基植於雙線性配對密碼的安全雲端儲存

Abstract

交通大學資訊工程學系

計畫名稱：基植於雙線性配對密碼的安全雲端儲存

研究者：陳榮傑

經費來源：行政院國家科學委員會

關鍵詞：雙線性配對密碼學；橢圓曲線密碼學；可搜尋式公開金鑰加密系統；屬性加密；

資料擁有證明；雲端儲存

雲端運算(cloud computing)的發展，讓使用電腦系統的行為模式有了重大的改變。 以往，電腦系統使用人需要擁有自己的軟硬體設備，有了雲端運算，資料儲存、處理 與傳輸等資源都由雲端提供，需要時才向雲端要求使用，不僅能使用比以往更快更多 的資源，也不需維護自己的軟硬體設備，因此個人、公司與政府都能將他們的資料改 儲存在雲端，並使用雲端的資料處理、傳輸等功能。雖然雲端運算在電腦資源的使用 上提供了更好的選擇，但相應而生的便是安全性與隱私的風險，使得雲端運算不易普 及，政府與企業在使用時也多了一層考量，即便目前很多加密機制，很輕易就能達到 資料保護的目的，但並不適合用於雲端運算上，因此，為了達到雲端運算的安全與效 率，必須設計新的系統。

本實驗室十餘年致力於密碼學的研究，尤其是橢圓曲線密碼學與雙線性配對密碼 學，這些都是數學代數中較為艱深的部份，我們不僅有厚實的數學理論基礎，也有紮 實的程式能力，能將這些密碼系統實現，在實作上，我們能以理論的特性來調整系統 參數，而非嘗試性的實驗結果，在研究過程中發現，唯有雙線性配對密碼系統，才能 完整地滿足雲端儲存的安全需求，其中包含雙線性配對簽章(pairing-based signature)、 屬性加密(attribute-based encryption)、可搜尋式公開金鑰加密系統(public-key encryption with keyword search)以及資料擁有證明(proof-of-data possession)四類的密碼原型。

雲端安全聯盟(Cloud Security Alliance, CSA)對於雲端儲存資料的安全提出了標 準，先定義資料的生命週期，分別為建立(create)、儲存(store)、使用(use)、分享(share)、 歸標(archive)、銷毁(destroy)，再針對每一生命週期，提出相對應之安全要求。在建立 時，對資料需有分類(classify)、存取權限(access right)的功能；在儲存時，能達到存取 控管(access control)、資料加密(encryption)、權限管理(rights management)與資料發現 (content discovery)；在使用階段，需監控使用過程(activity monitoring and enforcement)、 權限管理、邏輯控管(logical control)、應用程式安全(application security)；在分享時， 需達到内容管理(content management)、加密、邏輯控管與應用程式安全；歸標時，要 有加密與財產管理(asset management)；在銷毁階段，密碼粉碎(crypto-shredding)、安全 刪除(secure deletion)與資料發現都是重要的，其中資料發現是為了確保資料已刪除。

透過上述標準，對於雲端儲存(cloud storage)，本計晝提出四個需求：（1)機密性 (confidentiality)：只有合法的使用者才能解讀儲存於雲端的資料；（2)完整性(integrity)： 使用者能察覺雲端儲存是否非法更動儲存的資料；（3)查詢結果完整性(query-result integrity)：雲端儲存能提供搜尋功能，其回傳搜尋結果可驗證並保證完整；（4)可稽核 (auditability) •任何資料的更動都有資料擁有者的授權，並有紀錄。本計晝將研究上述 四類密碼系統，並將其整合，提出安全雲端儲存系統，並符合雲端安全聯盟的標準。

Department of Computer Science, NCTU

Title ： Secure pairing-based cloud storages Principal Investigator ： Rong-Jaye Chen Sponsor ： National Science Council

Keywords ： pairing-based cryptography, elliptic curve cryptography, public-key encryption with keyword search, attribute-based encryption, proof-of-data possession, cloud storage

Cloud computing enables a new paradigm of information and communication resource on demand. Users, enterprises, governments start to consider moving their data into the cloud to enjoy its storage capacity and computation capability. While cloud computing brings in promising opportunities, it also brings along security and privacy risks, which hurdle the public to adopt the cloud technologies. There are a number of encryption techniques which are the easiest way to protect cloud data and services. However, as these encryptions add to the complexities, new schemes must be devised to manage encrypted data securely and efficiently.

Our research team has been dedicated to cryptography for years especially in elliptic curve and paring-based cryptography. We have not only solid mathematical background of the underlying mathematical structures but also strong implementation ability to realize these cryptosystems. We can also adjust the system parameters based on the theoretical characteristics instead of (heuristic) experimental optimization. During our research, we find a set of pairing-based cryptographic primitives which can uniquely meet the requirements of the cloud storage. They are pairing-based signature (PBS) scheme, attribute-based encryption (ABE) scheme, public-key encryption with keyword search (PEKS) and proof-of-data-possession (PDP) scheme.

According to the guideline for cloud data security proposed by Cloud Security Alliance (CSA), the data security lifecycle includes create, store, use, share, archive, and destroy. In create stage, it requires classify and access rights. In store stage, access control, encryption, right management, and content discovery are important. In use stage, activity monitoring and enforcement, rights management, logical control, and application security are concerned. In share stage, content management, encryption, logical control, and application security are considered. In archive stage, encryption and asset management should be implemented. In destroy stage, the functionality of crypto-shredding, secure deletion, and content discovery are provided for security concern.

Our goal is to design one management suite for the data in encrypted form stored in the cloud fulfilling the following four requirements: (1) Confidentiality: the cloud storage should not learn any information of the stored data. (2) Integrity: the cloud storage should be caught if any unauthorized tampering of stored data happens. (3) Query-Result Integrity: the cloud storage could search over (encrypted) stored data once authorized by the data owner and the returned results are authenticated and complete. (4) Audibility: any manipulation on stored data should be granted by data owner and recorded for further forensic and judicial investigations. We make use of four pairing-based cryptographic primitives along with our novel design to construct the secure and practical cloud storage management suite, which is aligned with the suggestion from the Cloud Security Alliance (CSA).