In cloud storage, symmetric encryption is a common method to protect the confidentiality of volume data. One critical issue in symmetric encryption is the management of volume symmetric keys such as key generation, update and distribution. Many schemes have adopted hierarchical structures based on key derivation to generate and organize the keys. However, the efficient update of these derived and associated keys and the distribution of multiple derived keys have not been well studied. This paper mainly studies in-situ key update and traffic cost of key distribution. First, we redesign the key node structure of our binary key-derivation tree to provide the basis of the in-situ key update. Then, secure in-situ key update algorithms are proposed, in which forward secrecy and backward secrecy are guaranteed. Finally, we propose a minimal key set generation algorithm, which can effectively reduce the communication cost of key distribution. We also describe the key distribution and derivation process. Security analysis and extensive experimental evaluations show the proposed algorithms are secure, efficient and practical.
Read full abstract