首页 | 本学科首页   官方微博 | 高级检索  
     

云存储中基于可信平台模块的密钥使用次数管理方法
引用本文:王丽娜, 任正伟, 董永峰, 余荣威, 邓入弋. 云存储中基于可信平台模块的密钥使用次数管理方法[J]. 计算机研究与发展, 2013, 50(8): 1628-1636.
作者姓名:王丽娜  任正伟  董永峰  余荣威  邓入弋
作者单位:1(空天信息安全与可信计算教育部重点实验室(武汉大学) 武汉 430072) 2(武汉大学计算机学院 武汉 430072) (lnawang@163.com)
基金项目:高等学校博士学科点专项科研基金优先发展领域项目,国家自然科学基金项目,湖北省自然科学基金项目,武汉市科技攻关计划项目,信息网络安全公安部重点实验室开放基金项目
摘    要:为保护云存储中数据的机密性并控制密钥的使用次数,提出了一种基于可信平台模块的密钥使用次数管理方法.首先,通过基于密文策略的属性加密算法对密钥加密,使得只有满足一定属性的指定用户能够解密密钥.然后在本地将密钥与可信平台模块绑定,保证密钥的安全存储,并利用可信平台模块的物理单调计数器为每一个密钥生成一个虚拟的单调计数器.其次,通过比较单调递增的计数器值和预定的密钥使用次数值,判断密钥是应被删除还是能继续使用,从而控制密钥的使用次数.最后,利用可信平台模块的防物理篡改功能、计数器的单调性和数字摘要防止攻击者对硬盘数据进行重放攻击.实验结果表明,所提出的方案性能开销小,能够安全有效地存储和保护密钥,达到密钥使用次数受限制的目的.

关 键 词:云存储  可信平台模块  密钥管理  基于密文策略的属性加密  单调计数器

A Management Approach to Key-Used Times Based on Trusted Platform Module in Cloud Storage
Wang Lina, Ren Zhengwei, Dong Yongfeng, Yu Rongwei, Deng Ruyi. A Management Approach to Key-Used Times Based on Trusted Platform Module in Cloud Storage[J]. Journal of Computer Research and Development, 2013, 50(8): 1628-1636.
Authors:Wang Lina    Ren Zhengwei    Dong Yongfeng    Yu Rongwei    Deng Ruyi
Affiliation:1(Key Laboratory of Aerospace Information Security and Trusted Computing(Wuhan University), Ministry of Education, Wuhan 430072) 2(School of Computer, Wuhan University, Wuhan 430072)
Abstract:A management approach to key used times based on trusted platform module (TPM) is proposed to protect the confidentiality of data in cloud storage and control the key-used times. Firstly, the data is encrypted by a symmetric encryption scheme using a data encryption key (DEK). And then DEK is encrypted by the ciphertext-policy attribute-based encryption (CP-ABE) scheme to control the access of DEK. Only those whose attributes satisfy the access control tree adopted by CP-ABE can decrypt and access DEK. Then DEK will be stored securely by binding the key and the TPM with a digital signature locally. The physical monotonic counter of the TPM is utilized to generate virtual monotonic counter (VMC) for each DEK. Secondly, comparing the monotonically increased value of VMC and the pre-set times that DEK can be used, DEK is judged to be deleted or to be used unceasingly so that the used times of DEK is controlled. Finally, the replay attack of the hard disk is prevented by the anti-physical tampering functionality of TPM, monotonicity of the counter, and digital signature. The experiment results show that the performance cost is low and the proposed scheme can securely store and effectively protect DEK, thus achieving the goal that the times of DEK can be used is limited.
Keywords:cloud storage  trusted platform module  key management  ciphertext-policy-based attribute encryption  monotonic counter
本文献已被 万方数据 等数据库收录!
点击此处可从《计算机研究与发展》浏览原始摘要信息
点击此处可从《计算机研究与发展》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号