Журнал «Информационные технологии и вычислительные системы» - М. Р. Салихов "Алгоритм шардирования эфемерных ключей для систем распределенного хранения криптографических ключей"

Просматривается номер 2025 / 01

В статье описывается система управления ключами, в которой мастер-ключ служит основой для генерации эфемерных ключей с ограниченным сроком действия. Этот мастер-ключ хранится в безопасном контейнере, что значительно снижает риск его потери. Использование мастер-ключа происходит только после успешной сборки одного из эфемерных ключей из его составных частей (шардов). Такой подход обеспечивает высокий уровень безопасности и гибкости системы, минимизируя вероятность утечки ключевой информации и делая ее более устойчивой к возможным атакам.

Ключевые слова:

криптография, информационная безопасность, распределенные системы хранения.

DOI 10.14357/20718632250107

Литература

1. S. M. Danish, K. Zhang and H.-A. Jacobsen, "BlockAM: An adaptive middleware for intelligent data storage selection for Internet of Things", Proc. IEEE Int. Conf. Decentralized Appl. Infrastructures (DAPPS), pp. 61-71, Aug. 2020.

2. P. S. Austria, Analysis of blockchain-based storage systems, 2020.

3. R. Kothari, B. Jakheliya and V. Sawant, "Implementation of a distributed P2P storage network", Proc. IEEE Int. Conf. Innov. Technol. (INOCON), Nov. 2020

4. M. U. Javed, M. Rehman, N. Javaid, A. Aldegheishem, N. Alrajeh and M. Tahir, "Blockchain-based secure data storage for distributed vehicular networks", Appl. Sci., vol. 10, no. 6, pp. 2011, Mar. 2020.

5. Challenges With Storing Content on Blockchains and DLTs, [online] Available: https://ipfs.io/.

6. R. Schumi, Y. Ranka, J. Bagrecha, K. Gandhi, B. Sarvaria and P. Chawan, "A survey on file storage & retrieval using blockchain technology", Int. Res. J. Eng. Technol., vol. 5,no. 10, pp. 763, 2008, [online] Available: https://www.irjet.net/

7. H. Lutfiyya, 15th International Conference on Network and Service Management; 1st International Workshop on Analytics for Service and Application Management (AnServApp 2019); International Workshop on High-Precision Networks Operations and Control Segment Routing and Service Function Chaining (HiP Net+SR/SFC 2019), Oct. 2019.

8. P.-H. Ko, Y.-L. Hsueh and C.-W. Hsueh, "A low-storage blockchain framework based on incentive pricing strategies", FinTech, vol. 1, no. 3, pp. 250-275, Sep. 2022.

9. N. Z. Benisi, M. Aminian and B. Javadi, "Blockchain-based decentralized storage networks: A survey", J. Netw. Comput. Appl., vol. 162, Jul. 2020.

10. B. Produit, Using blockchain technology in distributed storage systems, 2018.

11. S. Vimal and S. K. Srivatsa, "A new cluster P2P file sharing system based on IPFS and blockchain technology", J. Ambient Intell. Humanized Comput., vol. 23, pp. 1-7, Sep. 2019.

12. G. Wang, Z. Shi, M. Nixon and S. Han, "ChainSplitter: Towards blockchain-based industrial IoT architecture for supporting hierarchical storage", Proc. IEEE Int. Conf. Blockchain (Blockchain), pp. 166-175, Jul. 2019.

13. Jin Li, Xiaofeng Chen, Mingqiang Li, Jingwei Li, Patrick PC Lee, and Wenjing Lou. Secure deduplication with efficient and reliable convergent key management. IEEE transactions on parallel and distributed systems, 25(6): 1615–1625, 2013.

14. David Schultz, Barbara Liskov, and Moses Liskov. Mpss: mobile proactive secret sharing. ACM Transactions on Information and System Security (TISSEC), 13(4):1– 32, 2010.

15. Amir Herzberg, Stanisław Jarecki, Hugo Krawczyk, and Moti Yung. Proactive secret sharing or: How to cope with perpetual leakage. In Proc. of the CRYPTO, pages 339–352. Springer, 1995

16. Sai Krishna Deepak Maram, Fan Zhang, Lun Wang, Andrew Low, Yupeng Zhang, Ari Juels, and Dawn Song. Churp: dynamic-committee proactive secret sharing. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pages 2369–2386, 2019.

17. En Zhang, Ming Li, Siu-Ming Yiu, Jiao Du, Jun-Zhe Zhu, and Gang-Gang Jin. Fair hierarchical secret sharing scheme based on smart contract. Information Sciences, 546:166–176, 2021.

18. Jiangtao Yuan, Jing Yang, Chenyu Wang, Xingxing Jia, Fang-Wei Fu, and Guoai Xu. A new efficient hierarchical multi-secret sharing scheme based on linear homogeneous recurrence relations. Information Sciences, 592:36–49, 2022.

19. Thomas Kerber, Aggelos Kiayias, Markulf Kohlweiss, and Vassilis Zikas. Ouroboros crypsinous: Privacy-preserving proof-of-stake. In 2019 IEEE Symposium on Security and Privacy (SP), pages 157–174. IEEE, 2019.

20. Adi Shamir. How to share a secret. Communications of the ACM, 22(11):612–613, 1979.

21. Amir Herzberg, Stanisław Jarecki, Hugo Krawczyk, and Moti Yung. Proactive secret sharing or: How to cope with perpetual leakage. In annual international cryptology conference, pages 339–352. Springer, 1995.

22. Yashvanth Kondi, Bernardo Magri, Claudio Orlandi, and Omer Shlomovits. Refresh when you wake up: Proactive threshold wallets with offline devices. In 2021 IEEE Symposium on Security and Privacy (SP), pages 608–625. IEEE, 2021.

23. Jun Zhou, Zhenfu Cao, Xiaolei Dong, Naixue Xiong, and Athanasios V Vasilakos. 4s: A secure and privacy-preserving key management scheme for cloud-assisted wireless body area network in m-healthcare social networks. Information Sciences, 314:255–276, 2015.

24. Tamir Tassa. Hierarchical threshold secret sharing. Journal of cryptology, 20(2):237–264, 2007.

25. Arcangelo Castiglione, Alfredo De Santis, Barbara Masucci, Francesco Palmieri, Aniello Castiglione, Jin Li, and Xinyi Huang. Hierarchical and shared access control. IEEE Transactions on Information Forensics and Security, 11(4):850–865, 2016.

26. Yvo Desmedt, Songbao Mo, and Arkadii M Slinko. Framing in secret sharing. IEEE Transactions on Information Forensics and Security, 16:2836–2842, 2021.

27. H. Krawczyk, “Cryptographic extraction and key derivation: The HKDF scheme,” in Advances in Cryptology – CRYPTO 2010. Springer Berlin Heidelberg, 2010, pp. 631–648. [Online]. Available: https://doi.org/10.1007/978-3-642-14623-7 34

28. R. Housley, “Algorithm identifiers for the HMAC-based extract- andexpand key derivation function (HKDF),” Tech. Rep., Jun 2019. [Online]. Available: https://doi.org/10.17487/rfc8619

29. H. Krawczyk and P. Eronen, “HMAC-based extract-and-expand key derivation function (HKDF),” Tech. Rep., May 2010. [Online]. Available: https://doi.org/10.17487/rfc5869

30. https://pycryptodome.readthedocs.io/en/latest/src/protocol/kdf.html#hkdf

31. Салихов М.Р. Модель системы распределенного хранения закрытых ключей криптокошельков // Проблемы информационной безопасности. Компьютерные системы - 2024. - № 2(59). - С. 117-129.