支持访问控制与密钥更新的加密去重方案

doi:10.19665/j.issn1001-2400.20230306

Abstract

Abstract:

In the scenario of data outsourcing,access control and key update have an important application value.However,it is hard for existing encrypted deduplication schemes to provide flexible and effective access control and key update for outsourcing user data.To solve this problem,an encrypted deduplication scheme with access control and key updates is proposed.First,an efficient access control scheme for encrypted deduplication is designed based on the ciphertext-policy attribute-based encryption and the proof of ownership.It combines access control with proof of ownership and can simultaneously detect whether a client has the correct access right and whole data content only through a round of interaction between the client and the cloud server,effectively preventing unauthorized access and ownership fraud attacks launched by adversaries.The scheme has features such as low computation overhead and few communication rounds.Second,by combining the design ideas of server-aided encryption and random convergent encryption,an updatable encryption scheme suitable for encrypted deduplication is designed.It is combined with the proposed access control scheme to achieve hierarchical and user-transparent key updates.The results of security analysis and performance evaluation show that the proposed scheme can provide confidentiality and integrity for outsourcing user data while achieving efficient data encryption,decryption,and key update.

Key words: cloud storage, encrypted deduplication, access control, key update, updatable encryption

CLC Number:

TP309

HA Guanxiong, JIA Qiaowen, CHEN Hang, JIA Chunfu, LIU Lanqing. Encrypted deduplication scheme with access control and key updates[J].Journal of Xidian University, 2023, 50(6): 195-206.

Figures/Tables 11

References 30

[1]	熊金波, 张媛媛, 李凤华, 等. 云环境中数据安全去重研究进展[J]. 通信学报, 2016, 37(11):169-180. doi: 10.11959/j.issn.1000-436x.2016238
	XIONG Jinbo, ZHANG Yuanyuan, LI Fenghua, et al. Research Progress on Secure Data Deduplication in Cloud[J]. Journal on Communications, 2016, 37(11):169-180. doi: 10.11959/j.issn.1000-436x.2016238
[2]	曾辉祥, 习宁, 谢晴晴, 等. 抗属性篡改的去中心化密文数据安全共享[J]. 西安电子科技大学学报, 2022, 49(2):135-145.
	ZENG Huixiang, XI Ning, XIE Qingqing, et al. Decentralized Ciphertext Sharing Based on Blockchain[J]. Journal of Xidian University, 2022, 49(2):135-145.
[3]	闫玺玺, 赵强, 汤永利, 等. 支持灵活访问控制的多关键字搜索加密方案[J]. 西安电子科技大学学报, 2022, 49(1):55-66.
	YAN Xixi, ZHAO Qiang, TANG Yongli, et al. Multi-Keyword Search Encryption Scheme Supporting Flexible Access Control[J]. Journal of Xidian University, 2022, 49(1):55-66.
[4]	BELLARE M, KEELVEEDHI S, RISTENPART T. Message-Locked Encryption and Secure Deduplication[C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques.Berlin:Springer, 2013:296-312.
[5]	KEELVEEDHI S, BELLARE M, RISTENPART T. DupLESS:Server-Aided Encryption for Deduplicated Storage[C]// Proceedings of the 22nd USENIX Conference on Security.Berkeley:USENIX, 2013:179-194.
[6]	贾春福, 哈冠雄, 李瑞琪. 密文去重系统中的数据访问控制策略[J]. 通信学报, 2020, 41(5):72-83. doi: 10.11959/j.issn.1000-436x.2020062
	JIA Chunfu, HA Guanxiong, LI Ruiqi. Data Access Control Policy of Encrypted Deduplication System[J]. Journal on Communications, 2020, 41(5):72-83. doi: 10.11959/j.issn.1000-436x.2020062
[7]	HARNIK D, PINKAS B, SHULMAN-PELEG A. Side Channels in Cloud Services:Deduplication in Cloud Storage[J]. IEEE Security & Privacy, 2010, 8(6):40-47.
[8]	XU J, CHANG E C, ZHOU J. Weak Leakage-Resilient Client-Side Deduplication of Encrypted Data in Cloud Storage[C]// Proceedings of the 8th ACM SIGSAC Symposium on Information,Computer and Communications Security. New York: ACM, 2013:195-206.
[9]	HALEVI S, HARNIK D, PINKAS B, et al. Proofs of Ownership in Remote Storage Systems[C]// Proceedings of the 18th ACM Conference on Computer and Communications Security. New York: ACM, 2011:491-500.
[10]	BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-Policy Attribute-Based Encryption[C]// 2007 IEEE Symposium on Security and Privacy(SP'07).Piscataway:IEEE, 2007:321-334.
[11]	LEHMANN A, TACKMANN B. Updatable Encryption with Post-Compromise Security[C]// EUROCRYPT 2018.Berlin:Springer, 2018:685-716.
[12]	CHEN H, FU S, LIANG K. No-Directional and Backward-Leak Uni-Directional Updatable Encryption are Equivalent[C]// European Symposium on Research in Computer Security.Berlin:Springer, 2022:387-407.
[13]	BOYD C, DAVIES G T, GJØSTEEN K, et al. Fast and Secure Updatable Encryption[C]// Advances in Cryptology(CRYPTO 2020).Berlin:Springer, 2020:464-493.
[14]	DOUCEUR J R, ADYA A, BOLOSKY W J, et al. Reclaiming Space from Duplicate Files in a Serverless Distributed File System[C]// Proceedings 22nd International Conference on Distributed Computing Systems.Piscataway:IEEE, 2002:617-624.
[15]	SHIN Y, KOO D, YUN J, et al. Decentralized Server-Aided Encryption for Secure Deduplication in Cloud Storage[J]. IEEE Transactions on Services Computing, 2020, 13(6):1021-1033.
[16]	ZHOU Y, FENG D, XIA W, et al. SecDep:A User-Aware Efficient Fine-Grained Secure Deduplication Scheme with Multi-Level Key Management[C]// 2015 31st Symposium on Mass Storage Systems and Technologies(MSST).Piscataway:IEEE, 2015:1-14.
[17]	QIN C, LI J, LEE PP C. The Design and Implementation of a Rekeying-Aware Encrypted Deduplication Storage System[J]. ACM Transactions on Storage, 2017, 13(1):1-30.
[18]	贾春福, 哈冠雄, 武少强, 等. 加密去重场景下基于AONT和NTRU的密钥更新方案[J]. 通信学报, 2021, 42(10):67-80. doi: 10.11959/j.issn.1000-436x.2021187
	JIA Chunfu, HA Guanxiong, WU Shaoqiang, et al. AONT-and-NTRU-Based Rekeying Scheme for Encrypted Deduplication[J]. Journal on Communications, 2021, 42(10):67-80. doi: 10.11959/j.issn.1000-436x.2021187
[19]	ZHOU Y, FENG D, HUA Y, et al. A Similarity-Aware Encrypted Deduplication Scheme with Flexible Access Control in the Cloud[J]. Future Generation Computer Systems, 2018, 84:177-189. doi: 10.1016/j.future.2017.10.014
[20]	XU R, JOSHI J, KRISHNAMURTHY P. An Integrated Privacy Preserving Attribute-Based Access Control Framework Supporting Secure Deduplication[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 18(2):706-721. doi: 10.1109/TDSC.8858
[21]	MIAO M, TIAN G, SUSILO W. New Proofs of Ownership for Efficient Data Deduplication in the Adversarial Conspiracy Model[J]. International Journal of Intelligent Systems, 2021, 36(6):2753-2766. doi: 10.1002/int.v36.6
[22]	LI J, LEE PP C, TAN C, et al. Information Leakage in Encrypted Deduplication via Frequency Analysis:Attacks and Defenses[J]. ACM Transactions on Storage, 2019, 16(1):1-30.
[23]	LI J, WEI G, LIANG J, et al. Revisiting Frequency Analysis against Encrypted Deduplication via Statistical Distribution[C]// IEEE INFOCOM 2022-IEEE Conference on Computer Communications.Piscataway:IEEE, 2022:290-299.
[24]	LI J, YANG Z, REN Y, et al. Balancing Storage Efficiency and Data Confidentiality with Tunable Encrypted Deduplication[C]// Proceedings of the Fifteenth European Conference on Computer Systems(EuroSys 2020). New York: ACM,2020:(22)1-15.
[25]	REN Y, LI J, YANG Z, et al. Accelerating Encrypted Deduplication via SGX[C]// 2021 USENIX Annual Technical Conference.Berkeley:USENIX, 2021:957-971.
[26]	YANG Z, LI J, LEE PP C. Secure and Lightweight Deduplicated Storage via Shielded Deduplication-Before-Encryption[C]// 2022 USENIX Annual Technical Conference.Berkeley:USENIX, 2022:37-52.
[27]	ZHANG Y, XU C, CHENG N, et al. Secure Password-Protected Encryption Key for Deduplicated Cloud Storage Systems[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 19(4):2789-2806. doi: 10.1109/TDSC.2021.3074146
[28]	LI J, HUANG S, REN Y, et al. Enabling Secure and Space-Efficient Metadata Management in Encrypted Deduplication[J]. IEEE Transactions on Computers, 2022, 71(4):959-970. doi: 10.1109/TC.2021.3067326
[29]	LIU J, ASOKAN N, PINKAS B. Secure Deduplication of Encrypted Data without Additional Independent Servers[C]// Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2015:874-885.
[30]	YU C M. POSTER:Efficient Cross-User Chunk-Level Client-Side Data Deduplication with Symmetrically Encrypted Two-Party Interactions[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2016:1763-1765.

符号	含义
sh(·)	短哈希函数
H(·)	长哈希函数(如SHA-256)
H_k(·)	密钥为k的HMAC
Enc_SE(·)/Dec_SE(·)	对称加/解密算法(如AES)
d	系统主密钥
Kr	随机密钥
h	外包数据的哈希值
proof	所有权证明值

	客户端去重	支持访问控制	支持密钥更新	抗文件伪造攻击
文献[8]	√	-	-	√
文献[17]	-	√	√	√
文献[19]	-	√	-	√
文献[20]	√	√	√	-
文中方案	√	√	√	√

Encrypted deduplication scheme with access control and key updates

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 11

References 30

Related Articles 15

Metrics

Comments

Recommended 10

[1]	LIN Genghao,ZHOU Ziji,TANG Xin,ZHOU Yiteng,ZHONG Yuqi,QI Tianyang. Random chunks attachment strategy based secure deduplication for cloud data [J]. Journal of Xidian University, 2023, 50(5): 212-228.
[2]	CUI Yuanyou,WANG Xu’an,LANG Xun,TU Zheng,SU Yunxuan. Improved short-signature based cloud data audit scheme [J]. Journal of Xidian University, 2023, 50(5): 132-141.
[3]	LI Yue,SONG Qipeng,JIA Hao,DENG Xin,MA Jianfeng. Trusted execution environment enabled dynamic group access control for data in cloud [J]. Journal of Xidian University, 2023, 50(4): 194-205.
[4]	YANG Xin,MAO Yaqi,WANG Ling. MAC protocol for the dense wireless network of UAV assisted communication [J]. Journal of Xidian University, 2022, 49(3): 10-20.
[5]	ZENG Huixiang,XI Ning,XIE Qingqing,LV Jing,CUI Zhihao,MA Jianfeng. Decentralized ciphertext sharing based on blockchain [J]. Journal of Xidian University, 2022, 49(2): 135-145.
[6]	DU Ruizhong,WANG Yi,TIAN Junfeng. Support dynamic and verifiable scheme for ciphertext retrieval [J]. Journal of Xidian University, 2022, 49(1): 35-46.
[7]	YANG Haibin,LI Ruifeng,YI Zhengge,NIU Ke,YANG Xiaoyuan. Efficient cloud storage data auditing scheme without bilinear pairing [J]. Journal of Xidian University, 2022, 49(1): 47-54.
[8]	YAN Xixi,ZHAO Qiang,TANG Yongli,LI Yingying,LI Jingran. Multi-keyword search encryption scheme supporting flexible access control [J]. Journal of Xidian University, 2022, 49(1): 55-66.
[9]	MA Zhuoran, MA Jianfeng, MIAO Yinbin, SUN Cong. State transition-based access control model in the UAV network [J]. Journal of Xidian University, 2018, 45(6): 44-50.
[10]	YANG Hongyu;NING Yuguang. Cloud platform dynamic risk access control model [J]. Journal of Xidian University, 2018, 45(5): 80-88.
[11]	REN Jingsi;WANG Jinlin;CHEN Xiao;YE Xiaozhou. Provable multi-copy dynamic data possession in cloud storage [J]. Journal of Xidian University, 2017, 44(6): 156-161+174.
[12]	MIAO Yinbin;MA Jianfeng;ZHANG Junwei;LIU Zhiquan. Efficient verifiable multi-keyword search over encrypted data [J]. Journal of Xidian University, 2017, 44(4): 18-23+68.
[13]	LI Haoxing;LI Fenghua;SONG Chenggen;SU Mang;LIU Xin. Public key encryption with multi-keywords search [J]. J4, 2015, 42(5): 20-25.
[14]	CHEN Qingli;ZHANG Zhiyong;XIANG Fei;WANG Jian. Research on the access control model for multimedia social networks [J]. J4, 2014, 41(6): 181-187.
[15]	ZHANG Hongbin;PEI Qingqi;WANG Chao;WANG Meihua. Sensing insider threat based on access vectors [J]. J4, 2014, 41(1): 110-115.