计算机应用 ›› 2020, Vol. 40 ›› Issue (4): 1085-1090.DOI: 10.11772/j.issn.1001-9081.2019081468

• 网络空间安全 • 上一篇    下一篇

基于响应模糊化的抗附加块攻击云数据安全去重方法

唐鑫, 周琳娜   

  1. 国际关系学院 信息科技学院, 北京 100091
  • 收稿日期:2019-08-22 修回日期:2019-11-04 出版日期:2020-04-10 发布日期:2019-12-04
  • 通讯作者: 唐鑫
  • 作者简介:唐鑫(1987-),男,江苏南京人,讲师,博士,主要研究方向:云数据安全、信息隐藏;周琳娜(1972-),女,湖南衡阳人,教授,博士,主要研究方向:数字内容安全、数字水印、信息隐藏。
  • 基金资助:
    国际关系学院中央高校基本科研业务费专项资金资助项目(3262019T68);国家自然科学基金资助项目(U1536207);国家重点研发计划项目(2016QY04W0803);国际关系学院教师发展中心青年教师培育专项。

Response obfuscation based secure deduplication method for cloud data with resistance against appending chunk attack

TANG Xin, ZHOU Linna   

  1. School of Information Science and Technology, University of International Relations, Beijing 100091, China
  • Received:2019-08-22 Revised:2019-11-04 Online:2020-04-10 Published:2019-12-04
  • Supported by:
    This work is partially supported by the Fundamental Research Funds for the Central Universities, University of International Relations (3262019T68), the National Natural Science Foundation of China (U1536207),the National Key Research and Development Program (2016QY04W0803),the Young Teachers Training Program of Teachers' Development Center of University of International Relations.

摘要: 附加块攻击是威胁云数据跨用户去重安全性的一种重要攻击手段,它通过将随机数量的非命中块附加在待检测文件上,使得云服务商无法判断所检测文件的真实存在性,从而难以通过常规的响应模糊化方法保护云数据的存在性隐私。针对这个问题,提出一种基于响应模糊化的新型抗附加块攻击的云数据安全去重方法。该方法通过计算附加块数量,统计未命中块数,并比较二者以确定响应中包含的最少冗余块数,实现响应模糊化,从而只需付出少量的额外通信开销就可确保攻击者难以根据响应判断所检测文件的存在性。安全性分析和实验结果表明,相比该领域的最新工作,所提方法更高的安全性只需更低的开销,或在开销相当或少量增加的情况下显著提高安全性。

关键词: 附加块攻击, 边信道攻击, 跨用户去重, 云存储, 响应模糊化

Abstract: Appending chunk attack is an important attack to threaten the security of cross-user deduplication for cloud data,which works by appending a random number of non-duplicate chunks to the file to be detected,making it impossible for cloud service providers to determine the true existence of the file. Therefore,the existence privacy of cloud data cannot be protected by general ways of response obfuscation methods. To deal with this problem,a new response obfuscation based secure deduplication method with resistance against appending chunk attack was proposed. By calculating the number of appending chunks,counting the number of non-duplicate chunks and comparing these two to determine the minimum number of redundant chunks involved in the response,so as to achieve the obfuscation. As a result,the existence of the checking file was not able to be judged by the attacker according to the response with little extra communication overhead. Security analysis and experimental results show that,compared with the state-of-the-art in this field,the proposed method achieves higher level of security with smaller amount of overhead required,or improves security significantly with comparable or slightly increased overhead.

Key words: appending chunk attack, side channel attack, cross-user deduplication, cloud storage, response obfuscation

中图分类号: