面向云存储的数据加密系统与技术研究

韩培义; 刘川意; 王佳慧; 段少明; 潘鹤中; 方滨兴

doi:10.11959/j.issn.1000-436x.2020140

您当前的位置：

首页 >

文章列表页 >

面向云存储的数据加密系统与技术研究

学术论文 | 更新时间：2024-06-05

- 面向云存储的数据加密系统与技术研究
- Research on data encryption system and technology for cloud storage
- 通信学报 2020年41卷第8期页码：55-65
- 作者机构：
  
  1. 北京邮电大学网络空间安全学院，北京 100876
  2. 哈尔滨工业大学（深圳）计算机科学与技术学院，广东深圳 518055
  3. 鹏城实验室网络空间安全研究中心，广东深圳 518040
  4. 国家信息中心信息与网络安全部，北京 100045
- 作者简介：
  
  [ "韩培义（1992- ），男，山西吕梁人，北京邮电大学博士生，主要研究方向为数据安全、云安全" ]
  [ "刘川意（1982- ），男，四川乐山人，哈尔滨工业大学（深圳）副教授，主要研究方向为云计算与云安全、大规模存储系统、数据保护与数据安全" ]
  [ "王佳慧（1983- ），女，山西大同人，国家信息中心博士生，主要研究方向为数据安全、云安全、云取证安全、大数据安全" ]
  [ "段少明（1994- ），男，湖南邵阳人，哈尔滨工业大学（深圳）博士生，主要研究方向为数据安全、机器学习" ]
  [ "潘鹤中（1991- ），男，辽宁本溪人，北京邮电大学博士生，主要研究方向为数据安全、云安全" ]
  [ "方滨兴（1960- ），男，江西上饶人，中国工程院院士，哈尔滨工业大学（深圳）教授，主要研究方向为网络与信息安全、内容安全" ]
- 基金信息：
  
  广东省重点研发计划基金资助项目(2019B010136001);国家重点研发计划基金资助项目(2018YFB1004005);国家自然科学基金资助项目(61872110)
- DOI：10.11959/j.issn.1000-436x.2020140
  中图分类号： TP309.2
- 网络出版日期：2020-08，
  
  纸质出版日期：2020-08-25
- 稿件说明：
移动端阅览
韩培义, 刘川意, 王佳慧, 等. 面向云存储的数据加密系统与技术研究[J]. 通信学报, 2020,41(8):55-65.

Peiyi HAN, Chuanyi LIU, Jiahui WANG, et al. Research on data encryption system and technology for cloud storage[J]. Journal on communications, 2020, 41(8): 55-65.
韩培义, 刘川意, 王佳慧, 等. 面向云存储的数据加密系统与技术研究[J]. 通信学报, 2020,41(8):55-65. DOI： 10.11959/j.issn.1000-436x.2020140.

Peiyi HAN, Chuanyi LIU, Jiahui WANG, et al. Research on data encryption system and technology for cloud storage[J]. Journal on communications, 2020, 41(8): 55-65. DOI： 10.11959/j.issn.1000-436x.2020140.

摘要

针对云存储数据安全问题，提出了面向浏览器云存储应用的自动化数据加密系统。该系统采用JavaScript动态程序分析技术，可自动化识别与适配各类云应用，确保了对各类云应用敏感数据的加密保护，并集成了基于安全网关执行的密文搜索功能，在实现数据加密保护的同时还可最大限度地保持云应用原有功能。实验结果表明，该系统可自动化适配加密各类云应用，支持密文搜索功能，且花费较小的性能代价。

Abstract

To order to address the problem of cloud storage data security

the generic proxy-based data protection system was proposed

which could automatically and transparently secure sensitive data in browser-based cloud storage applications.A novel dynamic program analysis technique was adopted based on JavaScript API function hooking for automatically extending to various cloud applications.And a novel proxy executed searchable encryption solution was presented so that it could achieve data encryption while maintaining the original functions of cloud applications.Experimental results show that the system can support a variety of typical cloud services

effectively protect sensitive data

and bring a relatively low overhead.

关键词

Keywords

references

FREEBUF . 2019年网络安全事件回顾（国际篇） [R ] .(2020-02-10)[2020-03-08 ] .

FREEBUF . Review of cybersecurity incidents in 2019 (International) [R ] .(2020-02-10)[2020-03-08 ] .

SAN JOSE . Ciphercloud:cloud services adoption while ensuring security,compliance and control [R ] .(2017-06-19)[2020-03-08 ] .

NEIL M , BRIAN L , CRAIG L , et al . Market guide for cloud access security brokers [R ] .(2016-10-24)[2020-03-08 ] .

SCOTT R , NATHAN K , BEN B , et al . When automatic encryption leads to confusion and mistakes [C ] // Symposium on Usable Privacy and Security.[S.n.:s.l] . 2013 : 1 - 5 .

SOARERSOFT SOFTWARE . Folder encryption dog:encrypt your folder and maintain the privacy of your confidential data [R ] .(2012-03-19)[2020-03-08 ] .

RUOTI S , ANDERSEN J , MONSON T , et al . Messageguard:a browser-based platform for usable,content-based encryption research [J ] . arXiv Preprint,arXiv:1510.08943 , 2015

RUOTI S , KENT S , DANIEL Z . Layering security at global control points to secure unmodified software [C ] // 2017 IEEE Cybersecurity Development . Piscataway:IEEE Press , 2017 : 42 - 49 .

VIRTRU CORPORATION TERMS . Virtru:email encryption and data security for business privacy [R ] .(2017-01-24)[2020-03-08 ] .

WARREN H , DEVDATTA A , SUMEET J , et al . Shadowcrypt:encrypted web applications for everyone [C ] // ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2014 : 1028 - 1039 .

GUO X , HUANG Y , YE J , et al . ShadowFPE:new encrypted Web application solution based on shadow DOM [J ] . Mobile Networks and Applications , 2020 ( 4 ): 1 - 14 .

BILLY L , SIMON C , CHENGYU S , et al . Mimesis aegis:a mimicry privacy shield–a systems approach to data privacy on public cloud [C ] // 23rd USENIX Security Symposium . Berkeley:USENIX Association , 2014 : 33 - 48 .

GARTNER . Top 10 security projects for 2019 [R ] .(2019-03-11)[2020-03-08 ] .

RALUCA P , REDFIELD , NICKOLAI Z , et al . Cryptdb:protecting confidentiality with encrypted query processing [C ] // 23rd ACM Symposium on Operating Systems . New York:ACM Press , 2011 : 85 - 100 .

PODDAR R , TOBIAS B , RULUCA A . Arx:an encrypted database using semantically secure encryption [J ] . Proceedings of the VLDB Endowment , 2019 , 12 ( 11 ): 1664 - 1678 .

RALUCA P , EMELIE S , STEVEN V , et al . Building Web applications on top of encrypted data using mylar [C ] // 11th USENIX Symposium on Networked Systems Design and Implementation . Berkeley:USENIX Association , 2014 : 157 - 172 .

BENI E H , LAGAISSE B , JOOSEN W , et al . DataBlinder:a distributed data protection middleware supporting search and computation on encrypted data [C ] // The 20th International Middleware Conference Industrial Track.[S.n.:s.l] . 2019 : 50 - 57 .

SONG D , DAVID W , ADRIAN P . Practical techniques for searches on encrypted data [C ] // 2000 IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2000 : 44 - 55 .

GOH E J . Secure indexes [J ] . IACR Cryptology ePrint Archive , 2003 ( 216 ): 1 - 19 .

CURTMOLA R , GARAY J , KAMARA S , et al . Searchable symmetric encryption:improved definitions and efficient constructions [J ] . Journal of Computer Security , 2011 , 19 ( 5 ): 895 - 934 .

XIA Z , WANG X , SUN X , et al . A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data [J ] . IEEE Transactions on Parallel and Distributed Systems , 2016 , 27 ( 2 ): 340 - 352 .

LI J , WANG Q , WANG C , et al . Fuzzy keyword search over encrypted data in cloud computing [C ] // Proceedings of IEEE INFOCOM . Piscataway:IEEE Press , 2010 : 1 - 5 .

MARGARET ROUSE . Trusted platform module (TPM) [R ] .(2019-03-11)[2020-03-08 ] .

MDN CONTRIBUTORS . JavaScript API XMLHttpRequest [R ] .(2019-03-23)[2020-03-08 ] .

MDN CONTRIBUTORS . JavaScript API file [R ] .(2019-03-23)[2020-03-08 ] .

WITTERN E , ANNIE Y , YUNHUI Z , et al . Statically checking Web API requests in JavaScript [C ] // 39th International Conference on Software Engineering . Piscataway:IEEE Press , 2017 : 244 - 254 .

VACCA J . Public key infrastructure [M ] . Public Key Infrastructure : Building Trusted Applications and Web ServicesPress , 2004 .

ADI S . Identity-based cryptosystems and signature schemes [J ] . Lecture Notes in Computer Science , 1985 , 196 ( 2 ): 47 - 53 .

DAN B , GIOVANNI D , RAFAIL O . Public key encryption with keyword search [C ] // International Conference on the Theory and Applications of Cryptographic Techniques . Piscataway:IEEE Press , 2004 : 506 - 522 .

KAMARA S , CHARALAMPOS P , TOM R . Dynamic searchable symmetric encryption [C ] // ACM Conference on Computer and Communications Security . New York:ACM Press , 2012 : 965 - 976 .

CURTMOLA R , GARAY J , KAMARA S , et al . Searchable symmetric encryption:improved definitions and efficient constructions [J ] . Journal of Computer Security , 2011 , 19 ( 5 ): 895 - 934 .

CHANG Y , MICHAEL M . Privacy preserving keyword searches on remote encrypted data [C ] // International Conference on Applied Cryptography and Network Security . Berlin:Springer , 2005 : 442 - 455 .

王国峰 , 刘川意 , 韩培义 , 等 . 基于访问代理的数据加密及搜索技术研究 [J ] . 通信学报 , 2018 , 39 ( 7 ): 1 - 14 .

WANG G F , LIU C Y , HAN P Y , et al . Research on technology of data encryption and search based on access broker [J ] . Journal on Communications , 2018 , 39 ( 7 ): 1 - 14 .

CLARKE J , ALEX B . The SQUID handbook [M ] . Weinheim : Wiley-VchPress , 2004 .

DWORKIN M . Recommendation for block cipher modes of operation:methods and techniques [J ] . National Institute of Standards and Technology Gaithersburg MD Computer Security , 2001 , 5 ( 6 ): 669 - 675 .

STANFORD . Stanford javascript crypto library [R ] .(2013-11-17)[2020-03-08 ] .

OPENSSL SOFTWARE FOUNDATION . OpenSSL cryptography and SSL/TLS toolkit [R ] .(2009-10-07)[2020-03-08 ] .

DAN B , MATT F , BEN L , et al . Stanford IBE library [R ] .(2011-09-20)[2020-03-08 ] .

KRAWCZYK H , RAN C , MIHIR B . HMAC:keyed-hashing for message authentication [R ] .(1997-02-01)[2020-03-08 ] .

RALLY . Macrobenchmarking framework for elasticsearch [R ] .(2015-12-22)[2020-03-08 ] .

浏览量

1628

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

无人系统中离线强化学习的隐蔽数据投毒攻击方法

基于DSMM的数据分类分级探索与实践

基于多级代理许可区块链的联邦边缘学习模型

基于强化学习的多层卫星网络边缘安全决策方法

基于访问代理的数据加密及搜索技术研究