摘要
将海量数据外包至云服务器的应用模式已经被越来越多的用户所接受。然而,由于安全问题日益凸显,数据在上传至云服务器之前通常会被用户加密,这给云服务提供商带来巨大的存储压力。相同明文数据或被多个用户加密为不同密文数据,导致云服务提供商难以执行重复数据删除。目前支持加密数据重复删除的云存储系统过度依赖可信第三方,且未考虑数据所有权问题,实用性较差。提出云计算中加密数据高效安全存储方法,使用双线性映射与基于属性代理重加密机制,设计冗余度查询标签生成算法与密钥传递算法,保证云服务提供商在无第三方在线协助的情况下,能够验证加密数据是否冗余,并完成加密数据重复删除。构造了动态更新该数据的所有权算法,保证系统的安全性。安全分析与效率评估证明,所提方案能够在保证系统在安全性的前提下,实现存储效率最大化。
Outsourcing massive data to remote cloud servers has become a common practice.However,as security issues arise increasingly,data are usually encrypted by users before being uploaded to the cloud server,such operation brings huge storage pressure to the cloud service provider.The same plaintext may be encrypted into different ciphertext by multiple users,causing the cloud service provider unable to perform deduplication.Several cloud storage systems that support the encrypted data deduplication have been proposed.However,these schemes are impractical because they rely heavily on third parties and do not address the data ownership update issues.A secure efficient deduplication method for encrypted data in cloud computing was proposed.Based on bilinear mapping and attribute-based proxy re-encryption mechanism,the redundancy check tag generation algorithm and key deliver algorithm were designed to ensure that the cloud service provider can verify the redundancy of encrypted data without any online third-party assistance.A dynamic data ownership update algorithm was constructed to ensure the security of the system.Security analysis and efficiency evaluation show that our scheme can provide promising storage efficiency while ensuring the system with high security.
作者
张曙光
咸鹤群
王利明
于凯杰
张曼
ZHANG Shuguang;XIAN Hequn;WANG Liming;YU Kaijie;ZHANG Man(College of Computer Science Technology,Qingdao University,Qingdao 266071,China;State Key Laboratory of Integrated Services Networks,Xidian University,Xi’an 710071,China;Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;Yantai Moon Foundry Co.,Manufacturing Department,Yantai 264006,China)
出处
《通信学报》
EI
CSCD
北大核心
2018年第A01期251-262,共12页
Journal on Communications
基金
国家自然科学基金资助项目(No.61303197)
综合业务网理论及关键技术国家重点实验室开放课题(No.ISN19-14)
赛尔网络下一代互联网创新项目(No.NGII20170414)~~
关键词
云存储系统
数据安全
加密重复删除
数据所有权
cloud storage system
data security
encryption deduplication
data ownership