基于密钥矩阵派生的云计算密钥存储方案  被引量：1

作　　者：池亚平 莫崇维[2] 王志强 梁家铭 薛德凡 Chi Yaping;Mo Chongwei;Wang Zhiqiang;Liang Jiaming;Xue Defan(Cyberspace Security Department,Beijing Electronic Science and Technology Institute,Beijing 100070;School of Com munication Engineering,Xidian University,Xi9 an 710071)

机构地区：[1]北京电子科技学院网络空间安全系,北京100070 [2]西安电子科技大学通信工程学院,西安710071

出　　处：《信息安全研究》2022年第10期1018-1027,共10页Journal of Information Security Research

基　　金：国家重点研发计划项目(2018YFB1004100)。

摘　　要：通过对现有的密钥存储方案、密钥更新方案进行研究分析,针对云环境下海量密钥存储与用户动态密钥更新需求,设计了一种基于密钥矩阵派生的密钥存储管理方案.其中,主要考虑了密钥矩阵派生过程、可扩展的密钥交换协议以及基于中国剩余定理的密钥更新方案3个部分.方案将文件加解密计算设置在私有云上实施,公有云负责提供存储和查询密文数据的服务.通过矩阵派生方法,由根密钥直接派生文件加密密钥,用户只需存储管理密钥矩阵配置及根密钥即可动态生成文件加密密钥.最后通过实验验证,与相关文献的密钥存储方案进行对比,并进行安全性分析和性能分析,证明该方案可有效降低云环境下的密钥存储开销和计算开销,节省密钥更新成本.Through the research and analysis of the existing key storage schemes and key update schemes, aiming at solving the problem of mass key storage and dynamic update in the cloud environment, a key storage management scheme derived from key matrix is designed. Among them, the key matrix derivation process, scalable key exchange protocol and key update scheme based on Chinese remainder theorem are mainly considered. In the scheme, the file encryption and decryption calculations are implemented on a private cloud, and the public cloud is responsible for providing the service of storing and querying ciphertext data. Through the matrix derivation method, the file encryption key is directly derived from the root key. Tenant only need to store and manage the key matrix configuration and the root key to dynamically generate the file encryption key. Finally, compared with the key storage scheme in relevant literature, as well as security analysis and performance analysis, the simulation experiment proved that this scheme could effectively reduce the overhead of key storage and computing and save the cost of key update in cloud environment.

关 键 词：云计算 密钥管理 密钥派生 密钥存储 密钥矩阵 

分 类 号：TP311[自动化与计算机技术—计算机软件与理论] TN918[自动化与计算机技术—计算机科学与技术]