基于角色对称加密的云数据安全去重
|
摘要
云计算和大数据技术的飞速发展促使人们进入大数据时代,越来越多的企业和个人选择将数据外包至云服务提供商。数据量的爆炸式增长态势、占据大量存储空间以及庞大的管理开销给云存储带来巨大压力。同时,如何有效防止个人隐私泄露、实现授权访问、云数据安全去重以及密钥更新与权限撤销问题也给云服务提供商提出更大挑战。针对上述问题,提出一种角色对称加密算法,利用角色对称加密将用户角色与密钥相关联,构建角色密钥树,不同角色可根据访问控制策略访问对应权限的文件;同时,提出一种基于角色对称加密的云数据安全去重方案,有效保护个人隐私信息、实现分层结构下的云数据授权去重,并通过群组密钥协商解决角色与密钥映射关系中密钥更新与权限撤销等带来的安全问题。安全性分析表明所提角色对称加密算法和云数据安全去重方案是安全的,性能分析和实验结果表明所提安全去重方案是高效的。
The rapid development of cloud computing and big data technology brings prople to enter the era of big data, more and more enterprises and individuals outsource their data to the cloud service providers. The explosive growth of data and data replicas as well as the increasing management overhead bring a big challenge to the cloud storage space. Meanwhile, some serious issues such as the privacy disclosure, authorized access, secure deduplication, rekeying and permission revocation should also be taken into account. In order to address these problems, a role-based symmetric encryption algorithm was proposed, which established a mapping relation between roles and role keys. Moreover, a secure deduplication scheme was proposed via role-based symmetric encryption to achieve both the privacy protection and the authorized deduplication under the hierarchical architecture in the cloud computing environment. Furthermore, in the proposed scheme, the group key agreement protocol was utilized to achieve rekeying and permission revocation. Finally, the security analysis shows that the proposed role-based symmetric encryption algorithm is provably secure under the standard model, and the deduplication scheme can meet the security requirements. The performance analysis and experimental results indicate that the proposed scheme is effective and efficient.
The rapid development of cloud computing and big data technology brings prople to enter the era of big data, more and more enterprises and individuals outsource their data to the cloud service providers. The explosive growth of data and data replicas as well as the increasing management overhead bring a big challenge to the cloud storage space. Meanwhile, some serious issues such as the privacy disclosure, authorized access, secure deduplication, rekeying and permission revocation should also be taken into account. In order to address these problems, a role-based symmetric encryption algorithm was proposed, which established a mapping relation between roles and role keys. Moreover, a secure deduplication scheme was proposed via role-based symmetric encryption to achieve both the privacy protection and the authorized deduplication under the hierarchical architecture in the cloud computing environment. Furthermore, in the proposed scheme, the group key agreement protocol was utilized to achieve rekeying and permission revocation. Finally, the security analysis shows that the proposed role-based symmetric encryption algorithm is provably secure under the standard model, and the deduplication scheme can meet the security requirements. The performance analysis and experimental results indicate that the proposed scheme is effective and efficient.
引文
[1]XIA W,JIANG H,FENG D,et al.A comprehensive study of the past,present,and future of data deduplication[J].Proceedings of the IEEE,2016,104(9):1681-1710.
[2]熊金波,张媛媛,李凤华,等.云环境中数据安全去重研究进展.通信学报,2016,37(11):169-180.XIONG J B,ZHANG Y Y,LI F H,et al.Research progress on secure data deduplication in cloud[J].Journal on Communications,2016,37(11):169-180.
[3]LIU J,ASOKAN N,PINKAS B.Secure deduplication of encrypted data without additional independent servers[C]//ACM SIGSAC Conference on Computer and Communications Security.2015:874-885.
[4]XIONG J,ZHANG Y,LI X,et al.RSE-Po W:a role symmetric encryption Po W scheme with authorized deduplication for multimedia data[J].Mobile Networks and Applications,2017:1-14.
[5]DOUCEUR J,ADYA A,BOLOSKY W,et al.Reclaiming space from duplicate files in a serverless distributed file system[C]//International Conference on Distributed Computing Systems.2002:617-624.
[6]PUZIO P,MOLVA R,ONEN M,et al.Clou Dedup:secure deduplication with encrypted data for cloud storage[C]//5th International Conference on Cloud Computing Technology and Science(Cloud Com).2013:363-370.
[7]LI M,QIN C,LI J,et al.CDStore:toward reliable,secure,and cost-efficient cloud storage via convergent dispersal[J].IEEE Internet Computing,2016,20(3):45-53.
[8]STANEK J,SORNIOTTI A,ANDROULAKI E,et al.A secure data deduplication scheme for cloud storage[C]//International Conference on Financial Cryptography and Data Security,Springer Berlin Heidelberg,2014,8437:99-118.
[9]BELLARE M,KEELVEEDHI S,RISTENPART T.Message-locked encryption and secure deduplication[C]//Annual International Conference on the Theory and Applications of Cryptographic Techniques.Springer Berlin Heidelberg,2013,7881:296-312.
[10]CHEN R,MU Y,YANG G,et al.Bl-MLE:block-level messagelocked encryption for secure large file deduplication[J].IEEE Transactions on Information Forensics and Security,2015,10(12):2643-2652.
[11]JIANG T,CHEN X,WU Q,et al.Secure and efficient cloud data deduplication with randomized tag[J].IEEE Transactions on Information Forensics and Security,2017,12(3):532-543.
[12]LI J,QIN C,LEE P P C,et al.Rekeying for encrypted deduplication storage[C]//46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks(DSN).2016:618-629.
[13]QIN C,LI J,LEE P P C.The design and implementation of a rekeying-aware encrypted deduplication storage system[J].ACM Transactions on Storage(TOS),2017,13(1):9.
[14]PUZIO P,MOLVA R,?NEN M,et al.Perfect Dedup:secure data deduplication[C]//International Workshop on Data Privacy Management.Springer International Publishing,2015:150-166.
[15]BELLARE M,KEELVEEDHI S.Interactive message-locked encryption and secure deduplication[C]//IACR International Workshop on Public Key Cryptography.Springer Berlin Heidelberg,2013,7881:296-312.
[16]LI J,CHEN X F,LI M Q,et al.Secure deduplication with efficient and reliable convergent key management[J].IEEE Transactions on Parallel and Distributed Systems,2014,25(6):1615-1625.
[17]MIAO M,WANG J,LI H,et al.Secure multi-server-aided data deduplication in cloud computing[J].Pervasive and Mobile Computing,2015,24:129-137.
[18]HALEVI S,HARNIK D,PINKAS B,et al.Proofs of ownership in remote storage systems[C]//18th ACM conference on Computer and Communications Security,ACM,2011:491-500.
[19]DI PIETRO R,SORNIOTTI A.Boosting efficiency and security in proof of ownership for deduplication[C]//7th ACM Symposium on Information,Computer and Communications Security.ACM,2012:81-82.
[20]DI PIETRO R,SORNIOTTI A.Proof of ownership for deduplication systems:a secure,scalable,and efficient solution[J].Computer Communications,2016,82:71-82.
[21]BLASCO J,ROBERTO D P,ALEJANDRO O,et al.A tunable proof of ownership scheme for deduplication using bloom filters[C]//IEEE Conference on Communications and Network Security(CNS).2014:481-489.
[22]GONZáLEZ-MANZANO L,AGUSTIN O.An efficient confidentiality-preserving proof of ownership for deduplication[J].Journal of Network and Computer Applications,2015,50:49-59.
[23]LI J,LI Y K,CHEN X,et al.A hybrid cloud approach for secure authorized deduplication[J].IEEE Transactions on Parallel and Distributed Systems,2015,26(5):1206-1216.
[24]GONZáLEZ-MANZANO L,FUENTES J M D,CHOO K K R.ase-POW:a proof of ownership mechanism for cloud deduplication in hierarchical environments[C]//12th EAI International Conference on Security and Privacy in Communication Networks.2016:412-428.
[25]ZHANG Y,XIONG J,REN J,et al.A novel role symmetric encryption algorithm for authorized deduplication in cloud[C]//10th EAI International Conference on Mobile Multimedia Communications(EAI MOBIMEDIA).2017:104-110.
[26]王宏远,祝烈煌,李龙一佳.云存储中支持数据去重的群组数据持有性证明[J].软件学报,2016,27(6):1417-1431.WANG H Y,ZHU L H,LI L Y J.Group provable data possession with deduplication in cloud storage[J].Journal of Software,2016,27(6):1417-1431.
[27]SANTIS A D,FERRARA A L,MASUCCI B.Efficient provably-secure hierarchical key assignment schemes[J].Theoretical Computer Science,2011,412(41):5684-5699.
[28]ATALLAH M,BLANTON M,FAZIO N,et al.Dynamic and efficient key management for access hierarchies[J].ACM Transactions on Information and System Security(TISSEC),2009,12(3):1-43.
[29]马骏,郭渊博,马建峰,等.物联网感知层一种分层访问控制方案[J].计算机研究与发展,2013,50(6):1267-1275.MA J,GUO Y B,MA J F,et al.A hierarchical access control scheme for perceptual layer of Io T[J].Journal of Computer Research and Development,2013,50(6):1267-1275.
[30]宋建业,何暖,朱一明,等.基于阿里云平台的密文数据安全去重系统的设计与实现[J].信息网络安全,2017(3):39-45.SONG J Y,HE N,ZHU Y M,et al.Design and implementation of secure deduplication system for ciphertext data based on Aliyun[J].Netinfo Security,2017(3):39-45.
[2]熊金波,张媛媛,李凤华,等.云环境中数据安全去重研究进展.通信学报,2016,37(11):169-180.XIONG J B,ZHANG Y Y,LI F H,et al.Research progress on secure data deduplication in cloud[J].Journal on Communications,2016,37(11):169-180.
[3]LIU J,ASOKAN N,PINKAS B.Secure deduplication of encrypted data without additional independent servers[C]//ACM SIGSAC Conference on Computer and Communications Security.2015:874-885.
[4]XIONG J,ZHANG Y,LI X,et al.RSE-Po W:a role symmetric encryption Po W scheme with authorized deduplication for multimedia data[J].Mobile Networks and Applications,2017:1-14.
[5]DOUCEUR J,ADYA A,BOLOSKY W,et al.Reclaiming space from duplicate files in a serverless distributed file system[C]//International Conference on Distributed Computing Systems.2002:617-624.
[6]PUZIO P,MOLVA R,ONEN M,et al.Clou Dedup:secure deduplication with encrypted data for cloud storage[C]//5th International Conference on Cloud Computing Technology and Science(Cloud Com).2013:363-370.
[7]LI M,QIN C,LI J,et al.CDStore:toward reliable,secure,and cost-efficient cloud storage via convergent dispersal[J].IEEE Internet Computing,2016,20(3):45-53.
[8]STANEK J,SORNIOTTI A,ANDROULAKI E,et al.A secure data deduplication scheme for cloud storage[C]//International Conference on Financial Cryptography and Data Security,Springer Berlin Heidelberg,2014,8437:99-118.
[9]BELLARE M,KEELVEEDHI S,RISTENPART T.Message-locked encryption and secure deduplication[C]//Annual International Conference on the Theory and Applications of Cryptographic Techniques.Springer Berlin Heidelberg,2013,7881:296-312.
[10]CHEN R,MU Y,YANG G,et al.Bl-MLE:block-level messagelocked encryption for secure large file deduplication[J].IEEE Transactions on Information Forensics and Security,2015,10(12):2643-2652.
[11]JIANG T,CHEN X,WU Q,et al.Secure and efficient cloud data deduplication with randomized tag[J].IEEE Transactions on Information Forensics and Security,2017,12(3):532-543.
[12]LI J,QIN C,LEE P P C,et al.Rekeying for encrypted deduplication storage[C]//46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks(DSN).2016:618-629.
[13]QIN C,LI J,LEE P P C.The design and implementation of a rekeying-aware encrypted deduplication storage system[J].ACM Transactions on Storage(TOS),2017,13(1):9.
[14]PUZIO P,MOLVA R,?NEN M,et al.Perfect Dedup:secure data deduplication[C]//International Workshop on Data Privacy Management.Springer International Publishing,2015:150-166.
[15]BELLARE M,KEELVEEDHI S.Interactive message-locked encryption and secure deduplication[C]//IACR International Workshop on Public Key Cryptography.Springer Berlin Heidelberg,2013,7881:296-312.
[16]LI J,CHEN X F,LI M Q,et al.Secure deduplication with efficient and reliable convergent key management[J].IEEE Transactions on Parallel and Distributed Systems,2014,25(6):1615-1625.
[17]MIAO M,WANG J,LI H,et al.Secure multi-server-aided data deduplication in cloud computing[J].Pervasive and Mobile Computing,2015,24:129-137.
[18]HALEVI S,HARNIK D,PINKAS B,et al.Proofs of ownership in remote storage systems[C]//18th ACM conference on Computer and Communications Security,ACM,2011:491-500.
[19]DI PIETRO R,SORNIOTTI A.Boosting efficiency and security in proof of ownership for deduplication[C]//7th ACM Symposium on Information,Computer and Communications Security.ACM,2012:81-82.
[20]DI PIETRO R,SORNIOTTI A.Proof of ownership for deduplication systems:a secure,scalable,and efficient solution[J].Computer Communications,2016,82:71-82.
[21]BLASCO J,ROBERTO D P,ALEJANDRO O,et al.A tunable proof of ownership scheme for deduplication using bloom filters[C]//IEEE Conference on Communications and Network Security(CNS).2014:481-489.
[22]GONZáLEZ-MANZANO L,AGUSTIN O.An efficient confidentiality-preserving proof of ownership for deduplication[J].Journal of Network and Computer Applications,2015,50:49-59.
[23]LI J,LI Y K,CHEN X,et al.A hybrid cloud approach for secure authorized deduplication[J].IEEE Transactions on Parallel and Distributed Systems,2015,26(5):1206-1216.
[24]GONZáLEZ-MANZANO L,FUENTES J M D,CHOO K K R.ase-POW:a proof of ownership mechanism for cloud deduplication in hierarchical environments[C]//12th EAI International Conference on Security and Privacy in Communication Networks.2016:412-428.
[25]ZHANG Y,XIONG J,REN J,et al.A novel role symmetric encryption algorithm for authorized deduplication in cloud[C]//10th EAI International Conference on Mobile Multimedia Communications(EAI MOBIMEDIA).2017:104-110.
[26]王宏远,祝烈煌,李龙一佳.云存储中支持数据去重的群组数据持有性证明[J].软件学报,2016,27(6):1417-1431.WANG H Y,ZHU L H,LI L Y J.Group provable data possession with deduplication in cloud storage[J].Journal of Software,2016,27(6):1417-1431.
[27]SANTIS A D,FERRARA A L,MASUCCI B.Efficient provably-secure hierarchical key assignment schemes[J].Theoretical Computer Science,2011,412(41):5684-5699.
[28]ATALLAH M,BLANTON M,FAZIO N,et al.Dynamic and efficient key management for access hierarchies[J].ACM Transactions on Information and System Security(TISSEC),2009,12(3):1-43.
[29]马骏,郭渊博,马建峰,等.物联网感知层一种分层访问控制方案[J].计算机研究与发展,2013,50(6):1267-1275.MA J,GUO Y B,MA J F,et al.A hierarchical access control scheme for perceptual layer of Io T[J].Journal of Computer Research and Development,2013,50(6):1267-1275.
[30]宋建业,何暖,朱一明,等.基于阿里云平台的密文数据安全去重系统的设计与实现[J].信息网络安全,2017(3):39-45.SONG J Y,HE N,ZHU Y M,et al.Design and implementation of secure deduplication system for ciphertext data based on Aliyun[J].Netinfo Security,2017(3):39-45.