摘要
云存储中云数据的安全和效率问题正广受关注.解决云数据安全问题的方法一般是审计,而解决云数据效率问题(即重复问题)的方法是去重.为了避免暴露隐私,数据一般以密文的形式存储在云服务器上,所以,我们应该考虑加密数据的去重和审计.为了保证云数据存储的既安全又高效,我们需要支持加密数据去重的审计方案.然而目前同时考虑加密数据去重和数据完整性验证的方案存在缺点,如(1)用户端存储和计算开销大;(2)需要用户一直在线参与审计过程,并且用户和云服务器计算量大.针对这些问题本文提出了CDED,一种新的同时支持加密数据去重和数据完整性验证方案:(1)加密数据去重时,采用了代理重加密的方法来保证数据安全,这样用户端不需要保存大量加密密钥,且省去了上传重复数据之前加密数据的计算量;(2)在数据完整性验证中,采用了新的公开审计和代理重签名方法,保证用户不用一直在线参与审计过程,也减少了用户端和云服务器的计算量.通过理论和实验分析,CDED克服了现有方案的缺点.不需要用户一直在线,并且用户端和服务器端的计算量都减少了.
The issue of cloud data security and efficiency in cloud storage is attracting much attention. In generally,the solution to the problem of cloud data security is auditing. And the solution to the problem of cloud data efficiency( i. e.,the problem of duplication)is deduplication. In order to avoid the disclosure of privacy,the data is generally stored on the cloud server after being encrypted.Therefore,we should consider auditing and deduplication of encrypted data. To ensure security and efficiency of cloud data storage,we need an auditing scheme that supports encrypted data deduplication. However,at present,there are drawbacks in the solution that both the encrypted data deduplication and the data integrity verification are considered. For example,(1) the storage and calculation overhead of the client are large;(2) the user is always required to participate in the audit process online,and the computation load of the user and the cloud server is large. To solve these problems,the paper presents CDED,a new scheme that supports both encrypted data de-duplication and data integrity verification:(1) proxy re-encryption is adopted to ensure data security,so the client does not need to store a large number of encryption keys,and encrypt data before uploading duplicate data;(2) in the data integrity verification,a new public audit and proxy re-signature method to ensure that users do not always have to participate in the auditing process,and reduce the client and cloud server computing. Through theoretical and experimental analysis,CDED overcomes the shortcomings of existing schemes. It does not require users to be online all the time,and the amount of computing on both the client and server side has been reduced.
作者
金瑜
龚鑫
何亨
李鹏
JIN Yu;GONG Xin;HE Heng;LI Peng(College of Computer Science & Technology,Wuhan University of Science & Technology, Wuhan 430065, China;Hubei Province Key Laboratory of Intelligent Information Processing and Real-time Industrial System,Wuhan 430065 ,China)
出处
《小型微型计算机系统》
CSCD
北大核心
2018年第7期1498-1503,共6页
Journal of Chinese Computer Systems
基金
国家自然科学基金项目(61303117
61602351)资助
国家自然科学基金青年科学项目(61502359)资助
关键词
云存储
加密数据去重
公开审计
代理重签名
cloud storage
encrypted data deduplication
public auditing
proxy re-signaturel
