Towards subversion-resistant password-protected encryption for deduplicated cloud storage

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-09-16 DOI:10.1016/j.jisa.2025.104233

Shanshan Li , Mengfan Ma , Yunxia Han , Chunxiang Xu

{"title":"Towards subversion-resistant password-protected encryption for deduplicated cloud storage","authors":"Shanshan Li , Mengfan Ma , Yunxia Han , Chunxiang Xu","doi":"10.1016/j.jisa.2025.104233","DOIUrl":null,"url":null,"abstract":"<div><div>Message-Locked Encryption (MLE) enables encrypted deduplication by deriving keys directly from data. Servers-aided MLE extends this model with a master secret shared across key servers, and is widely used for secure deduplicated storage. However, existing servers-aided MLE schemes require users to locally store a separate MLE key for each data item, thereby imposing significant key management burdens. To address this, Zhang et al. introduced SPADE, a password-protected encryption scheme that enables users to manage MLE keys using only a human-memorable password. It applies two-layer encryption: data is encrypted with the MLE key, which is then encrypted with a symmetric key derived from a password-based seed and the user’s identity. The seed is generated via a distributed oblivious pseudorandom function using the data and a password-hardening key shared across key servers. SPADE also supports password-based authentication with both key servers and the cloud server, while preserving encrypted deduplication and servers-aided security. However, it faces three limitations: (i) high storage overhead from per-user credentials and password-hardening keys; (ii) high computational cost due to per-key server authentication; and (iii) vulnerability to subversion attacks if user devices are compromised.</div><div>In this paper, we propose SR-PPE, a subversion-resistant password-protected encryption scheme for deduplicated cloud storage. In SR-PPE, we present a signature-based authentication mechanism where public/secret key pairs are derived from a password-based seed, so servers can perform challenge–response authentication without storing per-user credentials. To enable secure key generation and resist password-guessing attacks, we design an enhanced distributed partially oblivious pseudorandom function that binds computation to users’ identities. We further propose a Merkle tree-based challenge–response mechanism for efficient authentication across multiple servers. A reverse firewall is deployed between users and externals to prevent subversion attacks by generating unbiased randomness and re-randomizing outgoing messages. Security analysis under multiple adversary models and evaluation of communication, computation, and storage costs show that SR-PPE provides strong security with practical efficiency.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104233"},"PeriodicalIF":3.7000,"publicationDate":"2025-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625002704","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Message-Locked Encryption (MLE) enables encrypted deduplication by deriving keys directly from data. Servers-aided MLE extends this model with a master secret shared across key servers, and is widely used for secure deduplicated storage. However, existing servers-aided MLE schemes require users to locally store a separate MLE key for each data item, thereby imposing significant key management burdens. To address this, Zhang et al. introduced SPADE, a password-protected encryption scheme that enables users to manage MLE keys using only a human-memorable password. It applies two-layer encryption: data is encrypted with the MLE key, which is then encrypted with a symmetric key derived from a password-based seed and the user’s identity. The seed is generated via a distributed oblivious pseudorandom function using the data and a password-hardening key shared across key servers. SPADE also supports password-based authentication with both key servers and the cloud server, while preserving encrypted deduplication and servers-aided security. However, it faces three limitations: (i) high storage overhead from per-user credentials and password-hardening keys; (ii) high computational cost due to per-key server authentication; and (iii) vulnerability to subversion attacks if user devices are compromised.

In this paper, we propose SR-PPE, a subversion-resistant password-protected encryption scheme for deduplicated cloud storage. In SR-PPE, we present a signature-based authentication mechanism where public/secret key pairs are derived from a password-based seed, so servers can perform challenge–response authentication without storing per-user credentials. To enable secure key generation and resist password-guessing attacks, we design an enhanced distributed partially oblivious pseudorandom function that binds computation to users’ identities. We further propose a Merkle tree-based challenge–response mechanism for efficient authentication across multiple servers. A reverse firewall is deployed between users and externals to prevent subversion attacks by generating unbiased randomness and re-randomizing outgoing messages. Security analysis under multiple adversary models and evaluation of communication, computation, and storage costs show that SR-PPE provides strong security with practical efficiency.

查看原文本刊更多论文

针对重复数据删除云存储的防颠覆密码保护加密

消息锁定加密（Message-Locked Encryption， MLE）通过直接从数据中获取密钥来实现加密的重复数据删除。服务器辅助MLE通过在密钥服务器之间共享主秘密来扩展此模型，并广泛用于安全的重复数据删除存储。但是，现有的服务器辅助MLE方案要求用户在本地为每个数据项存储一个单独的MLE密钥，从而增加了很大的密钥管理负担。为了解决这个问题，Zhang等人引入了SPADE，这是一种密码保护的加密方案，使用户能够仅使用人类可记忆的密码来管理MLE密钥。它应用两层加密：使用MLE密钥加密数据，然后使用从基于密码的种子和用户身份派生的对称密钥加密数据。种子是通过分布式无关伪随机函数生成的，该函数使用跨密钥服务器共享的数据和密码强化密钥。SPADE还支持密钥服务器和云服务器的基于密码的身份验证，同时保留加密的重复数据删除和服务器辅助安全性。然而，它面临三个限制：(i)来自每个用户凭据和密码强化密钥的高存储开销；（ii）由于每密钥服务器认证，计算成本高；（iii）如果用户设备遭到破坏，易受颠覆攻击。在本文中，我们提出了一种用于重复数据删除云存储的防颠覆密码保护加密方案SR-PPE。在SR-PPE中，我们提出了一种基于签名的身份验证机制，其中公共/秘密密钥对来自基于密码的种子，因此服务器可以执行质询-响应身份验证，而无需存储每个用户的凭据。为了实现安全的密钥生成和抵御密码猜测攻击，我们设计了一个增强的分布式部分遗忘伪随机函数，该函数将计算绑定到用户的身份。我们进一步提出了一种基于Merkle树的挑战-响应机制，用于跨多个服务器的高效身份验证。在用户和外部之间部署反向防火墙，通过生成无偏随机性和重新随机化传出消息来防止颠覆攻击。多种攻击模型下的安全性分析以及通信、计算和存储成本的评估表明，SR-PPE具有较强的安全性和实用效率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.