CN112947855B - Efficient encryption repeated data deleting method based on hardware security zone - Google Patents

Efficient encryption repeated data deleting method based on hardware security zone Download PDF

Info

Publication number
CN112947855B
CN112947855B CN202110136154.3A CN202110136154A CN112947855B CN 112947855 B CN112947855 B CN 112947855B CN 202110136154 A CN202110136154 A CN 202110136154A CN 112947855 B CN112947855 B CN 112947855B
Authority
CN
China
Prior art keywords
key
client
encryption
key generation
storage server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110136154.3A
Other languages
Chinese (zh)
Other versions
CN112947855A (en
Inventor
李经纬
任彦璟
杨祚儒
李柏晴
张小松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN202110136154.3A priority Critical patent/CN112947855B/en
Publication of CN112947855A publication Critical patent/CN112947855A/en
Application granted granted Critical
Publication of CN112947855B publication Critical patent/CN112947855B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • G06F3/064Management of blocks
    • G06F3/0641De-duplication techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/067Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an efficient encryption repeated data deleting method based on a hardware security area, and belongs to the technical field of information security. Aiming at the efficiency problems of server auxiliary key generation and data block ownership verification in the existing encryption data de-duplication system, the invention provides an efficient encryption data de-duplication method based on a hardware security area, so that expensive cryptography calculation in the traditional scheme is replaced, and the calculation performance is obviously improved under the condition of ensuring the same security. The method can be used in a storage model of a client-key manager-cloud storage server: deploying a client at a user side to support data reading and writing; a key manager and a storage server are deployed at the cloud storage server for managing remote data and supporting key generation.

Description

Efficient encryption repeated data deleting method based on hardware security zone
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a technology for realizing deletion and storage of encrypted repeated data based on a hardware security area.
Background
In an encrypted deduplication storage system, encrypted deduplication is achieved by dividing an input file into non-overlapping chunks. For each data chunk, a hash (referred to as a fingerprint) of the data chunk contents is first computed and fingerprints of all currently stored data chunks are tracked in a key-value store referred to as a fingerprint index. Assuming that in practice a fingerprint collision is very unlikely, if the fingerprint is a new fingerprint that does not exist in the fingerprint index, a physical copy of the chunk is stored, or if the fingerprint has been tracked, the chunk is treated as a logical copy, pointing it to a physical copy already saved. The encryption repeated data deletion expands the block-based repeated data deletion through encryption, so that the data confidentiality and the storage efficiency guarantee are provided for outsourcing cloud storage at the same time. The client encrypts each plaintext block of the input file into a ciphertext block by using a plurality of symmetric keys, uploads all the ciphertext blocks to the cloud, and deletes repeated data in the cloud to be applied to the ciphertext blocks.
It is crucial that duplicate plaintext blocks are encrypted into duplicate ciphertext blocks, so that deduplication is still feasible over ciphertext blocks. Message Locked Encryption (MLE) (specifically referred to in the references m.bellare, s.keelevedhi, and t.ristenbart. Messagelocked encryption and secure de-duplication. In proc. Of EuroCrypt, 2013) formalizes an encryption primitive that specifies how to derive a symmetric encryption key (referred to as an MLE key) from the contents of a plaintext block in order to preserve the encrypted deduplication capability. An example of a mainstream MLE is Convergent Encryption (CE) (see in particular documents j.r. Doucur, a.adya, w.j. Bloosky, p.simon, and m.Theimer. Recycling space from multiplexed file system in a server distributed file system in process.of IEEE ICDCS, 2002), which derives the MLE key from the cryptographic hash of the plaintext block. However, CEs are vulnerable to offline brute force attacks (see In particular documents M. Bellade, S. Keelvedeshi, and T. Ristenboard. Duplex: server-aid encryption for reduced storage. In Proc. Of USENIX Security, 2013), in which an attacker can examine a target ciphertext block by enumerating the MLE keys of all possible plaintext blocks and infer the input plaintext block without knowing the MLE keys. Since any plaintext block is encrypted as the corresponding target ciphertext block. Thus, the original MLE requires that blocks be unpredictable (see in particular documents m.bellare, s.keelevedeshi, and t.ristenbart.messageedencryption and secure de-duplication. In proc.of EuroCrypt, 2013), on which cryptographic deduplication is based against offline brute force attacks.
To support file reconstruction, each client creates file metadata for the uploaded file that lists, in order, the fingerprint, size, and MLE key of the ciphertext block. The client encrypts the file metadata using its own master key and then uploads it (along with the uploaded ciphertext block) into the cloud. To download a file, the client will retrieve the file metadata and decrypt it using the master key. And then, searching the ciphertext block, decrypting the ciphertext block according to the MLE secret key stored in the file metadata, and reconstructing the original file.
In order to defend against predictable offline brute force attacks against data blocks, server-assisted MLEs (see In particular document m. Bellare, s. Keelevehi, and t. Ristenbart. Duplex: server-aided encryption for reduced storage. In proc. Of usenix Security, 2013)) deploy a dedicated key server to generate MLE keys. To encrypt a plaintext block, a client first sends a fingerprint of the plaintext block to a key server, which generates and returns an MLE key via the fingerprint and a global secret maintained by the key server. If the global secret is secure, an adversary cannot really launch offline brute force attacks even against predictable blocks of data. If the global secret is revealed, the security will be reduced to that of the original MLE. Server assisted MLE is further built on two security mechanisms: first, it uses the forgotten pseudo-random function (OPRF) (see in particular M.Naor and O.Reingold. Number-the-environmental constraints of influence pseudo-random functions. Journal of the ACM,51 (2): 231-262, 2004) to allow the client to send a "blind" fingerprint of the plaintext block, so that the key server can still return the same MLE key for the same fingerprint, while the original fingerprint of the data block cannot be obtained. Second, it rate limits key generation requests from clients to prevent online brute force attacks (malicious clients attempt to issue a large number of key generation requests to the key server).
To save network traffic, encryption deduplication may employ client-based deduplication technology, where duplicate ciphertext blocks are deleted at the client without being uploaded to a cloud storage server. Specifically, the client first sends the fingerprint of the ciphertext block to the cloud storage server, which checks whether the fingerprint is tracked by the fingerprint index (i.e., the corresponding ciphertext block has been stored). Then, the client uploads only non-repeated ciphertext blocks to the cloud storage server. However, client-based Deduplication is susceptible to side-channel attacks (see in particular documents d.harnik, b.pinkas, and a.shulman-peel.side channels in closed services: reduction in closed storage. Ieee Security & Privacy,8 (6): 40-47, 201). In such attacks, a malicious client can infer the presence of any target ciphertext block by sending a fingerprint of the target ciphertext block into a cloud storage server for querying, and even obtaining information, to achieve unauthorized access (see in particular documents m.mulazza, s.schritwieser, m.leithner, and m.huber.dark channels in the same manner as Security in secret. User of secure storage). To protect against side-channel attacks, client-based deduplication should be used in conjunction with proof of ownership (PoW) (see specifically references d.harnik, e.tsfadia, d.chen, and r.hat. Securing the storage data path with sgx enclaves. Https:// axiv.org/abs/1806.10883, 2018) to ensure that the client actually owns the ciphertext block. Specifically, the client attaches a certificate to each fingerprint sent to the cloud storage server, which can verify whether the client is the true owner of the corresponding ciphertext block. The cloud storage server responds only after successful proof verification succeeds, thereby preventing any malicious client from identifying ciphertext blocks owned by other clients.
However, implementing secure server assisted MLE requires expensive encryption operations. Take the server assisted MLE implementation of DupLESS (see specifically M.Belare, S.Keelvedeshi, and T.Ristentarget. Duplex: server-aided encryption for reduced storage. In Proc. Of USENIX Security, 2013) as an example: first, dupLESS implements the OPRF protocol to protect fingerprint information from a key server, but the OPRF protocol builds on expensive public key encryption operations. Second, dupLESS rate limits the client's key generation requests, protecting them from online brute force attacks, while also limiting storage system throughput. Finally, to support client-based deduplication, dupLESS needs to prevent side-channel attacks by PoW techniques, but current PoW implementations are based on the Merkle-tree protocol (see specifically references s.halevi, d.harnik, b.pinkas, and a.shulman-peleg.profos of owership in removal storage systems.in proc.ofacm CCS, 2011), which can result in excessive overhead in building Merkle trees for computation on a per-chunk basis.
Disclosure of Invention
The invention aims to: aiming at the efficiency problems of server auxiliary key generation and data block ownership proof in the existing encryption repeated data deleting system, an efficient encryption repeated data deleting method based on a hardware security zone is provided.
The invention discloses a high-efficiency encryption repeated data deleting method based on a hardware security zone, which is used in an encryption repeated data deleting system comprising a cloud storage server, a key manager and a client, and comprises the following steps:
the method comprises the steps that firstly, a cloud storage server distributes a key with an additional signature to generate a security area dynamic operation library to a key manager, and distributes an ownership certification security area dynamic operation library to each client; the dynamic operation library of the key generation secure area comprises a global secret component Sub _ s of the cloud storage server C
Step two, the key manager creates a key generation safety zone through a key generation safety zone dynamic operation library, remotely proves the correctness of the key generation safety zone operated by the key generation safety zone to the cloud storage server (the cloud storage server verifies the validity of the key generation safety zone held by the key manager), if the verification is passed, the key manager and the cloud storage server respectively and simultaneously start key regression calculation, and derive the latest blinded key K based on the key regression technology k For protecting key generation operations;
step three, the client establishes ownership proof through the ownership proof security zone dynamic operation libraryThe method comprises the steps that a security zone is accessed, a cloud storage server is accessed to remotely prove an ownership proof security zone (the cloud storage server verifies the validity of the ownership proof security zone held by a client), if the proof is passed, the client obtains the latest blinded key state information through the cloud storage server, the key manager obtains a key of the key manager to generate key state version information currently accepted by the security zone, and the key regression technology is used for obtaining the key to generate a blinded key K currently accepted by the security zone k
Step four, the client side based on the currently acquired blinding secret key K k Encrypting a data chunk fingerprint FP to be uploaded M Obtaining the encrypted data block fingerprint C (FP) M ) And passing the blinded secret key K k Calculate C (FP) M ) The hash operation message authentication code HMAC FP (ii) a Finally, C (FP) M ) And HMAC FP Sending an encryption key for the requested data block to the key manager;
step five, the key manager calls the currently received C (FP) through a specified safe area call interface M ) And HMAC FP Transmitting to a key generation secure area;
key generation secure zone based on K k And HMAC FP Validating received C (FP) M ) If the correctness of the key is passed, the blinded key K is used k Decryption C (FP) M ) To obtain the fingerprint FP M And according to H (FP) M S) to get the fingerprint FP M Is encrypted by the encryption key K FP (ii) a If not, rejecting the key generation, and requiring the client to resend the key generation request; wherein the global secret s is: h (Sub _ s) C ||Sub_s K ),Sub_s K A global secret component representing a key manager, which is transferred to a key generation secure area through a designated secure area call interface, and H () represents a preset hash function;
key generation secure zone uses blinded key K k Encryption K FP Obtain the cipher text key C (K) FP ) And calculates a corresponding signature HMAC K I.e. the cipher text key C (K) FP ) The hash operation message authentication code;
key generationThe secure area calls an interface to encrypt a key C (K) through a designated secure area FP ) And HMAC K Transmitting to the key manager, and returning to the client through the key manager;
step six, the client verifies the HMAC K If pass, then decrypt C (K) FP ) Obtaining an encryption key K FP (ii) a If not, the key generation request is carried out again;
client side uses encryption key K FP For fingerprint FP M Encrypting the corresponding data block to obtain a ciphertext block C, accessing the ownership proof security area through the appointed security area calling interface, and acquiring the fingerprint FP of the ciphertext block C C And its certification information CMAC C (i.e., cipher-type message authentication code for ciphertext block C); and initiating an ownership certification request to the cloud storage server, wherein the request comprises a fingerprint FP C And certification information CMAC C
Step seven, the cloud storage server verifies the certification information CMAC C Determining that the current client has the certification information CMAC C After the corresponding data block, pass the fingerprint FP C Querying the deduplication index, and returning a result to the client;
and step eight, the client uploads the data based on the returned result of the cloud storage server: if the cloud storage server already has the fingerprint FP C If yes, the ciphertext block C is not uploaded; otherwise, the ciphertext block C is uploaded to the cloud storage server.
In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that: the efficient encryption repeated data deleting method based on the hardware security area replaces the expensive cryptography calculation of the traditional scheme, and obviously improves the calculation performance under the condition of ensuring the same security.
Drawings
Fig. 1 is a schematic structural diagram of a system according to an embodiment of the present invention.
Fig. 2 is a performance analysis of a blind key management method according to an embodiment of the present invention, where fig. 2 (a) shows update delays corresponding to different key update parameters n, and fig. 2 (b) shows a delay of an ith key update operation corresponding to a default key update parameter n;
FIG. 3 is a graph comparing key generation rates in the example;
FIG. 4 is a diagram illustrating the extensibility of the key generation safe area in the speculative encryption with or without Intel SGX in an embodiment.
FIG. 5 is a comparison of computing speeds for different proof of ownership schemes in an embodiment;
FIG. 6 is a graph comparing upload speeds for an encrypted deduplication system and a plaintext deduplication system in accordance with an embodiment of the present invention;
FIG. 7 is a comparison graph of download speed for an encrypted deduplication system and a plaintext deduplication system in accordance with an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the embodiments and the accompanying drawings.
Aiming at the efficiency problems of server auxiliary key generation and data block ownership proof in the existing encryption repeated data deleting system, the invention provides an efficient encryption repeated data deleting method based on a hardware security area, and the computing performance is obviously improved under the condition of ensuring the same security by replacing the expensive cryptography computation of the traditional scheme. The method can be used in a storage model of a client-key manager-cloud storage server: deploying a client at a user side to support data reading and writing; a key manager and a storage server are deployed at the cloud storage server for managing remote data and supporting key generation. The method for deleting the repeated data by the high-efficiency encryption based on the hardware security area has the following specific implementation process:
1. and adopting blind key management to resist online brute force attack.
According to the invention, the client side authority is verified through the cloud storage server, and the key is distributed to generate the security zone blinding key, so that high overhead caused by verifying the client side authority in the key generation security zone and carrying out blinding key negotiation can be avoided. The blinding key is used to encrypt the plaintext block fingerprints and corresponding encryption keys in the key generation, replacing the expensive public key cryptographic algorithm in the conventional OPRF protocol. The blinding key is also used to generate a corresponding message authentication code for the client and the key manager to verify the correctness of the data. Meanwhile, by means of the blind key updating technology, the client side which is attacked can be prevented from having the permanent access qualification to the key generation safety zone, and online brute force cracking attack can be resisted. The specific implementation comprises the following steps:
step S101: in the key manager initialization process, the cloud storage server sends the key generation secure area code to the key manager in the form of signature attached to the dynamic runtime.
The cloud storage server encodes and writes the global secret component Sub _ s in the key generation secure area code C And a blinding secret K to be used for generating a blinding key K required for the key generation request k
Step S102: and the key manager creates a key generation safety zone through a key generation safety zone dynamic operation library, and the safety zone is proved to be correct to the cloud storage server through the remote authentication service.
Step S103: after the authentication is passed, the key manager and the cloud storage server start a timer, and key updating operation is carried out after the preset time is reached.
The key manager notifies a key generation safety zone updating blinding key K through a preset safety zone calling interface after the key updating time is up and no client is connected k
Step S104: for blinding the key update, a key regression technique (refer to documents k.fu, s.kamara, and t.kohno.key regression: associated with secure distributed storage. In process. Of NDSS, 2006) is used.
The key regression technique first generates a series of key states S [1], S [2], S [3] -S [ m ] each of which can be used to derive a blinded key.
The key regression technique allows the cloud storage server and key generation security zone to derive any new key states from the old key states using the blinded secret K (e.g., derive S [2] from S [1 ]), ensuring that the client cannot learn any information of the new states. It also allows the client to derive any old state from the new state (e.g., derive S [1] from S [2 ]).
Step S105: the key generation safety zone and the cloud storage server use the same key regression scheme based on the Hash function, a common parameter N (representing the maximum times of key regression that can be performed) is set, and the ith state is calculated to be S [ i ] based on the blinded secret K]=H N-i+1 (K) Where H () represents a hash function.
Step S106: client downloads current latest blinded key state Si from cloud storage server]And then obtaining the current version number j of the blinded key accepted by the current key generation safety zone from the key manager. By new state Si]And j derived Key Generation Security zone Accept blinded Key State is Sj]=H i-j+1 (S[i])。
Since the key generation security zone may not be able to immediately update the blinded key since key generation is being performed, j may be less than i, requiring the client to re-derive the correct blinded key state S [ j ] based on the latest blinded key state and the blinded key state version number accepted by the key generation security zone.
Step S107: client uses blinded Key State Sj]By K k [j]=H(S[j]||(0) 8 ) Calculating a blinded key K for key generation k [j]. Wherein, (0) 8 Representing a string of binary zeros with a bit number of 8. Wherein "|" represents a connector.
To simplify the description, the currently generated blinding key is denoted as blinding key K k The blinded secret key K k The method is used for the secure communication between the key generation secure area and the client (replacing the blinding operation based on the public key cryptosystem in the traditional OPRF protocol), and communication content is protected from being obtained by a malicious key manager. In the present embodiment, based on the blinded secret key K k The process of encrypting the data block specifically comprises the following steps:
step S201: client uses the currently obtained blinded key K k Encrypted plaintext block fingerprint FP M And use of K k Computing an encrypted data Block fingerprint C (FP) M ) Corresponding Hash operation message authentication code HMAC FP . C (FP) M ) And HMAC FP To the key manager.
For example, the client calculates HMAC through HMAC-SHA256 FP . Any incorrect or outdated blinded key is detected by checking the MAC using the Crypto-then-MAC (encrypted before message authentication code) paradigm (see in particular references m.bellare and c.napremple. Authenticated encryption: relationships and analysis of the genetic composition of the subject matter proc. Of the asia crypt, 2000). The signature uses a blinded key K k And data Block fingerprint C (FP) M ) As input, the key generation secure area is enabled to generate a fingerprint C (FP) of the received data block M ) The validity of (2) is verified.
Step S202: c (FP) to be received by the key manager M ) And HMAC FP And then, transferring the key to a key generation safety area through a preset safety area calling interface.
Due to blinding the secret key K k The key manager cannot obtain C (FP) only if the client holds the key generation secure area M ) The corresponding plaintext block fingerprint FP realizes the same function of keeping the data block fingerprint secret to the key manager as the blind operation in the OPRF protocol.
Step S203: key generation secure zone usage K k And attached to the encrypted data block fingerprint C (FP) M ) Post HMAC FP Verification C (FP) M ) If it is correct.
Key generation secure zone usage K k Recalculating encrypted data Block fingerprints C (FP) M ) The latter hash message authentication code is marked as HMAC' FP And with the received HMAC FP And (6) comparison. If the two are the same, continuing to execute the next operation; if the two key generation requests are different, the client uses a forged or outdated blinded key, the key generation is refused, and the client is required to send again.
Step S204: key generation secure zone verification C (FP) M ) After correctness, use K k Decryption C (FP) M ) Obtain the plaintext block fingerprint FP M Will beGlobal secret s connection for key services to plaintext block fingerprint FP M Then, the plaintext block fingerprint FP is obtained by Hash calculation H (FP | | s) M Corresponding encryption key K FP
In the step, the global secret s is generated by the key manager and the cloud storage server together, and specifically comprises the following steps: the cloud storage server makes up the global secret Sub _ s of the cloud storage server C Coding the code into a dynamic running library of a key generation safety zone, distributing the code of the key generation safety zone to a key manager in a form of adding a signature to the dynamic running library, and enabling the key manager to call an interface through a preset safety zone to enable a global secret component Sub _ s held by the key manager to be a global secret component K Added to the key generation secure area. Key Generation secure zone H (Sub-s) is computed by a hash function C ||Sub_s K ) A global secret s of the final key generation service is obtained.
Step S205: key generation secure zone will encrypt key K FP By K k Encrypted to obtain C (K) FP ) And calculates corresponding message authentication code HMAC K For client authentication. And mixing C (K) FP ) And HMAC K And returning the key to the key manager, and sending the key to the client by the key manager.
Step S206: client use K k Validating HMAC K And decrypt C (K) after verification is passed FP ) Obtaining an encryption key K corresponding to the data block fingerprint FP FP
Client use K k Recalculating the encrypted data block encryption key C (K) FP ) The following message authentication code is marked as HMAC' K And with the received message authentication code HMAC K And (6) comparison. If the key is the same as the key, the key is accepted and the generation of the rest keys is continued; if the data block fingerprints are different, the key generation is wrong, the key generation result is rejected, and the key generation is carried out on the current data block fingerprint again.
According to the invention, the ownership certification of the data block based on the hardware security zone, namely, an ownership certification mechanism based on a Merkel tree with high calculation cost is replaced by the hardware security zone technology, so that the ownership certification performance is obviously improved, and the safety of repeated data deletion of the client can be effectively guaranteed. The technology comprises the following steps:
step S301: the client initiates remote attestation to the cloud storage server, and verifies correctness of the running ownership attestation security zone. Meanwhile, the ownership proof security zone performs key agreement based on a designated elliptic curve (such as NIST P-256 elliptic curve), and generates an ownership proof signature key K P (held by both the cloud storage server and the proof of ownership security zone, the client program cannot obtain).
Step S302: and the client inputs the encrypted ciphertext block content C into the ownership proof safety area through a preset safety area calling interface.
Step S303: ownership proof secure region computing input ciphertext block C fingerprint FP C And corresponding CMAC message authentication code CMAC C (based on the signing Key K) P ) And the result (including FP) C And CMAC C ) And returning to the client program.
Step S304: client side connects FP C And CMAC C Sending the data to a cloud storage server, and receiving the data by the cloud storage server according to the FP C And a signing key K P Recalculating message authentication code CMAC' C And is combined with CMAC C And (6) carrying out comparison. If the comparison is successful, the ownership of the data block is credible, and if the comparison is failed, the client is considered to be illegal, and the service is stopped being provided for the client.
To further ease the burden of online encryption/decryption of the key generation secure zone. In the present embodiment, the encryption/decryption mask for the AES CTR mode is generated offline under the no-load condition based on the speculative encryption of Intel SGX (refer to documents v.eidardo, l.c.e.de Bona, and w.m.n.zola.speculative encryption on gpu applied to cryptographic file systems in proc.of useix FAST, 2019), and the specific implementation process is as follows:
step (1): if the client is started for the first time, the encryption Nonce theta (any non-repeated random number value used only once) is randomly selected, and the counter I is set to be 0. If the client is not started for the first time (the old Nonce θ and the counter I are locally stored), the encryption/decryption operation is performed by using the existing Nonce θ and the counter I.
Step (2): the client uses K for the Nonce theta and the counter I k Encrypting to obtain theta c And I c And calculates the corresponding message authentication code. Theta obtained by encryption c And I c And corresponding message authentication code HMAC θ||I To the key manager.
And (3): theta received by the key manager c And I c And corresponding message authentication code HMAC θ||I Delivered to the key generation secure area through a pre-configured interface (Ecall).
And (4): key generation secure area verification message authentication code HMAC θ||I Correct post decryption of theta c And I c And obtaining a plaintext Nonce theta and a counter I. The query Nonce list checks the states of θ and I, and is divided into the following three states:
case 1: if θ is repeated and I =0, indicating that the Nonce has been used by other users, the notification key manager sends a notification asking the client to reselect a new Nonce.
Case 2: if θ is repeated and I ≠ 0, it indicates that the encryption Nonce has been stored, flags it if the encryption mask corresponding to this Nonce has been precomputed (available), and informs the key manager that the client is required to start performing key generation.
Case 3: if θ is nonrepeating (no saved Nonce is the same as the Nonce), then the Nonce θ is added to the Nonce list and informs the key manager to ask the client to start performing key generation.
And (5): when the key manager is idle (no client connection), and since the last offline computation of the encryption/decryption mask, a partial mask is used or K k When updating, the key manager informs the key generation safety area through Ecall to carry out off-line encryption and decryption mask calculation.
And (6): the key generation secure area checks the Nonce list, calculates a future available encryption/decryption mask for a most recently used Nonce, and stores the calculated encryption/decryption mask in a mask storage area inside the key generation secure area.
And carrying out XOR operation on the encryption and decryption mask and the data needing encryption/decryption operation to obtain corresponding ciphertext/plaintext. The encryption and decryption masks are used, so that the online (instant) encryption and decryption operation can be simplified into the exclusive OR operation, and the efficiency is greatly improved.
Each encryption and decryption mask is 16 bytes (block size for AES256 encryption), so generation of each key requires the use of 4 encryption and decryption masks. Two of which are used to decrypt the block fingerprint C (FP) M ) (SHA 256 Hash, 32 bytes, block size for two AES256 encryptions) two data Block keys K generated for encryption FP (SHA 256 hash result of data chunk fingerprint and global secret, 32 bytes, size of two AES256 encrypted chunk sizes). The off-line calculated encryption and decryption mask is stored in a key generation safety area, and information such as offset stored by the mask is added into a record of a corresponding Nonce in a Nonce list, so that the key generation is convenient to use.
And (7): client sends C (FP) to key manager M ) And HMAC FP Key generation is started (see key technology 2, step S2).
Step S8: the key generation secure area checks whether the Nonce used by the client has an encryption/decryption mask generated earlier, and if so, the encryption/decryption mask is used for direct calculation, and if not, the key generation operation is performed after the encryption/decryption mask is calculated online (see steps S201 to S206).
Examples
In this embodiment, the hardware security area adopts an Intel SGX security area, a corresponding deduplication system is called SGXDedup, a system structure diagram of the system is shown in fig. 1, and the system structure diagram includes a key manager, a client and a cloud storage server, and a specific work flow for implementing efficient encryption deduplication is as follows:
step 1: the cloud storage server distributes the key to generate a dynamic operation library of the security zone to the key manager, and distributes an ownership certification dynamic operation library of the security zone to the client.
Step 2: the key manager remotely proves and verifies the key generation safety area to the cloud storage serverAfter that, key regression timing is respectively started through the cloud storage server, and the latest blinded key K is derived k
And step 3: the client-side carries out remote certification to the cloud storage server, and the validity of the held ownership certification security zone is verified.
And 4, step 4: if the verification in the step 3 is passed, the client downloads the latest blinded key state S [ i ] from the cloud storage server]And downloading from the key manager the key state version information accepted by the current key generation secure zone, by Sj]=H i -j+1 (S[i]) Deriving applicable key states, then passing K k [j]=H(S[j]||(0) 8 ) Calculating to obtain a blinded secret key K for secret key generation k
And 5: client computing fingerprint FP on data block M And by blinding the secret key K k Encrypting and generating a message authentication code, and comparing the result (C (FP) M ) And HMAC FP ) To the key manager.
Step 6: the key manager calls a key generation safety area through Ecall to generate a corresponding key and a message authentication code, and the result (C (K) FP ) And HMAC K ) And sending the data to the corresponding client.
And 7: client side uses obtained data block encryption key K FP Encrypting the data block, calling the ownership proof safety area of the encrypted ciphertext block C through Ecall to obtain the fingerprint of the current ciphertext block and corresponding proof information (including FP) C And CMAC C )。
And 8: the client sends the data block Fingerprints (FP) and corresponding certification information (Sig) to the cloud storage server, the cloud storage server verifies the certification information, after the client is determined to actually possess the data block, the fingerprint of the client is used for inquiring the repeated data deletion index, and the result is returned to the client.
And step 9: and the client determines whether to send the data block to the cloud storage server or not according to a result returned by the cloud storage server (if the cloud storage server exists, the data block is not sent, otherwise, the data block is sent to the cloud storage server).
The data de-duplication system of the present embodiment is compared with the existing data de-duplication system to further verify the validity of the present invention.
For the blind key management technique adopted in the present invention, fig. 2 (a) shows a relationship between the delay of the first key update operation and the key regression parameter (the maximum value of the tolerable number of key updates), and the delays of the key generation secure area and the cloud storage server increase with the increase of the key regression parameter, because a larger key regression parameter means that more hash calculations are required to perform key update. Because the SGX secure zone is less capable of handling intensive computing, the key update latency of the secure zone is approximately 1.22-1.56 times higher than that of the cloud storage server. FIG. 2 (b) shows the delay of each rekeying operation, with the key regression parameter fixed at 2 20 . The rekeying delay decreases as more rekeying operations are performed, since each rekeying operation reduces the overhead of one hash computation in the next rekeying operation. On average, the key updating delay of the key security zone is 0.040s, while the key updating delay of the cloud storage server is about 0.027s, which means that the key updating overhead is limited and has practical value.
Aiming at the key generation technology based on Intel SGX (based on a hardware security area) and the speculative encryption compatible with the Intel SGX, the encryption scheme considering the comparison comprises the following steps:
1) Server assisted key generation (OPRF-BLS) under the OPRF protocol based on Blind-BLS, data blinding is performed using BLS (cryptocurrency signature algorithm), wherein specific implementation processes of OPRF-BLS can be found in documents of f.armknecht, j.
2) Server assisted MLE key generation (OPRF-RSA) under the OPRF protocol based on Blind-RSA, using RSA for data blinding, wherein the specific implementation process of OPRF-RSA can be referred to in documents m.bellaree, s.keelevedhi, and t.ristenbart.duplex: server-aid encryption for reduced storage. In process.of useenix Security, 2013.
3) Minimum hash Encryption (MinHash Encryption), wherein the minimum hash value of all data blocks in a data segment (the average size of each data segment is configured to be 1 MB) is used as an Encryption key of all data blocks in the data segment; the bottom layer uses server assisted MLE key generation under the Blind-RSA based OPRF protocol. For specific implementation of MinHash Encryption, reference is made to documents "C.Qin, J.Li, and P.P.C.Lee.the design and implementation of a reproducing-aware Encryption Storage system. ACM Transactions on Storage,13 (1): 9.
4) Adjustable encryption Technology (TED) [ see documents j.li, z.yang, y.ren, p.p.c.lee, and x.zhang. Balanced storage latency and data consistency with a structured encrypted reduction. In proc. Of ACM euros, 2020 ], CM-Sketch based data block frequency statistics techniques perform real-time frequency estimation on the repetitive data deletion system workload and balance storage efficiency and data confidentiality assurance by automated parameter configuration techniques to produce the same or different keys for the same data blocks (TED generates MLE keys for each data block based on Sketch-based frequency counting of short hash values of the data block).
5) The SGXDedup key generation without using the blinded key management technique (speculative encryption) of the present invention, the encryption/decryption operations in the key generation process are all calculated on-line.
6) And the SGXDedup key generation of the speculative encryption is used, and the encryption/decryption operation in the key generation process uses a pre-generated encryption/decryption mask.
In the comparison, whether the effect of a server-assisted MLE key generation technology based on an Intel SGX technology under the condition of an offline encryption and decryption mask calculation technology is used is evaluated relative to the effect of the existing scheme, a 2GB random file is used as client input for testing, and the client performs key generation operation after blocking data blocks with variable sizes. Fig. 3 shows the test results (all comparison schemes in the test are reproduced according to the original description), because the scheme provided by the invention avoids expensive Encryption primitives in the OPRF-BLS, OPRF-RSA and MinHash Encryption and the frequency statistics and optimization problem solving calculation in the TED, the SGX-based key generation technique provided by the invention is superior to all comparison methods. SGXDedup (SGX-1 st) without speculative encryption achieves 1,583 times and 131.9 times acceleration, respectively, compared to OPRF-BLS and OPRF-RSA. Compared with MinHash encryption and TED (both schemes sacrifice storage efficiency and security), the acceleration is 9.4 times and 3.7 times, respectively. In SGXDedup key generation using speculative encryption (SGX-2 nd, the scheme of the present invention), performance is improved by 67.8% compared to SGX-1st speed without speculative encryption.
The speculative encryption of the Intel SGX employed in the present invention is contrasted with the impact of whether speculative encryption techniques are used. FIG. 4 shows the extensibility of the key generation safe area in both cases of speculative encryption with and without Intel SGX. In both cases with or without the use of the speculative decryption technique, the overall key generation speed (the ratio of the overall key generation number to the overall key generation time of a plurality of simulation clients, each of which starts to make a key generation request at the same time and the total number of generation is the same) first increases with the number of simulation clients. At best performance, 8.5 x 10 is achieved for five and ten analog clients, respectively, without and with speculative encryption techniques 5 Key/s and 29 × 10 5 Key/s. After more than ten clients, the overall key generation speed decreases due to the increase in context switch overhead. On average, the overall key generation speed of speculative encryption is improved by a factor of 4.4.
Aiming at the data block ownership certification based on the hardware security zone adopted by the invention, the following two data block ownership certification schemes are compared and analyzed:
1) Based on the proof of ownership (POW-MT) of the Merkel Tree (Merkel Tree), the scheme encodes a data block using erasure codes, and establishes the Merkel Tree for proof of ownership on the basis of the encoding result, and the specific proof process may be referred to in documents j, xu, e.
2) Proof of ownership based on universal hash function (PoW-UH), which is based on universal hash but sacrifices security for performance, can be found in documents s.halevi, d.harnik, b.pinkas, and a.shulman-peleg.proofs of owership in remote storage systems in proc.of ACM CCS, 2011.
In evaluating the computational performance of proof of ownership, consider a proof of ownership test on a 2GB sized file. In the test, a client creates plaintext blocks from a file, encrypts each data block, calculates certification information for each data block, and then sends an ownership certification request to a cloud storage server. In this embodiment, the speed of ownership certification (excluding network transmission time) is measured according to the total calculation time of all data blocks by the client and the cloud storage server. The results of the tests are given in fig. 5 (the comparative protocols in the tests were reproduced as originally described). The scheme (SGXDedup in FIG. 5) of the invention avoids erasure code encoding and Merkel tree construction in the client and Merkel tree based verification in the cloud storage server, so the scheme is obviously superior to PoW-MT. It can achieve 8.2 times acceleration compared to PoW-MT. It also enables 2.2 times acceleration compared to PoW-UH while providing a higher security guarantee.
The performance comparison test is carried out from the whole body by combining the blinding key management technology, the speculative encryption, the off-line encryption and decryption mask calculation and the data block ownership proof based on the hardware safety zone, and the whole effect is verified. During verification, a Trickel (specifically, refer to the document M.A. Eriksen.Trickle for an A user land bandwidth folder for unix-like systems. In Proc. Of USENIX ATC, 2005) is used to control the upper limit of the network bandwidth, and the influence of different network bandwidths on the uploading and downloading performance is analyzed. In the benchmark system, a client executes blocking, data block fingerprint calculation, data de-duplication based on the client, and finally, uploading of all non-duplicated data blocks is executed. In order to download the file, the client sends a download request to the cloud storage server, and the cloud accesses the file metadata to retrieve the corresponding data blocks and returns the assembled file. The reference system and the encrypted repeated data deleting system have different two-time downloading modes. In the latter (encrypted deduplication system), the client first downloads and decrypts the file metadata, then downloads the data chunks and reconstructs the file after decryption. Fig. 6 shows a comparison of upload speeds for different network bandwidths. For the first uploading, when the network bandwidth is 1Gbps, the uploading speed of the SGXDedup (106.6 MB/s) and the reference system (106.2 MB/s) of the scheme of the invention is limited by the network speed. However, when the network bandwidth increases to 10Gbps (default), the upload speed of SGXDedup becomes 193.6MB/s, while the upload speed of the reference system reaches 242.0 MB/s. For the second uploading (uploading the same file, namely all data blocks are repeated data blocks; meanwhile, a key generation safety zone in a key generation part performs blinding processing by using an off-line calculated encryption and decryption mask), the uploading speed of the SGXDedup and the reference system of the invention is not influenced by network bandwidth. On average, the SGXDedup of the present invention results in a drop of about 14.5% and 21.5% in upload speed in the first and second uploads, respectively, compared to the baseline system. Compared with a plaintext data de-duplication system, the method has the advantages that strong safety guarantee is provided, and meanwhile performance loss is small. Fig. 7 shows the comparison result of the download speed. As network bandwidth increases to 10Gbps, SGXDedup reaches 323.1MB/s, which is a 44.1% drop compared to the baseline system. The reason is that the SGXDedup first retrieves and decrypts the file metadata, and then downloads the ciphertext block and decrypts to complete the file restoration.
In conclusion, the efficient server based on the Intel SGX assists the MLE key generation and the data block level ownership proof processing mode, the efficient data block key generation and the data block ownership proof supporting the client-side repeated data deletion can be realized, and the additional cost introduced by the application in practice is smaller and controllable compared with a plaintext repeated data deletion system.
While the invention has been described with reference to specific embodiments, any feature disclosed in this specification may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise; all of the disclosed features, or all of the method or process steps, may be combined in any combination, except mutually exclusive features and/or steps.

Claims (7)

1. An efficient encryption data de-duplication method based on a hardware security zone is characterized in that in an encryption data de-duplication system comprising a cloud storage server, a key manager and a client, the following steps are executed:
the method comprises the steps that firstly, a cloud storage server distributes a key with an additional signature to generate a security area dynamic operation library to a key manager, and distributes an ownership certification security area dynamic operation library to a client; the dynamic operation library of the key generation secure area comprises a global secret component Sub _ s of the cloud storage server C
Step two, the key manager creates a key generation safety zone through a key generation safety zone dynamic operation base, remotely proves the correctness of the key generation safety zone to the cloud storage server, if the key generation safety zone passes the verification, the key manager and the cloud storage server respectively and simultaneously start periodic key regression calculation, and the calculation derives the latest blinded key K based on the key regression technology k
Thirdly, the client establishes an ownership proof security zone through the ownership proof security zone dynamic operation library, accesses the cloud storage server to remotely proof the ownership proof security zone, and if the ownership proof security zone of the client passes the authentication, the ownership proof security zone of the client negotiates with the cloud storage server to obtain a shared key K P For generating and verifying the integrity of the data block fingerprint;
meanwhile, the client side obtains the latest blinded key state information through the cloud storage server, obtains the key state version information currently accepted by the key generation safety zone through the key manager, and obtains the blinded key K currently accepted by the key generation safety zone based on the key regression technology k
Step four, the client side based on the currently acquired blinding secret key K k Fingerprint FP for encrypting plaintext data block M to be uploaded M Obtaining the encrypted data block fingerprint C (FP) M ) And passing the blinded secret key K k Calculate C (FP) M ) The hash operation message authentication code HMAC FP (ii) a And mixing C (FP) M ) And HMAC FP Send to the key pipeThe processor requests an encryption key of the data block;
step five, the key manager calls the currently received C (FP) through a specified safe area call interface M ) And HMAC FP Transmitting to a key generation secure area;
key generation secure zone based on K k And HMAC FP Validating received C (FP) M ) If the correctness of the key is passed, the blinded key K is used k Decryption C (FP) M ) To obtain the fingerprint FP M And according to H (FP) M S) to get the fingerprint FP M Is encrypted by the encryption key K FP (ii) a If not, rejecting the key generation, and requiring the client to resend the key generation request; wherein the global secret s is: h (Sub _ s) C ||Sub_s K ),Sub_s K A global secret component representing a key manager, which is transferred to a key generation secure area through a designated secure area call interface, wherein H () represents a preset hash function;
key generation secure zone using blinded key K k Encryption K FP Obtain the cipher text key C (K) FP ) And calculates a corresponding signature HMAC K
Key generation secure area encrypted key C (K) through a designated secure area call interface FP ) And HMAC K Passing to the key manager, and returning C (K) to the client through the key manager FP ) And HMAC K
Step six, the client verifies the HMAC K If pass, then decrypt C (K) FP ) Obtaining an encryption key K FP (ii) a If not, the key generation request is carried out again;
client side uses encryption key K FP For fingerprint FP M Encrypting the corresponding data block M to obtain a ciphertext block C, calling an interface through a specified security region to access an ownership proof security region, and acquiring a fingerprint FP of the ciphertext block C C And its certification information CMAC C (ii) a And initiating an ownership certification request to a cloud storage server, wherein the request comprises a fingerprint FP C And certification information CMAC C
Step seven, the cloud storage server verifies the certification information CMAC C Determining that the current client has the certification information CMAC C After the corresponding data block, pass the fingerprint FP C Querying the repeated data deletion index, and returning the result to the client;
and step eight, the client uploads the data based on the returned result of the cloud storage server: if the fingerprint FP already exists in the cloud storage server C If yes, the ciphertext block C is not uploaded; otherwise, uploading the ciphertext block C to a cloud storage server.
2. The method of claim 1, wherein in step two, the latest blinding key K is derived based on a key regression technique k The method comprises the following specific steps:
the key generation safety zone and the cloud storage server use the same key regression scheme based on the Hash function, a common parameter N is set, and the ith state is calculated to be S [ i ] based on the blinded secret K]=H N-i+1 (K) Where the parameter N represents the maximum number of times the key regression is performed.
3. The method according to claim 2, wherein in step three, the client obtains the blinding key K currently accepted by the key generation security zone based on a key regression technique k The method specifically comprises the following steps:
client downloads current latest blinded key state Si from cloud storage server](ii) a Then obtaining the current version number j of the blinded key accepted by the key generation safety zone from the key manager, and according to Sj]=H i-j+1 (S[i]) Deriving blinded key states Sj for key generation security zone acceptance];
Then according to K k [j]=H(S[j]||(0) 8 ) Calculating a blinded key K for key generation k [j]A 1 is prepared by k [j]Blinding key K currently accepted as key generation security zone k Wherein (0) 8 Representing a string of binary zeros with a bit number of 8.
4. The method of claim 1, wherein in step five, the received C (K) is verified FP ) The correctness of (1) is specifically: key generation systemAll zone adopts K k Recalculating C (FP) M ) The hash calculation message authentication code of (2), is denoted as HMAC' FP And with the received HMAC FP Comparing, and if the two are the same, passing the verification; otherwise, the verification fails.
5. The method of claim 1, wherein in step six, the client calls the proof of ownership security zone to obtain the fingerprint FP of the ciphertext block C C And its certification information CMAC C The method specifically comprises the following steps:
when the client is started, remote certification is initiated to the cloud storage server, and the correctness of an ownership certification security zone held and operated by the client is verified;
if the ownership certificate passes the key agreement, the ownership certificate security zone performs key agreement with the cloud storage server based on the designated elliptic curve to generate an ownership certificate signature key K P
The client transfers the ciphertext block C to an ownership proof security zone through a designated security zone call interface;
fingerprint FP of ownership proof secure area calculation ciphertext block C C And CMAC message authentication code CMAC thereof C And apply the fingerprint FP C And CMAC C And returning the data to the client.
6. The method of claim 5, wherein in step seven, the cloud storage server verifies the attestation information CMAC C The method comprises the following specific steps: cloud storage Server according to FP C And a signing key K P Recalculating message authentication code CMAC' C And with the received CMAC C Comparing, and if the ownership is the same, the ownership is verified; otherwise it does not pass.
7. The method of claim 1, wherein, in the absence of load, the encryption/decryption operation is performed in an off-line manner, and the specific processing procedure is as follows:
(1) If the client is started for the first time, randomly selecting an encryption Nonce, recording the encryption Nonce as theta, and setting a count value I of a counter to be 0; if the client is not started for the first time, the encryption/decryption operation is carried out by adopting the existing Nonce and the count value I;
(2) Client side adopts blinded secret key K k Respectively encrypting theta and I to obtain theta c And I c And calculating Hash operation message authentication code HMAC of theta and I θ||I (ii) a And will theta c And I c And a message authentication code HMAC θ||I Sending to a key manager;
(3) The key manager will receive theta c And I c And a message authentication code HMAC θ||I Transferring to a key generation safety area through a designated safety area calling interface;
(4) And the key generation safety zone verifies that the message authentication code is correct and then decrypts to obtain theta and I, queries a Nonce list to obtain the states of the theta and I, and performs different processing as follows:
if theta is repeated and I =0 indicates that the current Nonce is already used by other users, the notification key manager sends a notification to request the client to reselect a new Nonce;
if theta is repeated and I is not equal to 0, the current Nonce is stored, if the encryption mask corresponding to the Nonce is pre-calculated, the token is marked, and a key manager is informed to require a client to start executing key generation, namely, an encryption key generation request is initiated;
if theta is not repeated, adding theta into the Nonce list, and informing a key manager to require the client to start executing key generation;
(5) When the key manager is idle, and after the encryption/decryption mask is computed offline from the last time, a partial mask is used or K k When updating, the key manager informs the key generation safe area to carry out off-line encryption and decryption mask calculation through a specified safe area calling interface;
(6) A key generation secure area check Nonce list, calculating a future available encryption/decryption mask for a most recently used Nonce, and storing the calculated encryption/decryption mask in a mask storage area inside the key generation secure area;
(7) Client side to C (FP) M ) And HMAC FP Sending an encryption key for the requested data block to the key manager;
(8) And the key generation safety area checks whether the Nonce used by the client has a marked pre-generated encryption and decryption mask, if so, the encryption and decryption mask is used for direct calculation, and if not, the encryption and decryption mask is calculated on line and then key generation operation is carried out.
CN202110136154.3A 2021-02-01 2021-02-01 Efficient encryption repeated data deleting method based on hardware security zone Active CN112947855B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110136154.3A CN112947855B (en) 2021-02-01 2021-02-01 Efficient encryption repeated data deleting method based on hardware security zone

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110136154.3A CN112947855B (en) 2021-02-01 2021-02-01 Efficient encryption repeated data deleting method based on hardware security zone

Publications (2)

Publication Number Publication Date
CN112947855A CN112947855A (en) 2021-06-11
CN112947855B true CN112947855B (en) 2022-10-14

Family

ID=76240647

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110136154.3A Active CN112947855B (en) 2021-02-01 2021-02-01 Efficient encryption repeated data deleting method based on hardware security zone

Country Status (1)

Country Link
CN (1) CN112947855B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105141602A (en) * 2015-08-18 2015-12-09 西安电子科技大学 File ownership proof method based on convergence encryption
CN110213042A (en) * 2019-05-09 2019-09-06 电子科技大学 A kind of cloud data duplicate removal method based on no certification agency re-encryption

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9571287B2 (en) * 2014-09-16 2017-02-14 Netapp, Inc. Secure proofs of storage for deduplication
US10277395B2 (en) * 2017-05-19 2019-04-30 International Business Machines Corporation Cryptographic key-generation with application to data deduplication

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105141602A (en) * 2015-08-18 2015-12-09 西安电子科技大学 File ownership proof method based on convergence encryption
CN110213042A (en) * 2019-05-09 2019-09-06 电子科技大学 A kind of cloud data duplicate removal method based on no certification agency re-encryption

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
CSED: Client-Side encrypted deduplication scheme based on proofs of ownership for cloud storage;ShanshanLi等;《Journal of Information Security and Applications》;20190630;第46卷;第250-258页 *
Rekeying for Encrypted Deduplication Storage;Jingwei Li等;《2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)》;20161003;第618-629页 *
客户端加密重复数据删除机制的研究;张明月;《中国优秀硕士学位论文全文数据库 信息科技辑》;20160331;I138-248 *
数据安全重删***与关键技术研究;李经纬等;《信息安全研究》;20151231;第1卷(第3期);第245-252页 *

Also Published As

Publication number Publication date
CN112947855A (en) 2021-06-11

Similar Documents

Publication Publication Date Title
CN108768978B (en) SGX-based remote storage service method and system
Puzio et al. ClouDedup: Secure deduplication with encrypted data for cloud storage
Kaaniche et al. A secure client side deduplication scheme in cloud storage environments
Li et al. Rekeying for encrypted deduplication storage
US8462955B2 (en) Key protectors based on online keys
US20140006806A1 (en) Effective data protection for mobile devices
JP2022501971A (en) Methods for key management, user devices, management devices, storage media and computer program products
US20210143986A1 (en) Method for securely sharing data under certain conditions on a distributed ledger
KR102656403B1 (en) Generate keys for use in secure communications
US11444761B2 (en) Data protection and recovery systems and methods
CN110362984B (en) Method and device for operating service system by multiple devices
CN111277572A (en) Cloud storage safety duplicate removal method and device, computer equipment and storage medium
CN110519222B (en) External network access identity authentication method and system based on disposable asymmetric key pair and key fob
Dauterman et al. {SafetyPin}: Encrypted backups with {Human-Memorable} secrets
Mishra et al. MPoWS: Merged proof of ownership and storage for block level deduplication in cloud storage
US11216571B2 (en) Credentialed encryption
CN109412788B (en) Anti-quantum computing agent cloud storage security control method and system based on public key pool
CN112947855B (en) Efficient encryption repeated data deleting method based on hardware security zone
CN115828290A (en) Encryption and decryption method and device based on distributed object storage
KR102539418B1 (en) Apparatus and method for mutual authentication based on physical unclonable function
CN113656818A (en) No-trusted third party cloud storage ciphertext duplication removing method and system meeting semantic security
Ren et al. Limited times of data access based on SGX in cloud storage
Patil et al. Efficient privacy preserving and dynamic public auditing for storage cloud
Bacis et al. Mix&slice for Efficient Access Revocation on Outsourced Data
Aziz et al. Assured data deletion in cloud computing: security analysis and requirements

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant