Journal of Computer Applications ›› 2018, Vol. 38 ›› Issue (1): 194-200.DOI: 10.11772/j.issn.1001-9081.2017071751

Previous Articles     Next Articles

Cloud data assured deletion scheme based on key distribution and ciphertext sampling

WANG Minshen, XIONG Jinbo, LIN Qian, WANG Lili   

  1. College of Mathematics and Informatics, Fujian Normal University, Fuzhou Fujian 350117, China
  • Received:2017-07-19 Revised:2017-09-15 Online:2018-01-10 Published:2018-01-22
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61402109,61370078), the Natural Science Foundation of Fujian Province(2015J05120), the Distinguished Young Scientific Research Talents Plan in Universities of Fujian Province.

基于密钥分发和密文抽样的云数据确定性删除方案

王敏燊, 熊金波, 林倩, 王丽丽   

  1. 福建师范大学 数学与信息学院, 福州 350117
  • 通讯作者: 熊金波
  • 作者简介:王敏燊(1994-),男,湖南株洲人,硕士研究生,主要研究方向:信任评估、数据安全;熊金波(1981-),男,湖南益阳人,副教授,博士,CCF会员,主要研究方向:云数据安全、隐私保护;林倩(1993-),女,福建莆田人,主要研究方向:数据安全。
  • 基金资助:
    国家自然科学基金资助项目(61402109,61370078),福建省自然科学基金资助项目(2015J05120),福建省高校杰出青年科研人才培育计划项目。

Abstract: If cloud data is not deleted in time after expiration, it may lead to unauthorized access and privacy leakage. For above issue, a cloud data assured deletion scheme based on key distribution and ciphertext sampling was proposed. It was composed of the encryption algorithm and Distributed Hash Table (DHT) network. Firstly, the plaintext was encrypted into the ciphertext. The ciphertext was sampled by random sampling algorithm. The incomplete ciphertext was uploaded to the cloud. Secondly, The trust value of each node in the DHT network was evaluated by evaluative method. The encryption key was processed into the subkeys by Shamir secret sharing algorithm, and the subkeys were distributed into the nodes with high trust degree. Finally, the encryption key was automatically deleted by the periodic self-updating function of the DHT network. The ciphertext in the cloud was overwritten by uploading random data through the Hadoop Distributed File System (HDFS)'s interface. Assured deletion of cloud data was done by deleting the encryption key and the ciphertext. The security analysis and performance analysis demonstrate that the proposed scheme is secure and efficient.

Key words: cloud storage, trust value evaluation, key distribution, ciphertext deletion, Distributed Hash Table (DHT) network

摘要: 针对云数据过期后不及时删除容易导致非授权访问和隐私泄露等问题,结合加密算法和分布式哈希表(DHT)网络,提出一种基于密钥分发和密文抽样的云数据确定性删除方案。首先加密明文,再随机抽样密文,将抽样后的不完整密文上传到云端;然后评估DHT网络中各节点的信任值,使用秘密共享算法处理密钥,并将子密钥分发到信任值高的节点上;最后,密钥通过DHT网络的周期性自更新功能实现自动删除,通过调用Hadoop分布式文件系统(HDFS)的接口上传随机数据覆写密文,实现密文的完全删除。通过删除密钥和云端密文实现云数据的确定性删除。安全性分析和性能分析表明所提方案是安全和高效的。

关键词: 云存储, 信任值评估, 密钥分发, 密文删除, 分布式哈希表网络

CLC Number: