基于收敛加密的云安全去重与完整性审计系统

doi:10.11959/j.issn.1000-436x.2017269

通信学报 ›› 2017, Vol. 38 ›› Issue (Z2): 156-163.doi: 10.11959/j.issn.1000-436x.2017269

基于收敛加密的云安全去重与完整性审计系统

郭晓勇^1,²,付安民^1,²,况博裕¹,丁纬佳¹

¹ 南京理工大学计算机科学与工程学院，江苏南京 210094
² 贵州大学贵州省公共大数据重点实验室，贵州贵阳 550025

出版日期:2017-11-01 发布日期:2018-06-07
作者简介:郭晓勇（1993-），男，山西忻州人，南京理工大学硕士生，主要研究方向为云存储安全。|付安民（1981-），男，湖北通城人，博士，南京理工大学副教授、博士生导师，主要研究方向为无线网络安全、云计算、大数据安全等。|况博裕（1994-），男，四川绵阳人，南京理工大学硕士生，主要研究方向为物联网安全。|丁纬佳（1995-），女，浙江杭州人，南京理工大学本科生，主要研究方向为云存储安全。

Secure deduplication and integrity audit system based on convergent encryption for cloud storage

Xiao-yong GUO^1,²,An-min FU^1,²,Bo-yu KUANG¹,Wei-jia DING¹

¹ School of Computer Science and Engineering,Nanjing University of Science and Technology,Nanjing 210094,China
² Guizhou Provincial Key Laboratory of Public Big Data,GuiZhou University,Guiyang 550025,China

Online:2017-11-01 Published:2018-06-07

摘要/Abstract

摘要：

云存储应用以其便利性、可扩展性等优势迅速成为个人用户和企业存储的不二选择，但安全去重与完整性审计是云存储面临的关键问题。首先提出了基于盲签名的收敛密钥封装与解封算法，在安全存储收敛密钥的同时可以实现收敛密钥去重，提高了云存储空间利用率。另一方面，提出了基于收敛密钥的BLS签名算法，并利用可信第三方（TTP）存储审计公钥和代理审计，实现了对审计签名和审计公钥的去重，减轻了客户端存储和计算负担。在此基础上，进一步设计与实现了一个基于收敛加密的云安全去重和完整性审计系统。该系统能为云存储提供数据隐私保护、重复认证、审计认证等安全服务，且进一步降低了客户端、云端的存储和计算开销。

关键词: 去重, 收敛密钥, 密钥管理, 代理审计

Abstract:

Cloud storage applications quickly become the best choice of the personal user and enterprise storage with its convenience,scalability and other advantages,secure deduplication and integrity auditing are key issues for cloud storage.At first,convergent key encapsulation/decoupling algorithm based on blind signature was set up,which could securely store key and enable it to deduplicate.Besides,a BLS signature algorithm based on convergence key was provided and use TTP to store public key and proxy audit which enables signature and pubic key deduplication and reduces client storage and computing overhead.Finally,cloud-based secure deduplicaion and integrity audit system was designed and implemented.It offered user with data privacy protection,deduplication authentication,audit authentication services and lowered client and cloud computation overhead.

Key words: deduplication, convergent key, key management, proxy audit

中图分类号:

TP393

郭晓勇,付安民,况博裕,丁纬佳. 基于收敛加密的云安全去重与完整性审计系统[J]. 通信学报, 2017, 38(Z2): 156-163.

Xiao-yong GUO,An-min FU,Bo-yu KUANG,Wei-jia DING. Secure deduplication and integrity audit system based on convergent encryption for cloud storage[J]. Journal on Communications, 2017, 38(Z2): 156-163.

图/表 5

参考文献 19

[1]	GANTZ B J , REINSEL D . Big data,bigger digital shadows,and biggest growth in the far east executive summary:a universe of opportunities and challenges[C]// Idc. 2007: 1-16.
[2]	HALEVI S , HARNIK D , PINKAS B ,et al. Proofs of ownership in remote storage systems[C]// The 18th ACM conference on Computer and communications security. 2011: 491-500.
[3]	杨超, 纪倩, 熊思纯 ,等. 新的云存储文件去重复删除方法[J]. 通信学报, 2017,38(3): 25-33.
	YANG C , JI Q , XIONG S . New method for file deduplication in cloud storage[J]. Journal on Communications, 2017,37(3): 25-33.
[4]	LI J , CHEN X F , LI M Q ,et al. Secure deduplication with efficient and reliable convergent key management[J]. IEEE Trans on Parallel and Distributed Systems, 2014,25(6): 1615-1625.
[5]	DOUCEUR J R , ADYA A , BOLOSKY W J ,et al. Reclaiming space from duplicate files in a serverless distributed file system[C]// 22nd International Conference on Distributed Computing Systems, 2002: 617-624.
[6]	熊金波, 张媛媛, 李凤华 ,等. 云环境中数据安全去重研究进展[J]. 通信学报, 2016,37(11): 169-180.
	XIONG J B , ZHANG Y Y , LI F H ,et al. Research progress on secure data deduplication in cloud[J]. Journal on Communications, 2016,31(1 1): 169-180.
[7]	CHEN R , MU Y , YANG G ,et al. BL-MLE:block-level message-locked encryption for secure large file deduplication[J]. IEEE Trans actions on Information Forensics and Security, 2015,10(12): 2643-2652.
[8]	BELLARE M , KEELVEEDHI S , RISTENPART T . Message-locked encryption and secure deduplication[C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques. 2013: 296-312.
[9]	ATENIESE G , BURNS R , CURTMOLA R ,et al. Provable data possession at untrusted stores[C]// The 14th ACM conference on Computer and communications security. 2007: 598-609.
[10]	黄龙霞, 张功萱, 付安民 . 基于层次树的动态群组隐私保护公开审计方案[J]. 计算机研究与发展, 2016,53(10): 2334-2342.
	HUANG L X , ZHANG G X , FU A M . Privacy-preserving public auditing for dynamic group based on hierarchical tree[J]. Journal of Computer Research and Development, 2016,53(10): 2334-2342.
[11]	LI Y , FU A , YU Y ,et al. IPOR:an efficient IDA-based proof of retrievability scheme for cloud storage systems[C]// 2017 IEEE International Conference on Communications (ICC). 2017: 1-6.
[12]	FU A , YU S , ZHANG Y ,et al. NPP:a new privacy-aware public auditing scheme for cloud data sharing with group users[J]. IEEE Transactions on Big Data, 2017
[13]	付安民, 秦宁元, 宋建业 ,等. 云端多管理者群组共享数据中具有隐私保护的公开审计方案[J]. 计算机研究与发展, 2015,52(10): 2353-2362.
	FU A M , QIN N Y , SONG J Y . Privacy-preserving public auditing for multiple managers shared data in the cloud[J][J]. Journal of Computer Research and Development, 2015,52(10): 2353-2362.
[14]	HUANG L , ZHANG G , FU A . Certificateless public verification scheme with privacy-preserving and message recovery for dynamic group[C]// The Australasian Computer Science Week Multiconference. 2017:76.
[15]	YUAN J , YU S . Secure and constant cost public cloud storage auditingwith deduplication[C]// 2013 IEEE Conference on Communications and Network Security (CNS). 2013: 145-153.
[16]	LI J , LI J , XIE D ,et al. Secure auditing and deduplicating data in cloud[J]. IEEE Transactions on Computers, 2016,65(8): 2386-2396.
[17]	LIU X , SUN W , LOU W ,et al. One-tag checker:message-locked integrity auditing on encrypted cloud deduplication storage[J]. IEEE International Conference on Computer Communications, 2017.
[18]	SHACHAM H , WATERS B . Compact proofs of retrievability[C]// Asiacrypt. 2008: 90-107.
[19]	BOLDYREVA A , . Threshold signatures,multi signatures and blind signatures based on the gap-Diffie-Hellman-group signature scheme[C]// International Workshop on Public Key Crypto graphy. 2003: 31-46.

方案	数据隐私	密钥管理	密钥去重	标签去重	拥有权证明	公开审计
文献[4]方案	9	9	9
文献[16]方案			9	9	9	9
文献[17]方案	9			9	9	9
本文	9	9	9	9	9	9

基于收敛加密的云安全去重与完整性审计系统

Secure deduplication and integrity audit system based on convergent encryption for cloud storage

在线阅读

PDF下载

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 5

参考文献 19

相关文章 15

Metrics

推荐阅读 0

[1]	金伟, 李凤华, 余铭洁, 郭云川, 周紫妍, 房梁. 面向HDFS的密钥资源控制机制[J]. 通信学报, 2022, 43(9): 27-41.
[2]	哈冠雄, 贾巧雯, 陈杭, 贾春福. 无第三方服务器的基于数据流行度的加密去重方案[J]. 通信学报, 2022, 43(8): 17-29.
[3]	应作斌, 斯元平, 马建峰, 刘西蒙. 基于区块链的分布式EHR细粒度可追溯方案[J]. 通信学报, 2021, 42(5): 205-215.
[4]	贾春福, 哈冠雄, 武少强, 陈杭, 李瑞琪. 加密去重场景下基于AONT和NTRU的密钥更新方案[J]. 通信学报, 2021, 42(10): 67-80.
[5]	唐鑫,周琳娜,单伟杰,刘丹. 基于阈值重加密的抗边信道攻击云数据安全去重方法[J]. 通信学报, 2020, 41(6): 98-111.
[6]	贾春福,哈冠雄,李瑞琪. 密文去重系统中的数据访问控制策略[J]. 通信学报, 2020, 41(5): 72-83.
[7]	李学俊,张丹,李晖. 可高效撤销的属性基加密方案[J]. 通信学报, 2019, 40(6): 32-39.
[8]	张襄松,李晨,刘振华. 抗密钥泄露的支持密态数据去重的完整性审计方案[J]. 通信学报, 2019, 40(4): 95-106.
[9]	金伟,余铭洁,李凤华,杨正坤,耿魁. 支持高并发的Hadoop高性能加密方法研究[J]. 通信学报, 2019, 40(12): 29-40.
[10]	熊金波,张媛媛,田有亮,应作斌,李琦,马蓉. 基于角色对称加密的云数据安全去重[J]. 通信学报, 2018, 39(5): 59-73.
[11]	熊金波,李素萍,张媛媛,李璇,叶阿勇,姚志强. 共享所有权证明：协作云数据安全去重新方法[J]. 通信学报, 2017, 38(7): 18-27.
[12]	杨超,纪倩,熊思纯,刘茂珍,马建峰,姜奇,白琳. 新的云存储文件去重复删除方法[J]. 通信学报, 2017, 38(3): 25-33.
[13]	熊金波,李凤华,王彦超,马建峰,姚志强. 基于密码学的云数据确定性删除研究进展[J]. 通信学报, 2016, 37(8): 167-184.
[14]	熊金波,张媛媛,李凤华,李素萍,任君,姚志强. 云环境中数据安全去重研究进展[J]. 通信学报, 2016, 37(11): 169-180.
[15]	陈越,李超零,兰巨龙,金开春,王仲辉. 基于确定/概率性文件拥有证明的机密数据安全去重方案[J]. 通信学报, 2015, 36(9): 1-12.