网络与信息安全学报 ›› 2017, Vol. 3 ›› Issue (5): 38-46.doi: 10.11959/j.issn.2096-109x.2017.00163

• 学术论文 • 上一篇    下一篇

基于差分隐私模型的云数据副本安全控制方案

任君1,2,熊金波1,2,姚志强1,2   

  1. 1 福建师范大学软件学院,福建 福州 350108
    2 福建省公共服务大数据挖掘与应用工程技术研究中心,福建 福州 350108
  • 修回日期:2017-02-17 出版日期:2017-05-01 发布日期:2017-05-13
  • 作者简介:任君(1993-),女,山西临汾人,福建师范大学硕士生,主要研究方向为云计算与安全服务。|熊金波(1981-),男,湖南益阳人,福建师范大学副教授、硕士生导师,主要研究方向为云数据安全与隐私保护技术。|姚志强(1967-),男,福建莆田人,博士,福建师范大学教授、硕士生导师,主要研究方向为信息安全。
  • 基金资助:
    国家自然科学基金资助项目(61370078);国家自然科学基金资助项目(61402109)

Security control scheme for cloud data copy based on differential privacy model

Jun REN1,2,Jin-bo XIONG1,2,Zhi-qiang YAO1,2   

  1. 1 Faculty of Software,Fujian Normal University,Fuzhou 350108,China
    2 Fujian Engineering Research Center of Public Service Big Data Mining and Application,Fuzhou 350108,China
  • Revised:2017-02-17 Online:2017-05-01 Published:2017-05-13
  • Supported by:
    The National Natural Science Foundation of China(61370078);The National Natural Science Foundation of China(61402109)

摘要:

针对敌手利用重复数据删除作为侧信道攻击用户隐私信息的问题,提出一种安全的文件副本数量控制方案。核心思想是构建混合云架构,结合差分隐私中的隐私保护参数及收敛加密算法计算文件密钥值并对其进行二次加密,保证每个文件在服务器中只存有一个副本。与已有的通过设置阈值来控制副本数量的方案进行比较分析,所提方案可抵抗侧信道攻击、相关文件的攻击,以及针对加密算法的特定攻击,并节约了网络带宽及磁盘存储空间。

关键词: 重复数据删除, 差分隐私, 收敛加密, 混合云, 侧信道攻击

Abstract:

In cloud computing environment,adversary may use data deduplication as a side channel to eavesdrop users’ privacy.In order to tackle this serious issue,a secure copy number control scheme was proposed.The highlights of the proposed scheme lie in constructing a hybrid cloud framework.Then file was encrypted for second times by using the privacy protection parameters of differential privacy as well as the key of the file computed by convergent encryption algorithm.After the file is uploaded,each file has only one copy in the server.Meanwhile,compared with the scheme that use setting threshold value to control the number of copies,the proposed scheme can resist against the side channel attack,related files attack,and the specific attack of encryption algorithm and save the network bandwidth and disk storage space.

Key words: data deduplication, differential privacy, convergent encryption, hybrid cloud, side channel attack

中图分类号: 

No Suggested Reading articles found!