基于角色对称加密的云数据安全去重

Cloud data secure deduplication scheme via role-based symmetric encryption

云计算和大数据技术的飞速发展促使人们进入大数据时代,越来越多的企业和个人选择将数据外包至云服务提供商。数据量的爆炸式增长态势、占据大量存储空间以及庞大的管理开销给云存储带来巨大压力。同时,如何有效防止个人隐私泄露、实现授权访问、云数据安全去重以及密钥更新与权限撤销问题也给云服务提供商提出更大挑战。针对上述问题,提出一种角色对称加密算法,利用角色对称加密将用户角色与密钥相关联,构建角色密钥树,不同角色可根据访问控制策略访问对应权限的文件;同时,提出一种基于角色对称加密的云数据安全去重方案,有效保护个人隐私信息、实现分层结构下的云数据授权去重,并通过群组密钥协商解决角色与密钥映射关系中密钥更新与权限撤销等带来的安全问题。安全性分析表明所提角色对称加密算法和云数据安全去重方案是安全的,性能分析和实验结果表明所提安全去重方案是高效的。

The rapid development of cloud computing and big data technology brings prople to enter the era of big data, more and more enterprises and individuals outsource their data to the cloud service providers. The explosive growth of data and data replicas as well as the increasing management overhead bring a big challenge to the cloud storage space. Meanwhile, some serious issues such as the privacy disclosure, authorized access, secure deduplication, rekeying and permission revocation should also be taken into account. In order to address these problems, a role-based symmetric encryption algorithm was proposed, which established a mapping relation between roles and role keys. Moreover, a secure deduplication scheme was proposed via role-based symmetric encryption to achieve both the privacy protection and the authorized deduplication under the hierarchical architecture in the cloud computing environment. Furthermore, in the proposed scheme, the group key agreement protocol was utilized to achieve rekeying and permission revocation. Finally, the security analysis shows that the proposed role-based symmetric encryption algorithm is provably secure under the standard model, and the deduplication scheme can meet the security requirements. The performance analysis and experimental results indicate that the proposed scheme is effective and efficient.