基于安全硬件的云端数据机密性验证方案

doi:10.3969/j.issn.1671-1122.2020.12.001

信息网络安全 ›› 2020, Vol. 20 ›› Issue (12): 1-8.doi: 10.3969/j.issn.1671-1122.2020.12.001

基于安全硬件的云端数据机密性验证方案

尤玮婧¹, 刘丽敏², 马悦³, 韩东⁴()

1.中国科学院大学计算机科学与技术学院,北京 100043
2.中国科学院信息工程研究所信息安全国家重点实验室,北京 100089
3.国家电网西安供电公司,西安 710032
4.北京赛迪软件测评工程技术中心有限公司,北京 100048

收稿日期:2020-11-02 出版日期:2020-12-10 发布日期:2021-01-12
通讯作者: 韩东 E-mail:18687087250@163.com
作者简介:尤玮婧（1994—）,女,福建,博士研究生,主要研究方向为云存储安全|刘丽敏（1985—）,女,湖南,高级工程师,博士,主要研究方向为云计算安全与系统安全|马悦（1990—）,女,陕西,工程师,硕士,主要研究方向为能源互联网安全|韩东（1990—）,男,四川,工程师,本科,主要研究方向为信息安全,电子信息工程
基金资助:
国家重点研发计划(2017YFB0802404)

An Intel SGX-based Proof of Encryption in Clouds

YOU Weijing¹, LIU Limin², MA Yue³, HAN Dong⁴()

1. School of Computer Science Technology, University of Chinese Academy of Science, Beijing 100043, China
2. State Key Laboratory of Information Security, the Institute of information engineering, CAS, Beijing 100089, China
3. Xi'an Power Supply Company, Xi'an 710032, China
4. Beijing CCID Software Testing Engineering Technology Center CO., LTD., Beijing 100048, China

Received:2020-11-02 Online:2020-12-10 Published:2021-01-12
Contact: HAN Dong E-mail:18687087250@163.com

摘要/Abstract

摘要：

随着物联网、社交网络、移动边缘计算和雾计算等新兴技术的出现和发展,互联网承载的数据量逐年攀升,云存储技术为大规模的数据存储管理提供了集约、规范与高效的解决方案。云存储技术在提供便利的同时,也对云用户信息资产安全和隐私保护带来了巨大的挑战。目前,云端数据机密性验证已成为云存储领域亟待突破的重要安全问题。文章总结和分析现有云存储数据机密性验证方案,提出一种基于安全硬件的云端数据机密性验证方案,安全分析及与现有方案的效率对比表明,该方案在达到安全目标的前提下有效提升了运行效率。

关键词: 云存储, 可信执行环境, 英特尔软件安全扩展, 加密, 数据机密性验证

Abstract:

With the evolvement of the Internet of Things (IoT), the edging computing, and the fog computing, the volume of data on the Internet surges by years. In this case, the cloud storage technique comes and provides centralized, formalized, and efficient storage services to the cloud users. Despite the convenience attributed to using the cloud storage, it also brings great challenges on information security and privacy. The assurance of data confidentiality in the cloud storage has become a significant security issue. First, this paper analyzes existing proof of confidentiality schemes. Second, an Intel sgx-based proof of confidentiality in cloud storage is proposed. The security analysis and performance evaluation show the proposal is efficient and without degrading security.

Key words: cloud storage, trusted execution environments (TEEs), intel software guard extensions (Intel SGX), encryption, proofs of confidentiality

中图分类号:

TP309

尤玮婧, 刘丽敏, 马悦, 韩东. 基于安全硬件的云端数据机密性验证方案[J]. 信息网络安全, 2020, 20(12): 1-8.

YOU Weijing, LIU Limin, MA Yue, HAN Dong. An Intel SGX-based Proof of Encryption in Clouds[J]. Netinfo Security, 2020, 20(12): 1-8.

图/表 3

参考文献 18

[1]	REINSEL D, GANTZ J, RYDING J. Digital Age 2025: The Digitization of the World-from Edge to Core[EB/OL]. https://www.seagate.com/cn/zh/our-story/data-age-2025/, 2018-11-03.
[2]	VAN DIJK M, JUELS A, OPREA A, et al. Hourglass schemes: How to Prove That Cloud Files are Encrypted[C]// ACM. Proceedings of the 19th ACM conference on Computer and communications security (ACM CCS), October 16-18, 2012, Raleigh, NC, USA. New York: ACM, 2012: 265-280.
[3]	HU Keji, ZHANG Wensheng. Efficient Verification of Data Encryption on Cloud Servers[C]// IEEE. 2014 Twelfth Annual International Conference on Privacy, Security and Trust (PST), July 23-24, 2014, Toronto, ON, Canada. New York: IEEE, 2014: 314-321.
[4]	FANG Jinxia, LIU Llimin, LIN Jingqiang. Practical Verification of Data Encryption for Cloud Storage Services[C]// Springer. 16th International Conference on Services Computing (SCC), June 25-30, 2019, Diego, CA, USA. Nature Switzerland AG: Springer, 2019: 16-31.
[5]	Intel. Intel® Software Guard Extensions[EB/OL]. https://software.intel.com/zh-cn/sgx. 2020-09-09.
[6]	Microsoft. Microsoft Azure[EB/OL]. http://www.windowsazure.cn/?fb=002, 2020-09-09.
[7]	Dropbox. Dropbox[EB/OL]. https://www.dropbox.com, 2020-09-09.
[8]	Intel. Intel® Software Guard Extensions (Intel® SGX) SDK for Windows* OS[EB/OL]. https://software.intel.com/sites/default/files/managed/47/19/sgx-sdk-developer-reference-for-windows-os.pdf, 2020-06-24.
[9]	Intel. Remote Attestation in Intel® Software Guard Extensions[EB/OL]. https://github.com/intel/sgx-ra-sample, 2020-10-02.
[10]	KURNIKOV A, PAVERD A, MANNAN M, et al. Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials[C]// ACM. Proceedings of the 13rd International Conference on Availability, Reliability and Security, August 27-30, 2018, Hamburg, Germany. New York: ACM, 2018: 1-10.
[11]	YOU Weijing, CHEN Bo. Proofs of Ownership on Encrypted Cloud Data via Intel SGX[C]// Springer. The 1st ACNS Workshop on Secure Cryptographic Implementation (SCI '20) (in conjunction with ACNS '20). October 19-22, 2020, Rome, Italy. Nature Switzerland AG: Springer, 2020: 400-416.
[12]	HE Yun, XU Yihua, JIA Xiaoqi, et al. EnclavePDP: A General Framework to Verify Data Integrity in Cloud Using Intel SGX[C]// Springer. Proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID). October 14-16, 2020, Donostia, San Sebastian, Spain. Nature Switzerland AG: Springer, 2020: 195-208.
[13]	ATENIESE G, BURNS R, CURTMOLA R, et al. Provable Data Possession at Untrusted Stores[C]// ACM. Proceedings of the 14th ACM Conference on Computer and Communications Security (ACM CCS). October 29-November 2, 2007, Alexandria, Virginia, USA. New York: ACM, 2007: 598-609.
[14]	JURELS A KALISKI JR B S. Pors: Proofs of Retrievability for Large Files[C]// ACM. Proceedings of the 14th ACM Conference on Computer and Communications Security (ACM CCS). October 29-November 2, 2007, Alexandria, Virginia, USA. New York: ACM, 2007: 598-609.
[15]	SHACHAM H, WATERS B. Compact Proofs of Retrievability[J]. Journal of Cryptology, 2013,26(3):442-483. doi: 10.1007/s00145-012-9129-2 URL
[16]	HALEVI S, HARNIK D, PINKAS B, et al. Proofs of Ownership in Remote Storage Systems[C]// ACM. Proceedings of the 18th ACM Conference on Computer and Communications Security (ACM CCS). October 17-21, 2011, Chicago, Illinois, USA. New York: ACM, 2011: 491-500.
[17]	YOU Weijing, CHEN Bo, LIU Limin, et al. Deduplication-friendly Watermarking for Multimedia Data in Public Clouds[C]// Springer. Proceedings of the 25th European Symposium on Research in Computer Security (ESORICS). September 14-18, 2020, Guildford, UK. Nature Switzerland AG: Springer, 2020: 67-87.
[18]	LYNN B. The Pairing-based Cryptography Library[EB/OL]. https://crypto.stanford.edu/pbc/, 2020-09-09.

方案	文献^[2]	文献^[3]	文献^[4]	本方案
计算开销	数据加密（服务器端/客户端）
	$O\left( Butterfly \right)/$ $O\left( Butterfly \right)$	$-/O\left( n \right)C$	$O\left( n \right)C/O\left( t \right)C$	$I+O\left( n \right)S+ \\ O\left( Enc \right)/- $
	密文完整性验证（服务器端/客户端）
	$ -/O\left( n \right)H+ \\ O\left( Butterfly \right) $	$-/O\left( t+n \right)H$	$-/O\left( t+n \right)H$	$O\left( n \right)T/O\left( 1 \right)$
通信开销	$O\left( n \right)$	$O\left( n \right)$	$O\left( n \right)$	$O\left( 1 \right)$
存储开销	$O\left( n \right)$	$O\left( n \right)$	$O\left( n \right)$	$O\left( n \right)$

基于安全硬件的云端数据机密性验证方案

An Intel SGX-based Proof of Encryption in Clouds

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 3

参考文献 18

相关文章 15

编辑推荐

Metrics

本文评价

[1]	汪金苗, 谢永恒, 王国威, 李易庭. 基于属性基加密的区块链隐私保护与访问控制方法[J]. 信息网络安全, 2020, 20(9): 47-51.
[2]	李莉, 曾庆贤, 文义红, 王士成. 基于区块链与代理重加密的数据共享方案[J]. 信息网络安全, 2020, 20(8): 16-24.
[3]	张敏情, 周能, 刘蒙蒙, 柯彦. 同态加密域可逆信息隐藏技术研究[J]. 信息网络安全, 2020, 20(8): 25-36.
[4]	徐国天. 基于异常加密流量标注的Android恶意进程识别方法研究[J]. 信息网络安全, 2020, 20(7): 30-41.
[5]	郎为民, 马卫国, 张寅, 姚晋芳. 一种支持数据所有权动态管理的数据去重方案[J]. 信息网络安全, 2020, 20(6): 1-9.
[6]	李宁波, 周昊楠, 车小亮, 杨晓元. 云环境下基于多密钥全同态加密的定向解密协议设计[J]. 信息网络安全, 2020, 20(6): 10-16.
[7]	施国峰, 张兴兰. 面向云存储的支持范围密文搜索的属性基加密方案[J]. 信息网络安全, 2020, 20(6): 75-81.
[8]	周昊楠, 李宁波, 车小亮, 杨晓元. 基于素数幂次阶分圆多项式环的多密钥全同态方案[J]. 信息网络安全, 2020, 20(5): 83-87.
[9]	傅智宙, 王利明, 唐鼎, 张曙光. 基于同态加密的HBase二级密文索引方法研究[J]. 信息网络安全, 2020, 20(4): 55-64.
[10]	周权, 杨宁滨, 许舒美. 基于FBDH算法的容错可验证公钥可搜索加密方案[J]. 信息网络安全, 2020, 20(3): 29-35.
[11]	张艺, 刘红燕, 咸鹤群, 田呈亮. 基于授权记录的云存储加密数据去重方法[J]. 信息网络安全, 2020, 20(3): 75-82.
[12]	刘鹏, 何倩, 刘汪洋, 程序. 支持撤销属性和外包解密的CP-ABE方案[J]. 信息网络安全, 2020, 20(3): 90-97.
[13]	唐春明, 林旭慧. 隐私保护集合交集计算协议[J]. 信息网络安全, 2020, 20(1): 9-15.
[14]	许盛伟, 王飞杰. 多机构授权下可追踪可隐藏的属性基加密方案[J]. 信息网络安全, 2020, 20(1): 33-39.
[15]	李晓冉, 郝蓉, 于佳. 具有数据上传管控的无证书可证明数据持有方案[J]. 信息网络安全, 2020, 20(1): 83-88.