支持访问控制与密钥更新的加密去重方案  

作　　者：哈冠雄 贾巧雯 陈杭 贾春福 刘兰清 HA Guanxiong;JIA Qiaowen;CHEN Hang;JIA Chunfu;LIU Lanqing(College of Cyber Science,Nankai University,Tianjin 300350,China;Tianjin Key Laboratory of Network and Data Security Technology,Tianjin 300350,China;Institute of Software,Chinese Academy of Sciences,Beijing 100190,China)

机构地区：[1]南开大学网络空间安全学院,天津300350 [2]天津市网络与数据安全技术重点实验室,天津300350 [3]中国科学院软件研究所,北京100190

出　　处：《西安电子科技大学学报》2023年第6期195-206,共12页Journal of Xidian University

基　　金：国家重点研发计划(2018YFA0704703);国家自然科学基金(61972215,62172238,61972073);天津市自然科学基金(20JCZDJC00640);中央高校基本科研业务费专项资金。

摘　　要：在数据外包的场景中,访问控制与密钥更新具有重要的应用价值。然而,现有的加密去重方案难以为用户外包数据提供灵活有效的访问控制与密钥更新。针对此问题,提出一个支持访问控制与密钥更新的加密去重方案。首先,基于密文策略属性基加密和所有权证明技术设计了加密去重场景下的高效访问控制方案,其将访问控制与所有权证明相结合,仅需通过客户端与云服务器之间的一轮交互,便可同时验证客户端是否具有正确的访问权限以及是否具有完整的数据内容,可有效防止敌手的数据未授权访问和所有权欺骗攻击,具有计算开销低和通信轮数少等特性;其次,结合服务器辅助加密和随机收敛加密的设计思路,设计了适用于加密去重场景的可更新加密方案,并将其与所提的访问控制方案相结合,实现了多层次且用户透明的密钥更新。安全分析与性能评估的结果表明,所提方案可为用户外包数据提供机密性和完整性,同时可实现高效的数据加解密和密钥更新。In the scenario of data outsourcing,access control and key update have an important application value.However,it is hard for existing encrypted deduplication schemes to provide flexible and effective access control and key update for outsourcing user data.To solve this problem,an encrypted deduplication scheme with access control and key updates is proposed.First,an efficient access control scheme for encrypted deduplication is designed based on the ciphertext-policy attribute-based encryption and the proof of ownership.It combines access control with proof of ownership and can simultaneously detect whether a client has the correct access right and whole data content only through a round of interaction between the client and the cloud server,effectively preventing unauthorized access and ownership fraud attacks launched by adversaries.The scheme has features such as low computation overhead and few communication rounds.Second,by combining the design ideas of server-aided encryption and random convergent encryption,an updatable encryption scheme suitable for encrypted deduplication is designed.It is combined with the proposed access control scheme to achieve hierarchical and user-transparent key updates.The results of security analysis and performance evaluation show that the proposed scheme can provide confidentiality and integrity for outsourcing user data while achieving efficient data encryption,decryption,and key update.

关 键 词：云存储 加密去重 访问控制 密钥更新 可更新加密 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]