摘要
在云存储服务中,安全的加密数据去重通常需要依赖可信第三方服务器(trusted thirdparty,TTP).为了解决这一问题,提出了一种基于英特尔软件防护扩展(Intel software guard extension,Intel SGX)的安全数据去重方法,利用硬件安全技术协助客户端进行密钥管理.将IntelSGX提供的飞地(Enclave)作为可信执行环境,使用远程认证机制构建云服务器与客户端Enclave之间端到端的安全信道,完成敏感信息的传输,保护客户端隐私数据;利用数据密封机制实现隐私数据的安全存储.安全性分析与性能评估表明,相较于以往的方法,本文方法在密钥以及通信等方面具有更高的安全性,在系统开销和平均执行时间等方面也具有一定优势.此外,由于无需使用可信第三方的支持,在现实场景下易于实现,具有一定的应用价值.
In cloud storage services,secure deduplication often relies on a trusted third party(TTP).To solve this problem,hardware security technology is introduced to assist clients in key management,and a secure encrypted data deduplication method based on Intel SGX is proposed.The Enclave provided by Intel SGX is used as a trusted execution environment to help clients with privacy protection.Remote attestation can be used to build an end-to-end secure channel between the cloud server and clients Enclave to transfer sensitive information,and data sealing is employed to help clients achieve secure storage of private data.Security analysis and performance evaluation show that,compared with previous methods,the proposed method has greater security in key and communication,and also has some advantages in system overhead and average runtime.In addition,since there is no trusted third party,it is easy to implement in real-world applications,and has some application value.
作者
张新宇
咸鹤群
卢倩
田呈亮
ZHANG Xin-Yu;XIAN He-Qun;LU Qian;TIAN Cheng-Liang(College of Computer Science and Technology,Qingdao University,Qingdao 266071,China;State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China)
出处
《密码学报》
CSCD
2022年第2期341-352,共12页
Journal of Cryptologic Research
基金
山东省自然科学基金(ZR2019MF058)
国家自然科学基金(61702294)
信息安全国家重点实验室开放课题(2020-MS-09)。
