Threshold Secret Sharing Scheme Based on Multidimensional Sphere for Cloud Storage
Author:
Affiliation:

Fund Project:

National Natural Science Foundation of China (61402097, 61572123, 61225012, 71325002); Fundamental Research Funds for the Central Universities of China (N130417005)

  • Article
  • | |
  • Metrics
  • |
  • Reference [46]
  • |
  • Related [20]
  • | | |
  • Comments
    Abstract:

    Cloud storage is a model of data storage where the digital data is stored in logical pools to share "data as a service (DaaS)" for cloud users. However, users have no absolute control of cloud data, and as a result, they are more and more concerned about cloud data security especially for confidential data. This paper focuses on how to protect confidential data on cloud, and presents a (k,n) threshold secret sharing scheme based on m-sphere principle. Distribution algorithms are designed based on features of dealer's information and cloud storage containers' identifications. Secret is transformed into an m-sphere central coordinates, and then into n shadow coordinates which are placed on the m-sphere surface and distributed into n cloud storage containers. Secret reconstruction algorithms are also designed along with a proof that any k (k=m+1) linear irreverent m-coordinates can reconstruct a unique m-sphere center. Simulations and analysis validate the proposed scheme can tolerate fake shadow attacks and collusion attacks, and cloud users have absolute control on secret key which needs no more management cost from cloud services. Performance analysis proves that the scheme can improves cloud users' control on cloud data, and it is correct and efficient on computation performance and storageproperty.

    Reference
    [1] Lin C, Su WB, Meng K, Liu Q, Liu WD. Cloud computing security:Architecture, mechanism and modeling. Chinese Journal of Computers, 2013,36(9):1765-1784(in Chinese with English abstract). http://cjc.ict.ac.cn/qwjs/view.asp?id=3917[doi:10.3724/SP. J.1016.2013.01765]
    [2] Tan S, Jia Y, Han WH. Research and development of provable data integrity in cloud storage. Chinese Journal of Computers, 2014, 37(32):1-16(in Chinese with English abstract). http://cjc.ict.ac.cn/online/bfpub/tshang-2014821165322.pdf[doi:10.3724/SP.J. 1016.2015.00164]
    [3] SNIA. Cloud data management interface (CDMITM). Version 1.1.0, 2014. http://www.snia.org/cdmi
    [4] EMC (twinstrata). 2014. http://www.twinstrata.com/
    [5] http://blogs.idc.com/ie/?p=730
    [6] Data breach investigations report. 2014. http://www.verizonenterprise.com/
    [7] Subashini S, Kavitha V. A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 2011,34(1):1-11.[doi:10.1016/j.jnca.2010.07.006]
    [8] Tse DWK, Chen DQ, Liu QS, Wang F, Wei ZY. Emerging issues in cloud storage security:Encryption, key management, data redundancy, trust mechanism. In:Proc. of the Int'l Conf. of Multidisciplinary Social Networks Research (MISNC 2014). CCIS 473, Springer-Verlag, 2014. 297-310.[doi:10.1007/978-3-662-45071-0_24]
    [9] Lin H, Tzeng W. A secure erasure code-based cloud storage system with secure data forwarding. IEEE Trans. on Parallel and Distributed Systems, 2012,23(6):995-1003.[doi:10.1109/TPDS.2011.252]
    [10] Abu-Libdeh H, Princehouse L, Weatherspoon H. RACS:A case for cloud storage diversity. In:Proc. of the 1st ACM Symp. on Cloud Computing (SoCC 2010). ACM Press, 2010. 1-12.[doi:10.1145/1807128.1807165]
    [11] Rabin MO. Efficient dispersal of information for security, load balancing, and fault tolerance. Journal of the ACM, 1989,36(2):335-348.[doi:10.1145/62044.62050]
    [12] Bowers KD, Juels A, Oprea A. HAIL:A high-availability and integrity layer for cloud storage. In:Proc. of the 16th ACM Conf. on Computer and Communications Security (CCS 2009). ACM Press, 2009. 187-198.[doi:10.1145/1653662.1653686]
    [13] Resch JK, Plank JS. AONT-RS:Blending security and performance in dispersed storage systems. In:Proc. of the 9th USENIX Conf. on File and Storage Technologies (FAST 2011). San Jose, 2011. 191-202. http://static.usenix.org/legacy/events/fast11/tech/full_papers/Resch.pdf
    [14] Xiong H, Zhang X, Yao D, Wu X, Wen Y. Towards end-to-end secure content storage and delivery with public cloud. In:Proc. of the 2nd ACM Conf. on Data and Application Security and Privacy. ACM Press, 2012. 257-266.[doi:10.1145/2133601.2133633]
    [15] Kikuchi H, Itoh K, Ushida M, Yamaoka Y, Oikawa T. Secret sharing scheme with efficient keyword search for cloud storage. In:Proc. of the 9th Asia Joint Conf. on Information Security. IEEE Press, 2014. 164-169.[doi:10.1109/AsiaJCIS.2014.33]
    [16] Alsolami F, Boult T. CloudStash:Using secret-sharing scheme to secure data, not keys, in multi-clouds. In:Proc. of the 11th Int'l Conf. on Information Technology:New Generations (ITNG 2014). IEEE Press, 2014. 315-320.[doi:10.1109/ITNG.2014.119]
    [17] Fu YX, Luo SM, Shu JW. Survey of secure cloud storage system and key technologies. Journal of Computer Research and Development, 2013,50(1):136-145(in Chinese with English abstract). http://crad.ict.ac.cn/CN/Y2013/V50/I1/136
    [18] Grossman RL, Gu Y, Sabala M, Zhang WZ. Compute and storage clouds using wide are high performance networks. Future Generation Computer Systems, 2009,25(2):179-183.[doi:10.1016/j.future.2008.07.009]
    [19] Cao N, Wang C, Li M, Ren K, Lou W. Privacy-Preserving multi-keyword ranked search over encrypted cloud data. IEEE Trans. on Parallel and Distributed Systems, 2014,25(1):222-233.[doi:10.1109/TPDS.2013.45]
    [20] Zhang XY, Liu C, Nepal S, Pandey S, Chen JJ. A privacy leakage upper bound constraint-based approach for cost-effective privacy preserving of intermediate data sets in cloud. IEEE Trans. on Parallel and Distributed Systems, 2013,24(6):1192-1202.[doi:10.1109/TPDS.2012.238]
    [21] Roy I, Setty STV, Kilzer A, Shmatikov V, Witchel E. Airavat:Security and privacy for mapreduce. In:Proc. of the 7th USENIX Conf. on Networked Systems Design and Implementation (NSDI 2010). ACM Press, 2010. 20. https://www.usenix.org/legacy/event/nsdi10/tech/full_papers/roy.pdf
    [22] Puttaswamy KPN, Kruegel C, Zhao BY. Silverline:Toward data confidentiality in storage-intensive cloud applications. In:Proc. of the 2nd ACM Symp. on Cloud Computing (SoCC 2011). ACM Press, 2011. 1-13.[doi:10.1145/2038916.2038926]
    [23] Bessani A, Correia M, Quaresma B, André F, Sousa P. DepSky:Dependable and secure storage in a cloud-of-clouds. In:Proc. of the 6th Conf. on Computer Systems. ACM Press, 2011. 31-46.[doi:10.1145/1966445.1966449]
    [24] Cachin C, Haas R, Vukolic M. Dependable storage in the intercloud. IBM Research Report, 2010. http://domino.research.ibm.com/library/cyberdig.nsf/papers/630549C46339936C852577C200291E78/$File/rz3783.pdf
    [25] Chor B, Goldwasser S, Micali S, Awerbuch B. Verifiable secret sharing and achieving simultaneity in the presence of faults. In:Proc. of the Foundations of Computer Science. IEEE, 1985. 383-395.[doi:10.1109/SFCS.1985.64]
    [26] Pedersen TP. Non-Interactive and information-theoretic secure verifiable secret sharing. In:Proc. of the Advances in Cryptology-CRYPTO'91. Berlin, Heidelberg:Springer-Verlag, 1992. 129-140.[doi:10.1007/3-540-46766-1_9]
    [27] Gennaro R, Rabin MO, Rabin T. Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. In:Proc. of the 17th Annual ACM Symp. on Principles of Distributed Computing. ACM Press, 1998. 101-111. http://www.eecs.harvard.edu/~cat/cs/tlc/papers/grr.pdf
    [28] Herzberg A, Jarecki S, Hugo K, Yung M. Proactive secret sharing or:How to cope with perpetual leakage. In:Proc. of the 15th Annual Int'l Cryptology Conf. on Advances in Cryptology. Springer-Verlag, 1998. 339-352.[doi:10.1007/3-540-44750-4_27]
    [29] Tan ZH, Yang GM, Cheng W, Wang XW. Distributed secret sharing scheme based on personalized spherical coordinates space. Computer Science and Information Systems, 2013,10(3):1269-1291.[doi:10.2298/CSIS120801048T]
    [30] Harn L. Efficient sharing (broadcasting) of multiple secrets. IEEE Proc. of Computers and Digital Techniques, 1995,142(3):237-240.[doi:10.1049/ip-cdt:19951874]
    [31] Tang CM, Wu DO, Chronopoulos AT, Raghavendra CS. Efficient multi-party digital signature using adaptive secret sharing for low-power devices in wireless networks. IEEE Trans. on Wireless Communications, 2009,8(2):882-889.[doi:10.1109/TWC.2008. 071286]
    [32] Kamara S, Lauter K. Cryptographic cloud storage. In:Proc. of the Financial Cryptography and Data Security. LNCS 6054, Springer-Verlag, 2010. 136-149.[doi:10.1007/978-3-642-14992-4_13]
    [33] Popa RA, Lorch JR, Molnar D, Wang HJ, Zhuang L. Enabling security in cloud storage SLAs with CloudProof. In:Proc. of the USENIX ATC. ACM Press, 2011. 1-12. http://www.mit.edu/~ralucap/cloudproof.pdf
    [34] Kumbhare A, Simmhan Y, Prasanna V. Cryptonite:A secure and performant data repository on public clouds. In:Proc. of the 5th Int'l Conf. on Cloud Computing. IEEE Press, 2012. 510-517.[doi:10.1109/CLOUD.2012.109]
    [35] Alsolami F, Chow CE. N-Cloud:Improving performance and security in cloud storage. In:Proc. of IEEE the 14th Int'l Conf. on High Performance Switching and Routing (HPSR). IEEE Press, 2013. 221-222.[doi:10.1109/HPSR.2013.6602319]
    [36] Zissis D, Lekkas D. Addressing cloud computing security issues. Future Generation Computer Systems, 2012,28(3):583-592.[doi:10.1016/j.future.2010.12.006]
    [37] Shamir A. How to share a secret. Communications of the ACM, 1979,22(11):612-613.[doi:10.1145/359168.359176]
    [38] Blakley GR. Safeguarding cryptographic keys. In:Proc. of the National Computer Conf. 1979. 313-317. http://www.computer.org/csdl/proceedings/afips/1979/5087/00/50870313.pdf
    [39] Tompa M, Woll H. How to share a secret with cheaters. Journal of Cryptology, 1989,1(3):133-138.[doi:10.1007/BF02252871]
    [40] Björkqvist M, Cachin C, Haas R, Hu XY, Kurmus A, Pawlitzek R, Vukolić M. Design and implementation of a key-lifecycle management system. Lecture Notes in Computer Science, 2010,6052:160-174.[doi:10.1007/978-3-642-14577-3_14]
    [41] AlZain MA, Soh B, Pardede E. MCDB:Using multi-clouds to ensure security in cloud computing. In:Proc. of the 9th Int'l Conf. on Dependable, Autonomic and Secure Computing (DASC 2011). IEEE Press, 2011. 784-791.[doi:10.1109/DASC.2011.133]
    [42] Chervyakov NI, Babenko MG, Deryabin MA, Nazarov AS. Cryptanalysis of secret sharing schemes based on spherical spaces. In:Proc. of the 8th Int'l Conf. on Application of Information and Communication Technologies (AICT). IEEE Press, 2014. 1-5.[doi:10.1109/ICAICT.2014.7035900]
    附中文参考文献:
    [1] 林闯,苏文博,孟坤,刘渠,刘卫东.云计算安全:架构、机制与模型评价.计算机学报,2013,36(9):1765-1784. http://cjc.ict.ac.cn/qwjs/view.asp?id=3917[doi:10.3724/SP.J.1016.2013.01765]
    [2] 谭霜,贾焰,韩伟红.云存储中的数据完整性证明研究及进展.计算机学报,2014,37(32):1-16. http://cjc.ict.ac.cn/online/bfpub/tshang-2014821165322.pdf[doi:10.3724/SP.J.1016.2015.00164]
    [17] 傅颖勋,罗圣美,舒继武.安全云存储系统与关键技术综述.计算机研究与发展,2013,50(1):136-145. http://crad.ict.ac.cn/CN/Y2013/V50/I1/136
    Cited by
Get Citation

谭振华,杨广明,王兴伟,程维,宁婧宇.面向云存储的多维球面门限秘密共享方案.软件学报,2016,27(11):2912-2928

Copy
Share
Article Metrics
  • Abstract:3853
  • PDF: 6879
  • HTML: 1568
  • Cited by: 0
History
  • Received:November 06,2014
  • Revised:May 05,2015
  • Online: November 02,2016
You are the first2038061Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063