信息网络安全 ›› 2020, Vol. 20 ›› Issue (3): 75-82.doi: 10.3969/j.issn.1671-1122.2020.03.010

• 技术研究 • 上一篇    下一篇

基于授权记录的云存储加密数据去重方法

张艺1, 刘红燕1, 咸鹤群1,2(), 田呈亮1   

  1. 1.青岛大学计算机科学技术学院,青岛 266071
    2.中国科学院信息工程研究所,北京 100093
  • 收稿日期:2019-09-20 出版日期:2020-03-10 发布日期:2020-05-11
  • 作者简介:

    作者简介:张艺(1995—),女,山东,硕士研究生,主要研究方向为云计算安全;刘红燕(1994—),女,云南,硕士研究生,主要研究方向为云计算安全;咸鹤群(1979—),男,山东,副教授,博士,主要研究方向为密码学、云计算安全和网络安全等;田呈亮(1982—),男,山东,讲师,博士,主要研究方向为密码学。

  • 基金资助:
    国家自然科学基金[61702294];山东省自然科学基金[ZR2019MF058]

A Cloud Storage Encrypted Data Deduplication Method Based on Authorization Records

ZHANG Yi1, LIU Hongyan1, XIAN Hequn1,2(), TIAN Chengliang1   

  1. 1. College of Computer Science and Technology, Qingdao University, Qingdao 266071, China
    2. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
  • Received:2019-09-20 Online:2020-03-10 Published:2020-05-11

摘要:

数据去重技术用于删除云存储系统中的冗余数据,可以提高存储效率,节约网络带宽。用户为了保护数据隐私,通常将数据加密后上传至云服务器,这给数据去重操作带来了较大的困难。如何在保证数据隐私的前提下,实现安全高效的数据去重是云计算安全领域研究的热点问题。因此,文章提出了一种基于授权记录的云存储加密数据去重方法,该方法基于双线性映射构造数据标签,设计了一种授权记录存储结构。根据数据流行程度,采用不同的加密方式,利用代理重加密进行密钥转换,无须实时在线的第三方参与,确保标签不泄露任何明文信息,实现数据的所有权验证,可以确保去重数据的安全性。文章分析并证明了所提方案的安全性和正确性,实验结果也说明了方案的可行性和高效性。

关键词: 授权记录, 双线性映射, 数据去重, 数据流行度, 代理重加密

Abstract:

Data deduplication can be used to remove redundant data in cloud storage system, which can improve storage efficiency and save network bandwidth. In order to protect data privacy, cloud users tend to upload data in the form of encrypted ciphertext. However, it makes the data deduplication more difficult. It is a hot issue in cloud computing security filed that how to achieve safe and efficient data deduplication under the premise of ensuring data privacy. This paper proposes a method for deduplication of encrypted data in cloud storage based on authorization records. Based on bilinear mapping, data tag scheme is adopted which is used for duplicate check, and designs an authorization record storage structure. According to the popularity of data, different encryption strategies are applied. We get converted keys by proxy re-encryption. Without any real-time online the third party to participate in, to ensure that the tag does not leak any exploitable information. By implementing the proof of ownership, the security of deduplication data can be ensured. The correctness and security of our scheme are analyzed and proved. The experimental results show the feasibility and efficiency of our scheme.

Key words: authorization record, bilinear mapping, data deduplication, data popularity, proxy re-encryption

中图分类号: