基于布隆过滤器所有权证明的高效安全可去重云存储方案

doi:10.11772/j.issn.1001-9081.2017.03.766

计算机应用 ›› 2017, Vol. 37 ›› Issue (3): 766-770.DOI: 10.11772/j.issn.1001-9081.2017.03.766

基于布隆过滤器所有权证明的高效安全可去重云存储方案

刘竹松, 杨张杰

广东工业大学计算机学院, 广州 510006

收稿日期:2016-08-17 修回日期:2016-11-04 出版日期:2017-03-10 发布日期:2017-03-22
通讯作者: 刘竹松
作者简介:刘竹松(1979-),男,湖南邵阳人,教授,博士,CCF会员,主要研究方向:云计算安全、大数据分析及应用;杨张杰(1990-),男,河南周口人,硕士研究生,主要研究方向:云计算安全、大数据存储。
基金资助:
国家自然科学基金资助项目（61572144）；广东省重大科技专项（2016B030306004，2015B010110001，2014B010117004）；广州市科技计划项目（201508010065）。

Efficient and secure deduplication cloud storage scheme based on proof of ownership by Bloom filter

LIU Zhusong, YANG Zhangjie

School of Computer Science and Technology, Guangdong University of Technology, Guangzhou 510006, China

Received:2016-08-17 Revised:2016-11-04 Online:2017-03-10 Published:2017-03-22
Supported by:
This work is supported by National Natural Science Foundation of China (61572144), the Major Science and Technology Project of Guangdong Province (2016B030306004, 2015B010110001, 2014B010117004), the Science and Technology Program of Guangzhou (201508010065).

摘要/Abstract

摘要： 可去重云存储系统中一般采用收敛加密算法，通过计算数据的哈希值作为其加密密钥，使得重复的数据加密后得到相同的密文，可实现对重复数据的删除；然后通过所有权证明（PoW），验证用户数据的真实性来保障数据安全。针对可去重云存储系统中所有权证明时间开销过高导致整个系统性能下降问题，提出了一种基于布隆过滤器进行所有权证明的高效安全方法，实现用户计算哈希值与初始化值的快速验证。最后，提出一种支持细粒度重复数据删除的BF方案，当文件级数据存在重复时进行所有权证明，否则只需要进行局部的文件块级数据重复检测。通过仿真对比实验，结果表明所提BF方案空间开销低于经典Baseline方案，同时时间开销低于经典Baseline方案，在数据文件越大的情况下性能优势更加明显。

关键词: 云存储, 数据去重, 收敛加密, 哈希算法, 布隆过滤器

Abstract: Convergent encryption algorithm is generally used in deduplication cloud storage system, the data can be encrypted by using the hash value as the encryption key, so that the same data is encrypted to obtain the same ciphertext, and the deletion of the duplicate data can be realized, then through the Proof of oWnership (PoW), the authenticity of user data can be verified to protect data security. Aiming at the problem that the time overhead of Proof of oWnership (PoW) is too high, which leads to the degradation of the whole system performance, an efficient security method based on Bloom Filter (BF) was proposed to verify the user hash value and the initialization value efficiently. Finally, a BF scheme supporting fine-grained data deduplication was proposed. When the file level data was duplicated, the PoW was needed; otherwise, only partial block level data duplication detection was needed. The simulation experiment results show that, the key space overhead of the proposed BF scheme is lower than the classical Baseline scheme, and the time cost of the BF scheme is also lower than the Baseline scheme; and with the increase of data size, the performance advantage of BF scheme is more obvious.

Key words: cloud storage, data deduplication, convergent encryption, hash algorithm, Bloom Filter (BF)

中图分类号:

TP309.2

刘竹松, 杨张杰. 基于布隆过滤器所有权证明的高效安全可去重云存储方案[J]. 计算机应用, 2017, 37(3): 766-770.

LIU Zhusong, YANG Zhangjie. Efficient and secure deduplication cloud storage scheme based on proof of ownership by Bloom filter[J]. Journal of Computer Applications, 2017, 37(3): 766-770.

参考文献

[1] 杨超,张俊伟,董学文,等.云存储加密数据去重删除所有权证明方法[J].计算机研究与发展,2015,52(1):248-258.(YANG C, ZHANG J W, DONG X W, et al. Proving method of ownership of encrypted files in cloud de-duplication deletion[J]. Journal of Computer Research and Development, 2015, 52(1):248-258.)
[2] DOUCEUR J R, ADYA A, BOLOSKY W J, et al. Reclaiming space from duplicate files in a serverless distributed file system[C]//Proceedings of the 22nd International Conference on Distributed Computing Systems. Washington, DC:IEEE Computer Society, 2002:617-624.
[3] MARQUES L,COSTA C J. Secure deduplication on mobile devices[C]//Proceedings of the 2011 Workshop on Open Source and Design of Communication. New York:ACM, 2011:19-26.
[4] XU J, CHANG E-C, ZHOU J. Weak leakage-resilient client-side deduplication of encrypted data in cloud storage[C]//Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communication Security. New York:ACM, 2013:195-206.
[5] DUAN Y T. Distributed key generation for secure encrypted deduplication:achieving the strongest privacy[C]//Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security. New York:ACM, 2014:57-68.
[6] HARNIK D, PINKAS B, SHULMAN-PELEG A. Side channels in cloud services:deduplication in cloud storage[J]. IEEE Security and Privacy, 2010, 8(6):40-47.
[7] PUZIO P, MOLVA R, ONEN M, et al. Block-level de-deduplication with encrypted data[EB/OL].[2016-01-16].http://www.eurecom.fr/en/publication/4326/download/rs-publi-4326.pdf.
[8] PUZIO P, MOLVA R, ÖNEN M, et al. ClouDedup:secure deduplication with encrypted data for cloud storage[C]//Proceedings of the 2013 IEEE 5th International Conference on Cloud Computing Technology and Science. Washington, DC:IEEE Computer Society, 2013,1:363-370.
[9] BELLARE M, KEELVEEDHI S, RISTENPART T. DupLESS:server-aided encryption for deduplicated storage[C]//Proceedings of the 22nd USENIX Conference on Security. Berkeley, CA:USENIX Association, 2013:179-194.
[10] BELLARE M, KEELVEEDHI S, RISTENPART T. Message-locked encryption and secure deduplication[C]//Advances in Cryptology-EUROCRYPT 2013, LNCS 7881. Berlin:Springer, 2013:296-312.
[11] WILCOX-O'HEARN Z, WARNER B. Tahoe:the least-authority file system[C]//Proceedings of the 4th ACM International Workshop on Storage Security and Survivability. New York:ACM, 2008:21-26.
[12] LI J, CHEN X F, XHAFA F, et al. Secure deduplication storage systems supporting keyword search[J]. Journal of Computer and System Sciences, 2015, 81(8):1532-1541.
[13] MEISTER D, BRINKMANN A. Multi-level comparison of data deduplication in a backup scenario[C]//Proceedings of SYSTOR 2009:the Israeli Experimental Systems Conference. New York:ACM, 2009:Article No. 8.
[14] MEYER D T, BOLOSKY W J. A study of practical deduplication[J]. ACM Transactions on Storage, 2012, 7(4):Article No. 14.
[15] LI J, CHEN X, LI M, et al. Secure deduplication with efficient and reliable convergent key management[J]. IEEE Transactions on Parallel and Distributed Systems, 2014, 25(6):1615-1625.
[16] ZHOU Y, FENG D, XIA W, et al. SecDep:a user-aware effcient fine-grained secure deduplication scheme with multi-level key management[C]//Proceedings of the 201531th Symposium on Mass Storage Systems and Technologies. Washington, DC:IEEE Computer Society, 2015:1-14.
[17] HALEVI S, HARNIK D, PINKAS B, et al. Proofs of ownership in remote storage systems[C]//Proceedings of the 18th ACM Conference on Computer and Communications Security. New York:ACM, 2011:491-500.
[18] GONZÁLEZ-MANZANO L, ORFILA A. An effcient confidentiality-preserving proof of ownership for deduplication[J]. Journal of Network and Computer Applications, 2015, 50:49-59.
[19] ZHENG Q, XU S. Secure and efficient proof of storage with deduplication[C]//Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy. New York:ACM, 2012:1-12.
[20] PIETRO R D, SORNIOTTI A. Boosting efficiency and security in proof of ownership for deduplication[C]//Proceedings of the 7th ACM Symposiumon on Information, Computer and Communications Security. New York:ACM, 2012:81-82.
[21] BLASCO J, ORFILA A, PIETRO R D, et al. A tunable proof of ownership scheme for deduplication using bloom filters[C]//Proceedings of the 2014 IEEE Conference on Communications and Network Security. Piscataway, NJ:IEEE, 2014:481-489.

基于布隆过滤器所有权证明的高效安全可去重云存储方案

Efficient and secure deduplication cloud storage scheme based on proof of ownership by Bloom filter

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	杨粟, 欧阳智, 杜逆索. 基于相关度距离的无监督并行哈希图像检索[J]. 计算机应用, 2021, 41(7): 1902-1907.
[2]	李秀艳, 刘明曦, 史闻博, 董国芳. 面向资源受限用户的高效动态数据审计方案[J]. 计算机应用, 2021, 41(2): 422-432.
[3]	唐鑫, 周琳娜. 基于响应模糊化的抗附加块攻击云数据安全去重方法[J]. 计算机应用, 2020, 40(4): 1085-1090.
[4]	付伟, 顾晨阳, 高强. 基于属性加密的多用户共享ORAM方案[J]. 计算机应用, 2020, 40(2): 497-502.
[5]	王海勇, 彭垚, 郭凯璇. 云存储中基于代理重加密的CP-ABE访问控制方案[J]. 计算机应用, 2019, 39(9): 2611-2616.
[6]	王亚芳, 刘东升, 侯敏. 基于图像相似度检测代码克隆[J]. 计算机应用, 2019, 39(7): 2074-2080.
[7]	柳玉东, 王绪安, 涂广升, 王涵. 全生命周期的云外包数据安全审计协议[J]. 计算机应用, 2019, 39(7): 1954-1958.
[8]	杨萍, 赵冰, 舒辉. 基于图标相似性分析的恶意代码检测方法[J]. 计算机应用, 2019, 39(6): 1728-1734.
[9]	明洋, 何宝康. 支持属性撤销的可验证外包的多授权属性加密方案[J]. 计算机应用, 2019, 39(12): 3556-3562.
[10]	周坚, 金瑜, 何亨, 李鹏. 基于嵌套Merkle Hash tree区块链的云数据动态审计模型[J]. 计算机应用, 2019, 39(12): 3575-3583.
[11]	李静, 刘冬实. 主动容错云存储系统的可靠性评价模型[J]. 计算机应用, 2018, 38(9): 2631-2636.
[12]	李勇, 相中启. 基于计数型布隆过滤器的可排序密文检索方法[J]. 计算机应用, 2018, 38(9): 2554-2559.
[13]	张震, 付印金, 胡谷雨. 基于布隆过滤器的新型混合内存架构磨损均衡策略[J]. 计算机应用, 2018, 38(8): 2230-2235.
[14]	张恩, 金刚刚. 基于同态加密和Bloom过滤器的云外包多方隐私集合比较协议[J]. 计算机应用, 2018, 38(8): 2256-2260.
[15]	陈博, 何连跃, 严巍巍, 徐照淼, 徐俊. 海量小文件系统的可移植操作系统接口兼容技术[J]. 计算机应用, 2018, 38(5): 1389-1392.