基于授权记录的云存储加密数据去重方法

doi:10.3969/j.issn.1671-1122.2020.03.010

信息网络安全 ›› 2020, Vol. 20 ›› Issue (3): 75-82.doi: 10.3969/j.issn.1671-1122.2020.03.010

基于授权记录的云存储加密数据去重方法

张艺¹, 刘红燕¹, 咸鹤群^1,²(), 田呈亮¹

1.青岛大学计算机科学技术学院,青岛 266071
2.中国科学院信息工程研究所,北京 100093

收稿日期:2019-09-20 出版日期:2020-03-10 发布日期:2020-05-11
作者简介:
作者简介：张艺（1995—）,女,山东,硕士研究生,主要研究方向为云计算安全;刘红燕（1994—）,女,云南,硕士研究生,主要研究方向为云计算安全;咸鹤群（1979—）,男,山东,副教授,博士,主要研究方向为密码学、云计算安全和网络安全等;田呈亮（1982—）,男,山东,讲师,博士,主要研究方向为密码学。
基金资助:
国家自然科学基金[61702294];山东省自然科学基金[ZR2019MF058]

A Cloud Storage Encrypted Data Deduplication Method Based on Authorization Records

ZHANG Yi¹, LIU Hongyan¹, XIAN Hequn^1,²(), TIAN Chengliang¹

1. College of Computer Science and Technology, Qingdao University, Qingdao 266071, China
2. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China

Received:2019-09-20 Online:2020-03-10 Published:2020-05-11

摘要/Abstract

摘要：

数据去重技术用于删除云存储系统中的冗余数据,可以提高存储效率,节约网络带宽。用户为了保护数据隐私,通常将数据加密后上传至云服务器,这给数据去重操作带来了较大的困难。如何在保证数据隐私的前提下,实现安全高效的数据去重是云计算安全领域研究的热点问题。因此,文章提出了一种基于授权记录的云存储加密数据去重方法,该方法基于双线性映射构造数据标签,设计了一种授权记录存储结构。根据数据流行程度,采用不同的加密方式,利用代理重加密进行密钥转换,无须实时在线的第三方参与,确保标签不泄露任何明文信息,实现数据的所有权验证,可以确保去重数据的安全性。文章分析并证明了所提方案的安全性和正确性,实验结果也说明了方案的可行性和高效性。

关键词: 授权记录, 双线性映射, 数据去重, 数据流行度, 代理重加密

Abstract:

Data deduplication can be used to remove redundant data in cloud storage system, which can improve storage efficiency and save network bandwidth. In order to protect data privacy, cloud users tend to upload data in the form of encrypted ciphertext. However, it makes the data deduplication more difficult. It is a hot issue in cloud computing security filed that how to achieve safe and efficient data deduplication under the premise of ensuring data privacy. This paper proposes a method for deduplication of encrypted data in cloud storage based on authorization records. Based on bilinear mapping, data tag scheme is adopted which is used for duplicate check, and designs an authorization record storage structure. According to the popularity of data, different encryption strategies are applied. We get converted keys by proxy re-encryption. Without any real-time online the third party to participate in, to ensure that the tag does not leak any exploitable information. By implementing the proof of ownership, the security of deduplication data can be ensured. The correctness and security of our scheme are analyzed and proved. The experimental results show the feasibility and efficiency of our scheme.

Key words: authorization record, bilinear mapping, data deduplication, data popularity, proxy re-encryption

中图分类号:

TP309

张艺, 刘红燕, 咸鹤群, 田呈亮. 基于授权记录的云存储加密数据去重方法[J]. 信息网络安全, 2020, 20(3): 75-82.

ZHANG Yi, LIU Hongyan, XIAN Hequn, TIAN Chengliang. A Cloud Storage Encrypted Data Deduplication Method Based on Authorization Records[J]. Netinfo Security, 2020, 20(3): 75-82.

图/表 8

表1

表2

表3

图1

图2

图3

图4

图5

参考文献 15

[1]	FU Yinjin, XIAO Nong, LIU Fang.Research and Development on Key Techniques of Data Deduplication[J]. Journal of Computer Research and Development, 2012, 49(1): 12-20.
	付印金,肖侬,刘芳.重复数据删除关键技术研究进展[J].计算机研究与发展,2012,49(1):12-20.
[2]	AO Li, SHU Jiwu, LI Mingqiang.Data Deduplication Techniques[J]. Journal of Software, 2010, 21(5): 916-929.
	敖莉,舒继武,李明强.重复数据删除技术[J].软件学报,2010,21(5):916-929.
[3]	DOUCEUR J R, ADYA A, BOLOSKY W J, et al.Reclaiming Space from Duplicate Files in a Serverless Distributed File System[C]//IEEE. Proceedings of the 22nd International Conference on Distributed Computing Systems, July 2-5, 2002, Vienna, Austria. New York: IEEE, 2002: 5-20.
[4]	BELLARE M, KEELVEEDHI S, RISTENPART T.Message-Locked Encryption and Secure Deduplication[C]//Springer. The 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 26-30, 2013, Athens, Greece. Heidelberg: Springer, 2013: 296-312.
[5]	LIU Jian, ASOKAN N, PINKAS B.Secure Deduplication of Encrypted Data without Additional Servers[C]//ACM. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, October 12-16, 2015, Denver, USA. New York: ACM, 2015: 874-885.
[6]	STANEK J, SORNIOTTI A, ANDROULAKI E, KENCL L.A Secure Data Deduplication Scheme for Cloud Storage[C]//Springer. International Conference on Financial Cryptography and Data Security, March 3-7, 2014, Christ Church, Barbados. Heidelberg: Springer, 2014: 99-118.
[7]	PUZIO P, MOLVA R, ÖNEN M, LOUREIRO S.PerfectDedup: Secure Data Deduplication[C]//Springer, International Workshop on Data Privacy Management, September 21-22, 2015, Vienna, Austria. Heidelberg: Springer, 2015: 150-166.
[8]	HUR J, KOO D, SHIN Y, KANG K.Secure Data Deduplication with Dynamic Ownership Management in Cloud Storage[J]. IEEE Transactions on Knowledge and Data Engineering, 2016, 28(11): 3113-3125.
[9]	YAN Z, DING W, YU X, et al.Deduplication on Encrypted Big Data in Cloud[J]. IEEE Transactions on Big Data, 2016, 2(2): 138-150.
[10]	ZHANG Shuguang, XIAN Hequn, WANG Yazhe, et al.Secure Encrypted Data Deduplication Method Based on Offline Key Distribution[J]. Journal of Software, 2018, 29(7): 66-72.
	张曙光,咸鹤群,王雅哲,等.基于离线密钥分发的加密数据重复删除方法[J].软件学报, 2018,29(27):66-72.
[11]	GREEN M, ATENIESE G.Identity-Based Proxy Re-encryption[C]// Springer. International Conference on Applied Cryptography and Network Security, June 5-8, 2007, Zhuhai, China. Heidelberg: Springer, 2007: 288-306.
[12]	DI P R, SORNIOTTI A.Boosting Efficiency and Security in Proof of Ownership for Deduplication[C]//ACM. Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, May 2-4, 2012, Seoul, Korea. New York: ACM, 2012: 81-82.
[13]	CARO A D, IOVINO V.JPBC: Java Pairing Based Cryptography[C]//IEEE. Proceedings of the 16th IEEE Symposium on Computers and Communications, June 28-July 1, 2011, Corfu, Greece. New York: IEEE, 2011: 850-855.
[14]	LOUKIDES M, ORAM A.Programming with GNU Software[M]. Sebastopol: O'Reilly Media, 1996.
[15]	VIEGA J, MESSIER M, CHANDRA P.Network Security with OpenSSL[M]. Sebastopol: O'Reilly Media, 2002.

符号	定义	符号	定义
{U_i}(i∈[1,n])	用户集合	EU	已有上传者
CU	当前上传者	Th	数据流行度阈值
M	数据M	Tag(M)	M的数据标签
θ	可忽略值	η	系统安全参数
AuthRec	所有数据的授权记录表	count(M)	拥有数据M的用户数量

数据标签	授权用户	被授权用户
1	U₁	U₁
1	U₁	U₂
1	U₁	U₃
1	U₃	U₆
2	U₉	U₉
…	…	…

数据标签	授权用户	被授权用户
1	U₁	U₁
1	U₁	U₂
1	U₁	U₆
2	U₉	U₉
…	…	…

基于授权记录的云存储加密数据去重方法

A Cloud Storage Encrypted Data Deduplication Method Based on Authorization Records

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 15

相关文章 6

编辑推荐

Metrics

本文评价

[1]	周权, 许舒美, 杨宁滨. 一种基于ABGS的智能电网隐私保护方案[J]. 信息网络安全, 2019, 19(7): 25-30.
[2]	江明明, 赵利军, 王艳, 王保仓. 面向云数据共享的量子安全的无证书双向代理重加密[J]. 信息网络安全, 2018, 18(8): 17-24.
[3]	夏逸珉, 许春根, 窦本年. 一种标准模型下基于身份的匿名加密方案[J]. 信息网络安全, 2018, 18(4): 72-78.
[4]	张曙光, 咸鹤群, 刘红燕, 侯瑞涛. 云存储环境中基于离线密钥传递的加密重复数据删除方法研究[J]. 信息网络安全, 2017, 17(7): 66-72.
[5]	张键红, 甄伟娜. 一种基于身份的代理签名方案的安全性分析及改进[J]. 信息网络安全, 2014, 14(8): 17-20.
[6]	张晓敏. 一种新的基于身份的盲签名方案[J]. , 2012, 12(2): 0-0.