隐藏访问模式的高效安全云存储方案
|
摘要
围绕当前云存储环境中用户数据机密性和隐私泄露问题,提出一个隐藏访问模式的高效安全云存储方案.该方案首先将文件分为固定大小的数据块,利用伪随机函数和抗碰撞哈希函数将数据块编码、加密,并将密态数据块上传至云服务器的伪随机集合超集内,构建安全云存储结构;同时,设计两轮用户访问策略,在隐藏访问模式的同时降低了存储代价和访问交互次数,实现文件的动态高效更新.安全分析表明,选择适当的安全参数,方案满足L1L2-动态自适应安全性.实验结果表明,本方案在保证数据机密性的同时,更适用于实际的云存储环境.
Aiming at the problems of data confidentiality and user's privacy leakage in cloud,this paper proposes an efficient and secure cloud storage scheme with hidden access patterns.Firstly,the files are divided into data blocks with fixed sizes,and encrypted by pseudo-random functions and collision-resistant Hash functions. Then,in order to construct the secure cloud storage structure,the blocks are uploaded into pseudo-random collection superset in the cloud server. Meanwhile,a two-round access strategy that hides the access patterns,reduces the storage cost and access interaction is designed. Security analysis shows that the proposed scheme achieves L_1 L_2-dynamic adaptive security. Experimental results show that the proposed scheme can not only protect data confidentiality,but also be more suitable for the actual cloud storage.
Aiming at the problems of data confidentiality and user's privacy leakage in cloud,this paper proposes an efficient and secure cloud storage scheme with hidden access patterns.Firstly,the files are divided into data blocks with fixed sizes,and encrypted by pseudo-random functions and collision-resistant Hash functions. Then,in order to construct the secure cloud storage structure,the blocks are uploaded into pseudo-random collection superset in the cloud server. Meanwhile,a two-round access strategy that hides the access patterns,reduces the storage cost and access interaction is designed. Security analysis shows that the proposed scheme achieves L_1 L_2-dynamic adaptive security. Experimental results show that the proposed scheme can not only protect data confidentiality,but also be more suitable for the actual cloud storage.
引文
[1]Cao N,Wang C,Li M,et al.Privacy-preserving multi-keyword ranked search over encrypted cloud data[J].IEEE Transactions on Parallel and Distributed Systems,2014,25(1):222-233.
[2]Chor B,Goldreich O,Kushilevitz E,et al.Private information retrieval[C]//Proceedings of the 36th Annual Symposium on Foundations of Computer Science.New York:IEEE,1995:41-50.
[3]Jarecki S,Jutla C,Krawczyk H,et al.Outsourced symmetric private information retrieval[C]//Proceedings of the 2013ACM SIGSAC Conference on Computer&Communications Security.New York:ACM,2013:875-888.
[4]Hazay C,Zarosim H.The feasibility of outsourced database search in the plain model[C]//International Conference on Security and Cryptography for Networks.[S.l.]:Springer International Publishing,2016:313-332.
[5]Goldreich O.Towards a theory of software protection and simulation by oblivious RAMs[C]//Proceedings of the 19th Annual ACM Symposium on Theory of Computing.New York:ACM,1987:182-194.
[6]Stefanov E,van Dijk M,Shi E,et al.Path ORAM:an extremely simple oblivious RAM protocol[C]//Proceedings of the 2013ACM SIGSAC Conference on Computer&Communications Security.New York:ACM,2013:299-310.
[7]孙晓妮,蒋瀚,徐秋亮.基于二叉树存储的多用户ORAM方案[J].软件学报,2016,27(6):1475-1486.(Sun Xiao-ni,Jiang Han,Xu Qiu-liang.Multi-user binary tree based ORAM scheme[J].Journal of Software,2016,27(6):1475-1486.)
[8]Ren L,Fletcher C W,Kwon A,et al.Ring ORAM:closing the gap between small and large client storage oblivious RAM[J/OL].[2017-01-15].http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.691.5259&rep1&type=pdf.
[9]Devadas S,van Dijk M,Fletcher C W,et al.Onion ORAM:a constant bandwidth blowup oblivious RAM[C]//Theory of Cryptography Conference.Berlin:Springer Berlin Heidelberg,2016:145-174.
[2]Chor B,Goldreich O,Kushilevitz E,et al.Private information retrieval[C]//Proceedings of the 36th Annual Symposium on Foundations of Computer Science.New York:IEEE,1995:41-50.
[3]Jarecki S,Jutla C,Krawczyk H,et al.Outsourced symmetric private information retrieval[C]//Proceedings of the 2013ACM SIGSAC Conference on Computer&Communications Security.New York:ACM,2013:875-888.
[4]Hazay C,Zarosim H.The feasibility of outsourced database search in the plain model[C]//International Conference on Security and Cryptography for Networks.[S.l.]:Springer International Publishing,2016:313-332.
[5]Goldreich O.Towards a theory of software protection and simulation by oblivious RAMs[C]//Proceedings of the 19th Annual ACM Symposium on Theory of Computing.New York:ACM,1987:182-194.
[6]Stefanov E,van Dijk M,Shi E,et al.Path ORAM:an extremely simple oblivious RAM protocol[C]//Proceedings of the 2013ACM SIGSAC Conference on Computer&Communications Security.New York:ACM,2013:299-310.
[7]孙晓妮,蒋瀚,徐秋亮.基于二叉树存储的多用户ORAM方案[J].软件学报,2016,27(6):1475-1486.(Sun Xiao-ni,Jiang Han,Xu Qiu-liang.Multi-user binary tree based ORAM scheme[J].Journal of Software,2016,27(6):1475-1486.)
[8]Ren L,Fletcher C W,Kwon A,et al.Ring ORAM:closing the gap between small and large client storage oblivious RAM[J/OL].[2017-01-15].http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.691.5259&rep1&type=pdf.
[9]Devadas S,van Dijk M,Fletcher C W,et al.Onion ORAM:a constant bandwidth blowup oblivious RAM[C]//Theory of Cryptography Conference.Berlin:Springer Berlin Heidelberg,2016:145-174.