基于阈值重加密的抗边信道攻击云数据安全去重方法

doi:10.11959/j.issn.1000-436x.2020103

通信学报 ›› 2020, Vol. 41 ›› Issue (6): 98-111.doi: 10.11959/j.issn.1000-436x.2020103

基于阈值重加密的抗边信道攻击云数据安全去重方法

唐鑫¹,周琳娜²,单伟杰¹,刘丹¹

¹ 国际关系学院信息科技学院，北京 100091
² 北京邮电大学网络空间安全学院，北京 100084

修回日期:2020-03-23 出版日期:2020-06-25 发布日期:2020-07-04
作者简介:唐鑫（1987- ），男，江苏南京人，博士，国际关系学院讲师，主要研究方向为数字内容安全、信息隐藏、云数据安全|周琳娜（1972- ），女，湖南衡阳人，博士，北京邮电大学教授，主要研究方向为信息内容安全、行为分析、数字取证、信息隐藏|单伟杰（1996- ），男，河南周口人，国际关系学院硕士生，主要研究方向为信息隐藏、云数据安全|刘丹（1995- ），女，河北石家庄人，国际关系学院硕士生，主要研究方向为信息隐藏、云数据安全
基金资助:
国际关系学院国家安全高精尖学科建设科研专项基金资助项目(2019GA36);国家自然科学基金资助项目(U1536207);国家重点研发计划基金资助项目(2016QY04W0803)

Threshold re-encryption based secure deduplication method for cloud data with resistance against side channel attack

Xin TANG¹,Linna ZHOU²,Weijie SHAN¹,Dan LIU¹

¹ School of Information Science and Technology,University of International Relations,Beijing 100091,China
² School of Cyberspace Security,Beijing University of Posts and Telecommunications,Beijing 100084,China

Revised:2020-03-23 Online:2020-06-25 Published:2020-07-04
Supported by:
Special Funded by Construction of Advanced Disciplines for University of International Relations(2019GA36);The National Natural Science Foundation of China(U1536207);The National Key Research and Development Program of China(2016QY04W0803)

摘要/Abstract

摘要：

针对加密云数据阈值去重中的安全性和效率问题，提出一种基于阈值重加密的抗边信道攻击云数据安全去重方法。设计了一种轻量级的阈值重加密机制，将用户端的密文分割转变为密钥分割，并且把二次加密转移到云端执行，从而大大减少了用户端的计算开销。所提机制允许用户从一次加密密文和重加密密文中均可解密出明文，从而避免了对同一文件多次加密的开销。同时，所提方法支持云服务提供商和用户端双向的数据完整性验证，直接确保密文副本和用户端明文数据的对应性。实验结果表明，所提方法大大降低了用户端的计算开销，且同时取得了较好的云端存储性能。

关键词: 阈值去重, 重加密, 边信道攻击, 后验证

Abstract:

For security and efficiency problems in threshold based deduplication for cloud data,a novel method based on threshold re-encryption was proposed to deal with side channel attacks.A lightweight threshold re-encryption mechanism was presented to transfer the secondary encryption to the cloud for execution and allow clients to generate ciphertext based on key segmentation instead of ciphertext segmentation,both of which largely reduce computational overhead of clients.Also,the proposed mechanism enables clients to decrypt from both one-time encrypted and re-encrypted ciphertext,thus avoiding the overhead of redundant encryption of the same file.Mutual integrity verification between cloud service provider and clients was also supported by the proposed method,which directly ensured the correctness of the correspondence between ciphertext and plaintext on client side.Experiments show that the proposed method not only largely reduces the computational overhead on client side,but also achieves superior storage performance on cloud side simultaneously.

Key words: threshold deduplication, re-encryption, side channel attack, late verify

中图分类号:

TP302

唐鑫,周琳娜,单伟杰,刘丹. 基于阈值重加密的抗边信道攻击云数据安全去重方法[J]. 通信学报, 2020, 41(6): 98-111.

Xin TANG,Linna ZHOU,Weijie SHAN,Dan LIU. Threshold re-encryption based secure deduplication method for cloud data with resistance against side channel attack[J]. Journal on Communications, 2020, 41(6): 98-111.

图/表 3

参考文献 23

[1]	GAI K K , QIU M K . Blend arithmetic operations on tensor-based fully homomorphic encryption over real numbers[J]. IEEE Transactions on Industrial Informatics, 2017,14(8): 3590-3598.
[2]	LIU J , ASOKAN N , PINKAS B . Secure deduplication of encrypted data without additional independent servers[C]// Proceedings of the 22nd ACM Conference on Computer and Communications Security. New York:ACM Press, 2015: 874-855.
[3]	YAN Z , DING W X , YU X X ,et al. Deduplication on encrypted big data in cloud[J]. IEEE Transactions on Big Data, 2016,2(2): 138-150.
[4]	BELLARE M , KEELVEEDHI S , RISTENPART T . DepLess:server-aided encryption for deduplicated storage[C]// Proceedings of the 22nd USENIX Security Symposium. Berkeley:USENIX Association, 2013: 179-194.
[5]	KWON H , HAHN C , KOO D Y ,et al. Scalable and reliable key management for secure deduplication in cloud storage[C]// Proceedings of IEEE the 10th International Conference on Cloud Computing. Piscataway:IEEE Press, 2017: 391-398.
[6]	DUAN Y , . Distributed key generation for encrypted deduplication:achieving the strongest privacy[C]// Proceedings of the 21st ACM Conference on Computer and Communications Security Workshop. New York:ACM Press, 2014: 57-68.
[7]	YU C M , . Poster:efficient cross-user chunk-level client-side data deduplication with symmetrically encrypted two-party interactions[C]// Proceedings of the 23rd ACM Conference on Computer and Communications Security. New York:ACM Press, 2016: 1763-1765.
[8]	ZUO P F , HUA Y , WANG C ,et al. Mitigating traffic-based side channel attacks in bandwidth-efficient cloud storage[C]// Proceedings of the 32nd IEEE International Parallel ＆ Distributed Processing Symposium. Piscataway:IEEE Press, 2018: 1153-1162.
[9]	POORANIAN Z , CHEN K C , YU C M ,et al. RARE:defeating side channels based on data-deduplication in cloud storage[C]// Proceedings of the 37th IEEE International Conference on Computer Communications Workshops. Piscataway:IEEE Press, 2018: 444-449.
[10]	YU C M , GOCHHAYAT S P , CONTI M ,et al. Privacy aware data deduplication for side channel in cloud storage[J]. IEEE Transactions on Cloud Computing, 2018,doi:10.1109/TCC.2018.2794542.
[11]	HARNIK D , PINKAS B , SHULMAN-PELEG A . Side channels in cloud services:deduplication in cloud storage[J]. IEEE Security ＆Privacy, 2010,8(6): 40-47.
[12]	STANEK J , KENCL L . Enhanced secure thresholded data deduplication scheme for cloud storage[J]. IEEE Transactions on Dependable and Secure Computing, 2018,15(4): 694-707.
[13]	ZHANG Y , MAO Y L , XU M Z ,et al. Towards thwarting template side-channel attacks in secure cloud deduplications[J]. IEEE Transactions on Dependable and Secure Computing, 2019,doi:10.1109/TDSC.2019.2911502.
[14]	STANEK J , SORNIOTTI A , ANDROULAKI E ,et al. A secure data deduplication scheme for cloud storage[C]// Proceedings of the 18th International Conference on Financial Cryptography and Data Security.S.n.:s.l. , 2014: 99-118.
[15]	ARMKNECHT F , BOYD C , DAVIES G T ,et al. Side channels in deduplication:Trade-offs between leakage and efficiency[C]// Proceedings of the 12nd ACM Asia Conference on Computer and Communications Security. New York:ACM Press, 2017: 266-274.
[16]	BELLARE M , KEELVEEDHI S , RISTENPART T . DepLESS:server-aided encryption for deduplicated storage[C]// Proceedings of the 22nd USENIX Security Symposium. Berkeley:USENIX Association, 2013: 179-194.
[17]	LIU X F , SUN W H , LOU W J ,et al. One-tag checker:message-locked integrity auditing on encrypted cloud deduplication storage[C]// Proceedings of the 36th IEEE Conference on Computer Communications. Piscataway:IEEE Press, 2017: 1-9.
[18]	TANG X , ZHOU L N , HUANG Y F ,et al. Efficient cross-user deduplication of encrypted data through re-encryption[C]// Proceedings of the 17th IEEE International Conference on Trust,Security and Privacy in Computing and Communications. Piscataway:IEEE Press, 2018: 897-904.
[19]	DANG H , CHANG E C . Privacy-preserving data deduplication on trusted processors[C]// Proceedings of IEEE the 10th International Conference on Cloud Computing. Piscataway:IEEE Press, 2017: 66-73.
[20]	ZHANG K , LIANG X H , LU R X ,et al. Sybil attacks and their defenses in the Internet of Things[J]. IEEE Internet of Things Journal, 2014,1(5): 372-383.
[21]	DOUCEUR J , ADYA A , BOLOSKY W ,et al. Reclaiming space from duplicate files in a server-less distributed file system[C]// Proceedings of the 22nd International Conference on Distributed Computing Systems. Piscataway:IEEE Press, 2002: 617-624.
[22]	SHAMIR A . How to share a secret[J]. Communications of the ACM, 1979,22(11): 612-613.
[23]	ATENIESE G , HOHENBERGER , . Proxy re-signatures:new definitions,algorithms,and applications[C]// Proceedings of the 22nd ACM Conference on Computer and Communications Security. New York:ACM Press, 2015: 310-319.

基于阈值重加密的抗边信道攻击云数据安全去重方法

Threshold re-encryption based secure deduplication method for cloud data with resistance against side channel attack

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 3

参考文献 23

相关文章 15

Metrics

推荐阅读 0

[1]	李瑞琪, 贾春福, 王雅飞. 基于NTRU的多密钥同态代理重加密方案及其应用[J]. 通信学报, 2021, 42(3): 11-22.
[2]	杨小东, 席婉婷, 王嘉琪, 陈艾佳, 王彩芬. 基于签密和区块链的车联网电子证据共享方案[J]. 通信学报, 2021, 42(12): 236-246.
[3]	牛淑芬,刘文科,陈俐霞,王彩芬,杜小妮. 基于联盟链的可搜索加密电子病历数据共享方案[J]. 通信学报, 2020, 41(8): 204-214.
[4]	李颖莹,马建峰,苗银宾. 基于边缘计算的支持多密钥的加密图像检索[J]. 通信学报, 2020, 41(4): 14-26.
[5]	冯朝胜,罗王平,秦志光,袁丁,邹莉萍. 支持多种特性的基于属性代理重加密方案[J]. 通信学报, 2019, 40(6): 177-189.
[6]	刘建,鲜明,王会梅,荣宏. 面向移动云的属性基密文访问控制优化方法[J]. 通信学报, 2018, 39(7): 39-49.
[7]	苏铓,俞研,吴槟,付安民. 面向代理重加密算法的程序设计语言研究[J]. 通信学报, 2018, 39(6): 89-97.
[8]	苏铓,史国振,付安民,俞研,金伟. 基于代理重加密的云端多要素访问控制方案[J]. 通信学报, 2018, 39(2): 96-104.
[9]	贾姗,徐正全,胡传博,王豪. 基于重加密的随机映射指纹模板保护方案[J]. 通信学报, 2018, 39(2): 122-134.
[10]	张恩,裴瑶瑶,杜蛟. 基于RLWE的密文策略属性代理重加密[J]. 通信学报, 2018, 39(11): 129-137.
[11]	李菊雁,马春光,赵乾. 格上可重新拆分的门限多代理者的代理重加密方案[J]. 通信学报, 2017, 38(5): 157-164.
[12]	罗恩韬,王国军,陈淑红,PINIALKhan-butt. 移动社交网络中跨域代理重加密朋友发现隐私保护方案研究[J]. 通信学报, 2017, 38(10): 81-93.
[13]	郭威,周学广,瞿成勤,罗芳,纪祥君. 基于CP-ABE的编队跨域通信方案研究[J]. 通信学报, 2015, 36(Z1): 250-258.
[14]	苏铓，史国振，谢绒娜，付安民. 面向移动云计算的多要素代理重加密方案[J]. 通信学报, 2015, 36(11): 73-79.
[15]	熊礼治,徐正全,顾鑫. 云环境数据服务的可信安全模型[J]. 通信学报, 2014, 35(10): 127-137.