基于双层加密和密钥共享的云数据去重方法  被引量：24

作　　者：高文静 咸鹤群 程润辉[3] GAO Wen-Jing;XIAN He-Qun;CHENG Run-Hui(College of Computer Science and Technology,Qingdao University,Qingdao,Shandong 266071;State Key Laboratory of Information Security(Institute of Information Engineering,Chinese Academy of Sciences),Beijing 100093;Mobile Television XinHua News Agency,Beijing 100053)

机构地区：[1]青岛大学计算机科学技术学院,山东青岛266071 [2]中国科学院信息工程研究所信息安全国家重点实验室,北京100093 [3]新华社手机电视台,北京100053

出　　处：《计算机学报》2021年第11期2203-2215,共13页Chinese Journal of Computers

基　　金：山东省自然科学基金(ZR2019MF058);国家自然科学基金(61702294);信息安全国家重点实验室开放课题(2020-MS-09)资助.

摘　　要：数据去重技术在云存储系统中的广泛应用,可以有效地节省网络通信带宽,提高云服务器的存储效率.随着信息安全问题的日益凸显,用户对于数据隐私的重视程度越来越高.为保护数据隐私,用户普遍将数据加密后上传至云服务器.相同的数据经过不同用户加密后得到不同的密文,使得云服务器难以进行数据重复性检测.如何在保护数据隐私的前提下,实现云存储中加密数据的去重,成为研究的热点问题.现有方案大多借助可信第三方实现云数据安全去重,但可信第三方在现实应用中极难部署,且易成为系统瓶颈.提出一种基于双层加密和密钥共享的云数据去重方案,无需可信第三方参与,实现云存储中加密数据的安全去重.通过划分数据流行度,对隐私程度较高的非流行数据采用双层加密机制进行保护.内层为收敛加密,外层为对称加密.借助门限秘密共享机制,将外层加密使用的加密密钥保存到多个密钥管理服务器,实现不同用户间的密钥共享.对隐私程度不高的流行数据,采用简单高效的收敛加密.安全性分析与性能对比体现本文的方案具有较高的安全性与执行效率.通过仿真实验,验证了方案的可行性和高效性.Data deduplication is a technique for eliminating duplicate copies of data.It has been widely used in cloud storage systems,which can effectively reserve network communication bandwidth and improve cloud storage efficiency.As information security issues become more severe,users are paying more and more attention to data privacy,they tend to encrypt data before uploading them to the cloud server.Identical data may be encrypted into different ciphertext by different users,which makes it difficult for cloud servers to detect duplication.How to realize the deduplication of encrypted data has become a booming research area in cloud security.Convergent encryption is an effective measure to balance data encryption and data deduplication,and has been widely applied.Some improved data deduplication schemes are proposed on the basis of convergent encryption.However,most existing schemes rely on trusted third parties to ensure the security of data deduplication.User ownership of data depends on encryption keys,and there are certain limitations in data availability.Once the encryption key is lost,it will be difficult for a user to recover the original data.Trusted third parties are difficult to deploy in real-world applications and can easily become a bottleneck.Aiming at the above problems,we propose a data deduplication scheme based on double-layered encryption and key sharing,which does not require participation of any online trusted third party.On the premise of protecting data privacy,in order to improve the efficiency of deduplication,we recognize the popularity of data and adopt different encryption methods.For unpopular data with high privacy,a double-layered encryption mechanism is adopted to ensure the privacy of data.The inner layer is convergent encryption,the outer layer is symmetric encryption.The encryption key used for the outer layer encryption is sent to multiple key management servers by means of threshold secret sharing.In this way,the burden of key management on the user side is alleviated,and key sharin

关 键 词：加密数据去重 双层加密 密钥共享 数据流行度 云存储安全 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]