采用随机块附加策略的云数据安全去重方法

林耿豪; 周子集; 唐鑫; 周艺腾; 钟宇琪; 齐天旸

doi:10.19665/j.issn1001-2400.20230503

您当前的位置：

首页 >

文章列表页 >

采用随机块附加策略的云数据安全去重方法

网络空间安全 | 更新时间：2023-11-30

- 采用随机块附加策略的云数据安全去重方法
- 暂无标题
- 西安电子科技大学学报 2023年50卷第5期页码：212-228
- 作者机构：
  
  国际关系学院网络空间安全学院,北京 100091
- 作者简介：
  
  [ "林耿豪(1994—),男,国际关系学院硕士研究生,E-mail:[email protected];" ]
  [ "周子集(2001—),男,国际关系学院本科生,E-mail:[email protected];" ]
  唐鑫(1987—),男,副教授,E-mail:[email protected]
  [ "周艺腾(1998—),女,国际关系学院硕士研究生,E-mail:[email protected];" ]
  [ "钟宇琪(2003—),男,国际关系学院本科生,E-mail:[email protected];" ]
  [ "齐天旸(2003—),男,国际关系学院本科生,E-mail:[email protected]" ]
- 基金信息：
  
  国家自然科学基金(62102113);国家自然科学基金(62172053);国际关系学院国家安全高精尖学科建设科研专项基金(2021GA08);国际关系学院中央高校基本科研业务费专项资金(3262023T30);国际关系学院中央高校基本科研业务费专项资金(3262023T33);国际关系学院大学生学术支持计划项目(3262022SWA01)
- DOI：10.19665/j.issn1001-2400.20230503
  中图分类号：
扫描看全文
林耿豪, 周子集, 唐鑫, 等. 采用随机块附加策略的云数据安全去重方法[J]. 西安电子科技大学学报, 2023,50(5):212-228.
林耿豪, 周子集, 唐鑫, 等. 采用随机块附加策略的云数据安全去重方法[J]. 西安电子科技大学学报, 2023,50(5):212-228. DOI： 10.19665/j.issn1001-2400.20230503.

DOI：

摘要

源端去重技术通过返回确定性响应阻止后续用户上传相同文件,极大地节省了网络带宽和存储开销。然而这种确定性响应带来了侧信道攻击。一旦请求文件不需要后续上传,攻击者便能轻易窃取云存储中目标文件的存在性隐私。为抵抗侧信道攻击,学者们提出添加可信网关、设置触发阈值、混淆响应值等抵御方法;但上述方法分别存在部署成本高、启动开销大和难以抵抗随机块生成攻击和学习剩余信息攻击等不足。为解决这一问题,提出了一种简单而有效的云数据安全去重方法,采用随机块附加策略实现对去重响应的混淆。首先在去重请求末尾附加一定数量且状态未知的文件块来模糊原请求块的存在状态,然后通过乱序处理降低响应值下边界的返回概率,最后结合新提出的响应表生成去重响应。安全性分析和实验结果表明,与现有技术相比,该方法以增加少量开销为代价显著提高了安全性。

Abstract

Source based deduplication prevents subsequent users from uploading the same file by returning a deterministic response,which greatly saves the network bandwidth and storage overhead.However,the deterministic response inevitably introduces side channel attacks.Once the subsequent uploading is not needed,an attacker can easily steal the existent privacy of the target file in cloud storage.To resist side channel attacks,various kinds of defense schemes such as adding trusted gateways,setting trigger thresholds,confusing response values,and so on are proposed.However,these methods suffer from the problems of high deployment costs,high startup costs and the difficulty in resisting random chunks generation attack and learn remaining information attack.Thus,we propose a novel secure deduplication scheme,which utilizes the random chunks attachment strategy to achieve obfuscation in response.Specifically,we first add a certain number of chunks with the unknown existent status at the end of the request to blur the existent status of the original requested ones,and then reduce the probability of returning a lower boundary value in response by scrambling strategy.Finally,the deduplication response is generated with the help of the newly designed response table.Security analysis and experimental results show that,compared with the existing works,our scheme significantly improve the security at the expense of just a little extra overhead.

关键词

云存储重复数据删除侧信道攻击隐私安全

Keywords

cloud storagededuplicationside channel attackprivacy security

references

HARNIK D, PINKAS B, SHULMAN-PELE G. Side Channels in Cloud Services:Deduplication in Cloud Storage[J]. IEEE Security & Privacy, 2010, 8(6):40-47.

SU K W, LEU J S, YU M C, et al. Design and Implementation of Various File Deduplication Schemes on Storage Devices[J]. Mobile Networks and Applications, 2017, 22:40-50. DOI:10.1007/s11036-016-0677-9http://doi.org/10.1007/s11036-016-0677-9http://link.springer.com/10.1007/s11036-016-0677-9http://link.springer.com/10.1007/s11036-016-0677-9

刘红燕. 云存储环境中安全的重复数据删除方法研究[D]. 青岛: 青岛大学, 2020.

PAULO J, PEREIRA J. A Survey and Classification of Storage Deduplication Systems[J]. ACM Computing Surveys (CSUR), 2014, 47(1):1-30.

刘小梅, 唐鑫, 杨舒婷, 等. 基于Reed-Solomon编码的抗边信道攻击云数据安全去重方法[J]. 信息安全学报, 2022, 7(6):80-93.

LIU Xiaomei, TANG Xin, YANG Shuting, et al. Reed-Solomon Coding Based Secure Deduplication for Cloud Storage with Resistance Against Side Channel Attack[J]. Journal of Cyber Security, 2022, 7(6):80-93.

RABOTKA V, MANNAN M. An Evaluation of Recent Secure Deduplication Proposals[J]. Journal of Information Security & Applications, 2016, 27:3-18.

ZUO P F, HUA Y, WANG C, et al. Mitigating Traffic-Based Side Channel Attacks in Bandwidth-Efficient Cloud Storage[C]//The 32th IEEE International Parallel and Distributed Processing Symposium(IPDPS). Piscataway:IEEE, 2018:1153-1162.

唐鑫, 周琳娜, 单伟杰, 等. 基于阈值重加密的抗边信道攻击云数据安全去重方法[J]. 通信学报, 2020, 41(6):98-111. DOI:10.11959/j.issn.1000-436x.2020103http://doi.org/10.11959/j.issn.1000-436x.2020103

TANG Xin, ZHOU Linna, SHAN Weijie, et al. Threshold Re-Encryption Based Secure Deduplication Method for Cloud Data with Resistance Against Side Channel Attack[J]. Journal of Communications, 2020, 41(6):98-111.

HEEN O, NEUMANN C, MONTALVO L, et al. Improving the Resistance to Side-channel Attacks on Cloud Storage Services[C]//International Conference on New Technologies,Mobility and Security(NTMS). Piscataway:IEEE, 2012:1-5.

高原, 咸鹤群, 穆雪莲, 等. 基于阈值自适应调整的重复数据删除方案[J]. 青岛大学学报:自然科学版, 2019, 32(4):36-39.

GAO Yuan, XIAN Hequn, MU Xuelian, et al. Data Deduplication Scheme Based on Adaptive Adjustment of Threshold[J]. Journal of Qingdao University:Natural Science Edition, 2019, 32(4):36-39.

TANG X, CHEN X, ZHOU R, et al. Marking Based Obfuscation Strategy to Resist Side Channel Attack in Cross-User Deduplication for Cloud Storage[C]//The 21th IEEE International Conference on Trust,Security and Privacy in Computing and Communications(TrustCom). Piscataway:IEEE, 2022:1-9.

TANG X, ZHANG Y, ZHOU L N, et al. Request Merging Based Cross-User Deduplication for Cloud Storage with Resistance Against Appending Chunks Attack[J]. Chinese Journal of Electronics, 2021, 30(2):199-209. DOI:10.1049/cje2.v30.2http://doi.org/10.1049/cje2.v30.2https://onlinelibrary.wiley.com/toc/20755597/30/2https://onlinelibrary.wiley.com/toc/20755597/30/2

LEE S, CHOI D. Privacy-Preserving Cross-User Source-Based Data Deduplication in Cloud Storage[C]//International Conference on ICT Convergence. Piscataway:IEEE, 2012:329-330.

WANG B, LOU W, HOU Y T. Modeling the Side-Channel Attacks in Data Deduplication with Game Theory[C]//2015 IEEE Conference on Communications and Network Security(CNS).Piscataway:IEEE, 2015:200-208.

TANG X, ZHOU L, HU B, et al. Aggregation-Based Tag Deduplication for Cloud Storage with Resistance Against Side Channel Attack[J]. Security and Communication Networks, 2021, 2021:1-15.

ZHANG Y, MAO Y, XU M, et al. Towards Thwarting Template Side-Channel Attacks in Secure Cloud Deduplications[J]. IEEE Transactions on Dependable and Secure Computing, 2019, 18(3):1008-1018.

YU C M, GOCHHAYAT S P, CONTI M, et al. Privacy Aware Data Deduplication for Side Channel in Cloud Storage[J]. IEEE Transactions on Cloud Computing, 2018, 8(2):597-609. DOI:10.1109/TCC.6245519http://doi.org/10.1109/TCC.6245519https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6245519https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6245519

POORANIAN Z, CHEN K C, YU C M, et al. RARE:Defeating Side Channels Based on Data-Deduplication in Cloud Storage[C]//The 39th IEEE International Conference on Computer Communications Workshops (INFOCOM WKSHPS). Piscataway:IEEE, 2018:444-449.

VESTERGAARD R, ZHANG Q, LUCANI D E. CIDER:A Low Overhead Approach to Privacy Aware Client-Side Deduplication[C]//The 63th IEEE Global Communications Conference(GLOBALCOM). Piscataway:IEEE, 2021:1-6.

HA G, CHEN H, JIA C, et al. Threat Model and Defense Scheme for Side-Channel Attacks in Client-Side Deduplication[J]. Tsinghua Science and Technology, 2022, 28(1):1-12.

TANG X, ZHOU L N, HUANG Y F, et al. Efficient Cross-User Deduplication of Encrypted Data Through Re-Encryption[C]//The 17th IEEE International Conference on Trust,Security and Privacy in Computing and Communications. Piscataway:IEEE, 2018:897-904.

WANG Y H, TANG X, ZHOU Y T, et al. Blockchain-Based Integrity Auditing with Secure Deduplication in Cloud Storage[C]//The Seventh International Conference on Data Mining and Big Data(DMBD'2022).Heidelberg:Springer, 2022:303-318.

BECKER B, KOHAVI R.Census Income (2002)[R/OL].[2002-01-01]. https://archive.ics.uci.edu/ml/machine-learning-databases/adult/adult.datahttps://archive.ics.uci.edu/ml/machine-learning-databases/adult/adult.datahttps://archive.ics.uci.edu/ml/machine-learning-databases/adult/adult.data.

COHEN W W. Enron Email Dataset (2015)[R/OL].[2015-05-07]. https://www.cs.cmu.edu/-enron/https://www.cs.cmu.edu/-enron/https://www.cs.cmu.edu/-enron/.

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

支持访问控制与密钥更新的加密去重方案

一种改进的短签名云数据审计方案

无双线性对的高效云存储数据审计方案

移动闪存的重复数据删除技术

一种由智能终端控制的数据同步算法