一种混合云环境下基于Merkle哈希树的数据安全去重方案

doi:10.11896／j.issn.1002-137X.2018.11.029

摘要/Abstract

摘要： 重复数据删除技术是云存储系统中一种高效的数据压缩和存储优化技术,能够通过检测和消除冗余数据来减少存储空间、降低传输带宽消耗。针对现有的云存储系统中数据安全去重方案所采用的收敛加密算法容易遭受暴力攻击和密文计算时间开销过大等问题,提出了一种混合云环境下基于Merkle哈希树的数据安全去重方案MTHDedup。该方案通过引入权限等级函数和去重系数来计算去重标签,高效地实现了支持访问控制的数据安全去重系统;同时通过执行额外的加密算法,在文件级和数据块级的数据去重过程中构造Merkle哈希树来生成加密密钥,保证了生成的密文变得不可预测。安全性分析表明,该方案能够有效地抵制内部和外部攻击者发起的暴力攻击,从而提高数据的安全性。仿真实验结果表明,MTHDedup方案能有效地降低密文生成的计算开销,减少密钥的存储空间,而且随着权限集数目的增加,性能优势将更加明显。

关键词: Merkle哈希树, 暴力攻击, 访问控制, 混合云存储, 数据去重

Abstract: Deduplication is an efficient data compression and storage optimization technology in cloud storage systems.It can reduce storage space and transmission bandwidth consumption by detecting and eliminating redundant data.The convergence encryption adopted by existing cloud storage systems is vulnerable to brute-force attacks and the time cost of ciphertext generation is excessive.In this paper,an efficient deduplication scheme based on Merkle hash tree in hybrid cloud environment was proposed.The tag used to detect duplicated data is calculated by introducing privilege level function and label coefficients which can realize a secure deduplication system with different privilege levels.At the same time,an additional encryption algorithm is implemented,and cryptographic keys are generated by a Merkle hash tree.These keys are used to encrypt the plaintext at a file-level and block-level deduplication which ensures that the ciphertext becomes unpredictable.The security analysis shows that this scheme can effectively resist the brute-force attacks from internal and external attackers,and improve the confidentiality of data.The simulation results show that the proposed MTHDedup scheme can effectively reduce the computation overhead of ciphertext generation and the storage space of cryptographic keys.With the increase of the number of privilege sets,the performance advantage of MTHDedup scheme is more obvious.

Key words: Access control, Brute-force attacks, Data deduplication, Hybrid cloud storage, Merkle hash tree

中图分类号:

TP309

张桂鹏, 陈平华. 一种混合云环境下基于Merkle哈希树的数据安全去重方案[J]. 计算机科学, 2018, 45(11): 187-192. https://doi.org/10.11896／j.issn.1002-137X.2018.11.029

ZHANG Gui-peng, CHEN Ping-hua. Secure Data Deduplication Scheme Based on Merkle Hash Tree in HybridCloud Storage Environments[J]. Computer Science, 2018, 45(11): 187-192. https://doi.org/10.11896／j.issn.1002-137X.2018.11.029

参考文献

[1]GANTZ J,REINSEL D.The digital universe in 2020:Big data,bigger digital shadows,and biggest growth in the fareast[OL].http://www.emc.com/collateral/analyst-reports/idc-the-digital-universe-in-2020.pdf.
[2]CLEMENTS A T,AHMAD I,VILAYANNUR M,et al.Decentralized deduplication in SAN cluster file systems[C]∥Con-ference on Usenix Technical.2009:8-8.
[3]BELLARE M,NAMPREMPRE C,NEVEN G.Security Proofs for Identity-Based Identification and Signature Schemes[J].Journal of Cryptology,2009,22(1):1-61.
[4]BELLARE M,PALACIO A.GQ and Schnorr Identification Schemes:Proofs of Security against Impersonation under Active and Concurrent Attacks[M]∥Advances in Cryptology－CRYP10 2002.Berlin:Springer,2002:149-162.
[5]NG W K,WEN Y,ZHU H.Private data deduplication protocols in cloud storage[C]∥Acm Symposium on Applied Computing.ACM,2012:441-446.
[6]STORER M W,GREENAN K,LONG D D E,et al.Secure data deduplication[C]∥ACM International Workshop on Storage Security and Survivability.ACM,2008:1-10.
[7]BARACALDO N,ANDROULAKI E,GLIDER J,et al.Reconciling End-to-End Confidentiality and Data Reduction In Cloud Storage[J].International Journal of Advanced Research in Electrical,Electronics and Instrumentation Engineering,2017,6(3):206-210.
[8]DOUCEUR J R,ADYA A,BOLOSKY W J,et al.Reclaiming space from duplicate files in a serverless distributed file system[C]∥International Conference on Distributed Computing Systems.IEEE,2002:617-624.
[9]STANEK J,SORNIOTTI A,ANDROULAKI E,et al.A secure data deduplication scheme for cloud storage[OL].http://www.ifca.ai/fc14/papers/fc14_submission_5.pdf.
[10]LI M,QIN C,LI J,et al.CDStore:Toward Reliable,Secure,and Cost-Efficient Cloud Storage via Convergent Dispersal[J].IEEE Internet Computing,2016,20(3):45-53.
[11]LIU Z S,HE Z.Deduplication with encrypted data based on Merkle hash tree in Cloud Storage[J].Computer Engineering and Applications,2018,54(5):85-90.(in Chinese)
刘竹松,何喆.基于Merkle哈希树的云存储加密数据去重复研究[J].计算机工程与应用,2018,54(5):85-90.
[12]PUZIO P,MOLVA R,ONEN M,et al.ClouDedup:secure deduplication with encrypted data for cloud storage [C]∥2013 IEEE 5th International Conference on Cloud Computing Technology and Science (CloudCom).IEEE,2013:363-370.
[13]YIN Q Q.Secure deduplication approach based on Bloom Filter in hybrid cloud storage environments[J].Computer Engineering and Applications,2018,54(10):73-80.(in Chinese)
尹勤勤.基于Bloom Filter的混合云存储安全去重方案[J].计算机工程与应用,2018,54(10):73-80.
[14]BELLARE M,KEELVEEDHI S,RISTENPART T.Message- Lcked Ecryption and Secure Deduplication[M]∥Advances in Cryptology －EUROCRYPT 2013.Berlin:Springer,2013:296-312.
[15]BELLARE M,KEELVEEDHI S,RISTENPART T.DupLESS:server-aided encryption for deduplicated storage[C]∥Usenix Conference on Security.USENIX Association,2013:179-194.
[16]HALEVI S,HARNIK D,PINKAS B,et al.Proofs of ownership in remote storage systems[C]∥ACM Conference on Computer and Communications Security.ACM,2011:491-500.
[17]BLASCO J,DI PIETRO R,ORFILA A,et al.A tunable proof of ownership scheme for deduplication using bloom filters[C]∥2014 IEEE Conference on Communications and Network Security (CNS).IEEE,2014:481-489.
[18]YANG C,ZHANG M,JIANG Q,et al.Zero knowledge based client side deduplication for encrypted files of secure cloud stora-ge in smart cities [J].Pervasive & Mobile Computing,2017,41:243-258.
[19]LIU X,SUN W,LOU W,et al.One-tag checker:Message-locked integrity auditing on encrypted cloud deduplication storage[C]∥IEEE Conference on Computer Communications.IEEE,2017.
[20]LI J,LI Y,CHEN X,et al.A hybrid cloud approach for secure authorized deduplication[J].IEEE Transactions on Parallel and Distributed Systems,2015,26(5):1206-1216.

相关文章 15

[1]	郭鹏军, 张泾周, 杨远帆, 阳申湘. 飞机机内无线通信网络架构与接入控制算法研究 Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft 计算机科学, 2022, 49(9): 268-274. https://doi.org/10.11896/jsjkx.210700220
[2]	阳真, 黄松, 郑长友. 基于区块链与改进CP-ABE的众测知识产权保护技术研究 Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE 计算机科学, 2022, 49(5): 325-332. https://doi.org/10.11896/jsjkx.210900075
[3]	郭显, 王雨悦, 冯涛, 曹来成, 蒋泳波, 张迪. 基于区块链的工业控制系统角色委派访问控制机制 Blockchain-based Role-Delegation Access Control for Industrial Control System 计算机科学, 2021, 48(9): 306-316. https://doi.org/10.11896/jsjkx.210300235
[4]	程学林, 杨小虎, 卓崇魁. 基于组织架构的数据权限控制模型研究与实现 Research and Implementation of Data Authority Control Model Based on Organization 计算机科学, 2021, 48(6A): 558-562. https://doi.org/10.11896/jsjkx.200700127
[5]	潘瑞杰, 王高才, 黄珩逸. 云计算下基于动态用户信任度的属性访问控制 Attribute Access Control Based on Dynamic User Trust in Cloud Computing 计算机科学, 2021, 48(5): 313-319. https://doi.org/10.11896/jsjkx.200400013
[6]	何亨, 蒋俊君, 冯可, 李鹏, 徐芳芳. 多云环境中基于属性加密的高效多关键词检索方案 Efficient Multi-keyword Retrieval Scheme Based on Attribute Encryption in Multi-cloud Environment 计算机科学, 2021, 48(11A): 576-584. https://doi.org/10.11896/jsjkx.201000026
[7]	曹萌, 于洋, 梁英, 史红周. 基于区块链的大数据交易关键技术与发展趋势 Key Technologies and Development Trends of Big Data Trade Based on Blockchain 计算机科学, 2021, 48(11A): 184-190. https://doi.org/10.11896/jsjkx.210100163
[8]	徐堃, 付印金, 陈卫卫, 张亚男. 基于区块链的云存储安全研究进展 Research Progress on Blockchain-based Cloud Storage Security Mechanism 计算机科学, 2021, 48(11): 102-115. https://doi.org/10.11896/jsjkx.210600015
[9]	王静宇, 刘思睿. 大数据风险访问控制研究进展 Research Progress on Risk Access Control 计算机科学, 2020, 47(7): 56-65. https://doi.org/10.11896/jsjkx.190700157
[10]	顾荣杰, 吴治平, 石焕. 基于TFR 模型的公安云平台数据分级分类安全访问控制模型研究 New Approach for Graded and Classified Cloud Data Access Control for Public Security Based on TFR Model 计算机科学, 2020, 47(6A): 400-403. https://doi.org/10.11896/JsJkx.191000066
[11]	潘恒, 李景峰, 马君虎. 可抵御内部威胁的角色动态调整算法 Role Dynamic Adjustment Algorithm for Resisting Insider Threat 计算机科学, 2020, 47(5): 313-318. https://doi.org/10.11896/jsjkx.190800051
[12]	王辉, 刘玉祥, 曹顺湘, 周明明. 融入区块链技术的医疗数据存储机制 Medical Data Storage Mechanism Integrating Blockchain Technology 计算机科学, 2020, 47(4): 285-291. https://doi.org/10.11896/jsjkx.190400001
[13]	屠袁飞,张成真. 面向云端的安全高效的电子健康记录 Secure and Efficient Electronic Health Records for Cloud 计算机科学, 2020, 47(2): 294-299. https://doi.org/10.11896/jsjkx.181202256
[14]	乔毛,秦岭. 云存储服务中一种高效属性撤销的AB-ACCS方案 AB-ACCS Scheme for Revocation of Efficient Attributes in Cloud Storage Services 计算机科学, 2019, 46(7): 96-101. https://doi.org/10.11896/j.issn.1002-137X.2019.07.015
[15]	黄美蓉, 欧博, 何思源. 一种基于特征提取的访问控制方法 Access Control Method Based on Feature Extraction 计算机科学, 2019, 46(2): 109-114. https://doi.org/10.11896/j.issn.1002-137X.2019.02.017

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed