DOI QR코드

DOI QR Code

모바일 클라우드 환경에서 안전한 프록시 재암호화 기반의 데이터 관리 방식

Secure Data Management based on Proxy Re-Encryption in Mobile Cloud Environment

  • 송유진 (동국대학교 정보경영학과) ;
  • 도정민 (동국대학교 일반대학원 전자상거래협동과정)
  • 투고 : 2012.09.30
  • 심사 : 2012.04.04
  • 발행 : 2012.04.30

초록

최근 모바일 클라우드 환경에서 공유되는 데이터의 기밀성과 유연성있는 접근제어를 보장하기 위해서 KP-ABE(Key Policy-Attribute Based Encryption)와 PRE(Proxy Re-Encryption)를 활용한 시스템 모델이 제안되었다. 그러나 기존 방식은 철회된 사용자와 클라우드 서버간의 공모 공격으로 데이터 기밀성을 침해하게 된다. 이러한 문제를 해결하기 위해서 제안 방식은 클라우드 서버에 저장되는 데이터 파일(data file)을 분산 저장하여 데이터 기밀성을 보장하고 비밀분산(Secret Sharing)를 통해서 프록시 재암호화키에 대한 변조 공격을 방지한다. 그리고 제안방식을 의료 환경에 적용한 프로토콜 모델을 구성한다.

To ensure data confidentiality and fine-grained access control in business environment, system model using KP-ABE(Key Policy-Attribute Based Encryption) and PRE(Proxy Re-Encryption) has been proposed recently. However, in previous study, data confidentiality has been effected by decryption right concentrated on cloud server. Also, Yu's work does not consider a access privilege management, so existing work become dangerous to collusion attack between malicious user and cloud server. To resolve this problem, we propose secure system model against collusion attack through dividing data file into header which is sent to privilege manager group and body which is sent to cloud server and prevent modification attack for proxy re-encryption key using d Secret Sharing, We construct protocol model in medical environment.

키워드

참고문헌

  1. D.Kim, K.Jang, D.Shin, "Healthcare System using Agent Platform in Ubiquitous Environment,", Korean Society For Internet Information, Proceedings of Korean Society For Internet Information, pp. 139-142, 2006
  2. Y.Min, H.Kim, Y.Kim, "Distributed File System Technology for Cloud Computing," Korean Institute of Information Scientists and Engineers, pp.86-94, 2009.
  3. D.Yu, S.Jeong, T.Kim, "TIPC Application and Analysis for Network I/O Performance Evaluation in Hadoop based Distributed Computing," Korean Institute of Information Scientists and Engineers, pp.351-359, 2009.
  4. O.Min, H.Kim, G.Nam, "Cloud Computing Technology Trend," ETRI, ETTrends, Vol.24 No.4, pp.1-13, 2009.
  5. H.Kim, U.Min, G.Nam, "Mobile Cloud Computing Technology Trend," ETRI, ETTrends, Vol.25 No.3, pp.40-51, 2010.
  6. T. Mather, S. Kumaraswamy and S. Latif, "Cloud Security and Privacy," O'Reilly Media, 2009.
  7. CSA, Security Guidance for Critical Areas of Focus Cloud Computing, Vol.2.1, 2009.
  8. S.C. Yu, C. Wang, K.I. Ren and W.J. Lou, "Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing," INFOCOM, 2010 Proceedings IEEE, pp.321-334, 2010.
  9. Y.Yun, B.Kim, "Mobile Cloud Computing Technology Trend", NIPA, Weekly Technology Trend Vol.1439, pp.28-39, 2010.
  10. V. Goyal, O.ng Pandey, A. Sahai and B. Waters, "Attribute-based encryption for fine-grained access control of encrypted data," Association for Computing Machinery, in Proc. of CCS'06, 2006.
  11. J. Bethencourt, A. Sahai, and B. Waters, "Ciphertext-Policy Attribute-Based Encryption," IEEE Computer Society, Proceedings of the 2007 IEEE Symposium on Security and Privacy, pp.321-334, 2007.
  12. M. Blaze, G. Bleumer and M. Strauss, "Divertible protocols and atomic proxy cryptography", EUROCRYPT, Proceedings of Eurocrypt '98, Volume 1403, 1998.
  13. J. Benaloh, M. Chase, E. Horvitz and K. Lauter, "Patient controlled encryption: ensuring privacy of electronic medical records," Association for Computing Machinery, Proceedings of the 2009 ACM workshop on Cloud computing security, pp.103-114, 2009.
  14. L. Ibraimi, M. Petkovic, S. Nikova, P. Hartel and W. Jonker, "Ciphertext-Policy Attribute-Based Threshold Decryption with Flexible Delegation and Revocation of User Attributes," 2009 University of Twente, Centre for Telematics and Information Technology, Internal Report, 2009.