ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2018, Vol. 55 ›› Issue (10): 2134-2148.doi: 10.7544/issn1000-1239.2018.20180441

所属专题: 2018分布式安全与区块链技术研究专题

• 信息安全 • 上一篇    下一篇



  1. 1(青岛大学计算机科学技术学院 山东青岛 266071);2(综合业务网理论及关键技术国家重点实验室(西安电子科技大学) 西安 710071) (
  • 出版日期: 2018-10-01
  • 基金资助: 

Verifiable Secure Data Deduplication Based on User-Defined Security Requirements

Liu Hongyan1,2, Xian Hequn1,2, Lu Xiuqing1,2, Hou Ruitao1, Gao Yuan1   

  1. 1(College of Computer Science and Technology, Qingdao University, Qingdao, Shandong 266071);2(State Key Laboratory of Integrated Services Networks (Xidian University), Xi’an 710071)
  • Online: 2018-10-01

摘要: 随着云存储用户数量的不断增长,重复数据删除技术得到了广泛的应用.如何在实现高效重复数据删除的同时,更好地保护用户数据隐私、实现客户端的安全多方计算,是云计算安全领域的研究热点问题.首次考虑了用户对重复数据删除过程的控制问题,引入了基于用户属性的安全条件机制,提出了基于用户定义安全条件的重复数据删除方法.基于双线性映射构造文件标识进行数据的查询,确保标识不泄露数据的任何明文信息.采用文件级和块级相结合的重复数据删除方法,提高了重复数据删除操作效率.基于安全多方计算理论和布隆过滤器技术实现数据的所有权证明,确保仅授权用户可获取数据的访问权,防范来自恶意用户的信道监听攻击.使用广播加密方法对数据加密密钥进行保护,实现了安全高效的重复数据删除.分析并证明了方案的安全性和正确性.仿真实验验证了方案的可行性和有效性.

关键词: 安全多方计算, 隐私保护, 双线性映射, 布隆过滤器, 所有权证明

Abstract: With the increasing of cloud storage users, data deduplication technology is widely applied in cloud computing environment. One of the key issues in cloud computing security is to effectively protect data privacy while implementing efficient deduplication and achieving secure multi-party computation among the clients. Cloud users’ control over the deduplication process is considered for the first time. By introducing the user attribute-based security requirement mechanism, a novel data deduplication scheme in cloud storage is proposed, which doesn’t require any online trusted third party. It achieves users’ control over data sharing and fully protects data privacy. Based on bilinear mapping, data tags are constructed to keep track of the data without leaking any exploitable information. The combination of file-level and block-level deduplication is applied to obtain better efficiency with fine data granularity. The ownership proving method is designed based on multi-party computation principles and bloom filter, which ensures only authorized users can access the data. It can prevent malicious users from conducting eavesdropping attack. The data encryption key is protected via broadcast encryption, which secures the data deduplication process. The correctness and security of the proposed scheme are analyzed and proved. Simulation results show that the scheme is secure and effective.

Key words: secure multi-party computation, privacy protection, bilinear mapping, bloom filter, proofs of ownership