云计算环境中支持隐私保护的数字版权保护方案

doi:10.3969/j.issn.1000-436x.2014.02.013

摘要/Abstract

摘要：

针对云计算环境中数字内容安全和用户隐私保护的需求，提出了一种云计算环境中支持隐私保护的数字版权保护方案。设计了云计算环境中数字内容版权全生命周期保护和用户隐私保护的框架，包括系统初始化、内容加密、许可授权和内容解密4个主要协议；采用基于属性基加密和加法同态加密算法的内容加密密钥保护和分发机制，保证内容加密密钥的安全性；允许用户匿名向云服务提供商订购内容和申请授权，保护用户的隐私，并且防止云服务提供商、授权服务器和密钥服务器等收集用户使用习惯等敏感信息。与现有的云计算环境中数字版权保护方案相比，该方案在保护内容安全和用户隐私的同时，支持灵活的访问控制，并且支持在线和超级分发应用模式，在云计算环境中具有较好的实用性。

关键词: 数字版权管理, 隐私保护, 属性基加密, 同态加密, ；云计算

Abstract:

In order to meet the needs of digital content and user privacy protection in cloud computing environment, a privacy-preserving digital rights management (DRM) scheme in cloud computing was proposed. The framework of digital content copyright lifecycle protection and user privacy protection in cloud computing was firstly designed, which includes four protocols: system setup, content encryption, license acquisition and content decryption, and then a content encryption key protection and distribution mechanism based on attribute-based encryption and additively homomorphic encryption was proposed, which ensures the security of content encryption key. In addition, the pro-posed scheme also allows the users to purchase content and acquire license anonymously from cloud service provider, which protects the user privacy and prevents cloud service provider, license server and key server in the cloud from collecting the user's sensitive information. Compared with existing DRM schemes in cloud computing, the proposed scheme which not only protects the data security and user privacy, but also supports fine-grained access control, and supports online and super-distribution application modes, is more applicable in the copyright protection for cloud computing.

Key words: digital rights management, privacy preserving, attribute-based encryption, homomorphic encryption, cloud computing

黄勤龙,马兆丰,傅镜艺,杨义先,钮心忻. 云计算环境中支持隐私保护的数字版权保护方案[J]. 通信学报, 2014, 35(2): 95-103.

Qin-long HUANG,Zhao-feng MA,Jing-yi FU,Yi-xian YANG,Xin-xin NIU. Privacy-preserving digital rights management scheme in cloud computing[J]. Journal on Communications, 2014, 35(2): 95-103.

图/表 8

表1

图1

表2

图2

图3

图4

图5

表3

参考文献 22

[1]	冯登国，张敏，张妍等. 云计算安全研究[J]. 软件学报， 2011,22(1): 71-83. FENG D G , ZHANG M , ZHANG Y et al. Study on cloud computing security[J]. Journal of Software, 2011,22(1): 71-83.
[2]	俞银燕，汤帜 . 数字版权保护技术研究综述[J]. 计算机学报， 2005,28(12): 957-968. YU Y Y , TANG Z . A survey of the research on digital rights management[J]. Chinese Journal of Computers, 2005,28(12): 957-968.
[3]	马兆丰，范科峰，陈铭 . et al. 支持时空约束的可信数字版权管理安全许可协议[J]. 通信学报， 2008,29(10): 153-164. MA Z F , FAN K F , CHEN M et al. Trusted digital rights management protocol supporting for time and space constraint[J]. Journal on Communications, 2008,29(10): 153-164.
[4]	ZHANG Z Y , PEI Q Q , YANG L et al. Establishing multi-party trust architecture for DRM by using game-theoretic analysis of security policies[J]. Chinese Journal of Electronics, 2009,18(3): 519-524.
[5]	QIU Q , TANG Z , LI F et al. A personal DRM scheme based on social trust[J]. Chinese Journal of Electronics, 2012,21(4): 719-724.
[6]	JAFARI M , SAFAVI-NAINI R , SHEPPARD N P . A rights management approach to protection of privacy in a cloud of electronic health records[A]. Proceedings of the 11th Annual ACM Workshop on Digital Rights Management[C]. Chicago, USA 2011. 23-29.
[7]	WANG C K , ZOU P , LIU Z et al. CS-DRM: a cloud-based SIM DRM scheme for mobile internet[J]. Eurasip Journal on Wireless Communications and Networking[C].2011, 2011. 1-30.
[8]	PETRLIC R . Proxy re-encryption in a privacy-preserving cloud computing DRM scheme[J]. Proceedings of the 4th International Symposium on Cyberspace Safety and SecurityCSS 2012[C]. Melbourne, Australia, 2012. 194-211.
[9]	SAMANTHULA B K , HOWSER G , ELMEHDWI Y et al. An efficient and secure data sharing framework using homomorphic encryption in the cloud[A]. Proceedings of the 1st International Workshop on Cloud Intelligence[C]. Istanbul, Turkey, 2012. 1-8.
[10]	CORENA J C , OHTSUKI T . Secure and fast aggregation of financial data in cloud-based expense tracking applications[J]. Journal of Network and Systems Management, 2012,20(4): 534-560.
[11]	WU Y D , WEI Z , DENG R H . Attribute-based access to scalable media in cloud-assisted content sharing networks[J]. IEEE Transactions on Multimedia, 2013,15(4): 778-788.
[12]	洪澄，张敏，冯登国 . 面向云存储的高效动态密文访问控制方法[J]. 通信学报， 2011,32(7): 125-132. HONG C , ZHANG M , FENG D G et al. Achieving efficient dynamic cryptographic access control in cloud storage[J]. Journal on Communications, 2011,32(7): 125-132.
[13]	MULLER S , KATZENBEISSER S . A new DRM architecture with strong enforcement[J]. Proceedings of the 5th International Conference on Availability, Reliability, and Security, ARES 2010,Krakow, Poland, 2010. 397-403.
[14]	CONRADO C , PETKOVIC M , JONKER W . Privacy-preserving digital rights management[A]. Proceedings of the Secure Data Management 2004, Toronto, Canada, 2004. 83-99.
[15]	PERLMAN R , KAUFMAN C , PERLNER R . Privacy-preserving DRM[A]. Proceedings of the 9th Symposium on Identity and Trust on the Internet, IDtrust 2010[C]. New York, USA, 2010. 69-83.
[16]	PETRLIC R , SORGE C . Privacy-preserving DRM for cloud computing[A]. Proceedings of 26th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2012[C]. Fukuoka, Japan, 2012. 1286-1291.
[17]	SAHAI A , WATERS B . Fuzzy identity-based encryption[A]. Proceedings of EUROCRYPT 2005[C]. Aarhus, Denmark, 2005. 457-473.
[18]	RIVEST R , SHARMIR A , DERTOUZONS M . On Data Banks and Privacy Homomorphisms[M]. Proceedings of EUROCRYPT 2005[C]. Orlando: Academic Press 1978.
[19]	GENTRY C . Fully homomorphic encryption using ideal lattices[A]. Proceedings of the 41st Annual ACM Symposium on Theory of Computing[C]. New York, USA, 2009. 169-178.
[20]	DIJK M , GENTRY C , HALEVI S et al. Fully homomorphic encryption over the integers[A]. Proceedings of Advances in Cryptology-Eurocrypt[C]. Riviera, France, 2010. 24-43.
[21]	CASTELLUCCIA C , MYKLETUN E , TSUDIK G . Efficient aggregation of encrypted data in wireless sensor networks[A]. Proceedings of the Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services[C]. San Diego, USA, 2005. 109-117.
[22]	BETHENCOURT J , SAHAI A , WATERS B . Advanced crypto software collection[EB/OL]. .

加密算法	解密算法	密文加法
c=Enc(m, k, M)=m+k (mod M)，其中，M是一个大整数，m∈ [0,M-1],k∈[0,M-1]。	Dec(c, k, M)=c– k(mod M)。	如果c1=Enc(m1, k1, M), c2=Enc(m2, k2, M)，其中，m1+m2∈[0, M-1]，则有Dec(c1+c2, k1+k2,M)=m1+m2。

符号	含义
SP, U	云服务提供商，用户
S, K	授权服务器，密钥服务器
PK, MK	系统公钥/主密钥
AS	用户属性
AP	访问策略
ASK	属性私钥
CID	内容标识
PCD, ECD	明文内容，加密内容
CMK, LK, AK	主密钥，授权密钥，辅助密钥
CEK	内容加密密钥
UK	用户的随机密钥
HK	同态密钥
LIC	用户许可证
T	时间戳
EncO, DecO	加密/解密运算
SigO	私钥签名运算

方案	内容加密	内容加密密钥保护	内容重加密	细粒度授权	许可证分发	用户匿名	敏感记录保护	线模式	超级分发模式
文献[6]	对称加密	公钥加密	不需要	不支持	独立分发	不支持	不支持	不支持	支持
文献[7]	对称加密	对称加密	不需要	不支持	独立分发	不支持	不支持	不支持	支持
文献[12]	对称加密	属性基加密	不需要	支持	独立分发	支持	不支持	支持	不支持
文献[13]	对称加密	属性基加密	不需要	支持	独立分发	支持	不支持	支持	支持
文献[16]	加法加密	加法同态加密	需要	支持	独立分发	支持	支持	支持	不支持
本文	对称加密	属性基加密和加法同态加密	不需要	支持	独立分发	支持	支持	支持	支持