共享所有权证明：协作云数据安全去重新方法

doi:10.11959/j.issn.1000-436x.2017139

通信学报 ›› 2017, Vol. 38 ›› Issue (7): 18-27.doi: 10.11959/j.issn.1000-436x.2017139

共享所有权证明：协作云数据安全去重新方法

熊金波^1,²,李素萍¹,张媛媛¹,李璇¹,叶阿勇²,姚志强^1,³

¹ 福建师范大学软件学院，福建福州350117
² 福建省网络安全与密码技术重点实验室，福建福州350007
³ 福建省公共服务大数据挖掘与应用工程技术研究中心，福建福州 350117

修回日期:2017-04-27 出版日期:2017-07-01 发布日期:2017-08-25
作者简介:熊金波（1981-），男，湖南益阳人，博士，福建师范大学副教授、硕士生导师，中国科学院信息工程研究所博士后，主要研究方向为云数据安全与隐私保护技术。|李素萍（1991-），女，福建三明人，福建师范大学硕士生，主要研究方向为云数据安全与隐私保护技术。|张媛媛（1992-），女，河南南阳人，福建师范大学硕士生，主要研究方向为云数据安全与隐私保护技术。|李璇（1984-），女，湖北黄石人，博士，福建师范大学副教授、硕士生导师，主要研究方向为信息安全。|叶阿勇（1977-），男，福建漳州人，博士，福建师范大学教授、硕士生导师，主要研究方向为隐私保护与网络安全等。|姚志强（1967-），男，福建莆田人，博士，福建师范大学教授、硕士生导师，主要研究方向为信息安全。
基金资助:
国家自然科学基金资助项目(61402109);国家自然科学基金资助项目(61370078);国家自然科学基金资助项目(61502102);国家自然科学基金资助项目(61502103);福建省自然科学基金资助项目(2015J05120);福建省自然科学基金资助项目(2017J05099);福建省网络安全与密码技术重点实验室开放课题基金资助项目(15008);福建省高校杰出青年科研人才培育计划基金资助项目(2015)

PoSW:novel secure deduplication scheme for collaborative cloud applications

Jin-bo XIONG^1,²,Su-ping LI¹,Yuan-yuan ZHANG¹,Xuan LI¹,EA-yong Y²,Zhi-qiang YAO^1,³

¹ Faculty of Software,Fujian Normal University,Fuzhou 350117,China
² Fujian Provincial Key Laboratory of Network Security and Cryptology,Fuzhou 350007,China
³ Fujian Engineering Research Center of Public Service Big Data Mining and Application,Fuzhou 350117,China

Revised:2017-04-27 Online:2017-07-01 Published:2017-08-25
Supported by:
The National Natural Science Foundation of China(61402109);The National Natural Science Foundation of China(61370078);The National Natural Science Foundation of China(61502102);The National Natural Science Foundation of China(61502103);The Natural Science Foundation of Fujian Province(2015J05120);The Natural Science Foundation of Fujian Province(2017J05099);Fujian Provincial Key Laboratory of Network Security and Cryptology Research Fund(15008);Distinguished Young Scientific Research Talents Plan in Universities of Fujian Province(2015)

摘要/Abstract

摘要：

针对共享文件的安全访问与去重问题，提出共享所有权证明（PoSW）的新概念，对其进行形式化定义，构造PoSW方案并对其进行扩展。在PoSW方案中，充分利用共享文件散布、收敛加密、秘密共享等技术对共享文件进行变换处理，实现对共享文件的分享授权；提出一种新的挑战—响应协议，实现共享所有权证明，为共享文件的安全去重提供基础；引入多云服务提供商对PoSW进行扩展，通过复制策略和安全文件散布策略提高不同类型共享文件的可用性和可靠性。安全性分析和性能分析表明所提PoSW方案是安全和高效的。

关键词: 共享所有权证明, 安全去重, 收敛加密, 安全文件散布, 云存储

Abstract:

In order to solve the problems of secure access and deduplication to the shared file in the cloud environment,a novel notion called proof of shared ownership (PoSW) was formalized,and a formal definition of the PoSW was given.Furthermore,a PoSW scheme and an enhanced version of that were proposed.In the PoSW scheme,secure shared file dispersal,convergent encryption and secret sharing algorithm were employed to transform the shared file realize the sharing and authorization for the shared file,and then a novel challenge-response protocol was proposed to achieve the proof of shared ownership and the foundation for the secure deduplication of the shared file was provided.An enhanced PoSW scheme was designed to improve the availability and reliability for different kinds of the shared files by introducing the multi-cloud server providers and using the strategies of both data duplication and secret file dispersal.Security analysis and performance evaluation show the security and efficiency of the proposed scheme.

Key words: proof of shared ownership, secure deduplication, convergent encryption, secure file dispersal, cloud storage

中图分类号:

TP309.2

熊金波,李素萍,张媛媛,李璇,叶阿勇,姚志强. 共享所有权证明：协作云数据安全去重新方法[J]. 通信学报, 2017, 38(7): 18-27.

Jin-bo XIONG,Su-ping LI,Yuan-yuan ZHANG,Xuan LI,EA-yong Y,Zhi-qiang YAO. PoSW:novel secure deduplication scheme for collaborative cloud applications[J]. Journal on Communications, 2017, 38(7): 18-27.

图/表 9

表1

图1

图2

图3

图4

图5

表2

PoSW与相关方案的开销对比分析"

方案	客户端计算开销	客户端读写开销	云服务器初始化读写开销	云服务器初始化计算开销	云服务器常规计算开销	云服务器内存开销
文献[17]方案	O(z)· hash	O(z)	O(z)	O(z)·hash	O(Q ·λ)· PRF	O(Q ·λ)
文献[18]方案	O(z)· hash	O(z)	O(z)	O(z)·hash	$O (\frac{l \cdot λ (\lg \frac{1}{p_{f}})}{p_{f}}) \cdot h a s h$	$O (\frac{\lg (\frac{1}{p_{f}})}{l})$
文献[19]方案	O(b)·CE· hash·hash	O(z)	O(z)	O(b) hash ·hash	O(Q lλ)·PRNG	O(Q lλ)
PoSW	O(b)·CE· hash·hash·SF	O(z)	O(z)	O(0)	O(Q lλ)·PRNG	O(Q lλ)
PoSW扩展方案1	O(b)·CE· hash·hash·SF	O(z)	O(z)	O(0)	O(Q lλ)·PRNG	O(Q lλ)
PoSW扩展方案2	O(b)·CE· hash·hash·SF	O(z)	O(z)	O(0)	O(Q lλ)·PRNG · SF	O(Q lλ)

表2

图6

图7

参考文献 29

[1]	WU D , YANG B , WANG H ,et al. Privacy-preserving multimedia big data aggregation in large-scale wireless sensor networks[J]. ACM Transactions on Multimedia Computing,Communications and Applications, 2016,12(4): 1-19.
[2]	XIONG J B , LI F H , MA J F ,et al. A full lifecycle privacy protection scheme for sensitive data in cloud computing[J]. Peer-to-Peer Networking and Applications, 2015,8(6): 1025-1037.
[3]	MITTAL S , VETTERJ S . A survey of architectural approaches for data compression in cache and main memory systems[J]. IEEE Transactions on Parallel and Distributed Systems, 2016,27(5): 1524-1536.
[4]	HARNIK D,PINKASB,SHULMAN-PELEGA , PINKASB , SHULMAN-PELEGA , . Side channels in cloud services:deduplication in cloud storage[J]. IEEE Security ＆Privacy, 2010,8(6): 40-47.
[5]	熊金波, 张媛媛, 李凤华 ,等. 云环境中数据安全去重研究进展[J]. 通信学报, 2016,37(11): 169-180.
	XIONG J B , ZHANG Y Y , LI F H ,et al. Research progress on secure data deduplication in cloud[J]. Journal on Communications, 2016,37(11): 169-180.
[6]	LIU J , ASOKAN N , PINKAS B . Secure deduplication of encrypted data without additional independent servers[C]// The 22nd ACM SIGSAC Conference on Computer and Communications Security. 2015: 874-885.
[7]	MEYER D , BOLOSKY W . A study of practical deduplication[J]. ACM Transactions on Storage (TOS), 2012,7(4): 14-26.
[8]	DOUCEUR J , ADYA A , BOLOSKY W ,et al. Reclaiming space from duplicate files in a serverless distributed file system[C]// The 22nd IEEE International Conference on Distributed Computing Systems. 2002: 617-624.
[9]	STANEK J , SORNIOTTI A , ANDROULAKI E ,et al. A secure data deduplication scheme for cloud storage[C]// The Financial Cryptography and Data Security. 2014: 99-118.
[10]	LI M , QIN C , LI J ,et al. CDStore:toward reliable,secure,and cost-efficient cloud storage via convergent dispersal[J]. IEEE Internet Computing, 2016,20(3): 45-53.
[11]	BELLARE M , KEELVEEDHI S , RISRENPART T . Message-locked encryption and secure deduplication[C]// The Advances in Cryptology-EUROCRYPT 2013. 2013: 296-312.
[12]	BELLARE M , KEELVEEDHI S , RISTENPART T . DupLESS:server-aided encryption for deduplicated storage[C]// The 22nd Usenix Conference on Security,Berkeley. 2013: 179-194.
[13]	杨超, 纪倩, 熊思纯 ,等. 新的云存储文件去重删除方法[J]. 通信学报, 2017,38(3): 25-33.
	YANG C , JI Q , XIONG S C ,et al. New method for file deduplication in cloud storage[J]. Journal on Communications, 2017,38(3): 25-33.
[14]	LI J , QIN C , LEE P P C ,et al. Rekeying for encrypted deduplication storage[C]// The 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. 2016: 618-629.
[15]	QIN C , LI J , LEE P P C . The design and implementation of a rekeying-aware encrypted deduplication storage system[J]. ACM Transactions on Storage, 2017,13(1): 9: 1-9: 30.
[16]	HALEVI S , HARNIK D , PINKAS B ,et al. Proofs of ownership in remote storage systems[C]// The 18th ACM Conference on Computer and Communications Security. 2011: 491-500.
[17]	PIETRO R D , SORNIOTTI A . Boosting efficiency and security in proof of ownership for deduplication[C]// The 7th ACM Symposium on Information,Computer and Communications Security. 2012: 81-82.
[18]	BLASCO J , PIETRO R D , ORFILA A ,et al. A tunable proof of ownership scheme for deduplication using bloom filters[C]// The 2014 IEEE Conference on Communications and Network Security (CNS). 2014: 481-489.
[19]	GONZáLEZ-MANZANO L , ORFILA A . An efficient confidentiality-preserving proof of ownership for deduplication[J]. Journal of Network and Computer Applications, 2015,50: 49-59.
[20]	SORIENTE C , KARAME G , RITZDORF H ,et al. Commune:shared ownership in an agnostic cloud[C]// The 20th ACM Symposium on Access Control Models and Technologies. 2015: 39-50.
[21]	LI J , CHEN X , HUANG X ,et al. Secure distributed deduplication systems with improved reliability[J]. IEEE Transactions on Computers, 2015,64(12): 3569-3579.
[22]	SHAMIR A . How to share a secret[J]. Communications of the ACM, 1979,22(11): 612-613.
[23]	毛波, 叶阁焰, 蓝琰佳 ,等. 一种基于重复数据删除技术的云中云存储系统[J]. 计算机研究与发展, 2015,52(6): 1278-1287.
	MAO B , YE G Y , LAN Y J ,et al. A data deduplication-based primary storage system in cloud-of-clouds[J]. Journal of Computer Research and Development, 2015,52(6): 1278-1287.
[24]	ABU-LIBDEH H , PRINCEHOUSE L , WEATHERSPOON H . RACS:a case for cloud storage diversity[C]// The 1st ACM Symposium on Cloud Computing. 2010: 229-240.
[25]	刘莎, 楚传仁 . 基于文件等级的Ceph数据冗余存储策略的研究[J]. 信息网络安全, 2016(4): 50-54.
	LIU S , CHU C R . Research on data placement strategy for Ceph based on file level[J]. Netinfo Security, 2016 (4): 50-54.
[26]	BESSANI A , CORREIA M , QUARESMA B ,et al. DepSky:dependable and secure storage in a cloud-of-clouds[J]. ACM Transactions on Storage (TOS), 2013,9(4): 31-46.
[27]	李凤华, 李晖, 贾焰 ,等. 隐私计算研究范畴及发展趋势[J]. 通信学报, 2016,37(4): 1-11.
	LI F H , LI H , JIA Y ,et al. Privacy computing:concept,connotation and its research trend[J]. Journal on Communications, 2016,37(4): 1-11.
[28]	熊金波, 李凤华, 王彦超 ,等. 基于密码学的云数据确定性删除研究进展[J]. 通信学报, 2016,37(8): 167-184.
	XIONG J B , LI F H , WANG Y C ,et al. Research progress on cloud data assured deletion based on cryptography[J]. Journal on Communications, 2016,37(8): 167-184.
[29]	XIONG J B , LIU X , YAO Z ,et al. A secure data self-destructing scheme in cloud computing[J]. IEEE Transactions on Cloud Computing, 2014,2(4): 448-458.

符号	符号描述
f	协作云应用产生的共享文件
f[i]	共享文件f的第i个文件块
z	共享文件f的长度
b	文件块长度
k_i	第i个文件块的加密密钥，k_i=H₂(f[i])
Θ[i]	共享文件的第i个密文块
id[i]	第i个所有者的id
token	文件块标识符token[i]←H₂(Θ[i])
n	token的数量
h_f	h_f ←H ₁(token)，共享文件的标识符
SO_i	共享文件的第i位所有者
H₁,H₂,H₃	抗碰撞散列函数
λ	安全参数

共享所有权证明：协作云数据安全去重新方法

PoSW:novel secure deduplication scheme for collaborative cloud applications

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 29

相关文章 15

Metrics

推荐阅读 0

[1]	哈冠雄, 贾巧雯, 陈杭, 贾春福. 无第三方服务器的基于数据流行度的加密去重方案[J]. 通信学报, 2022, 43(8): 17-29.
[2]	冯涛, 孔繁琪, 柳春岩, 马蓉, Maher Albettar. 基于区块链的双重可验证云存储方案[J]. 通信学报, 2021, 42(12): 192-201.
[3]	贾春福, 哈冠雄, 武少强, 陈杭, 李瑞琪. 加密去重场景下基于AONT和NTRU的密钥更新方案[J]. 通信学报, 2021, 42(10): 67-80.
[4]	田俊峰,王彦骉,何欣枫,张俊涛,杨万贺,庞亚南. 数据因果一致性研究综述[J]. 通信学报, 2020, 41(3): 154-167.
[5]	柯文龙,王勇,叶苗,陈俊奇. Ceph云存储网络中一种业务优先级区分的多播流调度方法[J]. 通信学报, 2020, 41(11): 40-51.
[6]	孙磊,赵志远,王建华,朱智强. 云存储环境下支持属性撤销的属性基加密方案[J]. 通信学报, 2019, 40(5): 47-56.
[7]	张襄松,李晨,刘振华. 抗密钥泄露的支持密态数据去重的完整性审计方案[J]. 通信学报, 2019, 40(4): 95-106.
[8]	田苗苗,高闯,陈洁. 格上基于身份的云存储完整性检测方案[J]. 通信学报, 2019, 40(4): 128-139.
[9]	田俊峰,柴梦佳,齐鎏岭. 基于公有验证和私有验证的数据持有性验证方案[J]. 通信学报, 2019, 40(3): 48-59.
[10]	杜瑞忠,石朋亮,何欣枫. 基于覆写验证的云数据确定性删除方案[J]. 通信学报, 2019, 40(1): 130-140.
[11]	严新成,陈越,贾洪勇,陈彦如,张馨月. 支持高效密文密钥同步演化的安全数据共享方案[J]. 通信学报, 2018, 39(5): 123-133.
[12]	陈越,王龙江,严新成,张馨月. 基于再生码的拟态数据存储方案[J]. 通信学报, 2018, 39(4): 21-34.
[13]	王少辉,潘笑笑,王志伟,肖甫,王汝传. 对基于身份云数据完整性验证方案的分析与改进[J]. 通信学报, 2018, 39(11): 98-105.
[14]	王斌,李伟民,盛津芳,肖斯诺. TCCL：安全高效的拓展云桌面架构[J]. 通信学报, 2017, 38(Z1): 9-18.
[15]	宋衍,韩臻,李建军,韩磊. 支持安全共享的云存储系统研究[J]. 通信学报, 2017, 38(Z1): 88-96.