-
随着信息化的日益推进,越来越多的数据在网络上产生。云计算的兴起为数据存储提供了极大的方便,于是,越来越多的人选择将数据存放在云服务器中,并且将数据共享给其他好友。考虑到数据的敏感性和隐私性,用户更愿意这样的共享是有时限的,而不是永久性的共享。从时间的维度,一个典型的数据生命周期包括数据生成、数据发布、数据使用和数据删除,数据使用后需要销毁来保障敏感信息不被泄露,因此,需要一种适当的机制来实现数据使用后的删除;从数据拥有者的角度,他往往不希望数据一直被暴露在不可信的云服务器中,因此需要设计一种方案来满足数据拥有者的需求,在他不希望数据被共享时,将数据删除。综合考虑上述两点,删除是保障数据隐私性的一个重要手段。
找到敏感数据存储在云服务器中所有的备份文件,然后逐一删除,实现了物理层面的删除。然而,云存储的结构相对复杂,一般都采用多重备份的方式来保障数据的高可用性,要找到云中所有的数据备份相对比较困难。退而求其次,寻找一种限时的加密方案,当数据拥有者设定的访问时间过期后,即使数据使用者获得了共享的数据文件,也不能解密文件的内容,从而在逻辑层面上解决了敏感数据的定时删除问题。
Research on Timed Access of Sensitive Data Based on Dual Encryption
-
摘要: 在云外包存储的背景下,针对外包存储中共享敏感数据的定时删除问题,提出基于双重加密的敏感数据限时访问方案。首先对称加密待共享的敏感数据文件,随后对加密后的文件进行随机分割提取,形成提取密文分量和封装密文分量;然后采用限时属性基加密算法对对称密钥和提取密文分量进行加密,生成访问控制对象;最后将访问控制对象同封装密文分量一同上传至云服务器。通过该方案,授权用户能够在限时属性基加密的访问时限窗口中解密访问控制对象,获取对称密钥和提取密文分量,并合成原始密文,恢复明文。访问时限窗口过期后,任何用户都无法属性基解密访问控制对象,获取对称密钥,恢复明文,从而实现敏感数据的定时删除。通过敌手攻击模型,分析并证明了该方案的安全性。Abstract: A timed access solution of sensitive data based on dual encryption scheme is proposed to solve the problem of timed deletion of shared sensitive data stored in outsourcing storage. In our solution, the shared sensitive data file is encrypted by symmetric encryption, and the encrypted file is randomly divided to form the extracted cipher component and the encapsulated cipher component. Then, the attribute based timed encryption algorithm is used to encrypt the symmetric key and extracted cipher component, which can generate access control object. Finally, the encapsulated cipher component is combined with the access control object and sent into the cloud server. By this scheme, the authorized user can decrypt the access control object in the time limitation, obtain the symmetric key and extract cipher component, compose the original ciphertext, and recover the plaintext. Once access windows period expire, any users are unable to decrypt the access control object, get the symmetric key, recover the plaintext, so as to realize the timed destruction of sensitive data. The security of the scheme is analyzed and proved by the adversary attack model.
-
[1] GEAMBASU R, KOHNO T, LEVY A, et al. Vanish: Increasing data privacy with self-destruction data[C]//Prof of 18th USENIX Security Symp. Berkeley, USA: USENIX Association, 2009: 299-315. [2] ZENG Ling-fang, SHI Zhan, XU Sheng-jie, et al. SafeVanish: an improved data self-destruction for protecting data privacy[C]//Prof of the 2nd Int Conf on Cloud Computing Technology and Science. Piscataway, NJ: IEEE, 2010: 521-528. [3] WANG Guo-jun, YUE Fang-shun, LIU Qin. A secure selfdestructing shemefor electronic data[J]. Journal of Computer and System Sciences, 2013, 79(2): 279-290. doi: 10.1016/j.jcss.2012.05.008 [4] XIONG Jin-bo, YAO Zhi-qiang, MA Jian-feng, et al. A secure document self-destruction scheme with identity based encryption[C]//Prof of the 5th Int Conf on the Intelligent Networking and Collaboratives Systems. Piscataway, NJ: IEEE, 2013: 239-243. [5] 熊金波, 姚志强, 马建峰, 等.面向网络内容隐私的基于身份加密的安全自毁方案[J].计算机学报, 2014, 37(1): 139-150. http://www.cnki.com.cn/Article/CJFDTOTAL-JSJX201401012.htm XIONG Jin-bo, YAO Zhi-qiang, MA Jian-feng. et al. A secure self-destruction scheme with IBE for the internet content privacy[J]. Chinese Journal of Computers, 2014, 37(1): 139-150. http://www.cnki.com.cn/Article/CJFDTOTAL-JSJX201401012.htm [6] 姚志强, 熊金波, 马建峰, 等.云计算中一种安全的电子文档自毁方案[J].计算机研究与发展, 2014, 51(7): 1417-1423. doi: 10.7544/issn1000-1239.2014.20131870 YAO Zhi-qiang, XIONG Jin-bo, MA Jian-feng, et al. A secure electronic document self-destruction scheme in cloud computing[J]. Journal of Computer Reseach and Development, 2014, 51(7): 1417-1423. doi: 10.7544/issn1000-1239.2014.20131870 [7] RIVEST R L, SHAMIR A, WAGNER D A. Time-lock puzzles and timed-released crypto[EB/OL]. [2015-02-14].http://dl.acm.org/citation.cfm?id=888615. [8] CHAN A F, BLAKE I F. Scalable, server-passive, useranonymous timed release cryptography[C]//Proc of the 25th on Distributed Computing Systems. Piscataway, NJ: IEEE, 2055: 504-513. [9] CHALKIAS K, HRISTU-VARSAKELIS D, STEPHANIDES G. Improved anonymous timed-release encryption[C]// LNCS 4734: Proc of the 12th European Symp on Research in Computer Security. Berlin: Springer, 2007: 311-326. [10] DENT A W, TANG Q. Revisiting the security model for timed-release encryption with pre-open capability[C]// LNCS 4779: Proc of the Information Security. Berlin: Springer, 2007: 158-174. [11] KIKUCHI R, FUJIOKA A, OKAMOTO Y, et al. Strong security notions for timed-release public-key encryption revisited[C]//LNCS 5324: Proc of the Provable Security. Berlin: Springer, 2012: 88-108. [12] CHOW S S, YIU S M. Timed-release encryption revisited[C]//LNCS 5324: Proc of the Provable Security. Berlin: Springer, 2008: 38-51. [13] LIU Qin, WANG Guo-jun, WU Jie. Timed-based proxy re-encryption scheme for secure data sharing in a cloud computing environment[J]. Information Sciences, 2014, 258(3): 355-370.