ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2019, Vol. 56 ›› Issue (10): 2170-2182.doi: 10.7544/issn1000-1239.2019.20190351

Special Issue: 2019密码学与智能安全研究专题

Previous Articles     Next Articles

Distributed Data Encoding Storage Scheme Supporting Updatable Encryption in Cloud

Yan Xincheng1, Chen Yue1, Ba Yang1, Jia Hongyong2, Zhu Yu1   

  1. 1(Strategic Support Force Information Engineering University, Zhengzhou 450001);2(School of Software and Applied Technology, Zhengzhou University, Zhengzhou 450001)
  • Online:2019-10-16

Abstract: Due to the long-term immutability of the ciphertext stored in the cloud, key compromise becomes an important factor affecting the security of stored data. Data re-encryption is an effective way to deal with key leakage, but the corresponding computational overhead and communication overhead of data uploading and downloading increase the burden on users and storage systems. In addition, for data storage based on distributed coding, ciphertext update needs to be performed on the basis of decrypting ciphertext, and the ciphertext merging also increases the communication and computational overhead of the system. Aiming at the above problems, a distributed data encoding storage scheme supporting updatable encryption (DDES-UE) in cloud environment is proposed. By constructing the updatable encryption scheme with key homomorphic pseudo-random functions, the heavy calculation and communication overhead of ciphertext update can be avoided; ciphertext segmentation and improved functional minimum storage regenerated code (FMSR) are used for achieving distributed data storage, which ensures high availability for storage data and direct data update of each storage node. Security proofs and performance analysis show that the proposed scheme can support secure and efficient data recoverability in the case of node corruption and the integrity verification of decrypted data while guaranteeing the security of data storage. Compared with traditional data re-encryption, DDES-UE can avoid the computation and communication overhead for data re-encryption, uploading, downloading, decoding, and ciphertext merging as well, which is of great significance for building secure and efficient cloud storage system with direct data update. In addition, the periodic key update can effectively increase the time cost for an attacker to crack the ciphertext by acquiring the key, which also enhance the active security defense capability of the system.

Key words: distributed cloud storage, key compromise, updatable encryption, FMSR encoding, periodic key update

CLC Number: