摘要
针对加密云数据阈值去重中的安全性和效率问题,提出一种基于阈值重加密的抗边信道攻击云数据安全去重方法。设计了一种轻量级的阈值重加密机制,将用户端的密文分割转变为密钥分割,并且把二次加密转移到云端执行,从而大大减少了用户端的计算开销。所提机制允许用户从一次加密密文和重加密密文中均可解密出明文,从而避免了对同一文件多次加密的开销。同时,所提方法支持云服务提供商和用户端双向的数据完整性验证,直接确保密文副本和用户端明文数据的对应性。实验结果表明,所提方法大大降低了用户端的计算开销,且同时取得了较好的云端存储性能。
For security and efficiency problems in threshold based deduplication for cloud data,a novel method based on threshold re-encryption was proposed to deal with side channel attacks.A lightweight threshold re-encryption mechanism was presented to transfer the secondary encryption to the cloud for execution and allow clients to generate ciphertext based on key segmentation instead of ciphertext segmentation,both of which largely reduce computational overhead of clients.Also,the proposed mechanism enables clients to decrypt from both one-time encrypted and re-encrypted ciphertext,thus avoiding the overhead of redundant encryption of the same file.Mutual integrity verification between cloud service provider and clients was also supported by the proposed method,which directly ensured the correctness of the correspondence between ciphertext and plaintext on client side.Experiments show that the proposed method not only largely reduces the computational overhead on client side,but also achieves superior storage performance on cloud side simultaneously.
作者
唐鑫
周琳娜
单伟杰
刘丹
TANG Xin;ZHOU Linna;SHAN Weijie;LIU Dan(School of Information Science and Technology,University of International Relations,Beijing 100091,China;School of Cyberspace Security,Beijing University of Posts and Telecommunications,Beijing 100084,China)
出处
《通信学报》
EI
CSCD
北大核心
2020年第6期98-111,共14页
Journal on Communications
基金
国际关系学院国家安全高精尖学科建设科研专项基金资助项目(No.2019GA36)
国家自然科学基金资助项目(No.U1536207)
国家重点研发计划基金资助项目(No.2016QY04W0803)。
关键词
阈值去重
重加密
边信道攻击
后验证
threshold deduplication
re-encryption
side channel attack
late verify
