 - 1162 .
POORANIAN Z , CHEN K C , YU C M , et al . RARE:defeating side channels based on data-deduplication in cloud storage [C ] // Proceedings of the 37th IEEE International Conference on Computer Communications Workshops . Piscataway:IEEE Press , 2018 : 444 - 449 .
YU C M , GOCHHAYAT S P , CONTI M , et al . Privacy aware data deduplication for side channel in cloud storage [J ] . IEEE Transactions on Cloud Computing , 2018 ,doi:10.1109/TCC.2018.2794542.
HARNIK D , PINKAS B , SHULMAN-PELEG A . Side channels in cloud services:deduplication in cloud storage [J ] . IEEE Security &Privacy , 2010 , 8 ( 6 ): 40 - 47 .
STANEK J , KENCL L . Enhanced secure thresholded data deduplication scheme for cloud storage [J ] . IEEE Transactions on Dependable and Secure Computing , 2018 , 15 ( 4 ): 694 - 707 .
ZHANG Y , MAO Y L , XU M Z , et al . Towards thwarting template side-channel attacks in secure cloud deduplications [J ] . IEEE Transactions on Dependable and Secure Computing , 2019 ,doi:10.1109/TDSC.2019.2911502.
STANEK J , SORNIOTTI A , ANDROULAKI E , et al . A secure data deduplication scheme for cloud storage [C ] // Proceedings of the 18th International Conference on Financial Cryptography and Data Security.S.n.:s.l . , 2014 : 99 - 118 .
ARMKNECHT F , BOYD C , DAVIES G T , et al . Side channels in deduplication:Trade-offs between leakage and efficiency [C ] // Proceedings of the 12nd ACM Asia Conference on Computer and Communications Security . New York:ACM Press , 2017 : 266 - 274 .
BELLARE M , KEELVEEDHI S , RISTENPART T . DepLESS:server-aided encryption for deduplicated storage [C ] // Proceedings of the 22nd USENIX Security Symposium . Berkeley:USENIX Association , 2013 : 179 - 194 .
LIU X F , SUN W H , LOU W J , et al . One-tag checker:message-locked integrity auditing on encrypted cloud deduplication storage [C ] // Proceedings of the 36th IEEE Conference on Computer Communications . Piscataway:IEEE Press , 2017 : 1 - 9 .
TANG X , ZHOU L N , HUANG Y F , et al . Efficient cross-user deduplication of encrypted data through re-encryption [C ] // Proceedings of the 17th IEEE International Conference on Trust,Security and Privacy in Computing and Communications . Piscataway:IEEE Press , 2018 : 897 - 904 .
DANG H , CHANG E C . Privacy-preserving data deduplication on trusted processors [C ] // Proceedings of IEEE the 10th International Conference on Cloud Computing . Piscataway:IEEE Press , 2017 : 66 - 73 .
ZHANG K , LIANG X H , LU R X , et al . Sybil attacks and their defenses in the Internet of Things [J ] . IEEE Internet of Things Journal , 2014 , 1 ( 5 ): 372 - 383 .
DOUCEUR J , ADYA A , BOLOSKY W , et al . Reclaiming space from duplicate files in a server-less distributed file system [C ] // Proceedings of the 22nd International Conference on Distributed Computing Systems . Piscataway:IEEE Press , 2002 : 617 - 624 .
SHAMIR A . How to share a secret [J ] . Communications of the ACM , 1979 , 22 ( 11 ): 612 - 613 .
ATENIESE G , HOHENBERGER , . Proxy re-signatures:new definitions,algorithms,and applications [C ] // Proceedings of the 22nd ACM Conference on Computer and Communications Security . New York:ACM Press , 2015 : 310 - 319 .
0
浏览量
1996
下载量
0
CSCD
- 网络PDF下载
- XML下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
AI问答- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies
- 总访问量:583619 今日访问量:1435