基于属性加密的块级云数据去重方案

doi:10.11959/j.issn.2096-109x.2023066

网络与信息安全学报 ›› 2023, Vol. 9 ›› Issue (5): 106-115.doi: 10.11959/j.issn.2096-109x.2023066

• 学术论文 • 上一篇

基于属性加密的块级云数据去重方案

葛文婷, 李卫海, 俞能海

中国科学技术大学网络空间安全学院，安徽合肥 230026

修回日期:2023-05-28 出版日期:2023-10-01 发布日期:2023-10-01
作者简介:葛文婷（1998− ），女，江苏泰州人，中国科学技术大学硕士生，主要研究方向为数据安全
李卫海（1975− ），男，辽宁大连人，中国科学技术大学副教授，主要研究方向为多媒体内容安全、数据安全
俞能海（1964− ），男，安徽无为人，中国科学技术大学教授、博士生导师，主要研究方向为视频处理与多媒体通信、信息检索、媒体内容安全、数据安全
基金资助:
国家重点研发计划(2018YFB0804101)

Block level cloud data deduplication scheme based on attribute encryption

Wenting GE, Weihai LI, Nenghai YU

School of Cyber Science and Technology, University of Science and Technology of China, Hefei 230026, China

Revised:2023-05-28 Online:2023-10-01 Published:2023-10-01
Supported by:
The National Key R＆D Program of China(2018YFB0804101)

摘要/Abstract

摘要：

针对已有的云数据去重方案主要集中在文件级去重。提出了一种基于属性加密的支持数据块级去重的方案，对文件级和数据块级做双粒度去重，并由属性加密实现数据共享。在混合云架构上设计算法，私有云根据文件标签和数据块标签进行重复性检测和一致性检测，并由块级标签建立默克尔树，支持对用户进行所有权证明。用户上传密文，私有云应用线性秘密共享技术，向密文添加访问结构和辅助信息，并为新的拥有权限的用户更新整体的密文信息。由私有云做代理重加密和代理解密，在无法获得明文的情况下承担大部分计算，减轻用户的计算时间开销。处理好的密文和标签存入公有云中，由私有云进行存取。安全性分析表明，所提方案在私有云可达到PRV-CDA（privacy chosen-distribution attacks）安全。分别对固定分块大小改变属性个数和固定属性个数改变分块大小两种情况进行仿真实验，应用4种椭圆曲线加密测试密钥生成、加密和解密计算时间，结果符合线性秘密共享的特性。仿真实验和开销分析表明所提方案可提升去重效率，并降低计算时间开销。

关键词: 数据去重, 云存储, 属性加密, 所有权证明, 线性访问结构

Abstract:

Due to the existing cloud data deduplication schemes mainly focus on file-level deduplication.A scheme was proposed, based on attribute encryption, to support data block-level weight removal.Double granularity weight removal was performed for both file-level and data block-level, and data sharing was achieved through attribute encryption.The algorithm was designed on the hybrid cloud architecture Repeatability detection and consistency detection were conducted by the private cloud based on file labels and data block labels.A Merkle tree was established based on block-level labels to support user ownership proof.When a user uploaded the cipher text, the private cloud utilized linear secret sharing technology to add access structures and auxiliary information to the cipher text.It also updated the overall cipher text information for new users with permissions.The private cloud served as a proxy for re-encryption and proxy decryption, undertaking most of the calculation when the plaintext cannot be obtained, thereby reducing the computing overhead for users.The processed cipher text and labels were stored in the public cloud and accessed by the private cloud.Security analysis shows that the proposed scheme can achieve PRV-CDA (Privacy Choose-distribution attacks) security in the private cloud.In the simulation experiment, four types of elliptic curve encryption were used to test the calculation time for key generation, encryption, and decryption respectively, for different attribute numbers with a fixed block size, and different block sizes with a fixed attribute number.The results align with the characteristics of linear secret sharing.Simulation experiments and cost analysis demonstrate that the proposed scheme can enhance the efficiency of weight removal and save time costs.

Key words: deduplication, cloud storage, attribute-based-encryption, proof of ownership, linear secret sharing scheme

中图分类号:

TP393

葛文婷, 李卫海, 俞能海. 基于属性加密的块级云数据去重方案[J]. 网络与信息安全学报, 2023, 9(5): 106-115.

Wenting GE, Weihai LI, Nenghai YU. Block level cloud data deduplication scheme based on attribute encryption[J]. Chinese Journal of Network and Information Security, 2023, 9(5): 106-115.

图/表 6

图1

图2

图3

图4

表1

表2

参考文献 17

[1]	BELLARE M , KEELVEEDH S . Interactive message-locked encryption and secure deduplication[C]// Public-Key cryptography PKC 2015:18th ICAR International Conference on Practice and Theory in Public Key Cryptography. 2015: 516-538.
[2]	AHAMED N , DURAIPANDIAN N . Secured data storage using deduplication in cloud computing based on elliptic curve cryptography[J]. Tech Science Press, 2022,41: 83-94.
[3]	CHEN R , MU Y , YANG G ,et al. BL-MLE:block-level message-locked encryption for secure large file deduplication[J]. IEEE Transactions on Information Forensics ＆ Security, 2015,10(12): 2643-2652.
[4]	ZHAO Y , CHOW S . Updatable block-level message-locked encryption[J]. IEEE Transactions on Dependable and Secure Computing, 2021,18(4): 1620-1631.
[5]	GOYAL V , PANDEY O , SAHAI A ,et al. Attribute-based encryption for fine-grained access control of encrypted data[C]// Proceedings of the 13th ACM Conference on Computer and Communications Security. 2006: 89-98.
[6]	EMURA K , MIYAJI A , OMOTE K ,et al. A ciphertext-policy attribute-based encryption scheme with constant ciphertext length[J]. International Journal of Applied Cryptography, 2009,2(1): 46-59.
[7]	CUI H , DENG R , LI Y ,et al. Attribute-based storage supporting secure deduplication of encrypted data in cloud[J]. IEEE Transactions on Big Data, 2019,5(3): 330-342.
[8]	GOYAL V , JAIN A , PANDEY O ,et al. Bounded ciphertext policy attribute based encryption[C]// 35th International Colloquium on Automata,Languages and Programming (ICALP 2008). 2008: 579-591.
[9]	WATERS B . Ciphertext-policy attribute-based encryption:an expressive,efficient,and provably secure realization[C]// Public Key Cryptography-PKC 2011. 2011: 53-70.
[10]	GONZALEZ-MANZANO L , ORFILA A . An efficient confidentiality-preserving proof of ownership for deduplication[J]. Journal of Network ＆ Computer Applications, 2015,50(4): 49-59.
[11]	HUANG K , ZHANG X S , MU Y ,et al. Bidirectional and malleable proof-of-ownership for large file in cloud storage[J]. IEEE Transactions on Cloud Computing, 2021(99): 1.
[12]	CHEN Y , HU Y , ZHU M ,et al. Attribute-based keyword search with proxy re-encryption in the cloud[J]. IEICE Transactions on Communications, 2018,(8): 1798-1808.
[13]	刘尚, 郭银章 . 云计算多授权中心 CP-ABE 代理重加密方案[J]. 网络与信息安全学报, 2022,8(3): 176-188.
	LIU S , GUO Y Z . Multi-authority based CP-ABE proxy re-encryption scheme for cloud computing[J]. Chinese Journal of Network and Information Security, 2022,8(3): 176-188.
[14]	BONEH D , FRANKLIN M . Identity-based encryption from the Weil pairing[J]. SIAM Journal on Computing, 2003,32(3): 586-615.
[15]	SZYDLO M ,LECTURE NOTES IN COMPUTER SCIENCE 3027. Merkle Tree Traversal in Log Space and Time[C]// 2004 International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT 2004). 2004: 541-554.
[16]	ROUSELAKIS Y , WATERS B . New constructions and proof methods for large universe attribute-based encryption[C]// ACM Sigsac Conference on Computer ＆ Communications Security. 2013: 463-474.
[17]	ROUSELAKIS Y , WATERS B . New constructions and proof methods for large universe attribute-based encryption[C]// Sigsac Conference on Computer ＆ Communications Security. 2013.

类型	公有云标签	私有云标签	加密	重加密	一致性检验	相等性检验	解密
Exp	2	q+3	6l+1	7l+2	q+1	0	≤k+2
Pair	0	0	0	0	3	2y	≤5k+1

文献	数据上传者	私有云	用户
文献[7]	(5l+6)Exp	(6l+7)Exp	≤(k+2)Exp
		2yPair	≤(3k+1)Pair
本文方案	(5l+6)Exp	(7l+q+3)Exp	≤(k+2)Exp
		(2y+3)Pair	≤(5k+1)Pair

基于属性加密的块级云数据去重方案

Block level cloud data deduplication scheme based on attribute encryption

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 6

参考文献 17

相关文章 12

Metrics

推荐阅读 0

[1]	袁承昊, 李勇, 任爽. 多关键词动态可搜索加密方案[J]. 网络与信息安全学报, 2023, 9(2): 143-153.
[2]	姜涛, 徐航, 王良民, 马建峰. 支持受损数据定位与恢复的动态群用户可证明存储[J]. 网络与信息安全学报, 2022, 8(5): 75-87.
[3]	金琳, 田有亮. 基于区块链的多权限属性隐藏电子病历共享方案[J]. 网络与信息安全学报, 2022, 8(4): 66-76.
[4]	林素青. 支持访问更新的可验证外包属性加密方案[J]. 网络与信息安全学报, 2019, 5(1): 37-49.
[5]	张兴兰,崔遥. 基于群签名的属性加密方案[J]. 网络与信息安全学报, 2019, 5(1): 15-21.
[6]	喻潇,田里,刘喆,王捷. 基于USBKEY的网络存储用户数据保护的研究与实现[J]. 网络与信息安全学报, 2018, 4(6): 62-69.
[7]	李洋,刘江华,伍玮. 支持丰富访问控制策略的群组协作密文策略属性基加密[J]. 网络与信息安全学报, 2017, 3(5): 54-61.
[8]	梁蛟,刘武,韩伟力,王晓阳,甘似禹,沈烁. 安卓云备份模块的代码安全问题分析[J]. 网络与信息安全学报, 2017, 3(1): 68-78.
[9]	王佳慧,刘川意,方滨兴. 基于细粒度授权的物联网搜索数据隐私保护方案[J]. 网络与信息安全学报, 2017, 3(1): 13-22.
[10]	冯涛,殷潇雨. 基于属性加密的云存储隐私保护机制研究[J]. 网络与信息安全学报, 2016, 2(7): 8-17.
[11]	林素青. 支持策略更新的外包属性加密[J]. 网络与信息安全学报, 2016, 2(5): 39-49.
[12]	张亮轩,李晖. 云计算中支持有效用户撤销的多授权方基于属性加密方案[J]. 网络与信息安全学报, 2016, 2(2): 62-74.