ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2016, Vol. 53 ›› Issue (11): 2454-2464.doi: 10.7544/issn1000-1239.2016.20150553

• 信息安全 • 上一篇    下一篇

一种基于分块混淆的动态数据隐私保护机制

张宏磊,史玉良,张世栋,周中民,崔立真   

  1. (山东大学计算机科学与技术学院 济南 250101) (yanlei1214@126.com)
  • 出版日期: 2016-11-01
  • 基金资助: 
    国家自然科学基金项目(61272241,61572295);科技部创新方法工作专项(2015IM010200);山东省泰山产业领军人才工程专项经费;山东省科技重大专项(2015ZDXX0201B03,2015ZDXX0201A04,2015ZDJQ01002) The research work was supported by the National Natural Science Foundation of China (61272241, 61572295), the Innovation Methods Work Special Project (2015IM010200), the Taishan Industrial Experts Programme of Shandong Province, and the Shandong Province Science and Technology Major Special Project (2015ZDXX0201B03, 2015ZDXX0201A04, 2015ZDJQ01002).

A Privacy Protection Mechanism for Dynamic Data Based on Partition-Confusion

Zhang Honglei, Shi Yuliang, Zhang Shidong, Zhou Zhongmin, Cui Lizhen   

  1. (School of Computer Science and Technology, Shandong University, Jinan 250101)
  • Online: 2016-11-01

摘要: 云计算环境下,基于分块混淆的隐私保护机制通过对租户个性化隐私保护需求及应用性能的有效结合,实现了隐私信息在明文状态下的保护.然而随着云端多租户应用的持续运行,一方面,租户数据的插入、删除和修改等业务操作将会影响底层数据存储的分布状态,使分块间的关联关系因数据分布的不均匀而面临极大的泄露风险;另一方面,攻击者仍然可以通过局部时间内各分块的操作日志以及对应的数据快照分析出部分隐私信息.针对上述挑战,在三方安全交互模型的基础上,提出一种面向分块混淆的动态数据隐私保护机制.该机制通过可信第三方对新插入和修改的数据进行缓存并在满足条件时将数据进行分组和存储;通过保留关键分片来保证删除操作中被删数据和剩余数据的隐私安全;通过伪造数据回收机制实现存储资源消耗的降低和应用性能的优化.通过实验证明,提出的动态数据隐私保护机制具有较好的可行性和实用性.

关键词: 多租户, 分块混淆, 动态数据, 隐私保护, 可信第三方

Abstract: Under the cloud computing environment, the privacy protection in the plaintext state can be realized, by the partition-confusion-based privacy protection mechanism which effectively combines tenants personalized privacy protection requirements and application performance. However, as the multi-tenant applications continue to run, on the one hand, the insertion, deletion, modification and other business operations of the tenant data can affect the distribution of the underlying data storage, making the relationships between the chunks in a significant risk of leakage due to the uneven data distribution; on the other hand, the attacker can still analyze a part of private information by the operation log of every chunk and the snapshot of the corresponding data in the local time. In response to these challenges, the present paper proposes a dynamic data privacy protection mechanism for partition confusion on the basis of the tripartite security interaction model. This mechanism can cache the data newly inserted and modified by a trusted third party and then group and upload it under the proper conditions; retaining key fragmentation in the deletion operation can ensure the privacy of the deleted and remained data; the falsifying data collection mechanism can achieve lower consumption of resources storage and optimize the application performance. The experimental result proves that the dynamic data privacy protection mechanism proposed in this paper has better feasibility and practicality.

Key words: multi-tenancy, partition confusion, dynamic data, privacy protection, trusted third party

中图分类号: