第39卷第Z1期通信学报V ol.39No.Z1 2018年9月Journal on Communications September 2018 云计算中高效加密数据重复删除方法
张曙光1,2,3,咸鹤群1,2,王利明3,于凯杰4,张曼1
(1. 青岛大学计算机科学技术学院,山东青岛 266071;
2. 西安电子科技大学综合业务网理论及关键技术国家重点实验室,陕西西安 710071;
3.中国科学院信息工程研究所,北京 100093;
4.烟台冰轮铸造有限公司生产制造部,山东烟台 264006)
摘要:将海量数据外包至云服务器的应用模式已经被越来越多的用户所接受。然而,由于安全问题日益凸显,数
据在上传至云服务器之前通常会被用户加密,这给云服务提供商带来巨大的存储压力。相同明文数据或被多个用户
加密为不同密文数据,导致云服务提供商难以执行重复数据删除。目前支持加密数据重复删除的云存储系统过度依
赖可信第三方,且未考虑数据所有权问题,实用性较差。提出云计算中加密数据高效安全存储方法,使用双线性映
射与基于属性代理重加密机制,设计冗余度查询标签生成算法与密钥传递算法,保证云服务提供商在无第三方在线
协助的情况下,能够验证加密数据是否冗余,并完成加密数据重复删除。构造了动态更新该数据的所有权算法,保
证系统的安全性。安全分析与效率评估证明,所提方案能够在保证系统在安全性的前提下,实现存储效率最大化。
关键词:云存储系统;数据安全;加密重复删除;数据所有权
中图分类号:TP309
文献标识码:A
doi: 10.11959/j.issn.1000-436x.2018188
Efficient encrypted data deduplication
method in cloud computing
ZHANG Shuguang1,2,3 , XIAN Hequn1,2 , WANG Liming3, YU Kaijie4, ZHANG Man1
1.College of Computer Science Technology, Qingdao University, Qingdao 266071, China
2. State Key Laboratory of Integrated Services Networks, Xidian University , Xi’an 710071, China
3. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
4. Yantai Moon Foundry Co., Manufacturing Department, Yantai 264006, China
Abstract: Outsourcing massive data to remote cloud servers has become a common practice. However, as security issues arise increasingly, data are usually encrypted by users before being uploaded to the cloud server, such operation brings huge storage pressure to the cloud service provider. The same plaintext may be encrypted into different ciphertext by multiple users, causing the cloud service provider unable to perform deduplication. Several cloud storage systems that support the encrypted data deduplication have been proposed. However, these schemes are impractical because they rely heavily on third parties and do not address the data ownership update issues. A secure efficient deduplication method for encrypted data in cloud computing was proposed. Based on bilinear mapping and attribute-based proxy re-encryption mechanism, the redundancy check tag generation algorithm and key deliver algorithm were designed to ensure that the cloud service provider can verify the redundancy of encrypted data without any online third-party assistance. A dynamic data ownership update algorithm was constructed to ensure the security of the system. Security analysis and efficiency evaluation show that our scheme can provide promising storage efficiency while ensuring the system with high security.
Key words: cloud storage system, data security, encryption deduplication, data ownership
收稿日期:2018-09-18
基金项目:国家自然科学基金资助项目(No.61303197);综合业务网理论及关键技术国家重点实验室开放课题(No.ISN19-14);赛尔网络下一代互联网创新项目(No.NGII20170414)
Foundation Items: The National Natural Science Foundation of China (No.61303197), Open Project Program of the State Key La-boratory of Integrated Services Networks(No.ISN19-14), CERNET Innovation Project (No.NGII20170414)
2018188-1
万方数据