采用随机块附加策略的云数据安全去重方法

doi:10.19665/j.issn1001-2400.20230503

Abstract

Abstract:

Source based deduplication prevents subsequent users from uploading the same file by returning a deterministic response,which greatly saves the network bandwidth and storage overhead.However,the deterministic response inevitably introduces side channel attacks.Once the subsequent uploading is not needed,an attacker can easily steal the existent privacy of the target file in cloud storage.To resist side channel attacks,various kinds of defense schemes such as adding trusted gateways,setting trigger thresholds,confusing response values,and so on are proposed.However,these methods suffer from the problems of high deployment costs,high startup costs and the difficulty in resisting random chunks generation attack and learn remaining information attack.Thus,we propose a novel secure deduplication scheme,which utilizes the random chunks attachment strategy to achieve obfuscation in response.Specifically,we first add a certain number of chunks with the unknown existent status at the end of the request to blur the existent status of the original requested ones,and then reduce the probability of returning a lower boundary value in response by scrambling strategy.Finally,the deduplication response is generated with the help of the newly designed response table.Security analysis and experimental results show that,compared with the existing works,our scheme significantly improve the security at the expense of just a little extra overhead.

Key words: cloud storage, deduplication, side channel attack, privacy security

CLC Number:

TN915.08

LIN Genghao,ZHOU Ziji,TANG Xin,ZHOU Yiteng,ZHONG Yuqi,QI Tianyang. Random chunks attachment strategy based secure deduplication for cloud data[J].Journal of Xidian University, 2023, 50(5): 212-228.

Figures/Tables 12

References 24

[1]	HARNIK D, PINKAS B, SHULMAN-PELE G. Side Channels in Cloud Services:Deduplication in Cloud Storage[J]. IEEE Security & Privacy, 2010, 8(6):40-47.
[2]	SU K W, LEU J S, YU M C, et al. Design and Implementation of Various File Deduplication Schemes on Storage Devices[J]. Mobile Networks and Applications, 2017, 22:40-50. doi: 10.1007/s11036-016-0677-9
[3]	刘红燕. 云存储环境中安全的重复数据删除方法研究[D]. 青岛: 青岛大学, 2020.
[4]	PAULO J, PEREIRA J. A Survey and Classification of Storage Deduplication Systems[J]. ACM Computing Surveys (CSUR), 2014, 47(1):1-30.
[5]	刘小梅, 唐鑫, 杨舒婷, 等. 基于Reed-Solomon编码的抗边信道攻击云数据安全去重方法[J]. 信息安全学报, 2022, 7(6):80-93.
	LIU Xiaomei, TANG Xin, YANG Shuting, et al. Reed-Solomon Coding Based Secure Deduplication for Cloud Storage with Resistance Against Side Channel Attack[J]. Journal of Cyber Security, 2022, 7(6):80-93.
[6]	RABOTKA V, MANNAN M. An Evaluation of Recent Secure Deduplication Proposals[J]. Journal of Information Security & Applications, 2016, 27:3-18.
[7]	ZUO P F, HUA Y, WANG C, et al. Mitigating Traffic-Based Side Channel Attacks in Bandwidth-Efficient Cloud Storage[C]//The 32th IEEE International Parallel and Distributed Processing Symposium(IPDPS). Piscataway:IEEE, 2018:1153-1162.
[8]	唐鑫, 周琳娜, 单伟杰, 等. 基于阈值重加密的抗边信道攻击云数据安全去重方法[J]. 通信学报, 2020, 41(6):98-111. doi: 10.11959/j.issn.1000-436x.2020103
	TANG Xin, ZHOU Linna, SHAN Weijie, et al. Threshold Re-Encryption Based Secure Deduplication Method for Cloud Data with Resistance Against Side Channel Attack[J]. Journal of Communications, 2020, 41(6):98-111. doi: 10.11959/j.issn.1000-436x.2020103
[9]	HEEN O, NEUMANN C, MONTALVO L, et al. Improving the Resistance to Side-channel Attacks on Cloud Storage Services[C]//International Conference on New Technologies,Mobility and Security(NTMS). Piscataway:IEEE, 2012:1-5.
[10]	高原, 咸鹤群, 穆雪莲, 等. 基于阈值自适应调整的重复数据删除方案[J]. 青岛大学学报:自然科学版, 2019, 32(4):36-39.
	GAO Yuan, XIAN Hequn, MU Xuelian, et al. Data Deduplication Scheme Based on Adaptive Adjustment of Threshold[J]. Journal of Qingdao University:Natural Science Edition, 2019, 32(4):36-39.
[11]	TANG X, CHEN X, ZHOU R, et al. Marking Based Obfuscation Strategy to Resist Side Channel Attack in Cross-User Deduplication for Cloud Storage[C]//The 21th IEEE International Conference on Trust,Security and Privacy in Computing and Communications(TrustCom). Piscataway:IEEE, 2022:1-9.
[12]	TANG X, ZHANG Y, ZHOU L N, et al. Request Merging Based Cross-User Deduplication for Cloud Storage with Resistance Against Appending Chunks Attack[J]. Chinese Journal of Electronics, 2021, 30(2):199-209. doi: 10.1049/cje2.v30.2
[13]	LEE S, CHOI D. Privacy-Preserving Cross-User Source-Based Data Deduplication in Cloud Storage[C]//International Conference on ICT Convergence. Piscataway:IEEE, 2012:329-330.
[14]	WANG B, LOU W, HOU Y T. Modeling the Side-Channel Attacks in Data Deduplication with Game Theory[C]//2015 IEEE Conference on Communications and Network Security(CNS).Piscataway:IEEE, 2015:200-208.
[15]	TANG X, ZHOU L, HU B, et al. Aggregation-Based Tag Deduplication for Cloud Storage with Resistance Against Side Channel Attack[J]. Security and Communication Networks, 2021, 2021:1-15.
[16]	ZHANG Y, MAO Y, XU M, et al. Towards Thwarting Template Side-Channel Attacks in Secure Cloud Deduplications[J]. IEEE Transactions on Dependable and Secure Computing, 2019, 18(3):1008-1018.
[17]	YU C M, GOCHHAYAT S P, CONTI M, et al. Privacy Aware Data Deduplication for Side Channel in Cloud Storage[J]. IEEE Transactions on Cloud Computing, 2018, 8(2):597-609. doi: 10.1109/TCC.6245519
[18]	POORANIAN Z, CHEN K C, YU C M, et al. RARE:Defeating Side Channels Based on Data-Deduplication in Cloud Storage[C]//The 39th IEEE International Conference on Computer Communications Workshops (INFOCOM WKSHPS). Piscataway:IEEE, 2018:444-449.
[19]	VESTERGAARD R, ZHANG Q, LUCANI D E. CIDER:A Low Overhead Approach to Privacy Aware Client-Side Deduplication[C]//The 63th IEEE Global Communications Conference(GLOBALCOM). Piscataway:IEEE, 2021:1-6.
[20]	HA G, CHEN H, JIA C, et al. Threat Model and Defense Scheme for Side-Channel Attacks in Client-Side Deduplication[J]. Tsinghua Science and Technology, 2022, 28(1):1-12.
[21]	TANG X, ZHOU L N, HUANG Y F, et al. Efficient Cross-User Deduplication of Encrypted Data Through Re-Encryption[C]//The 17th IEEE International Conference on Trust,Security and Privacy in Computing and Communications. Piscataway:IEEE, 2018:897-904.
[22]	WANG Y H, TANG X, ZHOU Y T, et al. Blockchain-Based Integrity Auditing with Secure Deduplication in Cloud Storage[C]//The Seventh International Conference on Data Mining and Big Data(DMBD'2022).Heidelberg:Springer, 2022:303-318.
[23]	BECKER B, KOHAVI R.Census Income (2002)[R/OL].[2002-01-01]. https://archive.ics.uci.edu/ml/machine-learning-databases/adult/adult.data.
[24]	COHEN W W. Enron Email Dataset (2015)[R/OL].[2015-05-07]. https://www.cs.cmu.edu/-enron/.

去重方案	泄露隐私次数/次
DEDUP	100 000
ZEUS	100 000
RARE	50 054
CIDER(4)	50 090
CIDER(8)	49 986
RCAS(k=2,t=0)	25 016
RCAS(k=4,t=0)	6 256
RCAS(k=6,t=0)	1 561
RCAS(k=4,t=1)	475
RCAS(k=6,t=1)	66

Random chunks attachment strategy based secure deduplication for cloud data

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 12

References 24

Related Articles 8

Metrics

Comments

Recommended 10

[1]	CUI Yuanyou,WANG Xu’an,LANG Xun,TU Zheng,SU Yunxuan. Improved short-signature based cloud data audit scheme [J]. Journal of Xidian University, 2023, 50(5): 132-141.
[2]	YANG Haibin,LI Ruifeng,YI Zhengge,NIU Ke,YANG Xiaoyuan. Efficient cloud storage data auditing scheme without bilinear pairing [J]. Journal of Xidian University, 2022, 49(1): 47-54.
[3]	HE Qinlu,BIAN Genqing,SHAO Bilin,ZHANG Weiqi. Deduplication technology for the mobile flash [J]. Journal of Xidian University, 2020, 47(1): 128-134.
[4]	REN Jingsi;WANG Jinlin;CHEN Xiao;YE Xiaozhou. Provable multi-copy dynamic data possession in cloud storage [J]. Journal of Xidian University, 2017, 44(6): 156-161+174.
[5]	MAO Baolei;MU Dejun;HU Wei;ZHANG Huixiang;TAI Yu;ZHANG Lu. Quantitative analysis of sliding window attack for the RSA timing channel [J]. Journal of Xidian University, 2017, 44(5): 114-120.
[6]	LI Haoxing;LI Fenghua;SONG Chenggen;SU Mang;LIU Xin. Public key encryption with multi-keywords search [J]. J4, 2015, 42(5): 20-25.
[7]	LI liya. Data Synchronization Algorithm Controlled by Intelligent Terminal [J]. J4, 2013, 40(2): 172-180.
[8]	LI Liya;HU Xiaohong;XIN Zhenguo. Data synchronization algorithm controlled by the intelligent terminal [J]. J4, 2013, 40(2): 172-180+212.

C_i_-1存在状态d_i_-1	C_i存在状态d_i	分组响应值r_i/₂
0	0	2
0	1	2
1	0	1
1	1	0