云加密数据安全重复删除方法  被引量：9

作　　者：张曙光 咸鹤群 王利明[3] 刘红燕 ZHANG Shu-Guang;XIAN He-Qun;WANG Li-Ming;LIU Hong-Yan(College of Computer Science and Technology,Qingdao University,Qingdao 266071,China;Guangxi Key Laboratory of Cryptography and Information Security(Guilin University of Electronic Technology),Guilin 541004,China;The Fifth Research Laboratory,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China)

机构地区：[1]青岛大学计算机科学技术学院,山东青岛266071 [2]广西密码学与信息安全重点实验室(桂林电子科技大学),广西桂林541004 [3]中国科学院信息工程研究所第五研究室,北京100093

出　　处：《软件学报》2019年第12期3815-3828,共14页Journal of Software

基　　金：国家自然科学基金(61702294);山东省自然科学基金(ZR2019MF058);广西密码学与信息安全重点实验室研究课题(GCIS201722);赛尔网络下一代互联网技术创新项目(NGII20170414)~~

摘　　要：在云环境存储模式中,采用用户端数据加密虽然能够有效降低数据的存储安全风险,但同时会使云服务商丧失重复数据鉴别能力,导致存储开销随数据量增大而不断攀升.加密数据重复删除技术是解决该问题的方法之一,现有方案通常基于可信第三方设计,安全性假设过强,执行效率较低.基于椭圆曲线与密文策略属性加密两种高安全密码学原语,构造了重复加密数据识别与离线密钥共享两种安全算法,进而实现一种无需初始数据上传用户与可信第三方实时在线的加密数据重复删除方法.详细的安全性与仿真实验分析,证明该方法不仅实现数据的语义安全,同时能够保证系统的高效率运行.Deduplication states that only one copy of the same data is stored in the cloud server.In order to protect data privacy,users usually encrypt their data before uploading them.When encrypted with different keys,the same data may have different ciphertext results.It is difficult for the cloud server to identify and eliminate the duplicate copies.Most current solutions to the problem rely heavily on online trusted third parties,resulting in unsatisfying efficiency and security.A secure cloud encrypted data deduplication scheme is proposed,which supports offline key deliver.By constructing a duplicate check tag,it can be verified whether encrypted data originate from the same plaintext data.The ciphertext policy attribute based encryption is used to ensure the check tag is securely generated.The initial uploader of some specific data is able to deliver the encryption key to the subsequent uploaders via the cloud server in an offline manner.Deduplication can be completed without online participation of any trusted third party.Security analysis and proving are presented.The feasibility and efficiency of the scheme are verified via simulation experiments.

关 键 词：加密数据重复删除 椭圆曲线 密文策略属性加密 数据流行度 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]