面向云存储的多维球面门限秘密共享方案

Threshold Secret Sharing Scheme Based on Multidimensional Sphere for Cloud Storage

近年来,云存储所提供的"数据存储即服务"为租户实现廉价高效共享资源.由于租户缺乏对云端数据的绝对控制,数据安全,尤其是机密数据的安全存储成为一大问题,这也是近年来云存储安全的研究热点.针对机密数据的云存储问题,提出了一种基于多维球面原理的分布式秘密共享方案.在分发阶段,结合分发者、云存储容器信息,将原始秘密转换为m维球心坐标,进而生成同球面的n个影子秘密坐标,并将这些影子秘密作为机密数据分布式存储在n个云存储容器中.在恢复阶段,通过证明任意k(k=m+1)个线性不相关的坐标可确定唯一球心,完成原始秘密的恢复.算法性能分析和仿真分析表明,该方案具备假数据攻击、共谋攻击防御能力,且密钥不需要额外的管理开销,租户对密钥有绝对控制权,加强了租户对云数据的控制,在运算性能、存储性能方面正确、有效.

Cloud storage is a model of data storage where the digital data is stored in logical pools to share ＂data as a service （DaaS）＂ for cloud users. However, users have no absolute control of cloud data, and as a result, they are more and more concerned about cloud data security especially for confidential data. This paper focuses on how to protect confidential data on cloud, and presents a （k,n） threshold secret sharing scheme based on m-sphere principle. Distribution algorithms are designed based on features of dealer＇s information and cloud storage containers＇ identifications. Secret is transformed into an m-sphere central coordinates, and then into n shadow coordinates which are placed on the m-sphere surface and distributed into n cloud storage containers. Secret reconstruction algorithms are also designed along with a proof that any k （k=-m＋l） linear irreverent m-coordinates can reconstruct a unique m-sphere center. Simulations and analysis validate the proposed scheme can tolerate fake shadow attacks and collusion attacks, and cloud users have absolute control on secret key which needs no more management cost from cloud services. Performance analysis proves that the scheme can improves cloud users＇ control on cloud data, and it is correct and efficient on computation performance and storageproperty.