具有效「撤回」機制之雲端隱私保護資料管理系統

Abstract

根據各種原因，有很多數據管理系統將高計算量的工作量指派到公共雲服務提供商。眾所周知，一旦我們將任務委託給雲服務器，我們可能會面臨一些威脅，例如用戶屬性信息的隱私侵權;因此，一個適當的隱私保護機制是構建基於雲的安全數據管理系統（SCBDMS）的必需條件。即使服務器是以誠實但好奇的方式工作的，設計可靠的SCBDMS並且具有服務器強制的撤銷能力是一項非常具有挑戰性的任務。在現有的數據管理系統中，很少提供隱私保護撤銷服務，特別是外包給第三方時。在這項工作中，透過無意識轉移的幫助和新提出的無狀態延遲重新加密（SLREN）機制，建立了具有安全，可靠和高效的服務器強制屬性撤銷能力的SCBDMS。與相關工作相比，實驗結果表明，在新建的SCBDMS中，由於SLREN的性質，雲服務器的存儲需求和雲服務器與系統用戶之間的通信開銷大大減少。

There are lots of data management systems, according to various reasons, designating their high computational work-loads to public cloud service providers. It is well-known that once we entrust our tasks to a cloud server, we may face several threats, such as privacy-infringement with regard to users’ attribute information; therefore, an appropriate privacy preserving mechanism is a must for constructing a secure cloud-based data management system (SCBDMS). To design a reliable SCBDMS with server-enforced revocation ability is a very challenging task even if the server is working under the honest-but-curious mode. In existing data management systems, there seldom provide privacy-preserving revocation service, especially when it is outsourced to a third party. In this work, with the aids of oblivious transfer and the newly proposed stateless lazy re-encryption (SLREN) mechanism, a SCBDMS, with secure, reliable and efficient server-enforced attribute revocation ability is built. Comparing with related works, our experimental results show that, in the newly constructed SCBDMS, the storage-requirement of the cloud server and the communication overheads between cloud server and systems users are largely reduced, due to the nature of late involvement of SLREN.