计算机科学与探索 ›› 2013, Vol. 7 ›› Issue (12): 1093-1103.DOI: 10.3778/j.issn.1673-9418.1212009

• 学术研究 • 上一篇    下一篇

云存储中的用户数据安全

张  婧1+,陈克非2,3,吕  林2,郭  捷1   

  1. 1. 上海交通大学 信息安全工程学院,上海 200240
    2. 上海交通大学 计算机科学与工程系,上海 200240
    3. 可扩展计算与系统上海市重点实验室,上海 200240
  • 出版日期:2013-12-01 发布日期:2013-12-03

User Data Security in Cloud Storage Service

ZHANG Jing1+, CHEN Kefei2,3, LV Lin2, GUO Jie1   

  1. 1. School of Information Security Engineering, Shanghai Jiao Tong University, Shanghai 200240, China
    2. Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai 200240, China
    3. Shanghai Key Laboratory of Scalable Computing and System, Shanghai 200240, China
  • Online:2013-12-01 Published:2013-12-03

摘要: 详细分析了目前主流的云服务提供商各自的运行机制、关键技术、安全措施等,从中提取出云中安全需求。提出了一个结合属性加密、可回取证明、代理重加密等技术的云数据安全框架,从保密性、完整性、可用性三个方面保障了云端数据的安全,并由此实现了一个基于云存储服务的安全搜索引擎,使用细粒度的访问控制保证非授权的摘要、关键字等信息不会被泄露,同时仍保持较为高效的数据检索服务。

关键词: 安全搜索引擎, 云存储, 属性加密(ABE), 代理重加密, 可回取证明

Abstract: This paper analyzes the major cloud service providers’ key technology and security mechanism to extract the security requirement of current popular cloud services. And based on this analysis, this paper proposes a security framework which integrates cryptography algorithms as attribute-based encryption (ABE), proof of retrievability and proxy re-encryption to ensure the confidentiality, integrity, availability of cloud data. Furthermore, this paper implements a prototype of cloud storage service based efficient search system which employs ABE for fine-grained access control to protect unauthorized users’ access to sensitive file information (abstract, keywords) during search process and at the same time keeps the efficiency.

Key words: secure search engine, cloud storage service, attribute-based encryption (ABE), proxy re-encryption, proof of retrievability