基于角色对称加密的云数据安全去重

doi:10.11959/j.issn.1000-436x.2018077

Abstract

Abstract:

The rapid development of cloud computing and big data technology brings prople to enter the era of big data,more and more enterprises and individuals outsource their data to the cloud service providers.The explosive growth of data and data replicas as well as the increasing management overhead bring a big challenge to the cloud storage space.Meanwhile,some serious issues such as the privacy disclosure,authorized access,secure deduplication,rekeying and permission revocation should also be taken into account.In order to address these problems,a role-based symmetric encryption algorithm was proposed,which established a mapping relation between roles and role keys.Moreover,a secure deduplication scheme was proposed via role-based symmetric encryption to achieve both the privacy protection and the authorized deduplication under the hierarchical architecture in the cloud computing environment.Furthermore,in the proposed scheme,the group key agreement protocol was utilized to achieve rekeying and permission revocation.Finally,the security analysis shows that the proposed role-based symmetric encryption algorithm is provably secure under the standard model,and the deduplication scheme can meet the security requirements.The performance analysis and experimental results indicate that the proposed scheme is effective and efficient.

Key words: role-based symmetric encryption, privacy protection, authorized deduplication, data deduplication

CLC Number:

TP309

Jinbo XIONG,Yuanyuan ZHANG,Youliang TIAN,Zuobin YING,Qi LI,Rong MA. Cloud data secure deduplication scheme via role-based symmetric encryption[J]. Journal on Communications, 2018, 39(5): 59-73.

Figures/Tables 16

方案	客户端计算复杂度	服务器端计算复杂度	第三方服务器计算复杂度	带宽
文献[24]方案	O(F)?Sym?hash	O(F)?hash	O(F)?Sym?hash	O(λ)
文献[14]方案	O(F)?hash	O(F)?hash	—	O(λ?logλ)
文献[15,16]方案	O(F)?hash	O(F)?hash	—	O(λ)
文献[17]方案	O(F)?hash	O(F)?hash	—	$O (\frac{l \cdot λ}{p_{f}})$
文献[18]方案	O(b)?CE?hash?hash	O(b)?hash?hash	—	O(l?λ)
文献[19]方案	O(b)?CE?n_re?hash	O(b)?hash?hash	Sym	O(l?λ)
本文方案	O(F)?Sym?hash	O(F)?hash	Sym	O(λ)

References 30

[1]	XIA W , JIANG H , FENG D ,et al. A comprehensive study of the past,present,and future of data deduplication[J]. Proceedings of the IEEE, 2016,104(9): 1681-1710.
[2]	XIONG J B , ZHANG Y Y , LI F H ,et al. Research progress on secure data deduplication in cloud[J]. Journal on Communications, 2016,37(11): 169-180.
[3]	LIU J , ASOKAN N , PINKAS B . Secure deduplication of encrypted data without additional independent servers[C]// ACM SIGSAC Conference on Computer and Communications Security. 2015: 874-885.
[4]	XIONG J , ZHANG Y , LI X ,et al. RSE-PoW:a role symmetric encryption PoW scheme with authorized deduplication for multimedia data[J]. Mobile Networks and Applications, 2017: 1-14.
[5]	DOUCEUR J , ADYA A , BOLOSKY W ,et al. Reclaiming space from duplicate files in a serverless distributed file system[C]// International Conference on Distributed Computing Systems. 2002: 617-624.
[6]	PUZIO P , MOLVA R , ONEN M ,et al. ClouDedup:secure deduplication with encrypted data for cloud storage[C]// 5th International Conference on Cloud Computing Technology and Science (CloudCom). 2013: 363-370.
[7]	LI M , QIN C , LI J ,et al. CDStore:toward reliable,secure,and cost-efficient cloud storage via convergent dispersal[J]. IEEE Internet Computing, 2016,20(3): 45-53.
[8]	STANEK J , SORNIOTTI A , ANDROULAKI E ,et al. A secure data deduplication scheme for cloud storage[C]// International Conference on Financial Cryptography and Data Security,Springer Berlin Heidelberg,2014, 8437: 99-118.
[9]	BELLARE M , KEELVEEDHI S , RISTENPART T . Message-locked encryption and secure deduplication[C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer Berlin Heidelberg,2013, 7881: 296-312.
[10]	CHEN R , MU Y , YANG G ,et al. Bl-MLE:block-level messagelocked encryption for secure large file deduplication[J]. IEEE Transactions on Information Forensics and Security, 2015,10(12): 2643-2652.
[11]	JIANG T , CHEN X , WU Q ,et al. Secure and efficient cloud data deduplication with randomized tag[J]. IEEE Transactions on Information Forensics and Security, 2017,12(3): 532-543.
[12]	LI J , QIN C , LEE P P C ,et al. Rekeying for encrypted deduplication storage[C]// 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). 2016: 618-629.
[13]	QIN C , LI J , LEE P P C . The design and implementation of a rekeying-aware encrypted deduplication storage system[J]. ACM Transactions on Storage (TOS), 2017,13(1):9.
[14]	PUZIO P , MOLVA R , ?NEN M , ,et al. PerfectDedup:secure data deduplication[C]// International Workshop on Data Privacy Management. Springer International Publishing, 2015: 150-166.
[15]	BELLARE M , KEELVEEDHI S . Interactive message-locked encryption and secure deduplication[C]// IACR International Workshop on Public Key Cryptography. Springer Berlin Heidelberg,2013, 7881: 296-312.
[16]	LI J , CHEN X F , LI M Q ,et al. Secure deduplication with efficient and reliable convergent key management[J]. IEEE Transactions on Parallel and Distributed Systems, 2014,25(6): 1615-1625.
[17]	MIAO M , WANG J , LI H ,et al. Secure multi-server-aided data deduplication in cloud computing[J]. Pervasive and Mobile Computing, 2015,24: 129-137.
[18]	HALEVI S , HARNIK D , PINKAS B ,et al. Proofs of ownership in remote storage systems[C]// 18th ACM conference on Computer and Communications Security,ACM, 2011: 491-500.
[19]	DI PIETRO R , SORNIOTTI A . Boosting efficiency and security in proof of ownership for deduplication[C]// 7th ACM Symposium on Information,Computer and Communications Security. ACM, 2012: 81-82.
[20]	DI PIETRO R , SORNIOTTI A . Proof of ownership for deduplication systems:a secure,scalable,and efficient solution[J]. Computer Communications, 2016,82: 71-82.
[21]	BLASCO J , ROBERTO D P , ALEJANDRO O ,et al. A tunable proof of ownership scheme for deduplication using bloom filters[C]// IEEE Conference on Communications and Network Security (CNS). 2014: 481-489.
[22]	GONZáLEZ-MANZANO L , AGUSTIN O . An efficient confidentiality-preserving proof of ownership for deduplication[J]. Journal of Network and Computer Applications, 2015,50: 49-59.
[23]	LI J , LI Y K , CHEN X ,et al. A hybrid cloud approach for secure authorized deduplication[J]. IEEE Transactions on Parallel and Distributed Systems, 2015,26(5): 1206-1216.
[24]	GONZáLEZ-MANZANO L , FUENTES J M D , CHOO K K R . ase-POW:a proof of ownership mechanism for cloud deduplication in hierarchical environments[C]// 12th EAI International Conference on Security and Privacy in Communication Networks. 2016: 412-428.
[25]	ZHANG Y , XIONG J , REN J ,et al. A novel role symmetric encryption algorithm for authorized deduplication in cloud[C]// 10th EAI International Conference on Mobile Multimedia Communications (EAI MOBIMEDIA). 2017: 104-110.
[26]	王宏远, 祝烈煌, 李龙一佳 . 云存储中支持数据去重的群组数据持有性证明[J]. 软件学报, 2016,27(6): 1417-1431.
	WANG H Y , ZHU L H , LI L Y J . Group provable data possession with deduplication in cloud storage[J]. Journal of Software, 2016,27(6): 1417-1431.
[27]	SANTIS A D , FERRARA A L , MASUCCI B . Efficient provably-secure hierarchical key assignment schemes[J]. Theoretical Computer Science, 2011,412(41): 5684-5699.
[28]	ATALLAH M , BLANTON M , FAZIO N ,et al. Dynamic and efficient key management for access hierarchies[J]. ACM Transactions on Information and System Security (TISSEC), 2009,12(3): 1-43.
[29]	马骏, 郭渊博, 马建峰 ,等. 物联网感知层一种分层访问控制方案[J]. 计算机研究与发展, 2013,50(6): 1267-1275.
	MA J , GUO Y B , MA J F ,et al. A hierarchical access control scheme for perceptual layer of IoT[J]. Journal of Computer Research and Development, 2013,50(6): 1267-1275.
[30]	宋建业, 何暖, 朱一明 ,等. 基于阿里云平台的密文数据安全去重系统的设计与实现[J]. 信息网络安全, 2017(3): 39-45.
	SONG J Y , HE N , ZHU Y M ,et al. Design and implementation of secure deduplication system for ciphertext data based on Aliyun[J]. Netinfo Security, 2017(3): 39-45.

Metrics

Recommended 0

No Suggested Reading articles found!

方案	主要技术	授权去重	第三方服务器	数据去重级别	数据去重执行对象	密钥更新
文献[6]方案	CE+访问控制策略	—	密钥服务器	块级去重	跨用户	—
文献[7]方案	CE+AONT-RS	—	—	块级去重	客户端	是
文献[10]方案	BL-MLE+PoW	—	—	块级去重+文件级去重	客户端	—
文献[17]方案	门限盲签名+可校验秘密共享	—	多密钥服务器	文件级去重	客户端	—
文献[12,13]方案	MLE+AONT-RS	—	—	块级去重	客户端	是
文献[23]方案	身份认证协议+授权检测	是	私有云服务器	文件级去重	跨用户	—
文献[24]方案	属性加密+随机抽样	是	属性认证中心	块级去重	跨用户	—
本文方案	角色对称加密+群组密钥协商	是	角色认证中心	文件级去重	跨用户	是

名称	描述
T_i	角色密钥树
Root_i	根节点
MK_i	主密钥
G_i	角色群组节点
h_i	角色密钥树层数
K_Gi	角色群组节点密钥
f	文件
r_k	角色密钥
f_k	文件密钥
H₁,H₂,H₃,H₄	抗碰撞散列函数，{0,1}^?→{0,1}^ε，其中，ε为正整数
Θ	使用文件密钥加密的密文
h_f	文件索引值
id	用户身份标识
eid	加密的用户身份标识
?	更新因子，群组协商协议得出
Φ	更新因子，角色认证中心指定

方案	安全性证明	抵抗攻击类型	细粒度访问控制		性能目标
方案	安全性证明	抵抗攻击类型	细粒度访问控制	通信带宽有效性	服务器内存有效性	用户存储有效性
文献[6]方案	理论分析	目录攻击、侧信道攻击	是	—	—	是
文献[7]方案	理论分析	侧信道攻击	—	是	是	是
文献[10]方案	标准模型下可证明安全	文件分发攻击	—	是	是	是
文献[17]方案	理论分析	蛮力攻击、共谋攻击	—	—	—	—
文献[12,13]方案	理论分析	伪造攻击	—	—	—	—
文献[23]方案	理论分析	侧信道攻击	是	—	—	—
文献[24]方案	理论分析	内容猜测攻击、侧信道攻击、共谋攻击	是	是	是	是
本文方案	标准模型下可证明安全	内容猜测攻击、文件伪造	是	是	是	是
		攻击、共谋攻击

Cloud data secure deduplication scheme via role-based symmetric encryption

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 16

References 30

Related Articles 15

Metrics

Recommended 0

[1]	Xindi MA, Qinghua LI, Qi JIANG, Zhuo MA, Sheng GAO, Youliang TIAN, Jianfeng MA. Byzantine-robust federated learning over Non-IID data [J]. Journal on Communications, 2023, 44(6): 138-153.
[2]	Tao FENG, Liqiu CHEN, Junli FANG, Jianming SHI. Blockchain data sharing scheme based on localized difference privacy and attribute-based searchable encryption [J]. Journal on Communications, 2023, 44(5): 224-233.
[3]	Baiji HU, Xiaojuan ZHANG, Yuancheng LI, Rongxin LAI. Multi-function supported privacy protection data aggregation scheme for V2G network [J]. Journal on Communications, 2023, 44(4): 187-200.
[4]	Ming XU, Baojun ZHANG, Yiming WU, Chenduo YING, Ning ZHENG. Cyber attacks and privacy protection distributed consensus algorithm for multi-agent systems [J]. Journal on Communications, 2023, 44(3): 117-127.
[5]	Xuewang ZHANG, Zhihong LI, Jinzhao LIN. Privacy protection scheme based on fair blind signature and hierarchical encryption for consortium blockchain [J]. Journal on Communications, 2022, 43(8): 131-141.
[6]	Jifeng WANG, Guofeng WANG. Research on ciphertext search and sharing technology in edge computing mode [J]. Journal on Communications, 2022, 43(4): 227-238.
[7]	Huamin FENG, Rui SHI, Feng YUAN, Yanjun LI, Yang YANG. Efficient strong privacy protection and transferable attribute-based ticket scheme [J]. Journal on Communications, 2022, 43(3): 63-75.
[8]	Yan YAN, Yiming CONG, Mahmood Adnan, Quanzheng SHENG. Statistics release and privacy protection method of location big data based on deep learning [J]. Journal on Communications, 2022, 43(1): 203-216.
[9]	Hui LIU, Xinyan LIU, Yan XU, Hong ZHONG, Meng WANG. Privacy protection of warning message publishing protocol in VANET [J]. Journal on Communications, 2021, 42(8): 120-129.
[10]	Hongtao LI, Xiaoyu REN, Jie WANG, Jianfeng MA. Continuous location privacy protection mechanism based on differential privacy [J]. Journal on Communications, 2021, 42(8): 164-175.
[11]	Wenbo ZHANG, Wenhua HUANG, Jingyu FENG. Secure communication mechanism for VSN based on certificateless signcryption [J]. Journal on Communications, 2021, 42(7): 128-136.
[12]	Jie CUI, Xuefeng CHEN, Jing ZHANG, Lu WEI, Hong ZHONG. Bus cache-based location privacy protection scheme in the Internet of vehicles [J]. Journal on Communications, 2021, 42(7): 150-161.
[13]	Guangjun LIU, Wangmei GUO, Jinbo XIONG, Ximeng LIU, Changyu DONG. Lightweight privacy protection data auditing scheme for regenerating-coding-based distributed storage [J]. Journal on Communications, 2021, 42(7): 220-230.
[14]	Yubo SONG, Qi CHEN, Rui SONG, Aiqun HU. Android application privacy protection mechanism based on virtual machine bytecode injection [J]. Journal on Communications, 2021, 42(6): 171-181.
[15]	Youhuizi LI, Yuyu YIN, Honghao GAO, Yi JIN, Xinheng WANG. Survey on privacy protection in non-aggregated data sharing [J]. Journal on Communications, 2021, 42(6): 195-212.