Key Storage Scheme for Cloud Computing Based on Key Matrix Derivation

Journal of Information Security Reserach ›› 2022, Vol. 8 ›› Issue (10): 1018-.

Key Storage Scheme for Cloud Computing Based on Key Matrix Derivation

Online:2022-10-25 Published:2022-10-24

基于密钥矩阵派生的云计算密钥存储方案

池亚平1,2莫崇维2王志强1梁家铭1薛德凡1

1(北京电子科技学院网络空间安全系北京100070)
2(西安电子科技大学通信工程学院西安710071)

通讯作者: 池亚平硕士，教授.主要研究方向为云计算安全、量子路由. chiyp_besti@163.com
作者简介:池亚平硕士，教授.主要研究方向为云计算安全、量子路由. chiyp_besti@163.com 莫崇维硕士.主要研究方向为软件定义网络、云计算安全. 719146463@qq.com 王志强博士，副教授.主要研究方向为网络攻防技术. wangzq@besti.edu.cn 梁家铭硕士研究生.主要研究方向为云计算安全. liangjm_3@126.com 薛德凡硕士研究生.主要研究方向为云计算安全. bjutxuedefan@163.com

Abstract

Abstract: Through the research and analysis of the existing key storage schemes and key update schemes, aiming at solving the problem of mass key storage and dynamic update in the cloud environment, a key storage management scheme derived from key matrix is designed. Among them, the key matrix derivation process, scalable key exchange protocol and key update scheme based on Chinese remainder theorem are mainly considered. In the scheme, the file encryption and decryption calculations are implemented on a private cloud, and the public cloud is responsible for providing the service of storing and querying ciphertext data. Through the matrix derivation method, the file encryption key is directly derived from the root key. Tenant only need to store and manage the key matrix configuration and the root key to dynamically generate the file encryption key. Finally, compared with the key storage scheme in relevant literature, as well as security analysis and performance analysis, the simulation experiment proved that this scheme could effectively reduce the overhead of key storage and computing and save the cost of key update in cloud environment.

Key words: cloud computing, key management, key derivation, key storage, key matrix

摘要： 通过对现有的密钥存储方案、密钥更新方案进行研究分析，针对云环境下海量密钥存储与用户动态密钥更新需求，设计了一种基于密钥矩阵派生的密钥存储管理方案.其中，主要考虑了密钥矩阵派生过程、可扩展的密钥交换协议以及基于中国剩余定理的密钥更新方案3个部分.方案将文件加解密计算设置在私有云上实施，公有云负责提供存储和查询密文数据的服务.通过矩阵派生方法，由根密钥直接派生文件加密密钥，用户只需存储管理密钥矩阵配置及根密钥即可动态生成文件加密密钥.最后通过实验验证，与相关文献的密钥存储方案进行对比，并进行安全性分析和性能分析，证明该方案可有效降低云环境下的密钥存储开销和计算开销，节省密钥更新成本.

关键词: 云计算, 密钥管理, 密钥派生, 密钥存储, 密钥矩阵

池亚平, 莫崇维, 王志强, 梁家铭, 薛德凡, . 基于密钥矩阵派生的云计算密钥存储方案[J]. 信息安全研究, 2022, 8(10): 1018-.

References

参考文献
［1］王勇, 徐衍龙, 刘强. 云计算安全模型与架构研究［J］. 信息安全研究, 2019, 5(4): 287292［2］Rakesh B, Lalitha K, Ismail M, et al. Distributed scheme to authenticate data storage security in cloud computing［J］. International Journal of Computer Science and Information Technology, 2017, 9(6): 5966［3］杨璐, 叶晓俊. 云服务环境下的密钥管理问题和挑战［J］.计算机科学, 2017, 44(3): 39［4］Barker E, Barker W, Burr W, et al. Recommendation for key management—part 1: General［EBOL］. 2007 ［20220920］. http:csrc.nist.govpublicationsnistpubs80057sp80057Part1revised2_Mar082007.pdf［5］Damiani E, Vimercati S D C D, Foresti S, et al. Key management for multiuser encrypted databases［C］ Proc of the 2005 ACM Workshop on Storage Security and Survivability (StorageSS 2005). New York: ACM, 2005: 7483［6］Xinyi Z, Ru Z, Fangyu W, et al. Research on the privacypreserving retrieval over ciphertext on cloud［C］ Proc of Int Conf on Information Communication & Management. Piscataway, NJ: IEEE, 2016: 100104［7］Vimercati S D C D, Foresti S, Jajodia S, et al. Overencryption: Management of access control evolution on outsourced data［C］ Proc of the 33rd Int Conf on Very Large Data Bases. University of Vienna. New York: ACM, 2007: 123134［8］Blundo C, Cimato S, Di Vimercati S D C, et al. Managing key hierarchies for access control enforcement: Heuristic approaches［J］. Computers & Security, 2010, 29(5): 533547［9］祝烈煌, 曹元大, 廖乐健. 基于状态密钥树的安全群组密钥分发协议［J］. 北京理工大学学报, 2006, 26(9): 805808［10］Cui Z, Zhu H, Chi L. Lightweight key management on sensitive data in the cloud［J］. Security and Communication Networks, 2013, 6(10): 12901299［11］Rajendran R, Miller E L, Long D D E. Horus: Finegrained encryptionbased security for high performance petascale storage*［C］ Proc of the 6th Workshop on Parallel Data Storage (PDSW’11). New York: ACM, 2011: 1924［12］王祥宇, 马建峰, 苗银宾. 基于密钥状态散列树的密钥存储管理方案［J］. 通信学报, 2018, 39(5): 98106［13］Wong C K, Gouda M, Lam S S. Secure group communications using key graphs［J］. IEEEACM Trans on Networking, 2002, 8(1): 1630［14］Zhang Q, Wang Y, Jue J P. A key management scheme for hierarchical access control in group communication［J］. International Journal of Network Security, 2008, 7(3): 323334［15］Kallahalla M, Riedel E, Swaminathan R, et al. Plutus: Scalable secure file sharing on untrusted storage［C］ Proc of USENIX Conf on File and Storage Technologies. Berkeley, CA: USENIX Association, 2003: 2942

[1]	. Design of Unified Password Service Platform Based on Cloud Architecture [J]. Journal of Information Security Reserach, 2021, 7(E1): 22-.
[2]	. NSFOCUS Cloud Security System Container, NCSSC [J]. Journal of Information Security Reserach, 2021, 7(E1): 26-.
[3]	. Kerberos Security Enhancements Based on Intel SGX [J]. Journal of Information Security Reserach, 2021, 7(4): 374-383.
[4]	. A Government Affairs Cloud Cryptography Application based on Cryptography Cloud [J]. Journal of Information Security Research, 2020, 6(9): 0-0.
[5]	. Security Enhancement Scheme of Hadoop KMS Based on SGX [J]. Journal of Information Security Research, 2019, 5(6): 514-520.
[6]	. An Adaptive Security Mechanism of CAN Bus in Vehicle [J]. Journal of Information Security Research, 2019, 5(12): 1076-1088.
[7]	. Application of Domestic Cryptographic in Rural Credit Cooperatives [J]. Journal of Information Security Research, 2019, 5(12): 1120-1123.
[8]	. Multi-Level Key Management Scheme for Multi-Level Removable Storage Devices [J]. Journal of Information Security Research, 2018, 4(4): 329-335.
[9]	. A Key Management Method and System of Symmetric Key [J]. Journal of Information Security Research, 2018, 4(1): 80-83.
[10]	. A Data Protection Method Based on Trusted Computing in Distributed Storage [J]. Journal of Information Security Research, 2017, 3(4): 339-343.
[11]	. Design and Implementation of Enterprise Cryptography Service Platform for Commercial Bank [J]. Journal of Information Security Research, 2017, 3(10): 0-0.
[12]	. Study on the CFL‘s Key Management [J]. Journal of Information Security Research, 2016, 2(7): 628-638.
[13]	. The Application of Cryptography Resource System in Cloud Computing [J]. Journal of Information Security Research, 2016, 2(6): 558-561.