节点文献
自定义密钥的加密去重云存储访问控制方案
Key-customizable encrypted deduplication with access control for cloud storage
【摘要】 随着互联网的高速发展和应用,传统的存储资源难以满足日益增长的海量数据存储的需求,越来越多的用户尝试将他们的数据上传到第三方云服务器进行统一存储。如何在云上同时实现高效的加密重复数据删除和安全的文件共享已成为迫切需要解决的问题。并且,用户总是喜欢自己设定密码对文件进行加解密,而在有需要时才对加密文件进行共享。据此,设计了一个确定性分步加密算法,当两步加密的密钥满足一定关系时,两步加密可以等效为一次加密。在此基础上提出了一个支持动态访问控制的云存储加密重复数据删除方案,使用确定性分步加密算法对文件进行加密,使用密文策略的属性基加密算法对文件密钥进行加密。这不仅使持有相同文件的不同用户均可以灵活地自定义各自的加解密密钥,而且还可以通过动态的访问控制机制确保安全的文件共享。此外,访问控制部分能够兼容大多数现有的密文策略属性基加密方案,甚至允许在不同的属性组中使用不同的密文策略属性基加密方案。安全性分析结果显示,该方案能够达到当前加密去重范式下的最高安全性。实验和分析结果表明,该方案能够较好地满足云服务商和用户的实际需求,具有良好的算法执行效率。
【Abstract】 With the rapid development and application of the Internet, traditional storage resources have been found unable to meet the growing demand for massive data storage. An increasing number of users have attempted to upload their data to third-party cloud servers for unified storage. Efficient deduplication and secure file sharing in the cloud have emerged as critical concerns. Moreover, users have always preferred to customize their passwords for encrypting and decrypting files, only sharing encrypted files when necessary. Based on this preference, a deterministic stepwise encryption algorithm was first designed. It was such that when the keys for the two steps of encryption satisfied a certain relationship, the two steps of encryption could be equivalent to a single encryption process. A novel key-customizable encrypted deduplication scheme with access control for cloud storage was proposed, utilizing the deterministic stepwise encryption algorithm to encrypt files and a ciphertext-policy attribute-based encryption algorithm to encrypt file keys. This scheme not only offered the flexibility to customize encryption and decryption keys for different users with the same files, but also ensured secure file sharing through a dynamic access control mechanism. Moreover, the optional access control component was made compatible with the majority of existing ciphertext-policy attribute-based encryption(CP-ABE) schemes, even allowing for different CP-ABE schemes within different attribute groups. Security analysis results show that the proposed scheme achieves the highest level of security under the current encrypted deduplication paradigm. Experimental and analytical results indicate that it effectively meets the practical needs of cloud service providers and users, and also achieves acceptable efficiency.
【Key words】 encrypted deduplication; customizable key; access control; stepwise elliptic curve encryption; deterministic optimal asymmetric encryption padding++;
- 【文献出处】 网络与信息安全学报 ,Chinese Journal of Network and Information Security , 编辑部邮箱 ,2024年04期
- 【分类号】TN918.4
- 【下载频次】8