无第三方服务器的基于数据流行度的加密去重方案

doi:10.11959/j.issn.1000-436x.2022151

Abstract

Abstract:

It is effective to balance data security and storage efficiency for setting different levels of security protection for data based on popularity in encrypted deduplication systems.Existing schemes all need introduce a trusted third-party for recording data popularity, while the third party is prone to a single point of failure and efficiency bottleneck.To address this problem, a popularity-based encrypted deduplication scheme without third-party servers was proposed, which accurately recorded the data popularity based on the Count-Min sketch algorithm and Merkle Puzzles protocol, and achieved encrypted deduplication of unpopular data through the sPAKE protocols performed among users.Security analysis and experimental evaluation show that the proposed scheme is secure and efficient.

Key words: cloud storage, encrypted deduplication, data popularity, Count-Min sketch algorithm, sPAKE protocol

CLC Number:

TP309.2

Guanxiong HA, Qiaowen JIA, Hang CHEN, Chunfu JIA. Data popularity-based encrypted deduplication scheme without third-party servers[J]. Journal on Communications, 2022, 43(8): 17-29.

Figures/Tables 14

方案	不流行数据首次上传	不流行数据后续上传	流行度转换
文献[6]	$(2 SE + H) O (l_{F}) + TE O (λ)$	$(2 SE + H) O (l_{F}) + TE O (λ)$	$(2 SE + H) O (l_{F}) + TE O (λ)$
文献[8]	$(2 SE + H +PoW) O (l_{F}) + HE O (λ)$	$(2 SE + H +PoW) O (l_{F}) + HE O (λ)$	$(2 SE + H +PoW) O (l_{F}) + HE O (λ)$
文献[9]	$(2 SE + H) O (l_{F}) + SS O (λ)$	$(2 SE + H) O (l_{F}) + SS O (λ)$	$(2 SE + H) O (l_{F}) + SS O (λ)$
本文方案	$(2 SE + H + PoW) O (l_{F}) +sPAKE$	$(2 SE + 2 H + PoW) O (l_{F}) +SK O (l_{λ}) +sPAKE$	$(2 SE + 2 H +PoW) O (l_{F}) +SK O (λ) +sPAKE+PT$

References 27

[1]	冯登国, 张敏, 张妍 ,等. 云计算安全研究[J]. 软件学报, 2011,22(1): 71-83.
	FENG D G , ZHANG M , ZHANG Y ,et al. Study on cloud computing security[J]. Journal of Software, 2011,22(1): 71-83.
[2]	熊金波, 张媛媛, 李凤华 ,等. 云环境中数据安全去重研究进展[J]. 通信学报, 2016,37(11): 169-180.
	XIONG J B , ZHANG Y Y , LI F H ,et al. Research progress on secure data deduplication in cloud[J]. Journal on Communications, 2016,37(11): 169-180.
[3]	SHIN Y , KOO D , HUR J . A survey of secure data deduplication schemes for cloud storage systems[J]. ACM Computing Surveys, 2017,49(4): 1-38.
[4]	DOUCEUR J R , ADYA A , BOLOSKY W J ,et al. Reclaiming space from duplicate files in a serverless distributed file system[C]// Proceedings of the 22nd International Conference on Distributed Computing Systems. Piscataway:IEEE Press, 2002: 617-624.
[5]	BELLARE M , KEELVEEDHI S , RISTENPART T . DupLESS:server-aided encryption for deduplicated storage[C]// Proceedings of the 22nd USENIX Conference on Security. Berkeley:USENIX Association, 2013: 179-194.
[6]	STANEK J , KENCL L . Enhanced secure thresholded data deduplication scheme for cloud storage[J]. IEEE Transactions on Dependable and Secure Computing, 2018,15(4): 694-707.
[7]	PUZIO P , MOLVA R , ?NEN M ,et al. PerfectDedup:secure data deduplication[C]// Proceedings of the 10th International Workshop on Data Privacy Management. Berlin:Springer, 2015: 150-166.
[8]	HA G X , CHEN H , JIA C F ,et al. A secure deduplication scheme based on data popularity with fully random tags[C]// Proceedings of 2021 IEEE 20th International Conference on Trust,Security and Privacy in Computing and Communications (TrustCom). Piscataway:IEEE Press, 2021: 207-214.
[9]	高文静, 咸鹤群, 程润辉 . 基于双层加密和密钥共享的云数据去重方法[J]. 计算机学报, 2021,44(11): 2203-2215.
	GAO W J , XIAN H Q , CHENG R H . A cloud data deduplication method based on double-layered encryption and key sharing[J]. Chinese Journal of Computers, 2021,44(11): 2203-2215.
[10]	CORMODE G , MUTHUKRISHNAN S . An improved data stream summary:the Count-Min sketch and its applications[J]. Journal of Algorithms, 2005,55(1): 58-75.
[11]	MCQUOID I , ROSULEK M , ROY L . Minimal symmetric PAKE and 1-out-of-N OT from programmable-once public functions[C]// Pro ceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2020: 425-442.
[12]	MERKLE R C . Secure communications over insecure channels[J]. Communications of the ACM, 1978,21(4): 294-299.
[13]	XU J , CHANG E C , ZHOU J Y . Weak leakage-resilient client-side deduplication of encrypted data in cloud storage[C]// Proceedings of the 8th ACM SIGSAC symposium on Information,Computer and Communications Security. New York:ACM Press, 2013: 195-206.
[14]	HALEVI S , HARNIK D , PINKAS B ,et al. Proofs of ownership in remote storage systems[C]// Proceedings of the 18th ACM Conference on Computer and Communications Security. New York:ACM Press, 2011: 491-500.
[15]	BELLARE M , KEELVEEDHI S , RISTENPART T . Message-locked encryption and secure deduplication[C]// Advances in Cryptology EUROCRYPT 2013. Berlin:Springer, 2013: 296-312.
[16]	熊金波, 李素萍, 张媛媛 ,等. 共享所有权证明:协作云数据安全去重新方法[J]. 通信学报, 2017,38(7): 18-27.
	XIONG J B , LI S P , ZHANG Y Y ,et al. PoSW:novel secure deduplication scheme for collaborative cloud applications[J]. Journal on Communications, 2017,38(7): 18-27.
[17]	XU R H , JOSHI J , KRISHNAMURTHY P . An integrated privacy preserving attribute-based access control framework supporting secure deduplication[J]. IEEE Transactions on Dependable and Secure Computing, 2021,18(2): 706-721.
[18]	贾春福, 哈冠雄, 李瑞琪 . 密文去重系统中的数据访问控制策略[J]. 通信学报, 2020,41(5): 72-83.
	JIA C F , HA G X , LI R Q . Data access control policy of encrypted deduplication system[J]. Journal on Communications, 2020,41(5): 72-83.
[19]	贾春福, 哈冠雄, 武少强 ,等. 加密去重场景下基于 AONT 和NTRU的密钥更新方案[J]. 通信学报, 2021,42(10): 67-80.
	JIA C F , HA G X , WU S Q ,et al. AONT-and-NTRU-based rekeying scheme for encrypted deduplication[J]. Journal on Communications, 2021,42(10): 67-80.
[20]	LI J W , LEE P P C , TAN C F ,et al. Information leakage in encrypted deduplication via frequency analysis[J]. ACM Transactions on Storage, 2020,16(1): 1-30.
[21]	LI J W , YANG Z R , REN Y J ,et al. Balancing storage efficiency and data confidentiality with tunable encrypted deduplication[C]// Proceedings of the Fifteenth European Conference on Computer Systems. New York:ACM Press, 2020: 1-15.
[22]	HARNIK D , PINKAS B , SHULMAN-PELEG A , . Side channels in cloud services:deduplication in cloud storage[J]. IEEE Security ＆Privacy, 2010,8(6): 40-47.
[23]	ZHANG Y , MAO Y L , XU M Z ,et al. Towards thwarting template side-channel attacks in secure cloud deduplications[J]. IEEE Transactions on Dependable and Secure Computing, 2021,18(3): 1008-1018.
[24]	YU C M , GOCHHAYAT S P , CONTI M ,et al. Privacy aware data deduplication for side channel in cloud storage[J]. IEEE Transactions on Cloud Computing, 2020,8(2): 597-609.
[25]	ABDALLA M , POINTCHEVAL D . Simple password-based encrypted key exchange protocols[C]// The Cryptographers’ Track at the RSA Conference. Berlin:Springer, 2005: 191-208.
[26]	YU C M , . POSTER:efficient cross-user chunk-level client-side data deduplication with symmetrically encrypted two-party interactions[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2016: 1763-1765.
[27]	LIU J , ASOKAN N , PINKAS B . Secure deduplication of encrypted data without additional independent servers[C]// Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2015: 874-885.

Metrics

Recommended 0

No Suggested Reading articles found!

方案	特点	缺陷
文献[4-5]	哈希值作为去重标签	易受离线字典攻击
文献[6-7]	部署可信第三方	存在效率瓶颈与单点故障
文献[8-9]	部署半可信第三方	存在效率瓶颈

符号	含义
t	流行度阈值
sh(?)	短哈希函数
H (?)	哈希函数（如SHA-256）
H (k,?)	密钥为k的HMAC
Enc(?)	对称加密算法（如AES）
Dec(?)	对称解密算法（如AES）
E_pk(?)	RSA加密算法
D_sk(?)	RSA解密算法
k_c	收敛密钥
k_r	随机密钥
C_F	收敛密文
Cr	随机密文
H_CE	收敛密文的哈希值
H_C	随机密文的哈希值
pF	所有权证明值
pt	所有权证明的辅助信息
num	数据的所有者数量

方案	语义安全	数据完整性	所有权证明	抗伪造攻击	数据去重
文献[6]	√	×	×	√	×
文献[7]	√	×	×	√	×
文献[8]	×	√	√	√	√
文献[9]	√	√	√	√	×
本文方案	√	√	√	√	√

Data popularity-based encrypted deduplication scheme without third-party servers

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 14

References 27

Related Articles 15

Metrics

Recommended 0

[1]	Tao FENG, Fanqi KONG, Chunyan LIU, Rong MA, Albettar Maher. Dual verifiable cloud storage scheme based on blockchain [J]. Journal on Communications, 2021, 42(12): 192-201.
[2]	Chunfu JIA, Guanxiong HA, Shaoqiang WU, Hang CHEN, Ruiqi LI. AONT-and-NTRU-based rekeying scheme for encrypted deduplication [J]. Journal on Communications, 2021, 42(10): 67-80.
[3]	Junfeng TIAN,Yanbiao WANG,Xinfeng HE,Juntao ZHANG,Wanhe YANG,Ya’nan PANG. Survey on the causal consistency of data [J]. Journal on Communications, 2020, 41(3): 154-167.
[4]	Wenlong KE,Yong WANG,Miao YE,Junqi CHEN. Priority differentiated multicast flow scheduling method in Ceph cloud storage network [J]. Journal on Communications, 2020, 41(11): 40-51.
[5]	Lei SUN,Zhiyuan ZHAO,Jianhua WANG,Zhiqiang ZHU. Attribute-based encryption scheme supporting attribute revocation in cloud storage environment [J]. Journal on Communications, 2019, 40(5): 47-56.
[6]	Xiangsong ZHANG,Chen LI,Zhenhua LIU. Key-exposure resilient integrity auditing scheme with encrypted data deduplication [J]. Journal on Communications, 2019, 40(4): 95-106.
[7]	Miaomiao TIAN,Chuang GAO,Jie CHEN. Identity-based cloud storage integrity checking from lattices [J]. Journal on Communications, 2019, 40(4): 128-139.
[8]	Junfeng TIAN,Mengjia CHAI,Liuling QI. Provable data possession scheme based on public verification and private verification [J]. Journal on Communications, 2019, 40(3): 48-59.
[9]	Ruizhong DU,Pengliang SHI,Xinfeng HE. Cloud data assured deletion scheme based on overwrite verification [J]. Journal on Communications, 2019, 40(1): 130-140.
[10]	Xincheng YAN,Yue CHEN,Hongyong JIA,Yanru CHEN,Xinyue ZHANG. Secure data sharing scheme supporting efficient synchronous evolution for ciphertext and key [J]. Journal on Communications, 2018, 39(5): 123-133.
[11]	Yue CHEN,Longjiang WANG,Xincheng YAN,Xinyue ZHANG. Mimic storage scheme based on regenerated code [J]. Journal on Communications, 2018, 39(4): 21-34.
[12]	Shaohui WANG,Xiaoxiao PAN,Zhiwei WANG,Fu XIAO,Ruchuan WANG. Analysis and improvement on identity-based cloud data integrity verification scheme [J]. Journal on Communications, 2018, 39(11): 98-105.
[13]	Bin WANG,Wei-min LI,Jin-fang SHENG,Si-nuo XIAO. TCCL:secure and efficient development of desktop cloud structure [J]. Journal on Communications, 2017, 38(Z1): 9-18.
[14]	Yan SONG,Zhen HAN,Jian-jun LI,Lei HAN. Research on cloud storage systems supporting secure sharing [J]. Journal on Communications, 2017, 38(Z1): 88-96.
[15]	Rui-zhong DU,Shao-xuan WANG,Jun-feng TIAN. Cloud storage scheme based on closed-box encryption [J]. Journal on Communications, 2017, 38(7): 1-10.