加密去重场景下基于AONT和NTRU的密钥更新方案

贾春福; 哈冠雄; 武少强; 陈杭; 李瑞琪

doi:10.11959/j.issn.1000-436x.2021187

您当前的位置：

首页 >

文章列表页 >

加密去重场景下基于AONT和NTRU的密钥更新方案

学术论文 | 更新时间：2024-06-05

- 加密去重场景下基于AONT和NTRU的密钥更新方案
- AONT-and-NTRU-based rekeying scheme for encrypted deduplication
- 通信学报 2021年42卷第10期页码：67-80
- 作者机构：
  
  1. 南开大学网络空间安全学院，天津 300350
  2. 天津市网络与数据安全技术重点实验室，天津 300350
- 作者简介：
  
  [ "贾春福（1967- ），男，河北文安人，博士，南开大学教授、博士生导师，主要研究方向为网络与信息安全、可信计算、恶意代码分析、密码技术应用等" ]
  [ "哈冠雄（1995- ），男，回族，天津人，南开大学博士生，主要研究方向为云数据安全、密码学应用" ]
  [ "武少强（1996- ），女，山西汾阳人，南开大学硕士生，主要研究方向为密码学应用、隐私保护" ]
  [ "陈杭（1998- ），女，天津人，南开大学硕士生，主要研究方向为密码学应用、加密去重" ]
  [ "李瑞琪（1993- ），男，黑龙江尚志人，南开大学博士生，主要研究方向为同态加密、格密码学等" ]
- 基金信息：
  
  国家重点研发计划基金资助项目(2018YFA0704703);国家自然科学基金资助项目(61972215);国家自然科学基金资助项目(61972073);国家自然科学基金资助项目(62172238);天津市自然科学基金资助项目(20JCZDJC00640)
- DOI：10.11959/j.issn.1000-436x.2021187
  中图分类号： TP309.2
- 网络出版日期：2021-10，
  
  纸质出版日期：2021-10-25
- 稿件说明：
移动端阅览
贾春福, 哈冠雄, 武少强, 等. 加密去重场景下基于AONT和NTRU的密钥更新方案[J]. 通信学报, 2021,42(10):67-80.

Chunfu JIA, Guanxiong HA, Shaoqiang WU, et al. AONT-and-NTRU-based rekeying scheme for encrypted deduplication[J]. Journal on communications, 2021, 42(10): 67-80.
贾春福, 哈冠雄, 武少强, 等. 加密去重场景下基于AONT和NTRU的密钥更新方案[J]. 通信学报, 2021,42(10):67-80. DOI： 10.11959/j.issn.1000-436x.2021187.

Chunfu JIA, Guanxiong HA, Shaoqiang WU, et al. AONT-and-NTRU-based rekeying scheme for encrypted deduplication[J]. Journal on communications, 2021, 42(10): 67-80. DOI： 10.11959/j.issn.1000-436x.2021187.

摘要

密钥更新是对抗密钥泄露的有效方法。现有加密去重系统大多基于消息锁加密实现，拥有相同数据的多个用户共享同一加密密钥，某一用户更新密钥时其他数据所有者需同步该更新，这将引起较大的计算和通信开销。针对这一问题，提出了一种基于AONT和NTRU的密钥更新方案，设计了一个AONT的变体以解决多用户密钥更新时的同步问题，引入了一种基于NTRU的代理重加密方案以降低密钥更新过程中的系统通信开销和客户端计算开销。效率分析与实验结果表明，所提方案与现有方案相比具有更高的加解密效率，显著降低了密钥更新过程中的时间开销。

Abstract

Rekeying is a good way to protect against key exposure.Most of the existing encrypted deduplication systems are implemented based on message-locked-encryption

in which multiple users with the identical data share the same encryption key.When a user updates keys

that update must be followed by all other data owners

which will incur large computational and communicational overheads.To solve this problem

an AONT-and-NTRU-based rekeying scheme was proposed

a variant of AONT was designed to solve the synchronization problem of multi-user rekeying

and a proxy re-encryption algorithm based on NTRU was introduced to reduce the communicational overhead for the system and computational overhead for clients during rekeying.The efficiency analysis and experimental results show that the proposed scheme has better encryption and decryption efficiency than existing schemes and the time cost of rekeying is significantly reduced.

关键词

Keywords

references

冯登国 , 张敏 , 张妍 , 等 . 云计算安全研究 [J ] . 软件学报 , 2011 , 22 ( 1 ): 71 - 83 .

FENG D G , ZHANG M , ZHANG Y , et al . Study on cloud computing security [J ] . Journal of Software , 2011 , 22 ( 1 ): 71 - 83 .

熊金波 , 张媛媛 , 李凤华 , 等 . 云环境中数据安全去重研究进展 [J ] . 通信学报 , 2016 , 37 ( 11 ): 169 - 180 .

XIONG J B , ZHANG Y Y , LI F H , et al . Research progress on secure data deduplication in cloud [J ] . Journal on Communications , 2016 , 37 ( 11 ): 169 - 180 .

SHIN Y , KOO D , HUR J . A survey of secure data deduplication schemes for cloud storage systems [J ] . ACM Computing Surveys , 2017 , 49 ( 4 ): 1 - 38 .

XIA W , JIANG H , FENG D , et al . A comprehensive study of the past,present,and future of data deduplication [J ] . Proceedings of the IEEE , 2016 , 104 ( 9 ): 1681 - 1710 .

BELLARE M , KEELVEEDHI S , RISTENPART T . Message-locked encryption and secure deduplication [C ] // Advances in Cryptology –EUROCRYPT 2013 . Berlin:Springer , 2013 : 296 - 312 .

XU J , CHANG E C , ZHOU J Y . Weak leakage-resilient client-side deduplication of encrypted data in cloud storage [C ] // Proceedings of the 8th ACM SIGSAC symposium on Information,computer and communications security . New York:ACM Press , 2013 : 195 - 206 .

BOYD C , DAVIES G T , GJØSTEEN K , et al . Fast and secure updatable encryption [C ] // Advances in Cryptology – CRYPTO 2020 . Cham:Springer International Publishing , 2020 : 464 - 493 .

LEHMANN A , TACKMANN B . Updatable encryption with post-compromise security [C ] // Advances in Cryptology – EUROCRYPT 2018 . Cham:Springer International Publishing , 2018 : 685 - 716 .

JARECKI S , KRAWCZYK H , RESCH J . Updatable oblivious key management for storage systems [C ] // Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2019 : 379 - 393 .

贾春福 , 哈冠雄 , 李瑞琪 . 密文去重系统中的数据访问控制策略 [J ] . 通信学报 , 2020 , 41 ( 5 ): 72 - 83 .

JIA C F , HA G X , LI R Q . Data access control policy of encrypted deduplication system [J ] . Journal on Communications , 2020 , 41 ( 5 ): 72 - 83 .

LI J , CHEN X F , LI J W , et al . New access control systems based on outsourced attribute-based encryption1 [J ] . Journal of Computer Security , 2015 , 23 ( 6 ): 659 - 683 .

DOUCEUR J R , ADYA A , BOLOSKY W J , et al . Reclaiming space from duplicate files in a serverless distributed file system [C ] // Proceedings of the 22nd International Conference on Distributed Computing Systems . Piscataway:IEEE Press , 2002 : 617 - 624 .

RESCH J K , PLANK J S . AONT-RS:blending security and performance in dispersed storage systems [C ] // Proceedings of the 9th USENIX Conference on File and Storage Technologies . San Jose:USENIX Association , 2011 : 191 - 202 .

RIVEST R L , . All-or-nothing encryption and the package transform [C ] // Proceedings of Fast Software Encryption . Berlin:Springer , 1997 : 210 - 218 .

NUÑEZ D , AGUDO I , LOPEZ J . NTRUReEncrypt:an efficient proxy Re-encryption scheme based on NTRU [C ] // Proceedings of the 10th ACM Symposium on Information,Computer and Communications Security . New York:ACM Press , 2015 : 179 - 189 .

QIN C , LI J W , LEE P P C , et al . The design and implementation of a rekeying-aware encrypted deduplication storage system [EB ] . arXiv:1607.08388 . 2016 .

BELLARE M , KEELVEEDHI S , RISTENPART T . DupLESS:server-aided encryption for deduplicated storage [J ] . IACR Cryptology EPrint Archive,2013 , 2013 :429.

BEIMEL A , . Secret-sharing schemes:A survey [C ] // Proceedings of International Conference on Coding and Cryptology . Berlin:Springer , 2011 : 11 - 46 .

HOFFSTEIN J , PIPHER J , SILVERMAN J H . NTRU:A ring-based public key cryptosystem [C ] // Proceedings of the International Algorithmic Number Theory Symposium . Berlin:Springer , 1998 : 267 - 288 .

LIU J , ASOKAN N , PINKAS B . Secure deduplication of encrypted data without additional independent servers [C ] // Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2015 : 874 - 885 .

LIU J , DUAN L , LI Y , et al . Secure deduplication of encrypted data:refined model and new constructions [C ] // Proceedings of Cryptographers’ Track at the RSA Conference . Cham:Springer International Publishing , 2018 : 374 - 393 .

YU C M , . POSTER:efficient cross-user chunk-level client-side data deduplication with symmetrically encrypted two-party interactions [C ] // Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2016 : 1763 - 1765 .

HARNIK D , PINKAS B , SHULMAN-PELEG A , . Side channels in cloud services:deduplication in cloud storage [J ] . IEEE Security ＆Privacy , 2010 , 8 ( 6 ): 40 - 47 .

POORANIAN Z , CHEN K C , YU C M , et al . RARE:Defeating side channels based on data-deduplication in cloud storage [C ] // Proceedings of IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS) . Piscataway:IEEE Press , 2018 : 444 - 449 .

HALEVI S , HARNIK D , PINKAS B , et al . Proofs of ownership in remote storage systems [C ] // Proceedings of the 18th ACM conference on Computer and communications security . New York:ACM Press , 2011 : 491 - 500 .

LI J W , LEE P P C , TAN C F , et al . Information leakage in encrypted deduplication via frequency analysis [J ] . ACM Transactions on Storage , 2020 , 16 ( 1 ): 1 - 30 .

LI M Q , QIN C , LI J W , et al . CDStore:toward reliable,secure,and cost-efficient cloud storage via convergent dispersal [C ] // Proceedings of IEEE Internet Computing . Piscataway:IEEE Press , 2016 : 45 - 53 .

LI J W , LI J , XIE D Q , et al . Secure auditing and deduplicating data in cloud [J ] . IEEE Transactions on Computers , 2016 , 65 ( 8 ): 2386 - 2396 .

郭晓勇 , 付安民 , 况博裕 , 等 . 基于收敛加密的云安全去重与完整性审计系统 [J ] . 通信学报 , 2017 , 38 ( S2 ): 156 - 163 .

GUO X Y , FU A M , KUANG B Y , et al . Secure deduplication and integrity audit system based on convergent encryption for cloud storage [J ] . Journal on Communications , 2017 , 38 ( S2 ): 156 - 163 .

ZHOU Y K , FENG D , HUA Y , et al . A similarity-aware encrypted deduplication scheme with flexible access control in the cloud [J ] . Future Generation Computer Systems , 2018 , 84 : 177 - 189 .

熊金波 , 张媛媛 , 田有亮 , 等 . 基于角色对称加密的云数据安全去重 [J ] . 通信学报 , 2018 , 39 ( 5 ): 59 - 73 .

XIONG J B , ZHANG Y Y , TIAN Y L , et al . Cloud data secure deduplication scheme via role-based symmetric encryption [J ] . Journal on Communications , 2018 , 39 ( 5 ): 59 - 73 .

XU R H , JOSHI J , KRISHNAMURTHY P . An integrated privacy preserving attribute-based access control framework supporting secure deduplication [J ] . IEEE Transactions on Dependable and Secure Computing , 2021 , 18 ( 2 ): 706 - 721 .

ZHAO Y J , CHOW S S M . Updatable block-level message-locked encryption [J ] . IEEE Transactions on Dependable and Secure Computing , 2021 , 18 ( 4 ): 1620 - 1631 .

LIU M Z , YANG C , JIANG Q , et al . Updatable block-level deduplication with dynamic ownership management on encrypted data [C ] // Proceedings of 2018 IEEE International Conference on Communications (ICC) . Piscataway:IEEE Press , 2018 : 1 - 7 .

NAOR M , REINGOLD O . Number-theoretic constructions of efficient pseudo-random functions [C ] // Proceedings of the 38th Annual Symposium on Foundations of Computer Science . Piscataway:IEEE Press , 1997 : 458 - 467 .

浏览量

431

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

无第三方服务器的基于数据流行度的加密去重方案

面向连接关键词可搜索加密的查询恢复攻击

面向云存储的属性基双边访问控制方案

基于区块链且可验证的智能电网多维数据聚合与分享方案

基于分层结构的匹配量隐藏加密多重映射方案