基于JavaCard的云数据确定性删除方法  

作　　者：任正伟 陈钟凯 王丽娜[3] 邓莉[1,2] 徐士伟 童言 REN Zhengwei;CHEN Zhongkai;WANG Lina;DENG Li;XU Shiwei;TONG Yan(School of Computer Science and Technology,Wuhan University of Science and Technology,Wuhan 430065,Hubei,China;Hubei Province Key Laboratory of Intelligent Information Processing and Real-time Industrial System,Wuhan 430065,Hubei,China;Key Laboratory of Aerospace Information Security and Trusted Computing,Ministry of Education,School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,Hubei,China;College of Informatics,Huazhong Agricultural University,Wuhan 430070,Hubei,China;College of Science,Huazhong Agricultural University,Wuhan 430070,Hubei,China)

机构地区：[1]武汉科技大学计算机科学与技术学院,湖北武汉430065 [2]智能信息处理与实时工业系统湖北省重点实验室,湖北武汉430065 [3]空天信息安全与可信计算教育部重点实验室,武汉大学国家网络空间安全学院,湖北武汉430072 [4]华中农业大学信息学院,湖北武汉430070 [5]华中农业大学理学院,湖北武汉430070

出　　处：《武汉大学学报（理学版）》2023年第6期719-728,共10页Journal of Wuhan University:Natural Science Edition

基　　金：国家自然科学基金(61902285,32061123007);武汉引力与固体潮国家野外科学观测研究站开放研究基金资助课题(WHYWZ202109);湖北省自然科学基金(2019CFB099);中央高校基本科研业务费专项基金(2662022XXYJ004);应用数学湖北省重点实验室(湖北大学)开放基金(HBAM202101)。

摘　　要：确定性删除将外包数据的删除问题转换为密钥的安全管控和删除问题,使得留存于云服务提供商和数据使用者处的外包数据是失效、不可恢复的。但是,现有的确定性删除方案大多是在资源充裕的计算机和智能手机上设计和实现的,无法应用于资源受限的嵌入式设备。本文提出了适用于JavaCard平台的云数据确定性删除方法。在该方法中,密钥的使用条件可以是时间,也可以是次数,数据属主可以根据其需要选取一种条件以实现密钥在数据使用者端的受限使用。对于这两种使用条件,数据使用者都可以将密钥及使用条件安全保存在本地,节省通信开销。当密钥使用条件满足时,JavaCard用密钥解密数据;当密钥使用条件不满足时,JavaCard安全删除密钥,并生成可公开验证的密钥删除证据。实验和对比分析表明,本文方案性能开销合理,能够实现预期目的,可以应用于嵌入式设备。The process of deleting outsourced data in cloud storage can be transformed into controlling and deleting the data en⁃cryption key securely,a concept known as assured deletion.The objective is to make the outsourced data retained by cloud service providers both invalid and unrecoverable for data users.However,most of the existing assured deletion schemes cannot be applied directly to embedded devices with limited resources as they are designed and implemented on computers and smartphones with abundant resources.This paper considers the assured deletion of cloud data under JavaCard platforms.Our proposal supports two conditions for using the data encryption key,i.e.,the time and the number of times.The data owner can choose one state to deter⁃mine how a data user can use the key according to the requirements.Moreover,for these two types of use conditions,the data user can store both the key and the use condition securely locally,saving communication overhead.The decryption of data using the key by JavaCard is only possible when the specified use condition is satisfied.In case when the use condition is not met,JavaCard surely deletes the key and generates evidence of key deletion,which is verifiable publicly.Comprehensive experimental evaluations and comparison analysis demonstrate reasonable performance overhead,ssuccessfully achieving the designed objectives.This im⁃plies that our proposal can be effectively applied to embedded devices.

关 键 词：云数据 确定性删除 密钥管理 JAVACARD 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]