密文去重系统中的数据访问控制策略

doi:10.11959/j.issn.1000-436x.2020062

Abstract

Abstract:

To solve the problem that convergent encryption was commonly used in existing encrypted deduplication systems in cloud storage and data owner couldn’t effectively enforce access control on their outsourced data,an encrypted deduplication system was proposed to support access control functions such as identity authentication,authorization deduplication and the update of access control policy.The outsourced data was only deduplicated with the authorized users,and the unauthorized users couldn’t obtain any data information.CP-ABE and the partition of the ElGamal private key were used to update the access control policy of data.Self-control objects was used to encapsulate user’s data and its access policy,providing authentication for data visitors and ensuring the access control policies enforced effectively.Security analysis and simulation results demonstrate that the proposed system enables data access control and executes efficiently.

Key words: update of security policy, authorized deduplication, self-control object, access control, cloud data security

CLC Number:

TP309.2

Chunfu JIA,Guanxiong HA,Ruiqi LI. Data access control policy of encrypted deduplication system[J]. Journal on Communications, 2020, 41(5): 72-83.

Figures/Tables 16

References 20

[1]	熊金波, 张媛媛, 李凤华 ,等. 云环境中数据安全去重研究进展[J]. 通信学报, 2016,37(11): 169-180.
	XIONG J B , ZHANG Y Y , LI F H ,et al. Research progress on secure data deduplication in cloud[J]. Journal on Communications, 2016,37(11): 169-180.
[2]	DOUCEUR J , ADYA A , BOLOSKY W ,et al. Reclaiming space from duplicate files in a serverless distributed file system[C]// 22nd International Conference on Distributed Computing Systems. Piscataway:IEEE Press, 2002: 617-624.
[3]	BELLARE M , KEELVEEDHI S , RISTENPART T . DupLESS:server-aided encryption for deduplicated storage[C]// 22nd USENIX Security Symposium. Berkeley:USENIX Association, 2013: 179-194.
[4]	BELLARE M , KEELVEEDHI S , RISTENPART T . Message-locked encryption and secure deduplication[M]. Berlin: SpringerPress, 2013: 296-312.
[5]	LI J , QIN C , LEE P ,et al. Information leakage in encrypted deduplication via frequency analysis[C]// 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. Piscataway:IEEE Press, 2017: 2110-2118.
[6]	HARNIK D , PINKAS B , SHULMAN-PELEG A . Side channels in cloud services:deduplication in cloud storage[J]. IEEE Security ＆Privacy, 2010,8(6): 40-47.
[7]	HALEVI S , HARNIK D , PINKAS B ,et al. Proofs of ownership in remote storage systems[C]// The 18th ACM conference on Computer and Communications Security (CCS 2011). New York:ACM Press, 2011: 491-500.
[8]	LI M , QIN C , LEE P . CDStore:toward reliable,secure,and cost-efficient cloud storage via convergent dispersal[C]// USENIX Annual Technical Conference. Berkeley:USENIX Association, 2015: 111-124.
[9]	SHIN Y , KIM K . Differentially private client-side data deduplication protocol for cloud storage services[J]. Security and Communication Networks, 2015,8(12): 2114-2123.
[10]	XU J , CHANG E C , ZHOU J . Weak leakage-resilient client-side deduplication of encrypted data in cloud storage[C]// 8th ACM SIGSAC Symposium on Information,Computer and Communications Security. New York:ACM Press, 2013: 195-206.
[11]	LI J , LI Y K , CHEN X ,et al. A hybrid cloud approach for secure authorized deduplication[J]. IEEE Transactions on Parallel and Distributed Systems, 2015,26(5): 1206-1216.
[12]	QIN C , LI J , LEE P . The design and implementation of a rekeying-aware encrypted deduplication storage system[J]. ACM Transactions on Storage, 2017,13(1): 1-30.
[13]	SQUICCIARINI A , PETRACCA G , BERTINO E . Adaptive data protection in distributed systems[C]// Third ACM Conference on Data and Application Security and Privacy. New York:ACM Press, 2013: 365-376.
[14]	THILAKANATHAN D , CALVO R , CHEN S ,et al. Secure and controlled sharing of data in distributed computing[C]// Proceedings of the 16th IEEE International Conference on Computational Science and Engineering. Piscataway:IEEE Press, 2013: 825-832.
[15]	ZAFAR F , KHAN A , MALIK S U R ,et al. A survey of cloud computing data integrity schemes:design challenges,taxonomy and future trends[J]. Computers ＆ Security, 2017(65): 29-49.
[16]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]// 2007 IEEE Symposium on Security and Privacy (S＆P 2007). Piscataway:IEEE Press, 2007: 321-334.
[17]	GAMAL T E . A public key cryptosystem and a signature scheme based on discrete logarithms[J]. IEEE Transactions on Information Theory, 1985,31(4): 469-472.
[18]	林婷婷, 来学嘉 . 白盒密码研究[J]. 密码学报, 2015,2(3): 258-267.
	LIN T T , LAI X J . Research on white-box cryptography[J]. Journal of Cryptologic Research, 2015,2(3): 258-267.
[19]	王鹃, 樊成阳, 程越强 ,等. SGX 技术的分析和研究[J]. 软件学报, 2018,29(9): 2778-2798.
	WANG J , FAN C Y , CHENG Y Q ,et al. Analysis and research on SGX technology[J]. Journal of Software, 2018,29(9): 2778-2798.
[20]	杨超, 张俊伟, 董学文 ,等. 云存储加密数据去重删除所有权证明方法[J]. 计算机研究与发展, 2015,52(1): 248-258.
	YANG C , ZHANG J W , DONG X W ,et al. Proving method of ownership of encrypted files in cloud de-duplication deletion[J]. Journal of Computer Research and Development, 2015,52(1): 248-258.

Metrics

Recommended 0

No Suggested Reading articles found!

文件大小/MB	文件读取用时/ms	算法用时/ms	总用时/ms
1	0.838	0.102	1.487
5	1.107	0.653	1.760
10	1.093	0.676	1.769
50	1.273	0.765	2.038
100	1.941	0.635	2.576
200	1.891	0.737	2.628
300	1.667	0.603	2.270
400	1.769	0.747	2.516
500	1.769	0.742	2.511
600	1.782	0.653	2.435
700	1.734	0.654	2.388
800	1.660	0.65 0	2.310
900	1.129	0.718	1.847
1000	1.104	0.619	1.723

Data access control policy of encrypted deduplication system

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 16

References 20

Related Articles 15

Metrics

Recommended 0

[1]	Wei JIN, Fenghua LI, Mingjie YU, Yunchuan GUO, Ziyan ZHOU, Liang FANG. HDFS-oriented cryptographic key resource control mechanism [J]. Journal on Communications, 2022, 43(9): 27-41.
[2]	Jiangtao DONG, Peiwen YAN, Ruizhong DU. Verifiable access control scheme based on unpaired CP-ABE in fog computing [J]. Journal on Communications, 2021, 42(8): 139-150.
[3]	Changgen PENG, Zongfeng PENG, Hongfa DING, Youliang TIAN, Rongfei LIU. Attribute-based revocable collaborative access control scheme [J]. Journal on Communications, 2021, 42(5): 75-86.
[4]	Zuobin YING, Yuanping SI, Jianfeng MA, Ximeng LIU. Blockchain-based distributed EHR fine-grained traceability scheme [J]. Journal on Communications, 2021, 42(5): 205-215.
[5]	Ruizhong DU, Peiwen YAN, Yan LIU. Fine-grained attribute update and outsourcing computing access control scheme in fog computing [J]. Journal on Communications, 2021, 42(3): 160-170.
[6]	Jiawei ZHANG, Jianfeng MA, Zhuo MA, Teng LI. Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing [J]. Journal on Communications, 2021, 42(10): 81-94.
[7]	Tianyi ZHU,Fenghua LI,Wei JIN,Yunchuan GUO,Liang FANG,Lin CHENG. Cross-domain access control policy mapping mechanism for balancing interoperability and autonomy [J]. Journal on Communications, 2020, 41(9): 29-48.
[8]	Qinglei ZHOU,Shaohuan BAN,Yingjie HAN,Feng FENG. Mimic defense authentication method for physical access control [J]. Journal on Communications, 2020, 41(6): 80-87.
[9]	Yonggui FU,Jianming ZHU. Design for database access control mechanism based on blockchain [J]. Journal on Communications, 2020, 41(5): 130-140.
[10]	Zheng GUAN,Lei XIONG,Yao JIA,Min HE,Zhijun YANG. Research on scheduled WLAN MAC protocol with failure retries on RoF-DAS architecture [J]. Journal on Communications, 2020, 41(3): 102-111.
[11]	Rongna XIE,Hui LI,Guozhen SHI,Yunchuan GUO. Attribute-based lightweight reconfigurable access control policy [J]. Journal on Communications, 2020, 41(2): 112-122.
[12]	Aodi LIU, Xuehui DU, Na WANG, Rui QIAO. ABAC access control policy generation technique based on deep learning [J]. Journal on Communications, 2020, 41(12): 8-20.
[13]	Rongna XIE, Hui LI, Guozhen SHI, Yunchuan GUO, Ming ZHANG, Xiuze DONG. Blockchain-based access control mechanism for data traceability [J]. Journal on Communications, 2020, 41(12): 82-93.
[14]	Hongfa DING,Changgen PENG,Youliang TIAN,Shuwen XIANG. Privacy risk adaptive access control model via evolutionary game [J]. Journal on Communications, 2019, 40(12): 9-20.
[15]	Xianwei ZHU,Chaowen CHANG,Zhiqiang ZHU,Xi QIN. SDN control and forwarding method based on identity attribute [J]. Journal on Communications, 2019, 40(11): 1-18.