云环境中数据安全去重研究进展

doi:10.11959/j.issn.1000-436x.2016238

Abstract

Abstract:

In order to improve the efficiency of cloud storage and save the communication bandwidth, a deduplication mechanism for multi-duplicate of the same data in cloud environment was needed. However, the implement of the secure data deduplication was seriously hindered by the ciphertext in cloud. This issue has quickly aroused wide attention of academia and industry, and became a research hotspot. From a security standpoint, firstly the primary cause and the main challenges of secure data deduplication in cloud environment was analyzed, and then the deduplication system model as well as its security model was described. Furthermore, focusing on the realization mechanism of secure data deduplica-tion, the thorough analyses were carried on and reviews for the related research works in recent years from content-based encryption, proof of ownership and privacy protection for secure deduplication, then the advantages and common prob-lems of various key technologies and methods were summed up. Finally, the future research directions and development trends on secure data deduplication in cloud was given.

Key words: secure deduplication, content-based encryption, proof of ownership, privacy protection, data deduplication

Jin-bo XIONG,Yuan-yuan ZHANG,Feng-hua LI,Su-ping LI,Jun REN,Zhi-qiang YAO. Research progress on secure data deduplication in cloud[J]. Journal on Communications, 2016, 37(11): 169-180.

Figures/Tables 8

方案	客户端计算开销	客户端读写开销	服务器初始化计算开销	服务器去重计算开销	服务器初始化读写开销	服务器常规读写开销	服务器内存开销	通信带宽消耗
PoW^[23]	O(f)Hash	O(f)	O(f) Hash	O(1)	O(f)	O(0)	O(1)	O(λlogλ)
s-PoW^[26]	O(f)Hash	O(f)	O(f) Hash	O(nλ)PRF	O(f)	O(nλ)	O(nλ)	O(λ)
BF-PoW^[27]	O(f)Hash	O(f)	O(f) Hash	O(?)Hash	O(f)	O(0)	O(Ψ)	$O (\frac{1 λ}{p_{f}})$
CE-PoW^[28]	O(b) CE·Hash·Hash	O(f)	O(b)·Hash·Hash	O(nlλ)PRNG	O(f)	O(0)	O(nlλ)	O(lλ)
注：其中，f表示文件长度，n表示预设的挑战数目，λ表示安全参数，p_f表示BF的误判率，l表示token的长度，Hash表示执行一次散列函数的开销，CE表示执行一次收敛加密的开销，PRF表示执行一次伪随机函数的开销，PRNG(pseudo-random number generator)表示执行一次伪随机序列发生器的开销， $Ω = \frac{1 λ (\log \frac{1}{p_{f}})}{p_{f}}$ , $ψ = \frac{\log \frac{1}{p_{f}}}{l}$ 。

References 56

[1]	XIONG J , LI F , MA J , et al. A full lifecycle privacy protection scheme for sensitive data in cloud computing[J]. Peer-to-Peer Networking and Applications, 2014,8(6):1-13.
[2]	MITTAL S , VETTER J . A survey of architectural approaches for data compression in cache and main memory systems[J]. IEEE Transac-tions on Parallel and Distributed Systems, 2016,27(5):1524-1536.
[3]	敖莉，舒继武，李明强 . 重复数据删除技术[J]. 软件学报, 2010,21(5):916-929. AO L , SHU J W , LI M Q . Data deduplication techniques[J]. Journal of Software, 2010,21(5):916-929.
[4]	付印金，肖侬，刘芳 . 重复数据删除关键技术研究进展[J]. 计算机研究与发展, 2012,49(1):12-20. FU Y J , XIAO N , LIU F . Research and development on key techniques of data deduplication[J]. Journal of Computer Research and Devel-opment, 2012,49(1):12-20.
[5]	XIA W , JIANG H , FENG D , et al. A comprehensive study of the past, present, and future of data deduplication[J]. Proceedings of the IEEE, 2016,104(9):1681-1710.
[6]	PAULO J , PEREIRA J . A survey and classification of storage deduplica-tion systems[J]. ACM Computing Surveys (CSUR), 2014,47(1):1-30.
[7]	YU S . Big privacy: challenges and opportunities of privacy study in the age of big data[J]. IEEE Access, 2016,4:2751-2763.
[8]	RABOTKA V , MANNAN M . An evaluation of recent secure dedupli-cation proposals[J]. Journal of Information Security and Applications, 2016,27:3-18.
[9]	DOUCEUR J , ADYA A , BOLOSKY W , et al. Reclaiming space from duplicate files in a serverless distributed file system[C]// International Conference on Distributed Computing Systems. 2002:617-624.
[10]	LI M , QIN C , LEE P . CDStore: toward reliable, secure, and cost-efficient cloud storage via convergent dispersal[C]// USENIX Annual Technical Conference (USENIX ATC 15). Santa, Clara, 2015:111-124.
[11]	BELLARE M , KEELVEEDHI S , RISTENPART T . Message-locked encryption and secure deduplication[M]. Advances in Cryptol-ogy–EUROCRYPT 2013. Springer Berlin Heidelberg, 2013:296-312.
[12]	CHEN R , MU Y , YANG G , et al. BL-MLE: block-level message-locked encryption for secure large file deduplication[J]. IEEE Transactions on Information Forensics and Security, 2015,10(12):2643-2652.
[13]	BELLARE M , KEELVEEDHI S . Interactive message-locked encryp-tion and secure deduplication[M]. Public-Key Cryptography——PKC 2015. Springer Berlin Heidelberg, 2015:516-538.
[14]	KEELVEEDHI S , BELLARE M , RISTENPART T . DupLESS:server-aided encryption for deduplicated storage[C]// 22nd USENIX Se-curity Symposium (USENIX Security 13). Washington, 2013:179-194.
[15]	LI J , QIN C , LEE P , et al. Rekeying for encrypted deduplication storage[C]// The 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2016), Toulouse, France, 2016.
[16]	PUZIO P , MOLVA R , ONEN M , et al. ClouDedup: secure deduplica-tion with encrypted data for cloud storage[C]// Cloud Computing Technology and Science (CloudCom), 2013 IEEE 5th International Conference on. IEEE, Bristol, UK, 2013:363-370.
[17]	MIAO M , WANG J , LI H , et al. Secure multi-server-aided data dedu-plication in cloud computing[J]. Pervasive and Mobile Computing, 2015,24:129-137.
[18]	STANEK J , SORNIOTTI A , ANDROULAKI E , et al. A secure data deduplication scheme for cloud storage[M]. Financial Cryptography and Data Security. Springer Berlin Heidelberg, 2014:99-118.
[19]	PUZIO P , MOLVA R , ?NEN M , et al. PerfectDedup: secure data deduplication[C]// International Workshop on Data Privacy Manage-ment. Springer International Publishing,Atlanta, 2015:150-166.
[20]	RABOTKA V , MANNAN M . An evaluation of recent secure dedupli-cation proposals[J]. Journal of Information Security and Applications, 2016,27:3-18.
[21]	SHIN Y , KIM K . Differentially private client-side data deduplication protocol for cloud storage services[J]. Security and Communication Networks, 2015,8(12):2114-2123.
[22]	DWORK C , LEI J . Differential privacy and robust statistics[C]// The forty-first annual ACM symposium on Theory of computing. ACM, Bethesda, 2009:371-380.
[23]	HALEVI S , HARNIK D , PINKAS B , et al. Proofs of ownership in remote storage systems[C]// The 18th ACM conference on Computer and Communications Security. ACM, Chicago, 2011:491-500.
[24]	XU J , CHANG E , ZHOU J . Weak leakage-resilient client-side dedupli-cation of encrypted data in cloud storage[C]// 8th ACM SIGSAC Sym-posium on Information, Computer and Communications Security, ASIA CCS '13, ACM. Hangzhou, China, 2013:195-206.
[25]	陈越，李超零，兰巨龙，等．基于确定/概率性文件拥有证明的机密数据安全去重方案[J]. 通信学报, 2015,36(9):1-12. CHEN Y , LI C L , LAN J L , et al. Secure sensitive data deduplication schemes based on deterministic/probabilistic proof of file ownership[J]. Journal on Communications, 2015,36(9):1-12.
[26]	DI PIETRO R , SORNIOTTI A . Boosting efficiency and security in proof of ownership for deduplication[C]// The 7th ACM Symposium on Information, Computer and Communications Security. ACM, Seoul, 2012:81-82.
[27]	BLASCO J , DI PIETRO R , ORFILA A , et al. A tunable proof of ownership scheme for deduplication using bloom filters[C]// Commu-nications and Network Security (CNS), 2014 IEEE Conference on. IEEE, San Francisco, California, 2014:481-489.
[28]	GONZáLEZ-MANZANO L , ORFILA A . An efficient confidential-ity-preserving proof of ownership for deduplication[J]. Journal of Network and Computer Applications, 2015,50:49-59.
[29]	XU J , ZHOU J . Leakage resilient proofs of ownership in cloud storage, revisited[C]// Applied Cryptography and Network Security. Springer International Publishing, New York, 2014:97-115.
[30]	JUELS A , KALISKI J . PoRs: proofs of retrievability for large files[C]// 14th ACM conference on Computer and Communications Security, CCS '07. New York, 2007:584-597.
[31]	YANG C , REN J , MA J . Provable ownership of files in deduplication cloud storage[J]. Security and Communication Networks, 2015,8(14):2457-2468.
[32]	杨超，张俊伟，董学文，等．云存储加密数据去重删除所有权证明方法[J]. 计算机研究与发展, 2015,52(1):248-268. YANG C , ZHANG J W , DONG X W , et al. Proving method of own-ership of encrypted files in cloud de-duplication deletion[J]. Journal of Computer Research and Development, 2015,52(1):248-268.
[33]	ZHENG Q , XU S . Secure and efficient proof of storage with dedupli-cation[C]// The 2nd ACM Conference on Data and Application Secu-rity and Privacy. ACM, San Antonio, 2012:1-12.
[34]	ATEBIESE G , DAGDELEN ? , DAMG?RD I , et al. Entangled cloud storage[J]. Future Generation Computer Systems, 2016,62:104-118.
[35]	ATENIESE G , BURNS R , CURTMOLA R , et al. Provable data pos-session at untrusted stores[C]// The 14th ACM Conference on Com-puter and Communications Security. ACM, New York, USA, 2007:598-609.
[36]	REN Y , SHEN J , WANG J , et al. Mutual verifiable provable data auditing in public cloud storage[J]. Journal of Internet Technology, 2015,16(2):317-323.
[37]	WANG B , CHOW S , LI M , et al. Storing shared data on the cloud via security-mediator[C]// Distributed Computing Systems (ICDCS), 2013 IEEE 33rd International Conference on. IEEE, Macau, China, 2013:124-133.
[38]	王宏远，祝烈煌，李龙一佳 . 云存储中支持数据去重的群组数据持有性证明[J]. 软件学报, 2016,27(6):1417-1431. WANG H Y , ZHU L H , LI L Y J . Group provable data possession with deduplication in cloud storage[J]. Journal of Software, 2016,27(6):1417-1431.
[39]	YU C , CHEN C , CHAO H . Proof of ownership in deduplicated cloud storage with mobile device efficiency[J]. Network, IEEE, 2015,29(2):51-55.
[40]	HARNIK D , PINKAS B , SHULMAN-PELEG A . Side channels in cloud services: deduplication in cloud storage[J]. IEEE Security ＆Privacy, 2010,8(6):40-47.
[41]	LEE S , CHOI D . Privacy-preserving cross-user source-based data deduplication in cloud storage[C]// 2012 International Conference on ICT Convergence (ICTC). IEEE, Jeju, Korea, 2012:329-330.
[42]	DWORK C . Differential privacy: a survey of results[C]// International Conference on Theory and Applications of Models of Computation. Springer Berlin Heidelberg.Xi'an, China, 2008,4978:1-19.
[43]	SORIENTE C , KARAME G , RITZDORF H , et al. Commune:shared ownership in an agnostic cloud[C]// The 20th ACM Sympo-sium on Access Control Models and Technologies. ACM, Austria, 2015:39-50.
[44]	CHENG H , RONG C , HWANG K , et al. Secure big data storage and sharing scheme for cloud tenants[J]. China Communications, 2015,12(6):106-115.
[45]	SINGH A , SINGH G . A survey on different text data compression techniques[J]. International Journal of Science and Research, 2014,3.
[46]	KAVITHA S , ANANDHI R . A survey of image compression method for low depth-of-field images and image sequences[J]. Multimedi Tools and Applications, 2015,74(18):7943-7956.
[47]	LI J , LI Y , CHEN X , et al. A hybrid cloud approach for secure author-ized deduplication[J]. Parallel and Distributed Systems, IEEE Trans-actions on, 2015,26(5):1206-1216.
[48]	LI J , LI J , XIE D , et al. Secure auditing and deduplicating data in cloud[J]. IEEE Transactions on Computers, 2016,65(8):2386-2396.
[49]	阎芳，李元章，张全新，等．基于对象的 OpenXML 复合文件去重方法研究[J]. 计算机研究与发展, 2015,52(7):1546-1557. YAN F , LI Y Z , ZHANG Q X , et al. Object-based data de-duplication method for openXML[J]. Journal of Computer Research and Devel-opment, 2015,52(7):1546-1557.
[50]	LIU J , ASOKAN N , PINKAS B , et al. Secure deduplication of encrypted data without additional independent servers[C]// The 22nd ACM SIG-SAC Conference on Computer and Communications Security. ACM, Denver, USA, 2015:874-885.
[51]	ARMKNECHT F , BOHLI J , KARAME G , et al. Transparent data deduplication in the cloud[C]// The 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, Denver, USA, 2015:886-900.
[52]	ZHENG Y , YUAN X , WANG X , et al. Enabling encrypted cloud media center with secure deduplication[C]// The 10th ACM Sympo-sium on Information, Computer and Communications Security. ACM, Singapore, 2015:63-72.
[53]	LI X , LI J , HUANG F . A secure cloud storage system supporting privacy-preserving fuzzy deduplication[J]. Soft Computing, 2016,20(4):1437-1448.
[54]	张沪寅，周景才，陈毅波，等．用户感知的重复数据删除算法[J]. 软件学报, 2015,26(10):2581-2595. ZHANG H Y , ZHOU J C , CHEN Y B , et al. User-aware de-duplication algorithm[J]. Journal of Software, 2015,26(10):2581-2595.
[55]	熊金波，李凤华，王彦超，等．基于密码学的云数据确定性删除研究进展[J]. 通信学报, 2016,37(8):167-184. XIONG J B , LI F H , WANG Y C , et al. Research progress on cloud data assured deletion based on cryptography[J]. , 2016,37(8):167-184.
[56]	李凤华，李晖，贾焰，等．隐私计算研究范畴及发展趋势[J]. 通信学报, 2016,37(4):1-11. LI F H , LI H , JIA Y , et al. Privacy computing: concept, connotation and its research trend[J]. Journal on Communications, 2016,37(4):1-11.

Metrics

Recommended 0

No Suggested Reading articles found!

攻击类型	抵抗攻击的方案
蛮力攻击	DupLESS^[14]、REED^[15]、multi-server-aided^[17]
侧信道攻击	CDStore^[10]、ClouDedup^[16]、Shin方案^[22]
字典攻击	DupLESS^[14]、ClouDedup^[16]、PerfectDedup^[19]
伪造攻击	MLE^[11]、iMLE^[13]
Sybil攻击	Stanek方案^[18]

方案	采用的主要算法	抗攻击类型	第三方服务器	数据去重级别	谁主导去重实施
CE^[9]	CE	—	无	文件级去重	客户端
CDStore^[10]	CE+AONT-RS	侧信道攻击	无	块级去重	客户端
PerfectDedup^[19]	CE+PHF	目录攻击	索引服务器	块级去重	客户端
ClouDedup^[16]	CE+访问控制策略	目录攻击，侧信道攻击	密钥服务器	块级去重	跨用户
Stanek^[18]	门限+CE	Sybil攻击	索引、身份验证服务器	文件级去重	跨用户
MLE^[11]	MLE	—	无	文件级去重	客户端
DupLESS^[14]	MLE	蛮力攻击	密钥服务器	文件级去重	客户端
BL-MLE^[12]	BL-MLE+PoW	文件分发攻击	无	块级去重	客户端
multi-server-aided^[17]	门限盲签名+可校验秘密共享	蛮力攻击	多密钥服务器	文件级去重	客户端
iMLE^[13]	iMLE	伪造攻击	无	文件级去重	跨用户
REED^[15]	MLE+AONT-RS	蛮力攻击	密钥服务器	块级去重	客户端

方案	客户端开销	服务器端开销	初始通信带宽消耗	常规通信带宽消耗
CE^[9]	O(f)Hash	O(f)	O(f)	O(g)
MLE^[11]	O(f)Hash·Hash	O(f)	O(f)	O(g)
DupLESS^[14]	O(f)Hash·Hash	O(f)OPRF	O(f)	O(g)
BL-MLE^[12]	O(b)Hash·Hash	O(b) PoW	O(f)	O(gλ)
iMLE^[13]	O(f)Hash	O(fp)	O(f)	O(gp)
注：f表示文件的长度，b表示文件块的长度，p表示系统参数，λ表示安全参数，g表示文件指纹的长度，Hash表示执行一次散列函数的开销， PoW表示执行一次所有权证明的开销，OPRF表示执行一次不经意伪随机函数的开销。

隐私保护方案	隐私保护程度	数据缺损	数据依赖性	通信带宽消耗	服务器内存消耗
Harnik方案^[40]	低	低	低	O(i)	O(if)
Lee方案^[41]	中	低	低	O(i)	O(if)
Shin方案^[22]	高	高	高	O(i)	O(f)
注：i代表上传文件的次数，f代表文件F的长度。

分类	相关技术	典型方案	主要算法	优点	局限性
基于内容加密的安全去重	基于 CE 实现云数据安全去重基于 MLE 实现云数据安全去重	CE^[9]BL-MLE^[12]	CEBL-MLE+PoW	密文的重复性检测明确安全目标和形式化定义，块级去重	不能达到语义安全，易遭受蛮力攻击计算开销较大，遭受蛮力攻击
	基于MHT的PoW	Halevi^[23]方案	MHT	提出PoW概念，抵抗侧信道攻击	计算开销较大，未考虑敏感数据的加密保护
基于PoW的安全去重	基于随机抽样的PoW	CE-PoW^[28]	CE+随机抽样	减少计算开销，高效，无可信第三方	不能实现语义安全，易导致内容猜测攻击
	基于广义散列函数的PoW	Yang ^[31]方案	PoF+抽样检测+动态系数	根据完整源文件的所有权证明	计算开销较大，遭受蛮力攻击
基于隐私保护的安全去重	基于随机化方法的隐私保护安全去重基于差分隐私的隐私保护安全去重	Harnik^[40]方案Lee ^[41]方案Shin^[22]方案	随机化方法差分隐私	数据真实无缺损，减少去重中的隐私泄露的概率隐私保护程度较高，可抵抗侧信道攻击及关联文件攻击	无法抵抗关联文件攻击，易遭受蛮力攻击添加噪声容易导致数据失真，数据依赖性高，需要根据不同的数据计算所添加噪声大小

Research progress on secure data deduplication in cloud

RichHTML

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

Figures/Tables 8

References 56

Related Articles 15

Metrics

Recommended 0

[1]	Xindi MA, Qinghua LI, Qi JIANG, Zhuo MA, Sheng GAO, Youliang TIAN, Jianfeng MA. Byzantine-robust federated learning over Non-IID data [J]. Journal on Communications, 2023, 44(6): 138-153.
[2]	Tao FENG, Liqiu CHEN, Junli FANG, Jianming SHI. Blockchain data sharing scheme based on localized difference privacy and attribute-based searchable encryption [J]. Journal on Communications, 2023, 44(5): 224-233.
[3]	Baiji HU, Xiaojuan ZHANG, Yuancheng LI, Rongxin LAI. Multi-function supported privacy protection data aggregation scheme for V2G network [J]. Journal on Communications, 2023, 44(4): 187-200.
[4]	Ming XU, Baojun ZHANG, Yiming WU, Chenduo YING, Ning ZHENG. Cyber attacks and privacy protection distributed consensus algorithm for multi-agent systems [J]. Journal on Communications, 2023, 44(3): 117-127.
[5]	Xuewang ZHANG, Zhihong LI, Jinzhao LIN. Privacy protection scheme based on fair blind signature and hierarchical encryption for consortium blockchain [J]. Journal on Communications, 2022, 43(8): 131-141.
[6]	Jifeng WANG, Guofeng WANG. Research on ciphertext search and sharing technology in edge computing mode [J]. Journal on Communications, 2022, 43(4): 227-238.
[7]	Huamin FENG, Rui SHI, Feng YUAN, Yanjun LI, Yang YANG. Efficient strong privacy protection and transferable attribute-based ticket scheme [J]. Journal on Communications, 2022, 43(3): 63-75.
[8]	Yan YAN, Yiming CONG, Mahmood Adnan, Quanzheng SHENG. Statistics release and privacy protection method of location big data based on deep learning [J]. Journal on Communications, 2022, 43(1): 203-216.
[9]	Hui LIU, Xinyan LIU, Yan XU, Hong ZHONG, Meng WANG. Privacy protection of warning message publishing protocol in VANET [J]. Journal on Communications, 2021, 42(8): 120-129.
[10]	Hongtao LI, Xiaoyu REN, Jie WANG, Jianfeng MA. Continuous location privacy protection mechanism based on differential privacy [J]. Journal on Communications, 2021, 42(8): 164-175.
[11]	Wenbo ZHANG, Wenhua HUANG, Jingyu FENG. Secure communication mechanism for VSN based on certificateless signcryption [J]. Journal on Communications, 2021, 42(7): 128-136.
[12]	Jie CUI, Xuefeng CHEN, Jing ZHANG, Lu WEI, Hong ZHONG. Bus cache-based location privacy protection scheme in the Internet of vehicles [J]. Journal on Communications, 2021, 42(7): 150-161.
[13]	Guangjun LIU, Wangmei GUO, Jinbo XIONG, Ximeng LIU, Changyu DONG. Lightweight privacy protection data auditing scheme for regenerating-coding-based distributed storage [J]. Journal on Communications, 2021, 42(7): 220-230.
[14]	Yubo SONG, Qi CHEN, Rui SONG, Aiqun HU. Android application privacy protection mechanism based on virtual machine bytecode injection [J]. Journal on Communications, 2021, 42(6): 171-181.
[15]	Youhuizi LI, Yuyu YIN, Honghao GAO, Yi JIN, Xinheng WANG. Survey on privacy protection in non-aggregated data sharing [J]. Journal on Communications, 2021, 42(6): 195-212.