西安电子科技大学学报 ›› 2023, Vol. 50 ›› Issue (5): 212-228.doi: 10.19665/j.issn1001-2400.20230503

• 网络空间安全 • 上一篇    

采用随机块附加策略的云数据安全去重方法

林耿豪(),周子集(),唐鑫(),周艺腾(),钟宇琪(),齐天旸()   

  1. 国际关系学院 网络空间安全学院,北京 100091
  • 收稿日期:2023-03-03 出版日期:2023-10-20 发布日期:2023-11-21
  • 通讯作者: 唐鑫
  • 作者简介:林耿豪(1994—),男,国际关系学院硕士研究生,E-mail:335329409@qq.com;|周子集(2001—),男,国际关系学院本科生,E-mail:zzj_uir@163.com;|周艺腾(1998—),女,国际关系学院硕士研究生,E-mail:ytzhou@uir.edu.cn;|钟宇琪(2003—),男,国际关系学院本科生,E-mail:2470799887@qq.com;|齐天旸(2003—),男,国际关系学院本科生,E-mail:1120669326@qq.com
  • 基金资助:
    国家自然科学基金(62102113);国家自然科学基金(62172053);国际关系学院国家安全高精尖学科建设科研专项基金(2021GA08);国际关系学院中央高校基本科研业务费专项资金(3262023T30);国际关系学院中央高校基本科研业务费专项资金(3262023T33);国际关系学院大学生学术支持计划项目(3262022SWA01)

Random chunks attachment strategy based secure deduplication for cloud data

LIN Genghao(),ZHOU Ziji(),TANG Xin(),ZHOU Yiteng(),ZHONG Yuqi(),QI Tianyang()   

  1. School of Cyber Science and Engineering,University of International Relations,Beijing 100091,China
  • Received:2023-03-03 Online:2023-10-20 Published:2023-11-21
  • Contact: Xin TANG

摘要:

源端去重技术通过返回确定性响应阻止后续用户上传相同文件,极大地节省了网络带宽和存储开销。然而这种确定性响应带来了侧信道攻击。一旦请求文件不需要后续上传,攻击者便能轻易窃取云存储中目标文件的存在性隐私。为抵抗侧信道攻击,学者们提出添加可信网关、设置触发阈值、混淆响应值等抵御方法;但上述方法分别存在部署成本高、启动开销大和难以抵抗随机块生成攻击和学习剩余信息攻击等不足。为解决这一问题,提出了一种简单而有效的云数据安全去重方法,采用随机块附加策略实现对去重响应的混淆。首先在去重请求末尾附加一定数量且状态未知的文件块来模糊原请求块的存在状态,然后通过乱序处理降低响应值下边界的返回概率,最后结合新提出的响应表生成去重响应。安全性分析和实验结果表明,与现有技术相比,该方法以增加少量开销为代价显著提高了安全性。

关键词: 云存储, 重复数据删除, 侧信道攻击, 隐私安全

Abstract:

Source based deduplication prevents subsequent users from uploading the same file by returning a deterministic response,which greatly saves the network bandwidth and storage overhead.However,the deterministic response inevitably introduces side channel attacks.Once the subsequent uploading is not needed,an attacker can easily steal the existent privacy of the target file in cloud storage.To resist side channel attacks,various kinds of defense schemes such as adding trusted gateways,setting trigger thresholds,confusing response values,and so on are proposed.However,these methods suffer from the problems of high deployment costs,high startup costs and the difficulty in resisting random chunks generation attack and learn remaining information attack.Thus,we propose a novel secure deduplication scheme,which utilizes the random chunks attachment strategy to achieve obfuscation in response.Specifically,we first add a certain number of chunks with the unknown existent status at the end of the request to blur the existent status of the original requested ones,and then reduce the probability of returning a lower boundary value in response by scrambling strategy.Finally,the deduplication response is generated with the help of the newly designed response table.Security analysis and experimental results show that,compared with the existing works,our scheme significantly improve the security at the expense of just a little extra overhead.

Key words: cloud storage, deduplication, side channel attack, privacy security

中图分类号: 

  • TN915.08