基于覆写验证的云数据确定性删除方案

doi:10.11959/j.issn.1000-436x.2019012

Abstract

Abstract:

At the end of data life cycle,there is still a risk of data leakage,because mostly data which was stored in cloud is removed by logical deletion of the key.Therefore,a cloud data assured deletion scheme (WV-CP-ABE) based on ciphertext re-encrypt and overwrite verification was proposed.When data owner wants to delete the outsourced data,the data fine-grained deletion operation was realized by re-encrypting the ciphertext to change the access control policy.Secondly,a searchable path hash binary tree (DSMHT) based on dirty data block overwrite was built to verify the correctness of the data to be deletion.Finally,the dual mechanism of changing the ciphertext access control policy and data overwriting guarantees the data assured deletion.The experimental analysis proves that the fine-grained control is better and the security is more reliable than the previous logical delete method in the assured deletion of data.

Key words: cloud storage, CP-ABE, assured deletion, Hash binary tree, overwrite and verify

CLC Number:

TP393.08

Ruizhong DU,Pengliang SHI,Xinfeng HE. Cloud data assured deletion scheme based on overwrite verification[J]. Journal on Communications, 2019, 40(1): 130-140.

Figures/Tables 13

References 21

[1]	王国峰, 刘川意, 潘鹤中, 方滨兴 . 云计算模式内部威胁综述[J]. 计算机学报, 2017,40(02): 296-316.
	WANG G F , LIU C Y , PAN H Z , FANG B X . Survey on Insider to Cloud Computing[J]. Chinese Journal of Computers, 2017,40(02): 296-316.
[2]	KAUSPADIENE L , RAMANAUSKAITE S , CENYS A ,et al. Modeling of enterprise management structure for data Leakage evaluation[J]. Information Security Journal:A Global Perspective, 2018,27(1): 1-13.
[3]	RAMOKAPANE K M , RASHID A , SUCH J M . Assured deletion in the cloud:requirements,challenges and future directions[C]// ACM On Cloud Computing Security Workshop. 2011: 97-108.
[4]	熊金波, 李凤华, 王彦超, 马建峰, 姚志强 . 基于密码学的云数据确定性删除研究进展[J]. 通信学报, 2016,37(08): 167-184.
	XIONG J B , LI F H , WANG Y C . Research progress on cloud data assured deletion based on cryptography[J]. Journal on Communication, 2016,37(8): 168-184.
[5]	GEAMBASU R , KOHNO T , LEVY A ,et al. Vanish:increasing data privacy with self-destructing data[C]// ACM Conference on USENIX Security Symposium. 2009: 299-316.
[6]	ZENG L , SHI Z , XU S ,et al. SafeVanish:an improved data self-destruction for protecting data privacy[C]// IEEE International Conference on Cloud Computing Technology and Science. 2010: 521-528.
[7]	LI C L , CHEN Y , ZHOU Y D . A data assued deletion scheme in cloud storage[J]. China Communication, 2014,11(04): 98-110.
[8]	YAO W B , CHEN Y J , WANG D B . Cloud multimedia files assured deletion based on bit stream transformation with chaos sequence[J]. Algorithms and Architectures for Parallel Processing.ICA3PP, 2017: 441-451.
[9]	XUE L , YU Y , LI Y ,et al. Efficient attribute-based encryption with attribute revocation for assured data deletion[J]. Information Sciences, 2018: 1-11.
[10]	张坤, 杨超, 马建峰 ,等. 基于密文采样分片的云端数据确定性删除方法[J]. 通信学报, 2015,36(11): 108-117.
	ZHANG K , YANG C , MA J F ,et al. Novel cloud data assured deletion approach based on ciphertext sample slice[J]. Journal on Communications, 2015,36(11): 108-117.
[11]	MO Z , XIAO Q J , ZHOU Y . On deletion of outsourced data in cloud computing[C]// International Conference on Cloud Computing,IEEE, 2014: 344-351.
[12]	XIONG J , YAO Z , MA J ,et al. A secure document self-destruction scheme with identity based encryption[C]// The International Conference on Intelligent Networking and Collaborative Systems. 2013: 239-243.
[13]	MO Z , QIAO Y , CHEN S . Two-party fine-grained assured deletion of outsourced data in cloud systems[C]// International Conference on Computing System.. 2014: 308-317.
[14]	YU Y , XUE L , LI Y ,et al. Assured data deletion with fine-grained access control for fog-based industrial applications[J]. IEEE Transactions on Industrial Informatics, 2018,PP(99): 1-1.
[15]	曹来成, 刘宇飞, 董晓晔, 郭显 . 基于属性加密的用户隐私保护云存储方案[J]. 清华大学学报(自然科学版), 2018,58(02): 150-156.
	CAO L C , LIU Y F , DONG X Y , GUO X . User privacy-preserving cloud storage scheme on CP-ABE[J]. Journal of Tsinghua University (Science and Technology), 2018,58(02): 150-156.
[16]	GEAMBASU R , KOHNO T , LEVY A ,et al. Vanish:increasing data privacy with self-destructing data[C]// The USENIX Security Symposium. 2009: 299-315.
[17]	XIONG J B , YAO Z Q , MA J F ,et al. A secure self-destruction scheme with IBE for the internet content privacy[J]. Chinese Journal of Computers, 2014,37(1): 139-150.
[18]	YAO Z Q , XIONG J B , MA J F ,et al. A secure electronic document self-destructing scheme in cloud computing[J]. Journal of Computer Research and Development, 2014,51(7): 1417-1423.
[19]	XIONG J B , YAO Z Q , MA J F ,et al. A secure self-destruction scheme for composite documents with attribute based encryption[J]. ACTA Electronica Sinica, 2013,42(2): 366-376.
[20]	ISOIT I , DAVID S , GUSTSVO A . Active pages 20 years Later:active storage for the cloud[J]. IEEE Internet Computing, 2018,22(4): 6-14.
[21]	JUNG T , LI X Y , WAN Z ,et al. Privacy preserving cloud data access with multi-authorities[C]// INFOCOM. IEEE, 2013: 2625-2633.

Metrics

Recommended 0

No Suggested Reading articles found!

符号	含义
PK	系统的公钥
MSK	系统的主密钥
SK_u	授权用户私钥
M	原始密文
C	加密密文
NC	重新加密后的密文
DC	脏数据覆写后的密文
Ω	系统属性集合
A_u	授权用户所拥有的属性集合
AC	基于策略属性的访问控制策略
a_j	系统属性集合里的属性元素
G_T	阶为P的乘法循环群
G_V	阶为p的乘法循环群
g	群G₀的生成元
n	系统属性集合中属性的个数
Z_p	阶为P的整数域
D_o	用户私钥的公共数值
D_j	用户私钥的属性值
H(.)	单向散列函数

方案	加密方式	删除机制	细粒度安全访问	删除验证
Vanish^[16]	对称密钥	删除密钥	无	无
ISS^[17]	IBE	删除密钥	身份控制访问粒度	无
ESITE^[18]	IB-TRE	删除密钥	身份+时间控制访问粒度	无
SelfDOC^[19]	ABE	删除密钥+抽样密文	多安全等级+访问控制策略	无
WV-CP-ABE	CP-ABE	重加密访问策略+数据覆写	基于属性访问控制策略	有

文件大小/MB	覆写时间/s	覆写验证时间/s
1	0.060	0.175
2	0.144	0.42
4	0.260	0.9
8	0.450	1.61
16	0.630	3.34
32	1.421	5.14
64	2.786	9.45

Cloud data assured deletion scheme based on overwrite verification

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 13

References 21

Related Articles 15

Metrics

Recommended 0

[1]	Guanxiong HA, Qiaowen JIA, Hang CHEN, Chunfu JIA. Data popularity-based encrypted deduplication scheme without third-party servers [J]. Journal on Communications, 2022, 43(8): 17-29.
[2]	Jiangtao DONG, Peiwen YAN, Ruizhong DU. Verifiable access control scheme based on unpaired CP-ABE in fog computing [J]. Journal on Communications, 2021, 42(8): 139-150.
[3]	Changgen PENG, Zongfeng PENG, Hongfa DING, Youliang TIAN, Rongfei LIU. Attribute-based revocable collaborative access control scheme [J]. Journal on Communications, 2021, 42(5): 75-86.
[4]	Ruizhong DU, Peiwen YAN, Yan LIU. Fine-grained attribute update and outsourcing computing access control scheme in fog computing [J]. Journal on Communications, 2021, 42(3): 160-170.
[5]	Tao FENG, Fanqi KONG, Chunyan LIU, Rong MA, Albettar Maher. Dual verifiable cloud storage scheme based on blockchain [J]. Journal on Communications, 2021, 42(12): 192-201.
[6]	Chunfu JIA, Guanxiong HA, Shaoqiang WU, Hang CHEN, Ruiqi LI. AONT-and-NTRU-based rekeying scheme for encrypted deduplication [J]. Journal on Communications, 2021, 42(10): 67-80.
[7]	Jiawei ZHANG, Jianfeng MA, Zhuo MA, Teng LI. Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing [J]. Journal on Communications, 2021, 42(10): 81-94.
[8]	Junfeng TIAN,Yanbiao WANG,Xinfeng HE,Juntao ZHANG,Wanhe YANG,Ya’nan PANG. Survey on the causal consistency of data [J]. Journal on Communications, 2020, 41(3): 154-167.
[9]	Wenlong KE,Yong WANG,Miao YE,Junqi CHEN. Priority differentiated multicast flow scheduling method in Ceph cloud storage network [J]. Journal on Communications, 2020, 41(11): 40-51.
[10]	LI Xuejun,ZHANG Dan,LI Hui. Efficient revocable attribute-based encryption scheme [J]. Journal on Communications, 2019, 40(6): 32-39.
[11]	Lei SUN,Zhiyuan ZHAO,Jianhua WANG,Zhiqiang ZHU. Attribute-based encryption scheme supporting attribute revocation in cloud storage environment [J]. Journal on Communications, 2019, 40(5): 47-56.
[12]	Xiangsong ZHANG,Chen LI,Zhenhua LIU. Key-exposure resilient integrity auditing scheme with encrypted data deduplication [J]. Journal on Communications, 2019, 40(4): 95-106.
[13]	Miaomiao TIAN,Chuang GAO,Jie CHEN. Identity-based cloud storage integrity checking from lattices [J]. Journal on Communications, 2019, 40(4): 128-139.
[14]	Junfeng TIAN,Mengjia CHAI,Liuling QI. Provable data possession scheme based on public verification and private verification [J]. Journal on Communications, 2019, 40(3): 48-59.
[15]	Sheng DING,Jin CAO,Hui LI. Efficient pairing-free CP-ABE based on ordered binary decision diagram [J]. Journal on Communications, 2019, 40(12): 1-8.