高级检索

    云环境下支持可更新加密的分布式数据编码存储方案

    Distributed Data Encoding Storage Scheme Supporting Updatable Encryption in Cloud

    • 摘要: 由于云存储密文的静态性特征,密钥泄露成为影响存储数据安全性的重要因素.数据重加密是应对密钥泄露的有效手段,但相应的计算开销以及上传下载的通信开销增加了用户和存储系统的负担.此外,对基于分布式编码的数据存储而言,密文更新需要在解密密文的基础上进行,密文合并过程同样增加了系统的通信及计算开销.针对上述问题,提出一种云环境下支持可更新加密的分布式数据编码存储方案(distributed data encoding storage scheme supporting updatable encryption, DDES-UE).通过利用密钥同态伪随机函数构造可更新加密方案,可避免密文更新的计算与通信开销过大问题;基于密文分割与改进FMSR编码实现数据分布式存储,保证存储数据的高可用性和各存储节点的直接数据更新.安全性证明及性能分析表明:提出的方案在保证数据存储安全性的同时,能够支持部分存储节点损坏时安全高效的数据可恢复性以及解密数据的完整性验证.与传统的数据重加密相比,DDES-UE能够避免数据重加密及数据上传、下载、解码、合并带来的计算和通信开销,对于构建支持直接数据更新的安全高效云存储系统有重要意义.此外,周期性密钥更新可有效增加攻击者通过获取密钥破解密文的时间成本,从而增强了系统的主动安全防御能力.

       

      Abstract: Due to the long-term immutability of the ciphertext stored in the cloud, key compromise becomes an important factor affecting the security of stored data. Data re-encryption is an effective way to deal with key leakage, but the corresponding computational overhead and communication overhead of data uploading and downloading increase the burden on users and storage systems. In addition, for data storage based on distributed coding, ciphertext update needs to be performed on the basis of decrypting ciphertext, and the ciphertext merging also increases the communication and computational overhead of the system. Aiming at the above problems, a distributed data encoding storage scheme supporting updatable encryption (DDES-UE) in cloud environment is proposed. By constructing the updatable encryption scheme with key homomorphic pseudo-random functions, the heavy calculation and communication overhead of ciphertext update can be avoided; ciphertext segmentation and improved functional minimum storage regenerated code (FMSR) are used for achieving distributed data storage, which ensures high availability for storage data and direct data update of each storage node. Security proofs and performance analysis show that the proposed scheme can support secure and efficient data recoverability in the case of node corruption and the integrity verification of decrypted data while guaranteeing the security of data storage. Compared with traditional data re-encryption, DDES-UE can avoid the computation and communication overhead for data re-encryption, uploading, downloading, decoding, and ciphertext merging as well, which is of great significance for building secure and efficient cloud storage system with direct data update. In addition, the periodic key update can effectively increase the time cost for an attacker to crack the ciphertext by acquiring the key, which also enhance the active security defense capability of the system.

       

    /

    返回文章
    返回