用于云存储的主动秘密共享方案  被引量：3

作　　者：裴蓓[1] 张水海 吕春利[2] PEI Bei;ZHANG Shuihai;LYU Chunli(The Third Research Institute of the Ministry of Public Security,Shanghai 200031,China;College of Information and Electrical Engineering,China Agricultural University,Beijing 100083,China)

机构地区：[1]公安部第三研究所,上海200031 [2]中国农业大学信息与电气工程学院,北京100083

出　　处：《信息网络安全》2023年第5期95-104,共10页Netinfo Security

基　　金：信息网络安全公安部重点实验室开放课题[C19605]。

摘　　要：文章提出了一种可用于云存储场景的多秘密共享方案,该方案基于门限密码学和主动安全技术,旨在保证数据在较长时间内的存储安全。该方案首先将用户上传的机密数据拆分成多个秘密,并对这些秘密进行秘密共享。然后选择不同的云服务提供商对共享后的影子份额分别进行存储,从而满足(k,n)阈值方案的安全性。在这个过程中,秘密分发者负责对秘密进行分发和共享,并确保每个云服务提供商只持有一部分数据的影子份额。为了保证系统的安全性,该方案在份额更新和验证阶段采用周期性的策略,使得攻击者只有在一个更新周期内攻破不小于k个云服务提供商,才能获取原秘密或关于它的信息。该方案不仅避免了各云服务商之间的直接交互,降低了云存储服务商间的通信交互代价,而且采用门限密码学和主动安全技术,保证了系统的安全性和数据的长时安全存储。通过与其他方案的对比分析证明了文章所提方案效率更高,更适合存储大规模秘密数据。The article proposed a multi-secret sharing method that can be used in cloud storage scenarios.The solution was based on gated cryptography and active security technology and was designed to ensure secure storage of data over long periods of time.In this scheme,the confidential data uploaded by the user was first split into multi secrets,and these secrets were shared secretly.Then,the shadow shares after sharing were selected separately for stored by different cloud service providers,thus satisfying the security of the(k,n)threshold scheme.In this process,the secret distributor was responsible for distributing and sharing the secrets and ensuring that each cloud service provider helds only a shadow share of a portion of the data.To ensure the security of the system,the scheme used a cyclic policy in share update and verification phase such that an attacker can only gain access to the original secret or any information about it if he compromised no less than k cloud service providers in one update cycle.Notably,the scheme avoid direct interaction between various cloud providers,thus reducing the cost of communication interactions between cloud storage providers.At the same time,the scheme used threshold cryptography and active security technology,which can ensure the security of the system and the long-time secure storage of data.The comparative analysis with other schemes proves that the scheme proposed in the paper is more efficient and more suitable for storing large-scale secret data.

关 键 词：云存储 多秘密共享 主动安全 机密数据 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]