基于确定/概率性文件拥有证明的机密数据安全去重方案

陈越; 李超零; 兰巨龙; 金开春; 王仲辉

doi:10.11959/j.issn.1000-436x.2015175

您当前的位置：

首页 >

文章列表页 >

基于确定/概率性文件拥有证明的机密数据安全去重方案

学术论文 | 更新时间：2024-06-05

- 基于确定/概率性文件拥有证明的机密数据安全去重方案
- Secure sensitive data deduplication schemes based on deterministic/probabilistic proof of file ownership
- 通信学报 2015年36卷第9期页码：1-12
- 作者机构：
  
  1. 解放军信息工程大学网络空间安全学院，河南郑州 450001
  2. 国家数学工程与先进计算重点实验室，河南郑州 450001
  3. 解放军78179部队，四川都江堰 611800
  4. 国家数字交换系统工程技术研究中心，河南郑州 450002
- 作者简介：
  
  [ "陈越（1965-），男，河南开封人，博士，解放军信息工程大学教授、博士生导师，主要研究方向为网络与信息安全。" ]
  [ "李超零（1985-），男，四川眉山人，博士，解放军78179部队助理工程师，主要研究方向为云计算与数据安全。" ]
  [ "兰巨龙（1962-），男，河北张北人，博士，解放军信息工程大学教授、博士生导师，主要研究方向为宽带信息网络。" ]
  [ "金开春（1985-），男，河南商丘人，解放军信息工程大学博士生，主要研究方向为网络与信息安全、可重构安全计算。" ]
  [ "王仲辉（1976-），男，四川射洪人，硕士，解放军78179部队工程师，主要研究方向为信息安全和计算机应用。" ]
- 基金信息：
  
  国家重点基础研究发展计划（“973”计划）基金资助项目(2012CB315901)
- DOI：10.11959/j.issn.1000-436x.2015175
  中图分类号： TP309.7
- 网络出版日期：2015-09，
  
  纸质出版日期：2015-09-25
- 稿件说明：
移动端阅览
陈越, 李超零, 兰巨龙, 等. 基于确定/概率性文件拥有证明的机密数据安全去重方案[J]. 通信学报, 2015,36(9):1-12.

Yue CHEN, Chao-ling LI, Ju-long LAN, et al. Secure sensitive data deduplication schemes based on deterministic/probabilistic proof of file ownership[J]. Journal on communications, 2015, 36(9): 1-12.
陈越, 李超零, 兰巨龙, 等. 基于确定/概率性文件拥有证明的机密数据安全去重方案[J]. 通信学报, 2015,36(9):1-12. DOI： 10.11959/j.issn.1000-436x.2015175.

Yue CHEN, Chao-ling LI, Ju-long LAN, et al. Secure sensitive data deduplication schemes based on deterministic/probabilistic proof of file ownership[J]. Journal on communications, 2015, 36(9): 1-12. DOI： 10.11959/j.issn.1000-436x.2015175.

摘要

为解决云存储系统中机密数据去重面临的密文重复性检测与拥有性证明、针对数据机密性的攻击等难题，提出了基于Merkle散列树的MHT-Dedup方案和基于同态MAC的hMAC-Dedup方案。两者均通过对密文文件的拥有证明进行跨用户文件级重复性检测，并通过检查数据块明文的摘要进行本地数据块级重复性检测，避免了跨用户文件级客户端重复性检测中hash-as-a-proof方法存在的安全缺陷。MHT-Dedup方案通过数据块密文的标签生成的验证二叉树提供确定性的文件拥有证明，具有较低的计算和传输开销，而hMAC-Dedup方案则通过对抽样数据块密文和其标签进行同态MAC运算提供概率性的文件拥有证明，具有较低的额外存储开销。分析与比较表明，本方案在同时支持两级客户端机密数据安全去重和抵抗对数据块的暴力搜索攻击方面具有明显优势。

Abstract

To solve the difficult problems of sensitive data deduplication in cloud storage

such as detection and PoW (proofs of ownership) of the duplicated ciphertext

the attacks aiming at data sensitivity

etc

a Merkle hash tree based scheme called MHT-Dedup and a homomorphic MAC based scheme called hMAC-Dedup were proposed.Both schemes provided PoW of the ciphertext file to find duplicated files on cross-user file level and check the hash of block plaintext to find duplicated blocks on local block-level

which avoided the security flaws of the hash-as-a-proof method in the cross-user file-level client-side duplication detection.MHT-Dedup provided the deterministic PoW of file with an authen-ticating binary tree generated from the tags of encrypted blocks

which had lower computing and transferring cost

and hMAC-Dedup provided the probabilistic PoW of file by verifying some sampled blocks and their homomorphic MAC tags

which had lower additional storage cost.Analyses and comparisons show that proposed schemes are preferable in many as-pects such as supporting secure two-level client-side sensitive data deduplication and resisting to brute force attack to blocks.

关键词

Keywords

references

DUTCH M , FREEMAN L . Understanding data de-duplication ra-tios [EB/OL ] . http://www.sina.org/ http://www.sina.org/ . 2012 .

CNET . Who owns your files on google drive [EB/OL ] . http://news.cnet.com/8301-10233-57420551-93/who-owns-your-files-on-google-drive/.2016 http://news.cnet.com/8301-10233-57420551-93/who-owns-your-files-on-google-drive/.2016 . 2013 .

Dropbox . Dropbox privacy policy [EB/OL ] . https://www.dropbox.com/privacy https://www.dropbox.com/privacy . 2013 .

Google . Google terms of service [EB/OL ] . http://www.google.com/policies/terms/ http://www.google.com/policies/terms/ . 2013 .

Apple Inc . Apple privacy policy (Covering iCloud) [EB/OL ] . http://www.apple.com/privacy/ http://www.apple.com/privacy/ . 2013 .

Microsoft . Microsoft services agreement [EB/OL ] . http://windows.microsoft.com/en-US/windows-live/microsoft-service-agreement http://windows.microsoft.com/en-US/windows-live/microsoft-service-agreement . 2013 .

Wired.com . Dropbox left user accounts unlocked for 4 hours sun-day [EB/OL ] . http://www.wired.com/threatlevel/2011/06/dropbox/ http://www.wired.com/threatlevel/2011/06/dropbox/ . 2013 .

Twitter . Tweetdeck [EB/OL ] . http://money.cnn.com/2012/03/30/tech-nology/tweetdeck-bug-twitter/ http://money.cnn.com/2012/03/30/tech-nology/tweetdeck-bug-twitter/ . 2013 .

DOUCEUR J R , ADYA A , BOLOSKY W J , et al . Reclaiming space from duplicate files in a serverless distributed file system [A ] . Proc.of ICDCS'02 [C ] . 2002 . 617 - 624 .

SHAI H , DANNY H , BENNY P , et al . Proofs of ownership in remote storage systems [A ] . Proc.of the 18th ACM conference on Computer and communications security (CCS'11) [C ] . New York,USA , 2011 . 491 - 500 .

XU J , CHANG E C , ZHOU J Y . Leakage-Resilient Client-side Dedu-plication of Encrypted Data in Cloud Storage [A ] . Cryptology ePrint Archive,Report 2011/538 , 2011 .

Dropship . Dropbox api utilities [EB/OL ] . https://github.com/driver-dan/dropship https://github.com/driver-dan/dropship . 2013 .

CHANG E C , XU J . Remote integrity check with dishonest storage server [A ] . Proc.of ESORICS '08:European Symposium on Research in Computer Security:Computer Security [C ] . Berlin,Heidelberg , 2008 . 223 - 237 .

敖莉 , 舒继武 , 李明强 . 重复数据删除技术 [J ] . 软件学报 2010 , 21 ( 5 ): 916 - 929 .

AO L , SHU J W , LI M Q . Data deduplication techniques [J ] . Journal of Software , 2010 , 21 ( 5 ): 916 - 929 .

王灿 , 秦志光 , 冯朝胜，等 . 面向重复数据消除的备份数据加密方法 [J ] . 计算机应用 2010 , 30 ( 7 ): 1763 - 1766 , 1781 .

WANG C , QIN Z G , FENG C S , et al . Deduplication-oriented backup-data encryption method [J ] . Journal of Computer Applications , 2010 , 30 ( 7 ): 1763 - 1766 , 1781 .

ANDERSON P , ZHANG L . Fast and secure laptop backups with en-crypted de-duplication [A ] . Proc.of the 24th International Conference on Large Installation System Administration (LISA'10) [C ] . 2010 . 29 - 40 .

MARK W S , KEVIN G , DARRELL D E , et al . Secure data deduplica-tion [A ] . Proc.of the 4th ACM International Workshop on Storage se-curity and survivability [C ] . New York,USA , 2008 . 1 - 10 .

王珂 , 刘川意 , 王春露 . 基于代理重加密的安全重复数据删除机制的研究 [EB/OL ] . http://www.paper.edu.cn http://www.paper.edu.cn . 2013 .

WANG K , LIU C Y , WANG C L . Research on secure de-duplication based on proxy-reencryption [EB/OL ] . http://www.paper.edu.cn http://www.paper.edu.cn . 2013 .

LIU C Y , LIU X J , WAN L . Policy-based de-duplication in secure cloud storage [J ] . Trustworthy Computing and Services Communica-tions in Computer and Information Science , 2013 , 320 : 250 - 262 .

KEONG N W , WEN Y G , ZHU H F . Private data deduplication proto-cols in cloud storage [A ] . Proc.of the 27th Annual ACM Symposium on Applied Computing (SAC'12) [C ] . New York,USA , 2012 . 441 - 446 .

DANNY H , BENNY P , ALEXANDRA S P . Side channels in cloud ser-vices – the case of deduplication in cloud storage [J ] . IEEE Security and Privacy Magazine,special issue of Cloud Security , 2010 , 8 ( 6 ): 40 - 47 .

TAN Y J , JIANG H , FENG D , et al . SAM:a semantic-aware multi-tiered source de-duplication framework for cloud backup [A ] . 2010 39th International Conference on Parallel Processing [C ] . San Diego,CA , 2010 . 614 - 623 .

ROBERTO D P , ALESSANDRO S . Boosting efficiency and security in proof of ownership for deduplication [A ] . Proc.of the 7th ACM Symposium on Information,Computer and Communications Security (ASIACCS'12) [C ] . New York,USA , 2012 . 81 - 90 .

JOÃO B , LUÍS V , PAULO F . Hash challenges:stretching the limits of compare-by-hash in distributed data deduplication [J ] . Information Processing Letters , 2012 , 112 : 380 - 385 .

王丽娜，任正伟，余荣威，等 . 一种适于云存储的数据确定性删除方法 [J ] . 电子学报 2012 , 40 ( 2 ): 266 - 272 .

WANG L N , REN Z W , YU R W , et al . A data assured deletion ap-proach adapted for cloud storage [J ] . Acta Electronica Sinica , 2012 , 40 ( 2 ): 266 - 272 .

ATENIESE G , BURNS R , CURTMOLA R , et al . Provable data pos-session at untrusted stores [A ] . Proc of ACM-CCS'07 [C ] . Alexandria,Virginia,USA , 2007 . 598 - 609 .

浏览量

911

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

面向连接关键词可搜索加密的查询恢复攻击

面向云存储的属性基双边访问控制方案

基于区块链且可验证的智能电网多维数据聚合与分享方案

基于分层结构的匹配量隐藏加密多重映射方案

无第三方服务器的基于数据流行度的加密去重方案