基于确定/概率性文件拥有证明的机密数据安全去重方案

doi:10.11959/j.issn.1000-436x.2015175

Abstract

Abstract:

To solve the difficult problems of sensitive data deduplication in cloud storage,such as detection and PoW (proofs of ownership) of the duplicated ciphertext,the attacks aiming at data sensitivity,etc,a Merkle hash tree based scheme called MHT-Dedup and a homomorphic MAC based scheme called hMAC-Dedup were proposed.Both schemes provided PoW of the ciphertext file to find duplicated files on cross-user file level and check the hash of block plaintext to find duplicated blocks on local block-level,which avoided the security flaws of the hash-as-a-proof method in the cross-user file-level client-side duplication detection.MHT-Dedup provided the deterministic PoW of file with an authen-ticating binary tree generated from the tags of encrypted blocks,which had lower computing and transferring cost,and hMAC-Dedup provided the probabilistic PoW of file by verifying some sampled blocks and their homomorphic MAC tags,which had lower additional storage cost.Analyses and comparisons show that proposed schemes are preferable in many as-pects such as supporting secure two-level client-side sensitive data deduplication and resisting to brute force attack to blocks.

Key words: cloud storage, sensitive data deduplication, proofs of ownership, Merkle hash tree, homomorphic MAC

Yue CHEN,Chao-ling LI,Ju-long LAN,Kai-chun JIN,Zhong-hui WANG. Secure sensitive data deduplication schemes based on deterministic/probabilistic proof of file ownership[J]. Journal on Communications, 2015, 36(9): 1-12.

Figures/Tables 6

References 26

[1]	DUTCH M , FREEMAN L . Understanding data de-duplication ra-tios[EB/OL]. . 2012.
[2]	CNET. Who owns your files on google drive[EB/OL]. . 2013.
[3]	Dropbox. Dropbox privacy policy[EB/OL]. . 2013.
[4]	Google. Google terms of service[EB/OL]. . 2013.
[5]	Apple Inc. Apple privacy policy (Covering iCloud)[EB/OL]. . 2013.
[6]	Microsoft. Microsoft services agreement[EB/OL]. . 2013.
[7]	Wired.com. Dropbox left user accounts unlocked for 4 hours sun-day[EB/OL]. . 2013.
[8]	Twitter. Tweetdeck[EB/OL]. . 2013.
[9]	DOUCEUR J R , ADYA A , BOLOSKY W J , et al. Reclaiming space from duplicate files in a serverless distributed file system[A]. Proc.of ICDCS'02[C]. 2002.617-624.
[10]	SHAI H , DANNY H , BENNY P , et al. Proofs of ownership in remote storage systems[A]. Proc.of the 18th ACM conference on Computer and communications security (CCS'11)[C]. New York,USA, 2011.491-500.
[11]	XU J , CHANG E C , ZHOU J Y . Leakage-Resilient Client-side Dedu-plication of Encrypted Data in Cloud Storage[A]. Cryptology ePrint Archive,Report 2011/538, 2011.
[12]	Dropship. Dropbox api utilities[EB/OL]. . 2013.
[13]	CHANG E C , XU J . Remote integrity check with dishonest storage server[A]. Proc.of ESORICS '08:European Symposium on Research in Computer Security:Computer Security[C]. Berlin,Heidelberg, 2008.223-237.
[14]	敖莉, 舒继武, 李明强 . 重复数据删除技术[J]. 软件学报 2010,21(5): 916-929. AO L , SHU J W , LI M Q . Data deduplication techniques[J]. Journal of Software, 2010,21(5): 916-929.
[15]	王灿, 秦志光, 冯朝胜，等. 面向重复数据消除的备份数据加密方法[J]. 计算机应用 2010,30(7): 1763-1766,1781. WANG C , QIN Z G , FENG C S , et al. Deduplication-oriented backup-data encryption method[J]. Journal of Computer Applications, 2010,30(7): 1763-1766,1781.
[16]	ANDERSON P , ZHANG L . Fast and secure laptop backups with en-crypted de-duplication[A]. Proc.of the 24th International Conference on Large Installation System Administration (LISA'10)[C]. 2010.29-40.
[17]	MARK W S , KEVIN G , DARRELL D E , et al. Secure data deduplica-tion[A]. Proc.of the 4th ACM International Workshop on Storage se-curity and survivability[C]. New York,USA, 2008.1-10.
[18]	王珂, 刘川意, 王春露 . 基于代理重加密的安全重复数据删除机制的研究[EB/OL]. . 2013. WANG K , LIU C Y , WANG C L . Research on secure de-duplication based on proxy-reencryption[EB/OL]. . 2013.
[19]	LIU C Y , LIU X J , WAN L . Policy-based de-duplication in secure cloud storage[J]. Trustworthy Computing and Services Communica-tions in Computer and Information Science, 2013,320:250-262.
[20]	KEONG N W , WEN Y G , ZHU H F . Private data deduplication proto-cols in cloud storage[A]. Proc.of the 27th Annual ACM Symposium on Applied Computing (SAC'12)[C]. New York,USA, 2012.441-446.
[21]	DANNY H , BENNY P , ALEXANDRA S P . Side channels in cloud ser-vices – the case of deduplication in cloud storage[J]. IEEE Security and Privacy Magazine,special issue of Cloud Security, 2010,8(6): 40-47.
[22]	TAN Y J , JIANG H , FENG D , et al. SAM:a semantic-aware multi-tiered source de-duplication framework for cloud backup[A]. 2010 39th International Conference on Parallel Processing[C]. San Diego,CA, 2010.614-623.
[23]	ROBERTO D P , ALESSANDRO S . Boosting efficiency and security in proof of ownership for deduplication[A]. Proc.of the 7th ACM Symposium on Information,Computer and Communications Security (ASIACCS'12)[C]. New York,USA, 2012.81-90.
[24]	JO?O B , LUíS V , PAULO F . Hash challenges:stretching the limits of compare-by-hash in distributed data deduplication[J]. Information Processing Letters, 2012,112:380-385.
[25]	王丽娜，任正伟，余荣威，等. 一种适于云存储的数据确定性删除方法[J]. 电子学报 2012,40(2): 266-272. WANG L N , REN Z W , YU R W , et al. A data assured deletion ap-proach adapted for cloud storage[J]. Acta Electronica Sinica, 2012,40(2): 266-272.
[26]	ATENIESE G , BURNS R , CURTMOLA R , et al. Provable data pos-session at untrusted stores[A]. Proc of ACM-CCS'07[C]. Alexandria,Virginia,USA, 2007.598-609.

Metrics

Recommended 0

No Suggested Reading articles found!

块序号	块摘要	lockbox	mapbox	块标签
1	h_F1	lb₁	mb₁	T₁
2	h_F2	lb₂	mb₂	T₂
…	…	…	…	…
n	h_{F n}	lb_n	mb_n	T_n

方案		Prove	Challenge/Verify
MHT-Dedup	User	(4n+2^p?1)T_h+T_HM+2nT_E+cTσ	/
MHT-Dedup	CSP	/	(n?1)T _h
hMAC-Dedup	User	(2c+2^p?1)T _h+T _HM+2cT _E+T∑	/
hMAC-Dedup	CSP	/	cT_σ+2T_∑

指标		Streaming	STRONG-CSD	s-POW3	文献[25]	本文
指标		Streaming	STRONG-CSD	s-POW3	文献[25]	MHT-DeduphMAC-Dedup
去重对象		数据的纠删码编码	数据密文	数据明文	数据的纠删码编码	数据密文	数据密文
去重类型		跨用户文件级客户端去重	跨用户文件级客户端去重	跨用户文件级客户端去重	跨用户文件级客户端去重	跨用户文件级客户端去重、本地数据块级客户端去重	跨用户文件级客户端去重、本地数据块级客户端去重
安全性		否	否	是	是	是	是
检查概率		1	1	1?(1?P_un)^c	1?(1?P )^c_{u n}	1	1?(1?P_un)^c
存储复杂度		O(1)	O(1)	O(tc)	O(n)	O(n logn)	O(n logn)
通信复杂度		O(clogn)	O(clogn)	O(c)	O(c)	O(n logn)	O(n logn)
计算复杂度	CSP	O(n)	O(n)	O(tc)	O(s+c)	O(n)	O(c+2^p)
计算复杂度	User	O(m)	O(m)	O(c)	O(m)	O(n+c)	O(c)

Secure sensitive data deduplication schemes based on deterministic/probabilistic proof of file ownership

RichHTML

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

Figures/Tables 6

References 26

Related Articles 15

Metrics

Recommended 0

[1]	Guanxiong HA, Qiaowen JIA, Hang CHEN, Chunfu JIA. Data popularity-based encrypted deduplication scheme without third-party servers [J]. Journal on Communications, 2022, 43(8): 17-29.
[2]	Tao FENG, Fanqi KONG, Chunyan LIU, Rong MA, Albettar Maher. Dual verifiable cloud storage scheme based on blockchain [J]. Journal on Communications, 2021, 42(12): 192-201.
[3]	Chunfu JIA, Guanxiong HA, Shaoqiang WU, Hang CHEN, Ruiqi LI. AONT-and-NTRU-based rekeying scheme for encrypted deduplication [J]. Journal on Communications, 2021, 42(10): 67-80.
[4]	Junfeng TIAN,Yanbiao WANG,Xinfeng HE,Juntao ZHANG,Wanhe YANG,Ya’nan PANG. Survey on the causal consistency of data [J]. Journal on Communications, 2020, 41(3): 154-167.
[5]	Wenlong KE,Yong WANG,Miao YE,Junqi CHEN. Priority differentiated multicast flow scheduling method in Ceph cloud storage network [J]. Journal on Communications, 2020, 41(11): 40-51.
[6]	Lei SUN,Zhiyuan ZHAO,Jianhua WANG,Zhiqiang ZHU. Attribute-based encryption scheme supporting attribute revocation in cloud storage environment [J]. Journal on Communications, 2019, 40(5): 47-56.
[7]	Xiangsong ZHANG,Chen LI,Zhenhua LIU. Key-exposure resilient integrity auditing scheme with encrypted data deduplication [J]. Journal on Communications, 2019, 40(4): 95-106.
[8]	Miaomiao TIAN,Chuang GAO,Jie CHEN. Identity-based cloud storage integrity checking from lattices [J]. Journal on Communications, 2019, 40(4): 128-139.
[9]	Junfeng TIAN,Mengjia CHAI,Liuling QI. Provable data possession scheme based on public verification and private verification [J]. Journal on Communications, 2019, 40(3): 48-59.
[10]	Ruizhong DU,Pengliang SHI,Xinfeng HE. Cloud data assured deletion scheme based on overwrite verification [J]. Journal on Communications, 2019, 40(1): 130-140.
[11]	Xincheng YAN,Yue CHEN,Hongyong JIA,Yanru CHEN,Xinyue ZHANG. Secure data sharing scheme supporting efficient synchronous evolution for ciphertext and key [J]. Journal on Communications, 2018, 39(5): 123-133.
[12]	Yue CHEN,Longjiang WANG,Xincheng YAN,Xinyue ZHANG. Mimic storage scheme based on regenerated code [J]. Journal on Communications, 2018, 39(4): 21-34.
[13]	Shaohui WANG,Xiaoxiao PAN,Zhiwei WANG,Fu XIAO,Ruchuan WANG. Analysis and improvement on identity-based cloud data integrity verification scheme [J]. Journal on Communications, 2018, 39(11): 98-105.
[14]	Bin WANG,Wei-min LI,Jin-fang SHENG,Si-nuo XIAO. TCCL:secure and efficient development of desktop cloud structure [J]. Journal on Communications, 2017, 38(Z1): 9-18.
[15]	Yan SONG,Zhen HAN,Jian-jun LI,Lei HAN. Research on cloud storage systems supporting secure sharing [J]. Journal on Communications, 2017, 38(Z1): 88-96.