西安电子科技大学学报 ›› 2023, Vol. 50 ›› Issue (6): 195-206.doi: 10.19665/j.issn1001-2400.20230306

• 网络空间安全 • 上一篇    下一篇

支持访问控制与密钥更新的加密去重方案

哈冠雄1,2(),贾巧雯3(),陈杭1,2(),贾春福1,2(),刘兰清1,2()   

  1. 1.南开大学 网络空间安全学院,天津 300350
    2.天津市网络与数据安全技术重点实验室,天津 300350
    3.中国科学院软件研究所,北京 100190
  • 收稿日期:2022-11-02 出版日期:2023-12-20 发布日期:2024-01-22
  • 通讯作者: 贾春福(1966—),男,教授,E-mail:cfjia@nankai.edu.cn
  • 作者简介:哈冠雄(1995—),男,南开大学博士研究生,E-mail:hgx1995@mail.nankai.edu.cn;|贾巧雯(1992—),女,中国科学院软件研究所博士研究生,E-mail:jiaqw@ios.ac.cn;|陈杭(1998—),女,南开大学硕士研究生,E-mail:2120200477@mail.nankai.edu.cn;|刘兰清(2000—),男,南开大学硕士研究生,E-mail:lqliu@mail.nankai.edu.cn
  • 基金资助:
    国家重点研发计划(2018YFA0704703);国家自然科学基金(61972215);国家自然科学基金(62172238);国家自然科学基金(61972073);天津市自然科学基金(20JCZDJC00640);中央高校基本科研业务费专项资金

Encrypted deduplication scheme with access control and key updates

HA Guanxiong1,2(),JIA Qiaowen3(),CHEN Hang1,2(),JIA Chunfu1,2(),LIU Lanqing1,2()   

  1. 1. College of Cyber Science,Nankai University,Tianjin 300350,China
    2. Tianjin Key Laboratory of Network and Data Security Technology,Tianjin 300350,China
    3. Institute of Software,Chinese Academy of Sciences,Beijing 100190,China
  • Received:2022-11-02 Online:2023-12-20 Published:2024-01-22

摘要:

在数据外包的场景中,访问控制与密钥更新具有重要的应用价值。然而,现有的加密去重方案难以为用户外包数据提供灵活有效的访问控制与密钥更新。针对此问题,提出一个支持访问控制与密钥更新的加密去重方案。首先,基于密文策略属性基加密和所有权证明技术设计了加密去重场景下的高效访问控制方案,其将访问控制与所有权证明相结合,仅需通过客户端与云服务器之间的一轮交互,便可同时验证客户端是否具有正确的访问权限以及是否具有完整的数据内容,可有效防止敌手的数据未授权访问和所有权欺骗攻击,具有计算开销低和通信轮数少等特性;其次,结合服务器辅助加密和随机收敛加密的设计思路,设计了适用于加密去重场景的可更新加密方案,并将其与所提的访问控制方案相结合,实现了多层次且用户透明的密钥更新。安全分析与性能评估的结果表明,所提方案可为用户外包数据提供机密性和完整性,同时可实现高效的数据加解密和密钥更新。

关键词: 云存储, 加密去重, 访问控制, 密钥更新, 可更新加密

Abstract:

In the scenario of data outsourcing,access control and key update have an important application value.However,it is hard for existing encrypted deduplication schemes to provide flexible and effective access control and key update for outsourcing user data.To solve this problem,an encrypted deduplication scheme with access control and key updates is proposed.First,an efficient access control scheme for encrypted deduplication is designed based on the ciphertext-policy attribute-based encryption and the proof of ownership.It combines access control with proof of ownership and can simultaneously detect whether a client has the correct access right and whole data content only through a round of interaction between the client and the cloud server,effectively preventing unauthorized access and ownership fraud attacks launched by adversaries.The scheme has features such as low computation overhead and few communication rounds.Second,by combining the design ideas of server-aided encryption and random convergent encryption,an updatable encryption scheme suitable for encrypted deduplication is designed.It is combined with the proposed access control scheme to achieve hierarchical and user-transparent key updates.The results of security analysis and performance evaluation show that the proposed scheme can provide confidentiality and integrity for outsourcing user data while achieving efficient data encryption,decryption,and key update.

Key words: cloud storage, encrypted deduplication, access control, key update, updatable encryption

中图分类号: 

  • TP309