高级检索

    基于用户定义安全条件的可验证重复数据删除方法

    Verifiable Secure Data Deduplication Based on User-Defined Security Requirements

    • 摘要: 随着云存储用户数量的不断增长,重复数据删除技术得到了广泛的应用.如何在实现高效重复数据删除的同时,更好地保护用户数据隐私、实现客户端的安全多方计算,是云计算安全领域的研究热点问题.首次考虑了用户对重复数据删除过程的控制问题,引入了基于用户属性的安全条件机制,提出了基于用户定义安全条件的重复数据删除方法.基于双线性映射构造文件标识进行数据的查询,确保标识不泄露数据的任何明文信息.采用文件级和块级相结合的重复数据删除方法,提高了重复数据删除操作效率.基于安全多方计算理论和布隆过滤器技术实现数据的所有权证明,确保仅授权用户可获取数据的访问权,防范来自恶意用户的信道监听攻击.使用广播加密方法对数据加密密钥进行保护,实现了安全高效的重复数据删除.分析并证明了方案的安全性和正确性.仿真实验验证了方案的可行性和有效性.

       

      Abstract: With the increasing of cloud storage users, data deduplication technology is widely applied in cloud computing environment. One of the key issues in cloud computing security is to effectively protect data privacy while implementing efficient deduplication and achieving secure multi-party computation among the clients. Cloud users’ control over the deduplication process is considered for the first time. By introducing the user attribute-based security requirement mechanism, a novel data deduplication scheme in cloud storage is proposed, which doesn’t require any online trusted third party. It achieves users’ control over data sharing and fully protects data privacy. Based on bilinear mapping, data tags are constructed to keep track of the data without leaking any exploitable information. The combination of file-level and block-level deduplication is applied to obtain better efficiency with fine data granularity. The ownership proving method is designed based on multi-party computation principles and bloom filter, which ensures only authorized users can access the data. It can prevent malicious users from conducting eavesdropping attack. The data encryption key is protected via broadcast encryption, which secures the data deduplication process. The correctness and security of the proposed scheme are analyzed and proved. Simulation results show that the scheme is secure and effective.

       

    /

    返回文章
    返回