通信学报 ›› 2021, Vol. 42 ›› Issue (10): 67-80.doi: 10.11959/j.issn.1000-436x.2021187
贾春福1,2, 哈冠雄1,2, 武少强1,2, 陈杭1,2, 李瑞琪1,2
修回日期:
2021-08-31
出版日期:
2021-10-25
发布日期:
2021-10-01
作者简介:
贾春福(1967- ),男,河北文安人,博士,南开大学教授、博士生导师,主要研究方向为网络与信息安全、可信计算、恶意代码分析、密码技术应用等基金资助:
Chunfu JIA1,2, Guanxiong HA1,2, Shaoqiang WU1,2, Hang CHEN1,2, Ruiqi LI1,2
Revised:
2021-08-31
Online:
2021-10-25
Published:
2021-10-01
Supported by:
摘要:
密钥更新是对抗密钥泄露的有效方法。现有加密去重系统大多基于消息锁加密实现,拥有相同数据的多个用户共享同一加密密钥,某一用户更新密钥时其他数据所有者需同步该更新,这将引起较大的计算和通信开销。针对这一问题,提出了一种基于AONT和NTRU的密钥更新方案,设计了一个AONT的变体以解决多用户密钥更新时的同步问题,引入了一种基于NTRU的代理重加密方案以降低密钥更新过程中的系统通信开销和客户端计算开销。效率分析与实验结果表明,所提方案与现有方案相比具有更高的加解密效率,显著降低了密钥更新过程中的时间开销。
中图分类号:
贾春福, 哈冠雄, 武少强, 陈杭, 李瑞琪. 加密去重场景下基于AONT和NTRU的密钥更新方案[J]. 通信学报, 2021, 42(10): 67-80.
Chunfu JIA, Guanxiong HA, Shaoqiang WU, Hang CHEN, Ruiqi LI. AONT-and-NTRU-based rekeying scheme for encrypted deduplication[J]. Journal on Communications, 2021, 42(10): 67-80.
[1] | 冯登国, 张敏, 张妍 ,等. 云计算安全研究[J]. 软件学报, 2011,22(1): 71-83. |
FENG D G , ZHANG M , ZHANG Y ,et al. Study on cloud computing security[J]. Journal of Software, 2011,22(1): 71-83. | |
[2] | 熊金波, 张媛媛, 李凤华 ,等. 云环境中数据安全去重研究进展[J]. 通信学报, 2016,37(11): 169-180. |
XIONG J B , ZHANG Y Y , LI F H ,et al. Research progress on secure data deduplication in cloud[J]. Journal on Communications, 2016,37(11): 169-180. | |
[3] | SHIN Y , KOO D , HUR J . A survey of secure data deduplication schemes for cloud storage systems[J]. ACM Computing Surveys, 2017,49(4): 1-38. |
[4] | XIA W , JIANG H , FENG D ,et al. A comprehensive study of the past,present,and future of data deduplication[J]. Proceedings of the IEEE, 2016,104(9): 1681-1710. |
[5] | BELLARE M , KEELVEEDHI S , RISTENPART T . Message-locked encryption and secure deduplication[C]// Advances in Cryptology –EUROCRYPT 2013. Berlin:Springer, 2013: 296-312. |
[6] | XU J , CHANG E C , ZHOU J Y . Weak leakage-resilient client-side deduplication of encrypted data in cloud storage[C]// Proceedings of the 8th ACM SIGSAC symposium on Information,computer and communications security. New York:ACM Press, 2013: 195-206. |
[7] | BOYD C , DAVIES G T , GJ?STEEN K ,et al. Fast and secure updatable encryption[C]// Advances in Cryptology – CRYPTO 2020. Cham:Springer International Publishing, 2020: 464-493. |
[8] | LEHMANN A , TACKMANN B . Updatable encryption with post-compromise security[C]// Advances in Cryptology – EUROCRYPT 2018. Cham:Springer International Publishing, 2018: 685-716. |
[9] | JARECKI S , KRAWCZYK H , RESCH J . Updatable oblivious key management for storage systems[C]// Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2019: 379-393. |
[10] | 贾春福, 哈冠雄, 李瑞琪 . 密文去重系统中的数据访问控制策略[J]. 通信学报, 2020,41(5): 72-83. |
JIA C F , HA G X , LI R Q . Data access control policy of encrypted deduplication system[J]. Journal on Communications, 2020,41(5): 72-83. | |
[11] | LI J , CHEN X F , LI J W ,et al. New access control systems based on outsourced attribute-based encryption1[J]. Journal of Computer Security, 2015,23(6): 659-683. |
[12] | DOUCEUR J R , ADYA A , BOLOSKY W J ,et al. Reclaiming space from duplicate files in a serverless distributed file system[C]// Proceedings of the 22nd International Conference on Distributed Computing Systems. Piscataway:IEEE Press, 2002: 617-624. |
[13] | RESCH J K , PLANK J S . AONT-RS:blending security and performance in dispersed storage systems[C]// Proceedings of the 9th USENIX Conference on File and Storage Technologies. San Jose:USENIX Association, 2011: 191-202. |
[14] | RIVEST R L , . All-or-nothing encryption and the package transform[C]// Proceedings of Fast Software Encryption. Berlin:Springer, 1997: 210-218. |
[15] | NU?EZ D , AGUDO I , LOPEZ J . NTRUReEncrypt:an efficient proxy Re-encryption scheme based on NTRU[C]// Proceedings of the 10th ACM Symposium on Information,Computer and Communications Security. New York:ACM Press, 2015: 179-189. |
[16] | QIN C , LI J W , LEE P P C ,et al. The design and implementation of a rekeying-aware encrypted deduplication storage system[EB]. arXiv:1607.08388. 2016. |
[17] | BELLARE M , KEELVEEDHI S , RISTENPART T . DupLESS:server-aided encryption for deduplicated storage[J]. IACR Cryptology EPrint Archive,2013, 2013:429. |
[18] | BEIMEL A , . Secret-sharing schemes:A survey[C]// Proceedings of International Conference on Coding and Cryptology. Berlin:Springer, 2011: 11-46. |
[19] | HOFFSTEIN J , PIPHER J , SILVERMAN J H . NTRU:A ring-based public key cryptosystem[C]// Proceedings of the International Algorithmic Number Theory Symposium. Berlin:Springer, 1998: 267-288. |
[20] | LIU J , ASOKAN N , PINKAS B . Secure deduplication of encrypted data without additional independent servers[C]// Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2015: 874-885. |
[21] | LIU J , DUAN L , LI Y ,et al. Secure deduplication of encrypted data:refined model and new constructions[C]// Proceedings of Cryptographers’ Track at the RSA Conference. Cham:Springer International Publishing, 2018: 374-393. |
[22] | YU C M , . POSTER:efficient cross-user chunk-level client-side data deduplication with symmetrically encrypted two-party interactions[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2016: 1763-1765. |
[23] | HARNIK D , PINKAS B , SHULMAN-PELEG A , . Side channels in cloud services:deduplication in cloud storage[J]. IEEE Security &Privacy, 2010,8(6): 40-47. |
[24] | POORANIAN Z , CHEN K C , YU C M ,et al. RARE:Defeating side channels based on data-deduplication in cloud storage[C]// Proceedings of IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). Piscataway:IEEE Press, 2018: 444-449. |
[25] | HALEVI S , HARNIK D , PINKAS B ,et al. Proofs of ownership in remote storage systems[C]// Proceedings of the 18th ACM conference on Computer and communications security. New York:ACM Press, 2011: 491-500. |
[26] | LI J W , LEE P P C , TAN C F ,et al. Information leakage in encrypted deduplication via frequency analysis[J]. ACM Transactions on Storage, 2020,16(1): 1-30. |
[27] | LI M Q , QIN C , LI J W ,et al. CDStore:toward reliable,secure,and cost-efficient cloud storage via convergent dispersal[C]// Proceedings of IEEE Internet Computing. Piscataway:IEEE Press, 2016: 45-53. |
[28] | LI J W , LI J , XIE D Q ,et al. Secure auditing and deduplicating data in cloud[J]. IEEE Transactions on Computers, 2016,65(8): 2386-2396. |
[29] | 郭晓勇, 付安民, 况博裕 ,等. 基于收敛加密的云安全去重与完整性审计系统[J]. 通信学报, 2017,38(S2): 156-163. |
GUO X Y , FU A M , KUANG B Y ,et al. Secure deduplication and integrity audit system based on convergent encryption for cloud storage[J]. Journal on Communications, 2017,38(S2): 156-163. | |
[30] | ZHOU Y K , FENG D , HUA Y ,et al. A similarity-aware encrypted deduplication scheme with flexible access control in the cloud[J]. Future Generation Computer Systems, 2018,84: 177-189. |
[31] | 熊金波, 张媛媛, 田有亮 ,等. 基于角色对称加密的云数据安全去重[J]. 通信学报, 2018,39(5): 59-73. |
XIONG J B , ZHANG Y Y , TIAN Y L ,et al. Cloud data secure deduplication scheme via role-based symmetric encryption[J]. Journal on Communications, 2018,39(5): 59-73. | |
[32] | XU R H , JOSHI J , KRISHNAMURTHY P . An integrated privacy preserving attribute-based access control framework supporting secure deduplication[J]. IEEE Transactions on Dependable and Secure Computing, 2021,18(2): 706-721. |
[33] | ZHAO Y J , CHOW S S M . Updatable block-level message-locked encryption[J]. IEEE Transactions on Dependable and Secure Computing, 2021,18(4): 1620-1631. |
[34] | LIU M Z , YANG C , JIANG Q ,et al. Updatable block-level deduplication with dynamic ownership management on encrypted data[C]// Proceedings of 2018 IEEE International Conference on Communications (ICC). Piscataway:IEEE Press, 2018: 1-7. |
[35] | NAOR M , REINGOLD O . Number-theoretic constructions of efficient pseudo-random functions[C]// Proceedings of the 38th Annual Symposium on Foundations of Computer Science. Piscataway:IEEE Press, 1997: 458-467. |
[1] | 张海波, 兰凯, 陈舟, 王汝言, 邹灿, 王明月. 车联网中基于环的匿名高效批量认证与组密钥协商协议[J]. 通信学报, 2023, 44(6): 103-116. |
[2] | 哈冠雄, 贾巧雯, 陈杭, 贾春福. 无第三方服务器的基于数据流行度的加密去重方案[J]. 通信学报, 2022, 43(8): 17-29. |
[3] | 崔琪楣, 赵文静, 顾晓阳, 朱增宝, 朱晓暄, 陶小峰, 倪巍. 面向B5G网络的高效切换认证与安全密钥更新机制[J]. 通信学报, 2021, 42(12): 96-108. |
[4] | 冯涛, 孔繁琪, 柳春岩, 马蓉, Maher Albettar. 基于区块链的双重可验证云存储方案[J]. 通信学报, 2021, 42(12): 192-201. |
[5] | 田俊峰,王彦骉,何欣枫,张俊涛,杨万贺,庞亚南. 数据因果一致性研究综述[J]. 通信学报, 2020, 41(3): 154-167. |
[6] | 柯文龙,王勇,叶苗,陈俊奇. Ceph云存储网络中一种业务优先级区分的多播流调度方法[J]. 通信学报, 2020, 41(11): 40-51. |
[7] | 孙磊,赵志远,王建华,朱智强. 云存储环境下支持属性撤销的属性基加密方案[J]. 通信学报, 2019, 40(5): 47-56. |
[8] | 张襄松,李晨,刘振华. 抗密钥泄露的支持密态数据去重的完整性审计方案[J]. 通信学报, 2019, 40(4): 95-106. |
[9] | 田苗苗,高闯,陈洁. 格上基于身份的云存储完整性检测方案[J]. 通信学报, 2019, 40(4): 128-139. |
[10] | 田俊峰,柴梦佳,齐鎏岭. 基于公有验证和私有验证的数据持有性验证方案[J]. 通信学报, 2019, 40(3): 48-59. |
[11] | 杜瑞忠,石朋亮,何欣枫. 基于覆写验证的云数据确定性删除方案[J]. 通信学报, 2019, 40(1): 130-140. |
[12] | 严新成,陈越,贾洪勇,陈彦如,张馨月. 支持高效密文密钥同步演化的安全数据共享方案[J]. 通信学报, 2018, 39(5): 123-133. |
[13] | 陈越,王龙江,严新成,张馨月. 基于再生码的拟态数据存储方案[J]. 通信学报, 2018, 39(4): 21-34. |
[14] | 王少辉,潘笑笑,王志伟,肖甫,王汝传. 对基于身份云数据完整性验证方案的分析与改进[J]. 通信学报, 2018, 39(11): 98-105. |
[15] | 王斌,李伟民,盛津芳,肖斯诺. TCCL:安全高效的拓展云桌面架构[J]. 通信学报, 2017, 38(Z1): 9-18. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|