基于响应模糊化的抗附加块攻击云数据安全去重方法

doi:10.11772/j.issn.1001-9081.2019081468

摘要
图/表
参考文献(0)
相关文章 (15)

全文: PDF (901 KB) HTML
输出: BibTeX | EndNote (RIS)

摘要附加块攻击是威胁云数据跨用户去重安全性的一种重要攻击手段，它通过将随机数量的非命中块附加在待检测文件上，使得云服务商无法判断所检测文件的真实存在性，从而难以通过常规的响应模糊化方法保护云数据的存在性隐私。针对这个问题，提出一种基于响应模糊化的新型抗附加块攻击的云数据安全去重方法。该方法通过计算附加块数量，统计未命中块数，并比较二者以确定响应中包含的最少冗余块数，实现响应模糊化，从而只需付出少量的额外通信开销就可确保攻击者难以根据响应判断所检测文件的存在性。安全性分析和实验结果表明，相比该领域的最新工作，所提方法更高的安全性只需更低的开销，或在开销相当或少量增加的情况下显著提高安全性。

	服务

	把本文推荐给朋友
	加入我的书架
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章
	唐鑫
	周琳娜

关键词 ：附加块攻击, 边信道攻击, 跨用户去重, 云存储, 响应模糊化

Abstract：Appending chunk attack is an important attack to threaten the security of cross-user deduplication for cloud data,which works by appending a random number of non-duplicate chunks to the file to be detected,making it impossible for cloud service providers to determine the true existence of the file. Therefore,the existence privacy of cloud data cannot be protected by general ways of response obfuscation methods. To deal with this problem,a new response obfuscation based secure deduplication method with resistance against appending chunk attack was proposed. By calculating the number of appending chunks,counting the number of non-duplicate chunks and comparing these two to determine the minimum number of redundant chunks involved in the response,so as to achieve the obfuscation. As a result,the existence of the checking file was not able to be judged by the attacker according to the response with little extra communication overhead. Security analysis and experimental results show that,compared with the state-of-the-art in this field,the proposed method achieves higher level of security with smaller amount of overhead required,or improves security significantly with comparable or slightly increased overhead.

Key words： appending chunk attack side channel attack cross-user deduplication cloud storage response obfuscation

收稿日期: 2019-08-22 出版日期: 2019-12-04

中图分类号:

TP309.2

基金资助:国际关系学院中央高校基本科研业务费专项资金资助项目（3262019T68）；国家自然科学基金资助项目（U1536207）；国家重点研发计划项目（2016QY04W0803）；国际关系学院教师发展中心青年教师培育专项。

通讯作者: 唐鑫 E-mail: xtang@uir.edu.cn

作者简介: 唐鑫(1987-),男,江苏南京人,讲师,博士,主要研究方向:云数据安全、信息隐藏;周琳娜(1972-),女,湖南衡阳人,教授,博士,主要研究方向:数字内容安全、数字水印、信息隐藏。

引用本文:

唐鑫, 周琳娜. 基于响应模糊化的抗附加块攻击云数据安全去重方法[J]. 计算机应用, 2020, 40(4): 1085-1090. TANG Xin, ZHOU Linna. Response obfuscation based secure deduplication method for cloud data with resistance against appending chunk attack. Journal of Computer Applications, 2020, 40(4): 1085-1090.

链接本文:

http://www.joca.cn/CN/10.11772/j.issn.1001-9081.2019081468 或 http://www.joca.cn/CN/Y2020/V40/I4/1085

[1] NIKALJE S,KUMARI R,INGOLE S. Smart distributed deduplication system with security and reliability using algorithm[J]. International Journal of Innovative Research in Science and Engineering, 2016,2(3):612-621.
[2] YU C M,GOCHHAYAT S P,CONTI M,et al. Privacy aware data deduplication for side channel in cloud storage[J]. IEEE Transaction on Cloud Computing,2018(Early Access):1-1.
[3] ARMKNECHT F,BOYD C,DAVIES G Tet al. Side channels in deduplication:trade-offs between leakage and efficiency[C]//Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security. New York:ACM,2017:266-274.
[4] HARNIK D,PINKAS B,SHULMAN-PELEG A. Side channels in cloud services:deduplication in cloud storage[J]. IEEE Security and Privacy,2010,8(6):40-47.
[5] ZUO P,HUA Y,WANG C,et al. Mitigating traffic-based side channel attacks in bandwidth-efficient cloud storage[C]//Proceedings of the 2018 IEEE International Parallel and Distributed Processing Symposium. Piscataway:IEEE,2018:1153-1162.
[6] POORANIAN Z,CHEN K C,YU C M,et al. RARE:defeating side channels based on data-deduplication in cloud storage[C]//Proceedings of the 2018 IEEE Conference on Computer Communications Workshops. Piscataway:IEEE,2018:444-449.
[7] LIU J,ASOKAN N,PINKAS B. Secure deduplication of encrypted data without additional independent servers[C]//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York:ACM,2015:874-885.
[8] KWON H,HAHN C,KOO D,et al. Scalable and reliable key management for secure deduplication in cloud storage[C]//Proceedings of the 10th IEEE International Conference on Cloud Computing. Piscataway:IEEE,2017:391-398.
[9] BELLARE M,KEELVEEDHI S,RISTENPART T. DupLESS:server-aided encryption for deduplication in cloud storage[C]//Proceedings of the 22nd USENIX Security Symposium. Berkeley:USENIX Association,2013:179-194.
[10] NI J,ZHANG K,YU Y,et al. Providing task allocation and secure deduplication for mobile crowdsensing via fog computing[J]. IEEE Transactions on Dependable and Secure Computing, 2018(Early Access):1-1.
[11] DANG H,CHANG E C. Privacy-preserving data deduplication on trusted processors[C]//Proceedings of the 10th IEEE International Conference on Cloud Computing. Piscataway:IEEE, 2017:66-73.
[12] ZHANG K,LIANG X,LU R X,et al. Sybil attacks and their defenses in the Internet of things[J]. IEEE Internet of Things Journal,2014,1(5):372-383.
[13] DOUCEUR J R,ADYA A,BOLOSKY W J,et al. Reclaiming space from duplicate files in a serverless distributed file system[C]//Proceedings of the 22nd International Conference on Distributed Computing Systems. Piscataway:IEEE,2002:617-624.
[14] 唐鑫,周琳娜,胡冰蔚,等. 云数据去重方法及系统:CN201911237434.2[P]. 2019-12-05.(TANG X,ZHOU L N, HU B W,et al. Deduplication method and system for cloud data:CN201911237434.2[P]. 2019-12-05.)
[15] TARASOV V,MUDRANKIT A,BUIK W,et al. Generating realistic datasets for deduplication analysis[C]//Proceedings of the 2012 USENIX Annual Technical Conference. Berkeley:USENIX Association,2012:No. 129.
[16] XIA W,JIANG H,FENG D,et al. SiLo:a similarity-locality based near-exact deduplication scheme with low RAN overhead and high throughput[C]//Proceedings of the 2011 USENIX Annual Technical Conference. Berkeley:USENIX Association,2011:26-28.