基于密钥分发和密文抽样的云数据确定性删除方案

doi:10.11772/j.issn.1001-9081.2017071751

计算机应用 ›› 2018, Vol. 38 ›› Issue (1): 194-200.DOI: 10.11772/j.issn.1001-9081.2017071751

基于密钥分发和密文抽样的云数据确定性删除方案

王敏燊, 熊金波, 林倩, 王丽丽

福建师范大学数学与信息学院, 福州 350117

收稿日期:2017-07-19 修回日期:2017-09-15 出版日期:2018-01-10 发布日期:2018-01-22
通讯作者: 熊金波
作者简介:王敏燊(1994-),男,湖南株洲人,硕士研究生,主要研究方向:信任评估、数据安全;熊金波(1981-),男,湖南益阳人,副教授,博士,CCF会员,主要研究方向:云数据安全、隐私保护;林倩(1993-),女,福建莆田人,主要研究方向:数据安全。
基金资助:
国家自然科学基金资助项目（61402109，61370078），福建省自然科学基金资助项目（2015J05120），福建省高校杰出青年科研人才培育计划项目。

Cloud data assured deletion scheme based on key distribution and ciphertext sampling

WANG Minshen, XIONG Jinbo, LIN Qian, WANG Lili

College of Mathematics and Informatics, Fujian Normal University, Fuzhou Fujian 350117, China

Received:2017-07-19 Revised:2017-09-15 Online:2018-01-10 Published:2018-01-22
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61402109,61370078), the Natural Science Foundation of Fujian Province(2015J05120), the Distinguished Young Scientific Research Talents Plan in Universities of Fujian Province.

摘要/Abstract

摘要： 针对云数据过期后不及时删除容易导致非授权访问和隐私泄露等问题，结合加密算法和分布式哈希表（DHT）网络，提出一种基于密钥分发和密文抽样的云数据确定性删除方案。首先加密明文，再随机抽样密文，将抽样后的不完整密文上传到云端；然后评估DHT网络中各节点的信任值，使用秘密共享算法处理密钥，并将子密钥分发到信任值高的节点上；最后，密钥通过DHT网络的周期性自更新功能实现自动删除，通过调用Hadoop分布式文件系统（HDFS）的接口上传随机数据覆写密文，实现密文的完全删除。通过删除密钥和云端密文实现云数据的确定性删除。安全性分析和性能分析表明所提方案是安全和高效的。

关键词: 云存储, 信任值评估, 密钥分发, 密文删除, 分布式哈希表网络

Abstract: If cloud data is not deleted in time after expiration, it may lead to unauthorized access and privacy leakage. For above issue, a cloud data assured deletion scheme based on key distribution and ciphertext sampling was proposed. It was composed of the encryption algorithm and Distributed Hash Table (DHT) network. Firstly, the plaintext was encrypted into the ciphertext. The ciphertext was sampled by random sampling algorithm. The incomplete ciphertext was uploaded to the cloud. Secondly, The trust value of each node in the DHT network was evaluated by evaluative method. The encryption key was processed into the subkeys by Shamir secret sharing algorithm, and the subkeys were distributed into the nodes with high trust degree. Finally, the encryption key was automatically deleted by the periodic self-updating function of the DHT network. The ciphertext in the cloud was overwritten by uploading random data through the Hadoop Distributed File System (HDFS)'s interface. Assured deletion of cloud data was done by deleting the encryption key and the ciphertext. The security analysis and performance analysis demonstrate that the proposed scheme is secure and efficient.

Key words: cloud storage, trust value evaluation, key distribution, ciphertext deletion, Distributed Hash Table (DHT) network

中图分类号:

王敏燊, 熊金波, 林倩, 王丽丽. 基于密钥分发和密文抽样的云数据确定性删除方案[J]. 计算机应用, 2018, 38(1): 194-200.

WANG Minshen, XIONG Jinbo, LIN Qian, WANG Lili. Cloud data assured deletion scheme based on key distribution and ciphertext sampling[J]. Journal of Computer Applications, 2018, 38(1): 194-200.

参考文献

[1] 熊金波,李凤华,王彦超,等.基于密钥学的云数据确定性删除研究进展[J].通信学报, 2016,37(8):168-184.(XIONG J B, LI F H, WANG Y C, et al. Research progress on cloud data assured deletion based on cryptography[J]. Journal on Communication, 2016, 37(8):168-184.)
[2] TANG Q. Timed-Ephemerizer:make assured data appear and disappear[C]//Proceedings of the 2009 ACM Conference on Public Key Infrastructure, Services and Applications. Berlin:Springer, 2009:195-208.
[3] TANG Y, LEE P, LUI J. Secure overlay cloud storage with access control and assured deletion[J]. IEEE Transactions on Dependable and Secure Computing, 2012, 9(6):903-916.
[4] 张坤,杨超,马建峰,等.基于密文采样分片的云端数据确定性删除方法[J].通信学报,2015,36(11):108-117.(ZHANG K, YANG C, MA J F, et al. Novel cloud data assured deletion approach based on ciphertext sample slice[J]. Journal on Communications, 2015,36(11):108-117.)
[5] 曹景源,李立新,李全良,等.云存储环境下生命周期可控的数据销毁模型[J].计算机应用,2017,37(5):1335-1340.(CAO J Y, LI L X, LI Q L, et al. Data destruction model for cloud storage based on lifecycle control[J]. Journal of Computer Applications, 2017, 37(5):1335-1340.)
[6] XIONG J B, LI F H, MA J F, et al. A full lifecycle privacy protection scheme for sensitive data in cloud computing[J]. Peer-to-Peer Networking and Applications, 2015, 8(6):1025-1037.
[7] GEAMBASU R, KOHNO T, LEVY A, et al. Vanish:increasing data privacy with self-destructing data[C]//Proceedings of the 2009 ACM Conference on USENIX Security Symposium. Berkeley, CA:USENIX Association, 2009:299-316.
[8] ZENG L, SHI Z, XU S, et al. SafeVanish:an improved data self-destruction for protecting data privacy[C]//Proceedings of the 2010 IEEE International Conference on Cloud Computing Technology and Science. Piscataway, NJ:IEEE, 2010:521-528.
[9] 王丽娜,任正伟,余荣威,等.一种适于云存储的数据确定性删除方法[J].电子学报,2012,40(2):266-272.(WANG L N, REN Z W, YU R W, et al. A data assured deletion approach adapted for cloud storage[J]. Acta Electronica Sinica, 2012, 40(2):266-272.)
[10] LI C L, CHEN Y, ZHOU Y Z. A data assured deletion scheme in cloud storage[J]. China Communications, 2014, 11(4):98-110.
[11] 熊金波,姚志强,马建峰,等.面向网络内容隐私的基于身份加密的安全自毁方案[J].计算机学报,2014,37(1):140-150.(XIONG J B, YAO Z Q, MA J F, et al. A secure self-destruction scheme with IBE for the Internet content privacy[J]. Chinese Journal of Computers, 2014, 37(1):140-150.)
[12] 熊金波,姚志强,马建峰,等.基于属性加密组合文档安全自毁方案[J].电子学报,2014,42(2):366-376.(XIONG J B, YAO Z Q, MA J F, et al. A secure self-destruction scheme for composite document with attribute based encryption[J]. Acta Electronica Sinica, 2014, 42(2):366-376.)
[13] WHITE T, CUTTING D. Hadoop:The Definitive Guide[M]. Sebastopol:O'reilly Media, 2009:44-67.
[14] DABEK F. A distributed Hash table[D]. Boston:Massachusetts Institute of Technology, 2006:20-84.
[15] RHEA S, GODFREY B, KARP B, et al. OpenDHT:a public DHT service and its uses[C]//Proceedings of the 2005 ACM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications. New York:ACM, 2005:73-84.
[16] FALKNER J, PIATEK M, JOHN J P, et al. Profiling a million user DHT[C]//Proceedings of the 2007 ACM Conference on Internet Measurement. New York:ACM, 2007:129-134.
[17] 彭巧,田有亮.基于多线性Diffie-Hellman问题的秘密共享方案[J].电子学报,2017,45(1):200-205.(PENG Q, TIAN Y L. A secret sharing scheme based on multilinear Diffie-Hellman problem[J]. Acta Electronica Sinica, 2017, 45(1):200-205.)
[18] 窦文,王怀民,贾焰,等.构造基于推荐的Peer-to-Peer环境下的Trust模型[J].软件学报,2004,15(4):571-583.(DOU W, WANG H M, JIA Y, et al. A recommendation-based Peer-to-Peer trust model[J]. Journal of Software, 2004, 15(4):571-583.)
[19] 冯贵兰,谭良.基于信任度的云存储数据确定性删除方案[J].计算机科学,2014,41(6):108-112.(FENG G L, TAN L. Data assured deletion scheme based on trust value for cloud storage[J]. Computer Science, 2014, 41(6):108-112.)
[20] GUO Y, RAO J, CHENG D, et al. IShuffle:improving Hadoop performance with shuffle-on-write[J]. IEEE Transactions on Parallel and Distributed Systems, 2017, 28(6):1649-1662.

基于密钥分发和密文抽样的云数据确定性删除方案

Cloud data assured deletion scheme based on key distribution and ciphertext sampling

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	李秀艳, 刘明曦, 史闻博, 董国芳. 面向资源受限用户的高效动态数据审计方案[J]. 计算机应用, 2021, 41(2): 422-432.
[2]	唐鑫, 周琳娜. 基于响应模糊化的抗附加块攻击云数据安全去重方法[J]. 计算机应用, 2020, 40(4): 1085-1090.
[3]	付伟, 顾晨阳, 高强. 基于属性加密的多用户共享ORAM方案[J]. 计算机应用, 2020, 40(2): 497-502.
[4]	王海勇, 彭垚, 郭凯璇. 云存储中基于代理重加密的CP-ABE访问控制方案[J]. 计算机应用, 2019, 39(9): 2611-2616.
[5]	柳玉东, 王绪安, 涂广升, 王涵. 全生命周期的云外包数据安全审计协议[J]. 计算机应用, 2019, 39(7): 1954-1958.
[6]	周坚, 金瑜, 何亨, 李鹏. 基于嵌套Merkle Hash tree区块链的云数据动态审计模型[J]. 计算机应用, 2019, 39(12): 3575-3583.
[7]	明洋, 何宝康. 支持属性撤销的可验证外包的多授权属性加密方案[J]. 计算机应用, 2019, 39(12): 3556-3562.
[8]	李静, 刘冬实. 主动容错云存储系统的可靠性评价模型[J]. 计算机应用, 2018, 38(9): 2631-2636.
[9]	陈博, 何连跃, 严巍巍, 徐照淼, 徐俊. 海量小文件系统的可移植操作系统接口兼容技术[J]. 计算机应用, 2018, 38(5): 1389-1392.
[10]	杨宏宇, 王玥. 云存储环境下的多关键字密文搜索方法[J]. 计算机应用, 2018, 38(2): 343-347.
[11]	李强, 刘晓峰. 基于Hopfield神经网络的云存储负载均衡策略[J]. 计算机应用, 2017, 37(8): 2214-2217.
[12]	李昊宇, 张龙军, 李庆鹏. 基于B⁺树的动态数据持有性证明方案[J]. 计算机应用, 2017, 37(7): 1931-1935.
[13]	曹景源, 李立新, 李全良, 丁永善. 云存储环境下生命周期可控的数据销毁模型[J]. 计算机应用, 2017, 37(5): 1335-1340.
[14]	李阿妮, 张晓, 张伯阳, 柳春懿, 赵晓南. 公有云存储系统性能评测方法研究[J]. 计算机应用, 2017, 37(5): 1229-1235.
[15]	廖辉, 薛广涛, 钱诗友, 李明禄. 基于纠删码的细粒度云存储调度方案[J]. 计算机应用, 2017, 37(3): 613-619.