高级检索

    云存储中基于可信平台模块的密钥使用次数管理方法

    A Management Approach to Key-Used Times Based on Trusted Platform Module in Cloud Storage

    • 摘要: 为保护云存储中数据的机密性并控制密钥的使用次数,提出了一种基于可信平台模块的密钥使用次数管理方法.首先,通过基于密文策略的属性加密算法对密钥加密,使得只有满足一定属性的指定用户能够解密密钥.然后在本地将密钥与可信平台模块绑定,保证密钥的安全存储,并利用可信平台模块的物理单调计数器为每一个密钥生成一个虚拟的单调计数器.其次,通过比较单调递增的计数器值和预定的密钥使用次数值,判断密钥是应被删除还是能继续使用,从而控制密钥的使用次数.最后,利用可信平台模块的防物理篡改功能、计数器的单调性和数字摘要防止攻击者对硬盘数据进行重放攻击.实验结果表明,所提出的方案性能开销小,能够安全有效地存储和保护密钥,达到密钥使用次数受限制的目的.

       

      Abstract: A management approach to key used times based on trusted platform module (TPM) is proposed to protect the confidentiality of data in cloud storage and control the key-used times. Firstly, the data is encrypted by a symmetric encryption scheme using a data encryption key (DEK). And then DEK is encrypted by the ciphertext-policy attribute-based encryption (CP-ABE) scheme to control the access of DEK. Only those whose attributes satisfy the access control tree adopted by CP-ABE can decrypt and access DEK. Then DEK will be stored securely by binding the key and the TPM with a digital signature locally. The physical monotonic counter of the TPM is utilized to generate virtual monotonic counter (VMC) for each DEK. Secondly, comparing the monotonically increased value of VMC and the pre-set times that DEK can be used, DEK is judged to be deleted or to be used unceasingly so that the used times of DEK is controlled. Finally, the replay attack of the hard disk is prevented by the anti-physical tampering functionality of TPM, monotonicity of the counter, and digital signature. The experiment results show that the performance cost is low and the proposed scheme can securely store and effectively protect DEK, thus achieving the goal that the times of DEK can be used is limited.

       

    /

    返回文章
    返回