The secure destruction of expired data is one of the important contents in the research of cloud storage security. Applying the attribute-based encryption (ABE) and the distributed hash table (DHT) technology to the process of data destruction, we propose a secure ciphertext self-destruction scheme with attribute-based encryption called SCSD. In SCSD scheme, the sensitive data is first encrypted under an access key and then the ciphertext shares are stored in the DHT network along with the attribute shares. Meanwhile, the rest of the sensitive data ciphertext and the shares of access key ciphertext constitute the encapsulated self-destruction object (EDO), which is stored in the cloud. When the sensitive data is expired, the nodes in DHT networks can automatically discard the ciphertext shares and the attribute shares, which can make the ciphertext and the access key unrecoverable. Thus, we realize secure ciphertext self-destruction. Compared with the current schemes, our SCSD scheme not only can support efficient data encryption and fine-grained access control in lifetime and secure self-destruction after expiry, but also can resist the traditional cryptanalysis attack as well as the Sybil attack in the DHT network.
Cloud storage has attracted much attention from both industry and academia for its low cost, flexible deployment, and strong extensibility in recent years. The cloud storage system is composed of massive storage resource on the Internet as well as the resource management and access control mechanism for the resource accessing transparency of users [
In the service model of cloud storage, data is outsourced to the storage server which performs as the third party. So, data is out of the control of data owner and the security of data highly depends on the server. Due to the dishonesty of cloud storage server, the data owner will first encrypt the original sensitive data and then outsource the ciphertext to the cloud in order to keep the confidentiality of data. The encryption key is kept by the data owner privately. However, even if the data is stored by cloud in the form of ciphertext, there are some security risks. For example, in order to improve the service reliability, the cloud may make several backups for the user’s data and distribute them to different storage servers [
In this paper, applying the attribute-based encryption and the distributed hash table (DHT) technology to the process of data destruction in the cloud storage environment, we propose a secure ciphertext self-destruction scheme with attribute-based encryption called SCSD. In SCSD scheme, the sensitive data is first encrypted under an access key, and then the access key is encrypted using an attribute-based encryption method. The ciphertext of sensitive data is extracted and transformed in order to get the ciphertext shares, which are stored in the DHT network along with the attribute shares. Meanwhile, the rest of the sensitive data ciphertext and the shares of access key ciphertext constitute the encapsulated self-destruction object (EDO), which is stored in the cloud. When the sensitive data is expired, the nodes in DHT networks can automatically discard the ciphertext shares and the attribute shares, which can make the ciphertext of sensitive data and the access key unrecoverable. Thus, we realize secure ciphertext self-destruction. Compared with the current schemes, our SCSD scheme can resist the traditional cryptanalysis attack as well as the Sybil attack in the DHT network.
The rest of the paper is organized as follows. In Section
In cloud storage system, some data is stored in the servers for a long time, which can be compromised by adversaries, because the data may be backed up by the cloud servers and these backups may still exist after the delete command of users. It is difficult to destruct all the backups in the cloud, and the following works are some attempts to achieve the secure destruction of data.
Perlman is the first to focus on the secure deletion of documents [
The above methods follow the idea of centralized solution, which has some limitations as follows. (
In order to solve the problem brought by the centralized destruction scheme, Geambasu et al. propose an interesting data self-destruction system called Vanish [
However, [
Therefore, a secure sensitive data self-destruction scheme, which supports efficient data encryption and key management, fine-grained access control in lifetime and secure self-destruction after expiry, and traditional cryptanalysis attack and Sybil attack resistance, is needed in the cloud storage environment.
Distributed hash table (DHT) [
The index of every document stored in the DHT network can be expressed as a pair of (
Every DHT network has the following three important characteristics, which is suitable for constructing data self-destruction scheme in cloud storage environment: Data availability: DHT network can provide reliable distributed storage capacity, which assures the availability of the data stored in the nodes of DHT network in the lifetime. This is the foundation of constructing data self-destruction scheme. Automatic data deletion in the nodes in DHT network: nodes in DHT network can automatically remove the old data in order to store the new data periodically. Thus, the data stored in the nodes will be destroyed automatically after expiry, which provides a mechanism for ciphertext self-destruction. Large-scaled and global distribution: for example, there are more than one million of active nodes in Vuze network simultaneously, and these nodes are distributed to more than 190 countries all over the world. These completely distributed nodes in DHT network can provide attack resistance capability for self-destruction scheme.
Attribute-based encryption (ABE), a typical public key cryptography, was firstly proposed by Sahai and Waters in 2005 [
Specifically, an authority firstly defines a threshold value
Threshold secret sharing scheme was first proposed by Shamir [
Generally, threshold secret sharing scheme can be achieved by using Lagrange’s interpolation polynomial. If there is an interpolation polynomial
Namely, given
In this section, we first describe the system model of the secure ciphertext self-destruction (SCSD) scheme. Then, the detailed algorithm descriptions and the outline of scheme are introduced as follows.
The SCSD system comprises six different entities: authority, cloud storage servers, DHT network, data owners, data consumers, and adversaries, as shown in Figure
The system model of SCSD scheme.
This paper is aiming at preventing the leakage of sensitive data stored in the cloud after expiry. For example, sensitive information in user’s historic archive may leak out in the condition of an investigation from government. We assume that the data owner and other authenticated users trust each other. Thus, adversaries may try to compromise the EDO in the cloud after the lifetime of EDO. Or the adversaries may capture the ciphertext shares and the attribute shares stored in DHT network within the lifetime of EDO. So, in the security model of our scheme, we divide the behavior of adversaries into the following two kinds. (
Algorithms of our SCSD scheme are described as follows.
(
(
(
Then, the associated ciphertext is
(
Then, the data consumer gets the ciphertext
(
The data owner chooses
(
(7)
(
(9)
There are two main phases of SCSD scheme, namely, the data encapsulation phase and the data reconstruction phase. The outline of SCSD scheme is illustrated in Figure
The outline of SCSD scheme.
In data encapsulation phase (Phase I), the data owner firstly runs the algorithm
In data reconstruction phase (Phase II), the data consumer firstly runs the algorithm
In this section, we evaluate our SCSD scheme by modularizing it into two parts, namely, security analysis and scheme performance.
In the applications of our scheme, because adversaries can not specify the particular object of attack before the expiration timestamp, we assume that the copies of EDO stored in the cloud are secure during this time. Besides, because the attribute shares and ciphertext shares stored in the DHT network will be discarded after the expiry of EDO, once the DHT network is updated periodically, the contents of EDO copies will be unreadable.
There are mainly two kinds of attack aiming at our scheme. The first one is cracking the expired EDO copies stored in the cloud through cryptanalysis attack and brute-force attack. Despite the fact that the attribute shares and ciphertext shares are discarded, there are still EDO copies stored in the cloud. The other kind of attack is aiming at collecting the attribute shares and ciphertext shares in the DHT network before the expiration timestamp of EDO, and these shares will be used in the tracing attack against the EDO copies stored in the cloud.
Therefore, the security of our scheme is mainly affected by two aspects. One is the security of encryption algorithm used in the sensitive data encryption under the access key, which depends on the capability of resisting the cryptanalysis attack and brute-force attack. The other is the security of DHT network that stored the attributes shares and ciphertext shares, which depends on the capability of resisting sniffing attack, hopping attack, and other DHT Sybil attacks. So, we make the security analysis of our scheme based on these two aspects as follows. The brief comparisons of security properties of our SCSD scheme [
Comparisons of security properties.
Characteristics | Scheme | ||
---|---|---|---|
SCSD | Reference [ |
Reference [ | |
Key destruction |
|
|
|
Ciphertext destruction |
|
× |
|
Cryptanalysis attack resistance |
|
× |
|
Brute-force attack resistance |
|
× |
|
Sybil attack resistance |
|
× | × |
Asymmetric encryption |
|
× | × |
Fine-grained access control |
|
× | × |
Simple key management |
|
× | × |
The brute-force attack is implemented by trying any possible decryption keys on the ciphertext to recover the plaintext. This kind of attack is based on the integrity of ciphertext. So, adversaries should first get the integrated ciphertext before implementing the brute-force attack. In our scheme, however, the sensitive data is first encrypted under the random access key and then the ciphertext is associated and extracted. Because every block of the associated ciphertext is correlated with each other, once some of the blocks are extracted, the remaining blocks will be no more integrated. Therefore, without the integrated ciphertext, adversaries can not recover the sensitive data by the brute-force attack.
Besides, implementing the traditional cryptanalysis attack is also based on an integrated ciphertext. Because the remaining ciphertext blocks stored in the cloud are incomplete, the traditional cryptanalysis attack had no effect on our scheme.
In the following, we will discuss whether adversaries can crack the EDO copies by attacking the DHT network before the expiration timestamp of EDO. Because adversaries can not specify the particular object of attack before the expiration timestamp, the adversaries may try to get as many attribute shares and ciphertext shares as possible during this time. For example, the adversaries may keep on attacking the DHT network in order to get enough shares. However, this kind of attack will bring expensive cost to the adversaries.
Due to the characteristic of DHT network, the method of attacking the DHT network to get the attribute shares and ciphertext shares is very difficult. Reference [
In this section, we first make a performance evaluation of SCSD on the time cost in both the data encapsulation phase and the data reconstruction phase, respectively. Then, we implement the parameter optimization by analyzing the tradeoff between security and availability of our scheme.
In Phase I, the communication overhead is mainly caused by the distribution of ciphertext shares and attribute shares to the DHT network. The computation overhead is mainly caused by the ABE algorithm on the access key, the symmetric encryption algorithm on sensitive data, and the association and the shares generation algorithm on ciphertext. In Phase II, the communication overhead is also mainly caused by the collection of ciphertext shares and attribute shares from the DHT network. The computation overhead is mainly caused by the reconstruction of the access key and the ciphertext.
Based on the above analysis, we execute our SCSD scheme and measure the times spent in the two main phases. For the sake of simplicity, we set the total shares
Performance of SCSD scheme.
Figure
Next, we assume that the adversaries have comprised 5% of the nodes in a thousand-node DHT network. We will show how the security and the availability of our scheme are affected by the parameters
Parameters and security.
As shown in Figure
Parameters and availability.
Besides the parameters, there are other kinds of optimizations for our scheme. Because of the adoption of ABE algorithm, our SCSD scheme can implement one-to-many authorization and access control flexibly. Moreover, the access key can be used repeatedly in the condition of timely processing huge volume of data while the security requirement is lower. And if the requirement of security is higher, the ciphertext shares
In cloud storage system, secure data destruction is one of the problems that need to be addressed in data security. Many data destruction schemes have been proposed in recent years. However, there are still some limitations. In this paper, we mainly focus on the ciphertext destruction and propose a secure ciphertext self-destruction scheme with attribute-based encryption called SCSD, which applies the attribute-based encryption and the distributed hash table technology to the process of data destruction in the cloud storage environment. Compared with the current schemes, our scheme can resist the traditional cryptanalysis attack as well as the Sybil attack in the DHT network. Besides, the performance of SCSD scheme is relatively effective and efficient.
The authors declare that they have no conflict of interests regarding the publication of this paper.
This work was supported by the School Innovation Foundation and the Doctorial Foundation under Grant 2014JY170. The authors thank the anonymous reviewers for their useful comments and suggestions.