通信学报 ›› 2016, Vol. 37 ›› Issue (11): 169-180.doi: 10.11959/j.issn.1000-436x.2016238
熊金波1,张媛媛1,李凤华2,3(),李素萍1,任君1,姚志强1,3
出版日期:
2016-11-25
发布日期:
2016-11-30
基金资助:
Jin-bo XIONG1,Yuan-yuan ZHANG1,Feng-hua LI2,3(),Su-ping LI1,Jun REN1,Zhi-qiang YAO1,3
Online:
2016-11-25
Published:
2016-11-30
Supported by:
摘要:
为了提高云存储效率和节约网络通信带宽,需要对云端同一数据的多个副本执行重复性检测与去重操作,而云环境下的密文数据阻碍了数据安全去重的实施,这一问题迅速引起学术界和产业界的广泛关注,成为研究热点。从安全性角度出发,分析云环境中数据安全去重的原因及面临的主要挑战,给出云数据安全去重的系统模型和威胁模型,面向云数据安全去重技术的实现机制从基于内容加密的安全去重、基于所有权证明的安全去重和隐私保护的安全去重3个方面对近年来相关研究工作进行深入分析和评述,并指出各种关键技术与方法的优势及存在的共性问题;最后给出云数据安全去重领域未来的研究方向与发展趋势。
熊金波,张媛媛,李凤华,李素萍,任君,姚志强. 云环境中数据安全去重研究进展[J]. 通信学报, 2016, 37(11): 169-180.
Jin-bo XIONG,Yuan-yuan ZHANG,Feng-hua LI,Su-ping LI,Jun REN,Zhi-qiang YAO. Research progress on secure data deduplication in cloud[J]. Journal on Communications, 2016, 37(11): 169-180.
表2
基于内容加密的安全去重方案的对比分析"
方案 | 采用的主要算法 | 抗攻击类型 | 第三方服务器 | 数据去重级别 | 谁主导去重实施 |
CE[ | CE | — | 无 | 文件级去重 | 客户端 |
CDStore[ | CE+AONT-RS | 侧信道攻击 | 无 | 块级去重 | 客户端 |
PerfectDedup[ | CE+PHF | 目录攻击 | 索引服务器 | 块级去重 | 客户端 |
ClouDedup[ | CE+访问控制策略 | 目录攻击,侧信道攻击 | 密钥服务器 | 块级去重 | 跨用户 |
Stanek[ | 门限+CE | Sybil攻击 | 索引、身份验证服务器 | 文件级去重 | 跨用户 |
MLE[ | MLE | — | 无 | 文件级去重 | 客户端 |
DupLESS[ | MLE | 蛮力攻击 | 密钥服务器 | 文件级去重 | 客户端 |
BL-MLE[ | BL-MLE+PoW | 文件分发攻击 | 无 | 块级去重 | 客户端 |
multi-server-aided[ | 门限盲签名+可校验秘密共享 | 蛮力攻击 | 多密钥服务器 | 文件级去重 | 客户端 |
iMLE[ | iMLE | 伪造攻击 | 无 | 文件级去重 | 跨用户 |
REED[ | MLE+AONT-RS | 蛮力攻击 | 密钥服务器 | 块级去重 | 客户端 |
表3
基于内容加密的安全去重方案的计算开销比较"
方案 | 客户端开销 | 服务器端开销 | 初始通信带宽消耗 | 常规通信带宽消耗 |
CE[ | O(f)Hash | O(f) | O(f) | O(g) |
MLE[ | O(f)Hash·Hash | O(f) | O(f) | O(g) |
DupLESS[ | O(f)Hash·Hash | O(f)OPRF | O(f) | O(g) |
BL-MLE[ | O(b)Hash·Hash | O(b) PoW | O(f) | O(gλ) |
iMLE[ | O(f)Hash | O(fp) | O(f) | O(gp) | 注:f表示文件的长度,b表示文件块的长度,p表示系统参数,λ表示安全参数,g表示文件指纹的长度,Hash表示执行一次散列函数的开销, PoW表示执行一次所有权证明的开销,OPRF表示执行一次不经意伪随机函数的开销。 |
表4
经典基于PoW的去重方案的开销对比分析"
方案 | 客户端计算开销 | 客户端读写开销 | 服务器初始化计算开销 | 服务器去重计算开销 | 服务器初始化读写开销 | 服务器常规读写开销 | 服务器内存开销 | 通信带宽消耗 |
PoW[ | O(f)Hash | O(f) | O(f) Hash | O(1) | O(f) | O(0) | O(1) | O(λlogλ) |
s-PoW[ | O(f)Hash | O(f) | O(f) Hash | O(nλ)PRF | O(f) | O(nλ) | O(nλ) | O(λ) |
BF-PoW[ | O(f)Hash | O(f) | O(f) Hash | O(?)Hash | O(f) | O(0) | O(Ψ) | |
CE-PoW[ | O(b) CE·Hash·Hash | O(f) | O(b)·Hash·Hash | O(nlλ)PRNG | O(f) | O(0) | O(nlλ) | O(lλ) | 注:其中,f表示文件长度,n表示预设的挑战数目,λ表示安全参数,pf表示BF的误判率,l表示token的长度,Hash表示执行一次散列函数的开销,CE表示执行一次收敛加密的开销,PRF表示执行一次伪随机函数的开销,PRNG(pseudo-random number generator)表示执行一次伪随机序列发生器的开销, |
表6
云数据安全去重的相关技术和原理的对比分析"
分类 | 相关技术 | 典型方案 | 主要算法 | 优点 | 局限性 |
基于内容加密的安全去重 | 基于 CE 实现云数据安全去重基于 MLE 实现云数据安全去重 | CE[ | CEBL-MLE+PoW | 密文的重复性检测明确安全目标和形式化定义,块级去重 | 不能达到语义安全,易遭受蛮力攻击计算开销较大,遭受蛮力攻击 |
基于MHT的PoW | Halevi[ | MHT | 提出PoW概念,抵抗侧信道攻击 | 计算开销较大,未考虑敏感数据的加密保护 | |
基于PoW的安全去重 | 基于随机抽样的PoW | CE-PoW[ | CE+随机抽样 | 减少计算开销,高效,无可信第三方 | 不能实现语义安全,易导致内容猜测攻击 |
基于广义散列函数的PoW | Yang [ | PoF+抽样检测+动态系数 | 根据完整源文件的所有权证明 | 计算开销较大,遭受蛮力攻击 | |
基于隐私保护的安全去重 | 基于随机化方法的隐私保护安全去重基于差分隐私的隐私保护安全去重 | Harnik[ | 随机化方法差分隐私 | 数据真实无缺损,减少去重中的隐私泄露的概率隐私保护程度较高,可抵抗侧信道攻击及关联文件攻击 | 无法抵抗关联文件攻击,易遭受蛮力攻击添加噪声容易导致数据失真,数据依赖性高,需要根据不同的数据计算所添加噪声大小 |
[1] | XIONG J , LI F , MA J , et al. A full lifecycle privacy protection scheme for sensitive data in cloud computing[J]. Peer-to-Peer Networking and Applications, 2014,8(6):1-13. |
[2] | MITTAL S , VETTER J . A survey of architectural approaches for data compression in cache and main memory systems[J]. IEEE Transac-tions on Parallel and Distributed Systems, 2016,27(5):1524-1536. |
[3] | 敖莉, 舒继武, 李明强 . 重复数据删除技术[J]. 软件学报, 2010,21(5):916-929. AO L , SHU J W , LI M Q . Data deduplication techniques[J]. Journal of Software, 2010,21(5):916-929. |
[4] | 付印金, 肖侬, 刘芳 . 重复数据删除关键技术研究进展[J]. 计算机研究与发展, 2012,49(1):12-20. FU Y J , XIAO N , LIU F . Research and development on key techniques of data deduplication[J]. Journal of Computer Research and Devel-opment, 2012,49(1):12-20. |
[5] | XIA W , JIANG H , FENG D , et al. A comprehensive study of the past, present, and future of data deduplication[J]. Proceedings of the IEEE, 2016,104(9):1681-1710. |
[6] | PAULO J , PEREIRA J . A survey and classification of storage deduplica-tion systems[J]. ACM Computing Surveys (CSUR), 2014,47(1):1-30. |
[7] | YU S . Big privacy: challenges and opportunities of privacy study in the age of big data[J]. IEEE Access, 2016,4:2751-2763. |
[8] | RABOTKA V , MANNAN M . An evaluation of recent secure dedupli-cation proposals[J]. Journal of Information Security and Applications, 2016,27:3-18. |
[9] | DOUCEUR J , ADYA A , BOLOSKY W , et al. Reclaiming space from duplicate files in a serverless distributed file system[C]// International Conference on Distributed Computing Systems. 2002:617-624. |
[10] | LI M , QIN C , LEE P . CDStore: toward reliable, secure, and cost-efficient cloud storage via convergent dispersal[C]// USENIX Annual Technical Conference (USENIX ATC 15). Santa, Clara, 2015:111-124. |
[11] | BELLARE M , KEELVEEDHI S , RISTENPART T . Message-locked encryption and secure deduplication[M]. Advances in Cryptol-ogy–EUROCRYPT 2013. Springer Berlin Heidelberg, 2013:296-312. |
[12] | CHEN R , MU Y , YANG G , et al. BL-MLE: block-level message-locked encryption for secure large file deduplication[J]. IEEE Transactions on Information Forensics and Security, 2015,10(12):2643-2652. |
[13] | BELLARE M , KEELVEEDHI S . Interactive message-locked encryp-tion and secure deduplication[M]. Public-Key Cryptography——PKC 2015. Springer Berlin Heidelberg, 2015:516-538. |
[14] | KEELVEEDHI S , BELLARE M , RISTENPART T . DupLESS:server-aided encryption for deduplicated storage[C]// 22nd USENIX Se-curity Symposium (USENIX Security 13). Washington, 2013:179-194. |
[15] | LI J , QIN C , LEE P , et al. Rekeying for encrypted deduplication storage[C]// The 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2016), Toulouse, France, 2016. |
[16] | PUZIO P , MOLVA R , ONEN M , et al. ClouDedup: secure deduplica-tion with encrypted data for cloud storage[C]// Cloud Computing Technology and Science (CloudCom), 2013 IEEE 5th International Conference on. IEEE, Bristol, UK, 2013:363-370. |
[17] | MIAO M , WANG J , LI H , et al. Secure multi-server-aided data dedu-plication in cloud computing[J]. Pervasive and Mobile Computing, 2015,24:129-137. |
[18] | STANEK J , SORNIOTTI A , ANDROULAKI E , et al. A secure data deduplication scheme for cloud storage[M]. Financial Cryptography and Data Security. Springer Berlin Heidelberg, 2014:99-118. |
[19] | PUZIO P , MOLVA R , ?NEN M , et al. PerfectDedup: secure data deduplication[C]// International Workshop on Data Privacy Manage-ment. Springer International Publishing,Atlanta, 2015:150-166. |
[20] | RABOTKA V , MANNAN M . An evaluation of recent secure dedupli-cation proposals[J]. Journal of Information Security and Applications, 2016,27:3-18. |
[21] | SHIN Y , KIM K . Differentially private client-side data deduplication protocol for cloud storage services[J]. Security and Communication Networks, 2015,8(12):2114-2123. |
[22] | DWORK C , LEI J . Differential privacy and robust statistics[C]// The forty-first annual ACM symposium on Theory of computing. ACM, Bethesda, 2009:371-380. |
[23] | HALEVI S , HARNIK D , PINKAS B , et al. Proofs of ownership in remote storage systems[C]// The 18th ACM conference on Computer and Communications Security. ACM, Chicago, 2011:491-500. |
[24] | XU J , CHANG E , ZHOU J . Weak leakage-resilient client-side dedupli-cation of encrypted data in cloud storage[C]// 8th ACM SIGSAC Sym-posium on Information, Computer and Communications Security, ASIA CCS '13, ACM. Hangzhou, China, 2013:195-206. |
[25] | 陈越, 李超零, 兰巨龙 , 等. 基于确定/概率性文件拥有证明的机密数据安全去重方案[J]. 通信学报, 2015,36(9):1-12. CHEN Y , LI C L , LAN J L , et al. Secure sensitive data deduplication schemes based on deterministic/probabilistic proof of file ownership[J]. Journal on Communications, 2015,36(9):1-12. |
[26] | DI PIETRO R , SORNIOTTI A . Boosting efficiency and security in proof of ownership for deduplication[C]// The 7th ACM Symposium on Information, Computer and Communications Security. ACM, Seoul, 2012:81-82. |
[27] | BLASCO J , DI PIETRO R , ORFILA A , et al. A tunable proof of ownership scheme for deduplication using bloom filters[C]// Commu-nications and Network Security (CNS), 2014 IEEE Conference on. IEEE, San Francisco, California, 2014:481-489. |
[28] | GONZáLEZ-MANZANO L , ORFILA A . An efficient confidential-ity-preserving proof of ownership for deduplication[J]. Journal of Network and Computer Applications, 2015,50:49-59. |
[29] | XU J , ZHOU J . Leakage resilient proofs of ownership in cloud storage, revisited[C]// Applied Cryptography and Network Security. Springer International Publishing, New York, 2014:97-115. |
[30] | JUELS A , KALISKI J . PoRs: proofs of retrievability for large files[C]// 14th ACM conference on Computer and Communications Security, CCS '07. New York, 2007:584-597. |
[31] | YANG C , REN J , MA J . Provable ownership of files in deduplication cloud storage[J]. Security and Communication Networks, 2015,8(14):2457-2468. |
[32] | 杨超, 张俊伟, 董学文 , 等. 云存储加密数据去重删除所有权证明方法[J]. 计算机研究与发展, 2015,52(1):248-268. YANG C , ZHANG J W , DONG X W , et al. Proving method of own-ership of encrypted files in cloud de-duplication deletion[J]. Journal of Computer Research and Development, 2015,52(1):248-268. |
[33] | ZHENG Q , XU S . Secure and efficient proof of storage with dedupli-cation[C]// The 2nd ACM Conference on Data and Application Secu-rity and Privacy. ACM, San Antonio, 2012:1-12. |
[34] | ATEBIESE G , DAGDELEN ? , DAMG?RD I , et al. Entangled cloud storage[J]. Future Generation Computer Systems, 2016,62:104-118. |
[35] | ATENIESE G , BURNS R , CURTMOLA R , et al. Provable data pos-session at untrusted stores[C]// The 14th ACM Conference on Com-puter and Communications Security. ACM, New York, USA, 2007:598-609. |
[36] | REN Y , SHEN J , WANG J , et al. Mutual verifiable provable data auditing in public cloud storage[J]. Journal of Internet Technology, 2015,16(2):317-323. |
[37] | WANG B , CHOW S , LI M , et al. Storing shared data on the cloud via security-mediator[C]// Distributed Computing Systems (ICDCS), 2013 IEEE 33rd International Conference on. IEEE, Macau, China, 2013:124-133. |
[38] | 王宏远, 祝烈煌, 李龙一佳 . 云存储中支持数据去重的群组数据持有性证明[J]. 软件学报, 2016,27(6):1417-1431. WANG H Y , ZHU L H , LI L Y J . Group provable data possession with deduplication in cloud storage[J]. Journal of Software, 2016,27(6):1417-1431. |
[39] | YU C , CHEN C , CHAO H . Proof of ownership in deduplicated cloud storage with mobile device efficiency[J]. Network, IEEE, 2015,29(2):51-55. |
[40] | HARNIK D , PINKAS B , SHULMAN-PELEG A . Side channels in cloud services: deduplication in cloud storage[J]. IEEE Security &Privacy, 2010,8(6):40-47. |
[41] | LEE S , CHOI D . Privacy-preserving cross-user source-based data deduplication in cloud storage[C]// 2012 International Conference on ICT Convergence (ICTC). IEEE, Jeju, Korea, 2012:329-330. |
[42] | DWORK C . Differential privacy: a survey of results[C]// International Conference on Theory and Applications of Models of Computation. Springer Berlin Heidelberg.Xi'an, China, 2008,4978:1-19. |
[43] | SORIENTE C , KARAME G , RITZDORF H , et al. Commune:shared ownership in an agnostic cloud[C]// The 20th ACM Sympo-sium on Access Control Models and Technologies. ACM, Austria, 2015:39-50. |
[44] | CHENG H , RONG C , HWANG K , et al. Secure big data storage and sharing scheme for cloud tenants[J]. China Communications, 2015,12(6):106-115. |
[45] | SINGH A , SINGH G . A survey on different text data compression techniques[J]. International Journal of Science and Research, 2014,3. |
[46] | KAVITHA S , ANANDHI R . A survey of image compression method for low depth-of-field images and image sequences[J]. Multimedi Tools and Applications, 2015,74(18):7943-7956. |
[47] | LI J , LI Y , CHEN X , et al. A hybrid cloud approach for secure author-ized deduplication[J]. Parallel and Distributed Systems, IEEE Trans-actions on, 2015,26(5):1206-1216. |
[48] | LI J , LI J , XIE D , et al. Secure auditing and deduplicating data in cloud[J]. IEEE Transactions on Computers, 2016,65(8):2386-2396. |
[49] | 阎芳, 李元章, 张全新 , 等. 基于对象的 OpenXML 复合文件去重方法研究[J]. 计算机研究与发展, 2015,52(7):1546-1557. YAN F , LI Y Z , ZHANG Q X , et al. Object-based data de-duplication method for openXML[J]. Journal of Computer Research and Devel-opment, 2015,52(7):1546-1557. |
[50] | LIU J , ASOKAN N , PINKAS B , et al. Secure deduplication of encrypted data without additional independent servers[C]// The 22nd ACM SIG-SAC Conference on Computer and Communications Security. ACM, Denver, USA, 2015:874-885. |
[51] | ARMKNECHT F , BOHLI J , KARAME G , et al. Transparent data deduplication in the cloud[C]// The 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, Denver, USA, 2015:886-900. |
[52] | ZHENG Y , YUAN X , WANG X , et al. Enabling encrypted cloud media center with secure deduplication[C]// The 10th ACM Sympo-sium on Information, Computer and Communications Security. ACM, Singapore, 2015:63-72. |
[53] | LI X , LI J , HUANG F . A secure cloud storage system supporting privacy-preserving fuzzy deduplication[J]. Soft Computing, 2016,20(4):1437-1448. |
[54] | 张沪寅, 周景才, 陈毅波 , 等. 用户感知的重复数据删除算法[J]. 软件学报, 2015,26(10):2581-2595. ZHANG H Y , ZHOU J C , CHEN Y B , et al. User-aware de-duplication algorithm[J]. Journal of Software, 2015,26(10):2581-2595. |
[55] | 熊金波, 李凤华, 王彦超 , 等. 基于密码学的云数据确定性删除研究进展[J]. 通信学报, 2016,37(8):167-184. XIONG J B , LI F H , WANG Y C , et al. Research progress on cloud data assured deletion based on cryptography[J]. , 2016,37(8):167-184. |
[56] | 李凤华, 李晖, 贾焰 , 等. 隐私计算研究范畴及发展趋势[J]. 通信学报, 2016,37(4):1-11. LI F H , LI H , JIA Y , et al. Privacy computing: concept, connotation and its research trend[J]. Journal on Communications, 2016,37(4):1-11. |
[1] | 马鑫迪, 李清华, 姜奇, 马卓, 高胜, 田有亮, 马建峰. 面向Non-IID数据的拜占庭鲁棒联邦学习[J]. 通信学报, 2023, 44(6): 138-153. |
[2] | 冯涛, 陈李秋, 方君丽, 石建明. 基于本地化差分隐私和属性基可搜索加密的区块链数据共享方案[J]. 通信学报, 2023, 44(5): 224-233. |
[3] | 夏莹杰, 朱思雨, 刘雪娇. 区块链架构下具有条件隐私的车辆编队跨信任域高效群组认证研究[J]. 通信学报, 2023, 44(4): 111-123. |
[4] | 胡柏吉, 张晓娟, 李元诚, 赖荣鑫. 支持多功能的V2G网络隐私保护数据聚合方案[J]. 通信学报, 2023, 44(4): 187-200. |
[5] | 徐明, 张保俊, 伍益明, 应晨铎, 郑宁. 面向网络攻击和隐私保护的多智能体系统分布式共识算法[J]. 通信学报, 2023, 44(3): 117-127. |
[6] | 余晟兴, 陈钟. 基于同态加密的高效安全联邦学习聚合框架[J]. 通信学报, 2023, 44(1): 14-28. |
[7] | 张学旺, 黎志鸿, 林金朝. 基于公平盲签名和分级加密的联盟链隐私保护方案[J]. 通信学报, 2022, 43(8): 131-141. |
[8] | 王继锋, 王国峰. 边缘计算模式下密文搜索与共享技术研究[J]. 通信学报, 2022, 43(4): 227-238. |
[9] | 封化民, 史瑞, 袁峰, 李艳俊, 杨旸. 高效的强隐私保护和可转让的属性票据方案[J]. 通信学报, 2022, 43(3): 63-75. |
[10] | 于海宁, 张宏莉, 余翔湛, 曲家兴, 葛蒙蒙. 隐私保护的轨迹相似度计算方法[J]. 通信学报, 2022, 43(11): 1-13. |
[11] | 彭滔, 钟文韬, 王国军, 罗恩韬, 熊金波, 刘忆宁, Hao Wang. 移动社交网络中面向隐私保护的精确好友匹配[J]. 通信学报, 2022, 43(11): 90-103. |
[12] | 史瑞, 封化民, 谢惠琴, 史国振, 刘飚, 杨旸. 基于带智能卡的移动终端实现的隐私保护的属性票据方案[J]. 通信学报, 2022, 43(10): 26-41. |
[13] | 熊金波, 周永洁, 毕仁万, 万良, 田有亮. 边缘协同的轻量级隐私保护分类框架[J]. 通信学报, 2022, 43(1): 127-137. |
[14] | 晏燕, 丛一鸣, Adnan Mahmood, 盛权政. 基于深度学习的位置大数据统计发布与隐私保护方法[J]. 通信学报, 2022, 43(1): 203-216. |
[15] | 马立川, 彭佳怡, 裴庆祺, 朱浩瑾. 高效的决策树隐私分类服务协议[J]. 通信学报, 2021, 42(8): 80-89. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|