通信学报 ›› 2017, Vol. 38 ›› Issue (3): 25-33.doi: 10.11959/j.issn.1000-436x.2017057

• 学术论文 • 上一篇    下一篇

新的云存储文件去重复删除方法

杨超1(),纪倩1,熊思纯1,刘茂珍1,马建峰1,姜奇1,白琳2   

  1. 1 西安电子科技大学网络与信息安全学院,陕西 西安 710071
    2 西安邮电大学计算机学院,陕西 西安 710121
  • 修回日期:2016-12-29 出版日期:2017-03-01 发布日期:2017-04-13
  • 作者简介:杨超(1979-),男,陕西西安人,西安电子科技大学副教授,主要研究方向为密码学与网络安全、云计算及移动智能计算安全。|纪倩(1989-),女,山西大同人,西安电子科技大学硕士生,主要研究方向为云计算和存储安全。|熊思纯(1992-),女,湖南娄底人,主要研究方向为云计算和网络安全。|刘茂珍(1993-),女,山东临沂人,主要研究方向为云存储安全。|马建峰(1963-),男,陕西西安人,西安电子科技大学教授、博士生导师,主要研究方向为计算机系统安全、移动与无线安全、系统可生存性和可信计算。|姜奇(1983-),男,安徽全椒人,西安电子科技大学副教授,主要研究方向为无线网络安全、安全协议。|白琳(1980-),女,陕西商州人,西安邮电大学副教授,主要研究方向为网络安全与智能信息处理。
  • 基金资助:
    国家自然科学基金资助项目(61672415);国家自然科学基金资助项目(61671360);国家自然科学基金资助项目(61672413);陕西省教育厅科研基金资助项目(14JK1665)

New method for file deduplication in cloud storage

Chao YANG1(),Qian JI1,Si-chun XIONG1,Mao-zhen LIU1,Jian-feng MA1,Qi JIANG1,Lin BAI2   

  1. 1 School of Cyber Engineering,Xidian University,Xi’an 710071,China
    2 School of Computer,Xi’an University of Posts & Telecommunications,Xi’an 710121,China
  • Revised:2016-12-29 Online:2017-03-01 Published:2017-04-13
  • Supported by:
    The National Natural Science Foundation of China(61672415);The National Natural Science Foundation of China(61671360);The National Natural Science Foundation of China(61672413);The Natural Science Project by Shaanxi Province Office of Education(14JK1665)

摘要:

去重被广泛地应用于云存储服务中以节省带宽和存储资源,然而,客户端去重复化删除中仍存在安全缺陷,使外部攻击者可访问用户私有数据。基于密文的跨用户的去重复化删除方案Xu-CDE被首次提出,该方案支持在外部攻击者和诚实且好奇的服务器同时存在的场景下保护数据隐私,具有良好的理论意义和代表性。然而该方案中的用户所有权认证凭据缺乏实时性保护,以致不能抵抗重放攻击。针对该缺陷,提出改进方案云存储中基于 MLE 与随机数改进的客户端密文去重(MRN-CDE),引入随机因子以保障认证凭据的实时性,并利用MLE-KP算法通过原始文件提取密钥代替用文件本身作为加密密钥,在提高安全性的同时大大降低了运算量。经过安全性分析与测试,结果表明,所提出的改进方案MRN-CDE在Xu-CDE方案的基础上,不仅增强所有权认证的安全性,而且在时间效率上也有所提高,对于云端大文件的文件去重效果尤其佳,具有一定的应用价值。

关键词: 加密数据, 去重, 所有权认证, 实时性, 云存储

Abstract:

Deduplication is widely used in cloud storage service to save bandwidth and storage resources,however,the security of client deduplication still flaws in an external attack to access a user’s private data.Xu-CDE,a deduplication solution of encrypting data for multi-client was first proposed,which could protect the privacy of data from the external attackers and honest but curious server,with favorable theoretical meaning and representativeness.However,in Xu-CDE,the user ownership authentication credentials were lack of instantaneity protection,which could not resist replay attack.As an improvement to the flaw,the protocol MRN-CDE (MLE based and random number modified client-side deduplication of encrypted data in cloud storage) was proposed,adding random number in order to ensure the instantaneity of the authentication credentials,and using the algorithm of MLE-KPto extract key from original file to replace the file itself as an encryption key.As a consequence,the new protocol improved security while significantly reduced the amount of computation.After the safety analysis and the actual tests,results show that based on Xu-CDE,the proposed protocol MRN-CDE has stronger security of ownership,and improves time efficiency.Specially,the new protocol works better on large files in cloud with a certain value.

Key words: encrypted data, deduplication, proof of ownership, instantaneity, cloud storage

中图分类号: 

No Suggested Reading articles found!