研究生: |
林煜宸 Yu-Chen Lin |
---|---|
論文名稱: |
應用於雲端分享之具期間限制的代理重加密方法 Period-restricted Proxy Re-encryption Schema for Data Sharing in Cloud |
指導教授: |
吳宗成
Tzong-Chen Wu |
口試委員: |
羅乃維
Nai-Wei Lo 查士朝 Shi-Cho Cha |
學位類別: |
碩士 Master |
系所名稱: |
管理學院 - 資訊管理系 Department of Information Management |
論文出版年: | 2020 |
畢業學年度: | 108 |
語文別: | 中文 |
論文頁數: | 46 |
中文關鍵詞: | 雲端資料分享 、代理重加密 、無憑證 、雙線性配對 、期間限制 |
外文關鍵詞: | Data Sharing in Cloud, Proxy Re-encryption, Certificateless, Bilinear Map, Period-restricted |
相關次數: | 點閱:220 下載:0 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
由於網路的發達,雲端運算在此基礎下漸漸成熟,許多中小企業與使用者紛紛拋棄硬體設備,轉而向雲端靠攏。然而在此半信任的環境下,資料擁有者失去了對資料的直接控制權,導致資訊安全風險增加,這時如何設計出一套有效率又安全的雲端分享系統,就是一個非常重要的課題。
許多學者提出利用公開金鑰加密來設計系統,但利用此原語(Primitives)來構造雲端資料分享方法,存在著用戶負擔過高、計算效率不佳及金鑰管理等問題。因此,我們以基於雙線性配對的無憑證公開金鑰加密系統結合代理重加密方法(Proxy re-encryption),設計一套安全且有效的雲端分享系統,以半信任的代理實現在不看見明文的情況下,將密文的解密權限由Alice轉換給Bob。同時在不需要證書及沒有第三方金鑰託管問題的情況下保障公鑰真實性,再透過期間限制讓資料擁有者即使離線依然可以註銷接收者權限,達成可延展性(Scalability)。總結上述所說,我們提出的方法不論是在安全性、執行效能及實作可行性都非常適合應用在雲端資料分享。
Due to the development of the Internet, cloud computing has gradually matured on this basis, many SMEs and users have abandoned hardware devices and turned to the cloud. However, in this semi-trusted environment, the data owner has lost direct control over the data, leading to increased security risks. Hence, how to sharing in cloud with efficient and secure way is a very important issue.
Many scholars have proposed plenty of methods designed by Public-key Cryptography, but use this primitive to construct data sharing in cloud mothed, may cause lots of problem such as poor efficiency and key management issue. Therefore, we use a certificateless public key cryptography based on bilinear pairing combined with proxy re-encryption to design a secure and effective method, using a semi-trusted proxy converts a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. At the same time, authenticity of the public key without certificate and key escrow issue, furthermore, because of period-restricted access control, data owner can revoke user even being offline which achieve scalability. To sum up, no matter what aspects such as security, efficiency and practical our method is very suitable for data sharing in cloud.
[1] S. S. Al-Riyami and K. G. Paterson, “Certificateless Public Key Cryptography,” Advances in Cryptology - ASIACRYPT 2003, Lecture Notes in Computer Science, pp. 452–473, 2003.
[2] M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “A View of Cloud Computing,” Communications of the ACM, vol. 53, no. 4, pp. 50–58, 2010.
[3] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage,” ACM Transactions on Information and System Security (TISSEC), vol. 9, no. 1, pp. 1–30, 2006.
[4] M. Blaze, G. Bleumer, and M. Strauss, “Divertible Protocols and Atomic Proxy Cryptography,” Lecture Notes in Computer Science Advances in Cryptology — EUROCRYPT98, pp. 127–144, 1998.
[5] D. Boneh, “The Decision Diffie-Hellman Problem,” Lecture Notes in Computer Science Algorithmic Number Theory, pp. 48–63, 1998.
[6] D. Boneh, “A Brief Look at Pairings Based Cryptography,” 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS07), 2007.
[7] D. Boneh and M. Franklin, “Identity-Based Encryption from the Weil Pairing,” Advances in Cryptology — CRYPTO 2001 Lecture Notes in Computer Science, pp. 213–229, 2001.
[8] A. W. Dent, “A Brief Introduction to Certificateless Encryption Schemes and Their Infrastructures,” Public Key Infrastructures, Services and Applications Lecture Notes in Computer Science, pp. 1–16, 2010.
[9] K. Emura, A. Miyaji, and K. Omote, “A Timed-release Proxy Re-encryption Scheme,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol. E94-A, no. 8, pp. 1682–1695, 2011.
[10] E. Fujisaki and T. Okamoto, “Secure Integration of Asymmetric and Symmetric Encryption Schemes,” Advances in Cryptology — CRYPTO’ 99 Lecture Notes in Computer Science, pp. 537–554, 1999.
[11] EJ. Goh, H. Shacham, N. Modadugu, and D. Boneh, “SiRiUS: Securing Remote Untrusted Storage,” in Network and Distributed System Security Symposium NDSS, Vol. 3, pp. 131-145, 2003.
[12] M. Green and G. Ateniese1, “Identity-Based Proxy Re-encryption,” 5th International Conference ACNS, pp. 288-306, 2007
[13] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, “Plutus: Scalable Secure File Sharing on Untrusted Storage,” in Proceedings of the USENIX Conference on File and Storage Technologies ( FAST), pp. 29-42, 2003.
[14] M. Li, S. Yu, Y. Zheng, K. Ren, and W. Lou, “Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption,” IEEE Transactions on Parallel and Distributed Systems, vol. 24, no. 1, pp. 131–143, 2013.
[15] Q. Liu, G. Wang, and J. Wu, “Time-based Proxy Re-encryption Scheme for Secure Data Sharing in a Cloud Environment,” Information Sciences, vol. 258, pp. 355–370, 2014.
[16] M. Mambo and E. Okamoto, “Proxy Cryptosystems: Delegation of the Power to Decrypt Ciphertexts,” IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences, pp. 54–63, 1997.
[17] P. M. Mell and T. Grance, “The NIST Definition of Cloud Computing,” 2011.
[18] K. Popović and Ž. Hocenski, "Cloud Computing Security Issues and Challenges," The 33rd International Convention MIPRO, Opatija, pp. 344-349 , 2010.
[19] K. Ren, C. Wang and Q. Wang, "Security Challenges for the Public Cloud," IEEE Internet Computing, vol. 16, no. 1, pp. 69-73, 2012.
[20] S. Sundareswaran, A. Squicciarini and D. Lin, "Ensuring Distributed Accountability for Data Sharing in the Cloud," IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 4, pp. 556-568, 2012.
[21] T. T. Thwin and S. Vasupongayya, “Blockchain-Based Access Control Model to Preserve Privacy for Personal Health Record Systems,” Security and Communication Networks, 2019.
[22] V. Vijayakumar, M. K. Priyan, G. Ushadevi, R. Varatharajan, G. Manogaran, and P. V. Tarare, “E-Health Cloud Security Using Timing Enabled Proxy Re-Encryption,” Mobile Networks and Applications, vol. 24, no. 3, pp. 1034–1045, 2018.
[23] L. Xu, X. Wu, and X. Zhang, “CL-PRE: A Certificateless Proxy Re-encryption Scheme for Secure Data Sharing with Public Cloud,” Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security - ASIACCS 12, 2012.
[24] Y. Yang and M. Ma, “Conjunctive Keyword Search with Designated Tester and Timing Enabled Proxy Re-encryption Function for E-health Clouds,” IEEE Transactions on Information Forensics and Security, pp. 746–759, 2015.