A data assured deletion approach adapted for cloud storage is proposed to protect data confidentiality of cloud storage system. We utilize a key derivation tree to organize and manage keys which are pushed to DHT network after partitioned by secret sharing scheme. The dynamic property of DHT network makes keys be deleted periodically causing ciphertext can not be decrypted or accessed when authorized time expires. And data assured deletion is implemented. The experiment results show that this method can delete keys effectively and the performance is low. It suffices for the requirements of assured deletion of expired data or expired data in the cloud storage system.%为保护云存储模式下数据的机密性,本文提出了一种适于云存储系统的数据确定性删除方法.该方法通过密钥派生树组织管理密钥,将密钥经秘密共享方案处理后分发到DHT网络中,利用DHT网络的动态特性实现密钥的定期删除,使得在非授权时间内密文数据不能被解密和访问,从而实现云存储系统中数据的确定性删除.实验结果表明,该方法能够有效地删除密钥,且性能开销低,满足云存储系统中过期数据或备份文件的确定性删除要求.
展开▼