加密去重场景下基于AONT和NTRU的密钥更新方案

doi:10.11959/j.issn.1000-436x.2021187

Abstract

Abstract:

Rekeying is a good way to protect against key exposure.Most of the existing encrypted deduplication systems are implemented based on message-locked-encryption, in which multiple users with the identical data share the same encryption key.When a user updates keys, that update must be followed by all other data owners, which will incur large computational and communicational overheads.To solve this problem, an AONT-and-NTRU-based rekeying scheme was proposed, a variant of AONT was designed to solve the synchronization problem of multi-user rekeying, and a proxy re-encryption algorithm based on NTRU was introduced to reduce the communicational overhead for the system and computational overhead for clients during rekeying.The efficiency analysis and experimental results show that the proposed scheme has better encryption and decryption efficiency than existing schemes and the time cost of rekeying is significantly reduced.

Key words: cloud storage, encrypted deduplication, rekeying, AONT, NTRU

CLC Number:

TP309.2

Chunfu JIA, Guanxiong HA, Shaoqiang WU, Hang CHEN, Ruiqi LI. AONT-and-NTRU-based rekeying scheme for encrypted deduplication[J]. Journal on Communications, 2021, 42(10): 67-80.

Figures/Tables 13

方案	客户端计算开销	服务器端计算开销	带宽开销
DupLESS	$(SD+SE + H) O (l_{F}) + oprf$	—	$2 l_{F} + 2 l_{GD}$
CE	$(SD+SE+ H) O (l_{F})$	—	$2 l_{F}$
RCE	$(SD + H) O (l_{F}) + (SD + SE) O (l_{K})$	—	$l_{F} + 2 l_{K}$
文献[30]	$RKG O (l_{RK})$	$RE O (l_{AK})$	$l_{AK} + l_{RK}$
文献[32]	$SD O (l_{K}) + AD O (l_{AK}) + AE O (l_{K})$	$AD O (l_{AK})$	$2 l_{AK} + 2 l_{Sig}$
REED	$（ SD+SE ） O （ l_{S} ）$	—	$2 l_{S}$
ANRDup	$RKG O (l_{RK})$	$RE O (l_{S})$	$l_{RK}$

References 35

[1]	冯登国, 张敏, 张妍 ,等. 云计算安全研究[J]. 软件学报, 2011,22(1): 71-83.
	FENG D G , ZHANG M , ZHANG Y ,et al. Study on cloud computing security[J]. Journal of Software, 2011,22(1): 71-83.
[2]	熊金波, 张媛媛, 李凤华 ,等. 云环境中数据安全去重研究进展[J]. 通信学报, 2016,37(11): 169-180.
	XIONG J B , ZHANG Y Y , LI F H ,et al. Research progress on secure data deduplication in cloud[J]. Journal on Communications, 2016,37(11): 169-180.
[3]	SHIN Y , KOO D , HUR J . A survey of secure data deduplication schemes for cloud storage systems[J]. ACM Computing Surveys, 2017,49(4): 1-38.
[4]	XIA W , JIANG H , FENG D ,et al. A comprehensive study of the past,present,and future of data deduplication[J]. Proceedings of the IEEE, 2016,104(9): 1681-1710.
[5]	BELLARE M , KEELVEEDHI S , RISTENPART T . Message-locked encryption and secure deduplication[C]// Advances in Cryptology –EUROCRYPT 2013. Berlin:Springer, 2013: 296-312.
[6]	XU J , CHANG E C , ZHOU J Y . Weak leakage-resilient client-side deduplication of encrypted data in cloud storage[C]// Proceedings of the 8th ACM SIGSAC symposium on Information,computer and communications security. New York:ACM Press, 2013: 195-206.
[7]	BOYD C , DAVIES G T , GJ?STEEN K ,et al. Fast and secure updatable encryption[C]// Advances in Cryptology – CRYPTO 2020. Cham:Springer International Publishing, 2020: 464-493.
[8]	LEHMANN A , TACKMANN B . Updatable encryption with post-compromise security[C]// Advances in Cryptology – EUROCRYPT 2018. Cham:Springer International Publishing, 2018: 685-716.
[9]	JARECKI S , KRAWCZYK H , RESCH J . Updatable oblivious key management for storage systems[C]// Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2019: 379-393.
[10]	贾春福, 哈冠雄, 李瑞琪 . 密文去重系统中的数据访问控制策略[J]. 通信学报, 2020,41(5): 72-83.
	JIA C F , HA G X , LI R Q . Data access control policy of encrypted deduplication system[J]. Journal on Communications, 2020,41(5): 72-83.
[11]	LI J , CHEN X F , LI J W ,et al. New access control systems based on outsourced attribute-based encryption1[J]. Journal of Computer Security, 2015,23(6): 659-683.
[12]	DOUCEUR J R , ADYA A , BOLOSKY W J ,et al. Reclaiming space from duplicate files in a serverless distributed file system[C]// Proceedings of the 22nd International Conference on Distributed Computing Systems. Piscataway:IEEE Press, 2002: 617-624.
[13]	RESCH J K , PLANK J S . AONT-RS:blending security and performance in dispersed storage systems[C]// Proceedings of the 9th USENIX Conference on File and Storage Technologies. San Jose:USENIX Association, 2011: 191-202.
[14]	RIVEST R L , . All-or-nothing encryption and the package transform[C]// Proceedings of Fast Software Encryption. Berlin:Springer, 1997: 210-218.
[15]	NU?EZ D , AGUDO I , LOPEZ J . NTRUReEncrypt:an efficient proxy Re-encryption scheme based on NTRU[C]// Proceedings of the 10th ACM Symposium on Information,Computer and Communications Security. New York:ACM Press, 2015: 179-189.
[16]	QIN C , LI J W , LEE P P C ,et al. The design and implementation of a rekeying-aware encrypted deduplication storage system[EB]. arXiv:1607.08388. 2016.
[17]	BELLARE M , KEELVEEDHI S , RISTENPART T . DupLESS:server-aided encryption for deduplicated storage[J]. IACR Cryptology EPrint Archive,2013, 2013:429.
[18]	BEIMEL A , . Secret-sharing schemes:A survey[C]// Proceedings of International Conference on Coding and Cryptology. Berlin:Springer, 2011: 11-46.
[19]	HOFFSTEIN J , PIPHER J , SILVERMAN J H . NTRU:A ring-based public key cryptosystem[C]// Proceedings of the International Algorithmic Number Theory Symposium. Berlin:Springer, 1998: 267-288.
[20]	LIU J , ASOKAN N , PINKAS B . Secure deduplication of encrypted data without additional independent servers[C]// Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2015: 874-885.
[21]	LIU J , DUAN L , LI Y ,et al. Secure deduplication of encrypted data:refined model and new constructions[C]// Proceedings of Cryptographers’ Track at the RSA Conference. Cham:Springer International Publishing, 2018: 374-393.
[22]	YU C M , . POSTER:efficient cross-user chunk-level client-side data deduplication with symmetrically encrypted two-party interactions[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2016: 1763-1765.
[23]	HARNIK D , PINKAS B , SHULMAN-PELEG A , . Side channels in cloud services:deduplication in cloud storage[J]. IEEE Security ＆Privacy, 2010,8(6): 40-47.
[24]	POORANIAN Z , CHEN K C , YU C M ,et al. RARE:Defeating side channels based on data-deduplication in cloud storage[C]// Proceedings of IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). Piscataway:IEEE Press, 2018: 444-449.
[25]	HALEVI S , HARNIK D , PINKAS B ,et al. Proofs of ownership in remote storage systems[C]// Proceedings of the 18th ACM conference on Computer and communications security. New York:ACM Press, 2011: 491-500.
[26]	LI J W , LEE P P C , TAN C F ,et al. Information leakage in encrypted deduplication via frequency analysis[J]. ACM Transactions on Storage, 2020,16(1): 1-30.
[27]	LI M Q , QIN C , LI J W ,et al. CDStore:toward reliable,secure,and cost-efficient cloud storage via convergent dispersal[C]// Proceedings of IEEE Internet Computing. Piscataway:IEEE Press, 2016: 45-53.
[28]	LI J W , LI J , XIE D Q ,et al. Secure auditing and deduplicating data in cloud[J]. IEEE Transactions on Computers, 2016,65(8): 2386-2396.
[29]	郭晓勇, 付安民, 况博裕 ,等. 基于收敛加密的云安全去重与完整性审计系统[J]. 通信学报, 2017,38(S2): 156-163.
	GUO X Y , FU A M , KUANG B Y ,et al. Secure deduplication and integrity audit system based on convergent encryption for cloud storage[J]. Journal on Communications, 2017,38(S2): 156-163.
[30]	ZHOU Y K , FENG D , HUA Y ,et al. A similarity-aware encrypted deduplication scheme with flexible access control in the cloud[J]. Future Generation Computer Systems, 2018,84: 177-189.
[31]	熊金波, 张媛媛, 田有亮 ,等. 基于角色对称加密的云数据安全去重[J]. 通信学报, 2018,39(5): 59-73.
	XIONG J B , ZHANG Y Y , TIAN Y L ,et al. Cloud data secure deduplication scheme via role-based symmetric encryption[J]. Journal on Communications, 2018,39(5): 59-73.
[32]	XU R H , JOSHI J , KRISHNAMURTHY P . An integrated privacy preserving attribute-based access control framework supporting secure deduplication[J]. IEEE Transactions on Dependable and Secure Computing, 2021,18(2): 706-721.
[33]	ZHAO Y J , CHOW S S M . Updatable block-level message-locked encryption[J]. IEEE Transactions on Dependable and Secure Computing, 2021,18(4): 1620-1631.
[34]	LIU M Z , YANG C , JIANG Q ,et al. Updatable block-level deduplication with dynamic ownership management on encrypted data[C]// Proceedings of 2018 IEEE International Conference on Communications (ICC). Piscataway:IEEE Press, 2018: 1-7.
[35]	NAOR M , REINGOLD O . Number-theoretic constructions of efficient pseudo-random functions[C]// Proceedings of the 38th Annual Symposium on Foundations of Computer Science. Piscataway:IEEE Press, 1997: 458-467.

Metrics

Recommended 0

No Suggested Reading articles found!

AONT-and-NTRU-based rekeying scheme for encrypted deduplication

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 13

References 35

Related Articles 15

Metrics

Recommended 0

方案	数据密文更新	密钥密文更新
DupLESS	√	—
CE	√	—
RCE	—	√
文献[30]	—	√
文献[32]	—	√
REED	√	—
ANRDup	√	—

[1]	Xin SUN, Guifu ZHANG, Hongyan XING, Wang Zenghui. Research on intrusion detection for maritime meteorological sensor network based on balancing generative adversarial network [J]. Journal on Communications, 2023, 44(4): 124-136.
[2]	Zhiyong LUO, Yu ZHANG, Qing WANG, Weiwei SONG. Study of SDN intrusion intent identification algorithm based on Bayesian attack graph [J]. Journal on Communications, 2023, 44(4): 216-225.
[3]	Guanxiong HA, Qiaowen JIA, Hang CHEN, Chunfu JIA. Data popularity-based encrypted deduplication scheme without third-party servers [J]. Journal on Communications, 2022, 43(8): 17-29.
[4]	Haili SUN, Xiang LONG, Lansheng HAN, Yan HUANG, Qingbo LI. Overview of anomaly detection techniques for industrial Internet of things [J]. Journal on Communications, 2022, 43(3): 196-210.
[5]	Yifeng WANG, Yuanbo GUO, Qingli CHEN, Chen FANG, Renhao LIN. Method based on contrastive learning for fine-grained unknown malicious traffic classification [J]. Journal on Communications, 2022, 43(10): 12-25.
[6]	Tao FENG, Fanqi KONG, Chunyan LIU, Rong MA, Albettar Maher. Dual verifiable cloud storage scheme based on blockchain [J]. Journal on Communications, 2021, 42(12): 192-201.
[7]	Qixu LIU, Junnan WANG, Jie YIN, Yanhui CHEN, Jiaxi LIU. Application of adversarial machine learning in network intrusion detection [J]. Journal on Communications, 2021, 42(11): 1-12.
[8]	Zhiyong LUO,Xu YANG,Jiahui LIU,Rui XU. Network intrusion intention analysis model based on Bayesian attack graph [J]. Journal on Communications, 2020, 41(9): 160-169.
[9]	Youliang TIAN,Yulong WU,Qiuxian LI. Optimum response scheme of intrusion detection based on information theory [J]. Journal on Communications, 2020, 41(7): 121-130.
[10]	Junfeng TIAN,Yanbiao WANG,Xinfeng HE,Juntao ZHANG,Wanhe YANG,Ya’nan PANG. Survey on the causal consistency of data [J]. Journal on Communications, 2020, 41(3): 154-167.
[11]	Wenlong KE,Yong WANG,Miao YE,Junqi CHEN. Priority differentiated multicast flow scheduling method in Ceph cloud storage network [J]. Journal on Communications, 2020, 41(11): 40-51.
[12]	Xinglan ZHANG,Shenglin YIN. Intrusion detection model of random attention capsule network based on variable fusion [J]. Journal on Communications, 2020, 41(11): 160-168.
[13]	Wei SUN,Peng ZHANG,Yongquan HE,Lichao XING. Attack detection method based on spatiotemporal event correlation in intranet environment [J]. Journal on Communications, 2020, 41(1): 33-41.
[14]	Lei SUN,Zhiyuan ZHAO,Jianhua WANG,Zhiqiang ZHU. Attribute-based encryption scheme supporting attribute revocation in cloud storage environment [J]. Journal on Communications, 2019, 40(5): 47-56.
[15]	Xiangsong ZHANG,Chen LI,Zhenhua LIU. Key-exposure resilient integrity auditing scheme with encrypted data deduplication [J]. Journal on Communications, 2019, 40(4): 95-106.