大数据安全保护技术综述

doi:10.11959/j.issn.2096-109x.2016.00046

网络与信息安全学报 ›› 2016, Vol. 2 ›› Issue (4): 1-11.doi: 10.11959/j.issn.2096-109x.2016.00046

• 综述 • 下一篇

大数据安全保护技术综述

魏凯敏¹,翁健¹,任奎²

¹ 暨南大学网络空间安全学院，广东广州 510632
² 纽约州立大学布法罗分校计算机科学与工程学院，纽约布法罗 14260

修回日期:2015-04-02 出版日期:2016-04-01 发布日期:2016-05-25
作者简介:魏凯敏（1984-），男，湖南株洲人，博士，暨南大学副研究员，主要研究方向为移动网络算法分析与设计、移动网络安全。|翁健（1976-），男，广东茂名人，暨南大学教授、博士生导师，主要研究方向为密码学与信息安全。|任奎（1978-），男，安徽巢湖人，纽约州立大学布法罗分校系教授，主要研究方向为云计算中的数据安全、计算服务外包安全、无线系统安全、隐私保护、物联网系统与安全。
基金资助:
国家自然科学基金资助项目(61272413);国家自然科学基金资助项目(61472165);国家自然科学基金资助项目(61502202);教育部高等学校博士学科点专项基金资助项目(20134401110011)

Data security and protection techniques in big data:a survey

Kai-min WEI¹,Jian WENG¹,Kui REN²

¹ School of Information Science and Technology,Jinan University,Guangzhou 510632,China
² Computer Science and Engineering,State University of New York at Buffalo,Buffalo 14260,United States

Revised:2015-04-02 Online:2016-04-01 Published:2016-05-25
Supported by:
The National Natural Science Foundation of China(61272413);The National Natural Science Foundation of China(61472165);The National Natural Science Foundation of China(61502202);The Re-search Fund for the Doctoral Program of Higher Education of China(20134401110011)

摘要/Abstract

摘要：

目前，大数据受到社会各界的广泛关注。受数据体量大、结构多样化、处理迅速快等因素影响，大多数传统的数据安全保护技术不再适用于大数据环境，着使得大数据安全问题日益严重。为此，近些年提出了大量的大数据安全保护技术。从加密算法、完整性校验、访问控制技术、密文数据去重和可信删除、密文搜索等视角，对当前大数据安全保护关键技术的研究现状进行分类阐述，分析其优缺点，并探讨它们未来发展趋势。

关键词: 大数据, 安全保护技术, 算法, 搜索

Abstract:

Big Data has attracted tremendous attention from all over the world nowadays.Its sheer volume,complex structure and realtime processing requirements often obsolete traditional technologies when coming to provide suffi-cient security protection.To address this challenge,significant research efforts have been carried out by the research community since recent years.Different technical aspects of big data security,including encryption algorithms,data integrity auditing,access control,secure data duplication,assured deletion,and secure search were surveyed,and in-depth discussions on their pros and cons were provided.Various future research directions were also discussed.

Key words: big data, data security, and protection, algorithm, search

中图分类号:

TP393

魏凯敏,翁健,任奎. 大数据安全保护技术综述[J]. 网络与信息安全学报, 2016, 2(4): 1-11.

Kai-min WEI,Jian WENG,Kui REN. Data security and protection techniques in big data:a survey[J]. Chinese Journal of Network and Information Security, 2016, 2(4): 1-11.

图/表 3

参考文献 92

[1]	TAYLOR J . What is big data?[EB/OL].
[2]	AGRAWAL D , BERNSTEIN P . hallenges and opportunities with big data[R]. 2012.
[3]	Big data[EB/OL]. .
[4]	HASHEM I A T , YAQOOB I , ANUAR N B , et al. The rise of “big data” on cloud computing:review and open research is-sues[J]. Information Systems, 2015,47(47):98-115.
[5]	LI G J , CHENG X Q . Research status and scientific thinking of big data[J]. Bulletin of Chinese Academy of Sciences, 2012,27(6):647-657.
[6]	HUDIC A , ISLAM S , KIESEBERG P , et al. Data confidentiality using fragmentation in cloud computing[J]. International Journal of Pervasive Computing＆Communication, 2013,9(1):37-51.
[7]	ATENIESE G , BURNS R , et al. Provable data possession at un-trusted stores[C]// The 14th ACM Conference on Computer and Communications Security. c2007:598-609.
[8]	Nirvanix cloud . Why nirvanix[EB/OL]. .
[9]	SAHAI A , WATERS B . Fuzzy Identity-based encryption[R]. Lec-ture Notes in Computer Science 3494, 2004:457-473.
[10]	GOYAl V , PANDEY O , SAHAI A , et al. Attribute-based encryption for fine-grained access control of encrypted data[C]// ACM CSS. c2006:89-98.
[11]	YU S , WANG C , REN K , et al. Achieving secure,scalable and fine-grained data access control in cloud computing[C]// IEEE In-focom. c2010:15-19.
[12]	LI J , ZHAO G , CHEN X , et al. Fine-grained data access control systems with user accountability in cloud computing[C]//[C]// The 2nd International Conference on Cloud Computing Technology and Science,IEEE Computer Society. c2010:89-96.
[13]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy Attribute-Based Encryption[C]//[C]// IEEE Symposium on Security and Privacy (SP '07),Berkeley. c2007:321-334.
[14]	CHASE M . Multi-authority attribute based encryption[R]. Lecture Notes in Computer Science 4392.Berlin:Springer, 2007:515-534.
[15]	HUR J , NOH D K . Attribute-Based access control with efficient revocation in data outsourcing systems[J]. IEEE Transactions on Parallel and Distributed Systems, 2011,22(7):1214-1221.
[16]	GREEN M , HOHENBERGER S , WATERS B . Outsourcing the decryption of ABE ciphertexts[C]// The 9th USENIX Security Symp. c2011:3-18.
[17]	BLAZE M , BLEUMER G , STRAUSS M . Divertible protocols and atomic proxy cryptography[R]. Lecture Notes in Computer Science 1403.Berlin:Springer, 1998:127-144.
[18]	GREEN M , ATENIESE G . Identity-based proxy re-encryption[R]. Lecture Notes in Computer Science 4521.Berlin Heidelberg:Springer, 2007:288-306.
[19]	MIZUNO T , DOI H . Secure and efficient IBE-PKE proxy re-encryption[J]. IEICE Transactions on Fundamentals of Electron-ics,Communications and Computer Science, 2011,94(1):36-44.
[20]	ZHAO J , FENG D G , YANG L , et al. CCA-secure type-based proxy re-encryption without pairings[J]. Acta Electronica Sinica, 2011,39(11):2513-2519.
[21]	WU X X , XU L , ZHANG X W . A certificateless proxy re-encryption scheme for cloud-based data sharing[C]// The 18th ACM Conference on Computer and Communications Secu-rity(CCS). c2011:869-871.
[22]	LIANG K T , LIU J K , WONG D S , et al. An efficient cloud-based revocable identity-based proxy re-encryption scheme for public clouds data sharing[C]// The 19th European Symposium on Re-search in Computer Security (ESORICS). c2014:257-272.
[23]	WENG J , DENG R H , DING X H , et al. Conditional proxy re-encryption secure against chosen-ciphertext attack[C]// The 4th International Symposium on Information,Computer,and Commu-nications Security (ASIACCS). c2009.322-332.
[24]	FANG L M , SUSILO W , GE C P , et al. Chosen-ciphertext secure anonymous conditional proxy re-encryption with keyword search[J]. Theoretical Computer Science, 2012,462(1):39-58.
[25]	FANG L M , WANG J D , GE C P , et al. Fuzzy conditional proxy re-encryption[J]. Science China Information Sciences, 2015,56(5):1-13.
[26]	CHOW S , WENG J , YANG Y , et al. Efficient unidirectional proxy re-encryption[R]. Lecture Notes in Computer Science 6055.Berlin:Springer, 2010:316-332.
[27]	LAN C H , WANG C F . A new conditional proxy re-encryption scheme based on secret sharing[J]. Chinese Journal of Computers, 2013,36(4):895-902.
[28]	Homomorphic encryption[EB/OL]. .
[29]	GENTRY C . Fully homomorphic encryption using ideal lat-tices[C]// The 41st Annual ACM Symposium on Theory of Com-puting (STOC). c2009:169-178.
[30]	SMART N P , VERCAUTEREN F . Fully homomorphic encryption with relatively small key and ciphertext sizes[C]// The Public Key Cryptography (PKC). c2010:420-443.
[31]	GENTRY C , HALEVI S , SMART N P . Fully homomorphic en-cryption with polylog overhead[C]// Advances in Cryptology. c2012:465-482.
[32]	GENTRY C , HALEVI S , SMART N P . Better bootstrapping in fully homomorphic encryption[C]// The Public Key Cryptography (PKC). c2012:1-16.
[33]	BRAKERSKI Z , GENTRY C , HALEVI S . Packed ciphertexts in LWE-based homomorphic encryption[C]// The Public-Key Cryp-tography (PKC). c2013:1-13.
[34]	GENTRY C . Toward basing fully homomorphic encryption on worst-case hardness[C]// Advances in Cryptolog. c2010:116-137.
[35]	BRAKERSKI Z , VAIKUNTANATHAN V . Fully homomorphic encryption from ring-LWE and security for key dependent mes-sages[C]// Advances in Cryptology. c2011:505-524.
[36]	LOPEZ A , TROMER E , VAIKUNTANATHAN V . On-the-fly multiparty computation on the cloud via multi-key fully homomor-phic encryption[C]// The 44th Annual ACM Symposium on Theory of Computing (STOC). c2012:1219-1234.
[37]	DIJK M V , GENTRY C , HALEVI S , et al. Fully homomorphic encryption over the integers[C]// Advances in Cryptology. c2010:24-43.
[38]	CORON J , MANDAL A , NACCACHE D , et al. Fully homomor-phic encryption over the integers with shorter public key[C]// Ad-vances in Cryptology. c2011:487-504.
[39]	CHEON J H , CORON J , KIM J , et al. Batch fully homomorphic encryption over the integers[C]// Advances in Cryptology. c2013:315-335.
[40]	ATENIESE G , BURNS R , CURTMOLA R , et al. Provable data possession at untrusted stores[C]// The 14th ACM Conference on Computer and Communications Security (CCS). c2007:598-609.
[41]	WANG C , WANG Q , REN K , et al. Privacy-preserving public auditing for data storage security in cloud computing[C]// The 29th IEEE Infocom. c2010:1-9.
[42]	ZHU Y , WANG H , HU Z , et al. Dynamic audit services for integrity verification of outsourced storages in clouds[C]// The 2011 ACM Symposium on Applied Computing (SAC). c2011:1550-1557.
[43]	YANG K , JIA X . An efficient and secure dynamic auditing protocol for data storage in cloud computing[J]. IEEE Transactions on Par-allel and Distributed Systems, 2013,24(9):1717-1726.
[44]	LI N , LI T , VENKATASUBRAMANIAN S . T-Closeness:privacy beyond k-anonymity and l-diversity[C]// The 23rd IEEE Interna-tional Conference on Data Engineering (ICDE). c2007:6-115.
[45]	ZHU Q , ZHAO T , WANG S . Privacy preservation algorithm for service-oriented information search[J]. Chinese Journal of Com-puters, 2010,33(8):1315-1323.
[46]	DODIS Y , VADHAN S , WICHS D . Proofs of retrievability via hardness amplification[C]// The 6th Theory of Cryptography Con-ference (TCC). c2009:109-127.
[47]	WANG Q , WANG C , LI J , et al. Enabling public verifiability and data dynamics for storage security in cloud computing[C]// The 14th European Symposium on Research in Computer Security (ESORICS). c2009:355-370.
[48]	WANG Q , WANG C , REN K , et al. Enabling public verifiability and data dynamics for storage security in cloud computing[J]. IEEE Transactions on Parallel and Distributed Systems, 2011,22(5):847-859.
[49]	SANDHU R S , COYNE E J , FEINSTEIN H L , et al. Role-based access control models[J]. Ansi Incits, 2009,4(3):554-563.
[50]	RAY I , KUMAR M , YU L . LRBAC:a location-aware role-based access control model[C]// The 2nd International Conference on In-formation Systems Security. c2006:147-161.
[51]	ZHANG Y J , FENG D G . A role-based access control model based on space,time and scale[J]. Journal of Computer Research and De-velopment, 2010,47(7):1252-1260.
[52]	Attribute-based access control[EB/OL]. .
[53]	SUN G Z , DONG Y , LI Y . CP-ABE based data access control for cloud storage[J]. Journal on Communications, 2011,32(7):146?152.
[54]	SUSHMITA R , MILOS S , AMIYA N . Privacy preserving access control with authentication for securing data in clouds[C]// The 12th IEEE/ACM International Symposium on Cluster,Cloud and Grid Computing. c2012:556-563.
[55]	LIANG X H , CAO Z F , LIN H , et al. Attribute based proxy re-encryption with delegating capabilities[C]// The 4th International Symposium on Information,Computer and Communications Secu-rity (ASIACCS). c2009:276-286.
[56]	HONG C , ZHANG M , FENG D G . AB-ACCS:a cryptographic access control scheme for cloud storage[J]. Journal of Computer Research and Development, 2010,47(Z1):259-265.
[57]	YU S C , WANG C , REN K , et al. Attribute based data sharing with attribute revocation[C]// The 5th International Symposium on In-formation,Computer and Communications Security (ASIACCS). c2010:261-270.
[58]	YU S C , WANG C , REN K , et al. Achieving secure,scalable,and fine-grained data access control in cloud computing[C]// The Info-com. c2010:1-9.
[59]	CHASE M . Multi-authority attribute based encryption[C]// The 4th Theory of Cryptography Conference (TCC). c2007:515-534.
[60]	YANG K , JIA X H . Attribute-based access control for multi-authority systems in cloud storage[C]// The 32nd International Conference on Distributed Computing Systems. c2012:536-545.
[61]	LIU X J , XIA Y J , JIANG S , et al. Hierarchical attribute-based access control with authentication for outsourced data in cloud computing[C]// The 12th International Conference on Trust,Secu-rity and Privacy in Computing and Communications,IEEE. c2013:477-484.
[62]	. Data deduplicaiton[EB/OL]. .
[63]	DOUCEUR J R , ADYA A , BOLOSKY W J , et al. Reclaiming space from duplicate files in a serverless distributed file system[C]// In-ternational Conference on Distributed Computing Systems. c2002:617.
[64]	STORER M W , GREENAN K , LONG D D , et al. Secure data deduplication[C]// The 4th ACM International Workshop on Storage Security and Survivability. c2008:1-10.
[65]	BELLARE M , KEELVEEDHI S , RISTENPART T . Message-locked encryption and secure deduplication [M]// EUROCRYPT.Berlin Heidelberg:Springer, 2013:296-312.
[66]	BELLARE M , KEELVEEDHI S , RISTENPART T . DupLESS:server-aided encryption for deduplicated storage[C]// The USENIX on Security (SEC),ACM. c2013:179-194.
[67]	LI J , CHEN X , LI M , et al. Secure deduplication with efficient and reliable convergent key management[J]. IEEE Transactions on Par-allel and Distributed Systems, 25(6):1615-1625.
[68]	ZHOU Y , FENG D , XIA W , et al. SecDep:a user-aware efficient fine-grained secure deduplication scheme with multi-level key management[C]// IEEE MASS Storage Systems and Technologies. c2015:1-14.
[69]	JOUKOV N , PAPAXENOPOULOS H , ZADOK E . Secure deletion myths,issues,and solutions[C]// ACM Workshop on Storage Secu-rity and Survivability. c2006:61-66.
[70]	CRESECENZO G D , FERGUSON N , IMAGLIAZZO R , et al. How to forget a secret?[C]// The 16th Symp on Theoretical Aspects of Computer Science (STACS 1999). c1999:500-509.
[71]	PERLMAN R . File system design with assured delete[C]// IEEE International Security in Storage Workshop. c2005:83-88.
[72]	GEAMBASU R , KOHNO T , LEVY A , et al. Vanish:increasing data privacy with self-destructing data[C]// The 17th USENIX Se-curity Symposium. c2009:299-316.
[73]	CACHIN C , HARALAMBIEV K , HSIAO H C , et al. Policy-based secure deletion[C]// ACM Sigsac Conference on Computer ＆Communications Security. c2013:259-270.
[74]	SONG D X , WAGNER D , PERRIG A . Practical techniques for searches on encrypted data[C]// The IEEE Symposium on Security and Privacy (S＆P). c2000:44-55.
[75]	CURTMOLA R , GARAY J , KAMARA S , et al. Searchable sym-metric encryption:improved definitions and efficient construc-tions[C]// The 13th ACM Conference on Computer and Communi-cations Security (CCS). c2006.79?88.
[76]	LIESDONK P V , SEDGHI S , DOUMEN J , et al. Computationally efficient searchable symmetric encryption[C]// The International Workshop on Secure Data Management (SDM). c2010:87-100.
[77]	KUROSAWA K , OHTAKI Y . UC-secure searchable symmetric encryption[C]// The 16th International Conference on Financial Cryptography and Data Security (FC). c2012:285-298.
[78]	CHASE M , KAMARA S . Structured encryption and controlled disclosure[C]// Advances in Cryptology. c2010:577-594.
[79]	BALLARD L , KAMARA S , MONROSE F . Achieving efficient conjunctive keyword searches over encrypted data[C]// The 7th In-ternational Conference on Information and Communications Secu-rity (ICICS). c2005:414-426.
[80]	SONG D X , WAGNER D , PERRIG A . Practical techniques for searches on encrypted data[C]// The IEEE Symposium on Security and Privacy (S＆P 2010). c2010:44-55.
[81]	LU Y B . Privacy-preserving logarithmic-time search on encrypted data in cloud[C]// The 19th Network and Distributed System Secu-rity Symposium (NDSS 2012). c2012:1-17.
[82]	STRIZHOV M , RAY I . Multi-keyword similarity search over en-crypted cloud data[M]// ICT Systems Security and Privacy Protec-tion.Berlin Heidelberg:Springer, 2014:52-65.
[83]	LIU C , ZHU L H , CHEN J J . Efficient searchable symmetric en-cryption for storing multiple source data on cloud[C]// IEEE Trust-com,Bigdatase. c2015:259-261.
[84]	BONEH D , CRESCENZO G D , OSTROVSKY R , et al. Public key encryption with keyword search[C]// Advances in Cryptology. c2004:506-522.
[85]	ABDALLA M , BELLARE M , CATALANO D , et al. Searchable encryption revisited:consistency properties,relation to anonymous IBE,and extensions[C]// Advances in Cryptology. c2005:205-222.
[86]	BAEK J , SAFAVI-NAINI R , SUSILO W . Public key encryption with keyword search revisited[C]// The International Conference on Com-putational Science and Its Applications (ICCSA). c2008:1249-1259.
[87]	FANG L , SUSILO W , GE C , WANG J . A secure channel free pub-lic key encryption with keyword search scheme without random oracle[C]// International Conference Cryptology and Network Secu-rity(CANS). c2009:248-258.
[88]	BELLARE M , BOLDYREVA A , O’NEILL A . Deterministic and efficiently searchable encryption[C]// International Cryptology Conference on Advances in Cryptology. c2007:535-552.
[89]	BOLDYREVA A , FEHR S , O’NEILL A . On notions of security for deterministic encryption,and efficient constructions without ran-dom oracles[C]// International Cryptology Conference on Advances in Cryptology. c2008:335?359.
[90]	MIRONOV I , PANDEY O , REINGOLD O , et al. Incremental deterministic public-key encryption[M]// Advances in Cryptology.Berlin Heidelberg:Springer, 2012:628-644.
[91]	BONEH D , WATERS B . Conjunctive,subset,and range queries on encrypted data[C]// The 4th Theory of Cryptography Conference (TCC). c2007:535-554.
[92]	KATZ J , SAHAI A , WATERS B . Predicate encryption supporting disjunctions,polynomial equations,and inner products[C]// Ad-vances in Cryptology. c2008:146-162.

大数据安全保护技术综述

Data security and protection techniques in big data:a survey

在线阅读

pdf下载

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 3

参考文献 92

相关文章 15

Metrics

推荐阅读 0

[1]	张青青, 汤红波, 游伟, 李英乐. 基于免疫算法的网络功能异构冗余部署方法[J]. 网络与信息安全学报, 2021, 7(1): 46-56.
[2]	苗春雨, 范渊, 李晖, 葛凯强, 张小孟. 基于移动Sink的WSN安全数据收集方法[J]. 网络与信息安全学报, 2021, 7(1): 121-129.
[3]	熊钢,葛雨玮,褚衍杰,曹卫权. 基于跨域协同的网络空间威胁预警模式[J]. 网络与信息安全学报, 2020, 6(6): 88-96.
[4]	杨路辉,白惠文,刘光杰,戴跃伟. 基于可分离卷积的轻量级恶意域名检测模型[J]. 网络与信息安全学报, 2020, 6(6): 112-120.
[5]	张骁,周清雷,李斌. 基于HRCA的可重构SM4密码算法研究与实现[J]. 网络与信息安全学报, 2020, 6(5): 101-109.
[6]	钱思杰,陈立全,王诗卉. 基于改进PBFT算法的PKI跨域认证方案[J]. 网络与信息安全学报, 2020, 6(4): 37-44.
[7]	何康,祝跃飞,刘龙,芦斌,刘彬. 敌对攻击环境下基于移动目标防御的算法稳健性增强方法[J]. 网络与信息安全学报, 2020, 6(4): 67-76.
[8]	高国强,李子臣. 基于AES轮函数认证加密算法研究与设计[J]. 网络与信息安全学报, 2020, 6(2): 106-115.
[9]	肖辉,翁彬,黄添强,普菡,黄则辉. 融合多特征的视频帧间篡改检测算法[J]. 网络与信息安全学报, 2020, 6(1): 84-93.
[10]	张斌,李立勋,董书琴. 基于改进SOINN算法的恶意软件增量检测方法[J]. 网络与信息安全学报, 2019, 5(6): 21-30.
[11]	黄伟, 路冉, 刘存才, 祁思博. 基于SDN分级分域架构的QoS约束路由算法[J]. 网络与信息安全学报, 2019, 5(5): 21-31.
[12]	吴颖,李璇,金彪,金榕榕. 隐私保护的图像内容检索技术研究综述[J]. 网络与信息安全学报, 2019, 5(4): 14-28.
[13]	朱建明,杨鸿瑞. 金融科技中数据安全的挑战与对策[J]. 网络与信息安全学报, 2019, 5(4): 71-79.
[14]	张琰,王瑾璠,齐竹云,杨镕玮,汪漪. 基于动态累加器的去中心化加密搜索方案[J]. 网络与信息安全学报, 2019, 5(2): 23-29.
[15]	左金鑫,郭子裕,李瑾,张洁,陆月明. 机密稳健复杂系统安全性评估方法[J]. 网络与信息安全学报, 2019, 5(2): 58-65.