基于Merkle哈希树的云存储加密数据去重复研究
|
摘要
收敛加密可以有效地解决数据加密和去重的矛盾,实现安全去重复,但是收敛加密仍然面临许多安全问题。针对传统的收敛加密容易遭受字典攻击的问题,提出基于Merkle哈希树的收敛加密方案实现数据去重复,通过执行额外的加密操作,加强数据的机密性,有效地避免字典攻击。为了克服传统的收敛加密方案的收敛密钥随着用户数量线性增长的问题,设计收敛密钥共享机制,进一步节省了收敛密钥的存储空间。
Although convergent encryption has effectively solved the contradiction between encryption and deduplication, it still faces many security problems. Aiming at the problem of conventional convergence encryption vulnerable to dictionary attacks, this paper proposes a convergence encryption scheme based on Merkle Hash tree, which realizes data deduplication,strengthens the confidentiality of data and effectively avoids data dictionary attacks by performing additional cryptographic operations. To overcome the problem that convergent keys linearly increase with the number of users, key sharing mechanism is designed, which can reduce more storage space of convergent keys.
Although convergent encryption has effectively solved the contradiction between encryption and deduplication, it still faces many security problems. Aiming at the problem of conventional convergence encryption vulnerable to dictionary attacks, this paper proposes a convergence encryption scheme based on Merkle Hash tree, which realizes data deduplication,strengthens the confidentiality of data and effectively avoids data dictionary attacks by performing additional cryptographic operations. To overcome the problem that convergent keys linearly increase with the number of users, key sharing mechanism is designed, which can reduce more storage space of convergent keys.
引文
[1]Clements A T,Ahmad I,Vilayannur M,et al.Decentralized deduplication in SAN cluster file systems[C]//Usenix Technical Conference,2009.
[2]Dutch M.Understanding data deduplication ratios[C]//SNIA Data Management Forum,2008.
[3]Wei J,Jiang H,Zhou K,et al.MAD2:A scalable highthroughput exact deduplication approach for network backup services[C]//IEEE Symposium on MASS Storage Systems and Technologies,2010:1-14.
[4]Zhang W,Tang H,Jiang H,et al.Multi-level selective deduplication for VM snapshots in cloud storage[C]//2012IEEE Fifth International Conference on Cloud Computing,2012:550-557.
[5]Zhang Y,Ansari N.On protocol-independent data redundancy elimination[J].IEEE Communications Surveys&Tutorials,2014,16(1):455-472.
[6]Douceur J R,Adya A,Bolosky W J,et al.Reclaiming space from duplicate files in a serverless distributed file system[C]//International Conference on Distributed Computing Systems,2002:617-624.
[7]Li J,Chen X,Huang X,et al.Secure distributed deduplication systems with improved reliability[J].IEEE Transactions on Computers,2015,64(12):3569-3579.
[8]Li J,Chen X,Li M,et al.Secure deduplication with efficient and reliable convergent key management[J].IEEE Transactions on Parallel&Distributed Systems,2014,25(6):1615-1625.
[9]Anderson P,Zhang L.Fast and secure laptop backups with encrypted de-duplication[C]//International Conference on Large Installation System Administration,2010:1-8.
[10]Rahumed A,Chen H C H,Tang Y,et al.A secure cloud backup system with assured deletion and version control[C]//ICPPW’11 Proceedings of the 2011 40th International Conference on Parallel Processing Workshops,2011:160-167.
[11]Storer M W,Greenan K,Long D D E,et al.Secure data deduplication[C]//ACM Workshop on Storage Security and Survivability,Storagess 2008,Alexandria,VA,USA,October,2008:1-10.
[12]Wilcox-O’Hearn Z,Warner B.Tahoe:The least-authority file system[C]//ACM Workshop on Storage Security and Survivability,Storagess 2008,Alexandria,VA,USA,October,2008:21-26.
[13]Bellare M,Keelveedhi S,Ristenpart T.Message-locked encryption and secure deduplication[C]//Annual International Conference on the Theory and Applications of Cryptographic Techniques.Berlin,Heidelberg:Springer,2013:296-312.
[14]Abadi M,Boneh D,Mironov I,et al.Message-locked encryption for lock-dependent messages[M]//Advances in Cryptology-CRYPTO 2013.Berlin,Heidelberg:Springer,2013:374-391.
[15]Stanek J,Sorniotti A,Androulaki E,et al.A secure data deduplication scheme for cloud storage[M]//Financial Cryptography and Data Security.Berlin Heidelberg:Springer,2014:99-118.
[16]Bellare M,Keelveedhi S,Ristenpart T.Dup LESS:Serveraided encryption for deduplicated storage[C]//Usenix Conference on Security,2013:179-194.
[17]Duan Y.Distributed key generation for encrypted deduplication:Achieving the strongest privacy[C]//Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security,2014:57-68.
[18]Li J,Li Y K,Chen X,et al.A hybrid cloud approach for secure authorized deduplication[J].IEEE Transactions on Parallel and Distributed Systems,2015,26(5):1206-1216.
[19]Telkar S A,Shaikh M Z.Enhanced secured hybrid cloudedupe system for data deduplication[J].International Journal of Innovations&Advancement in Computer Science,2015,4(4).
[20]Halevi S,Harnik D,Pinkas B,et al.Proofs of ownership in remote storage systems[C]//Proceedings of the 18th ACM Conference on Computer and Communications Security,2011:491-500.
[21]Puzio P,Molva R,Onen M,et al.Block-level de-duplication with encrypted data[J].Ronpub Ug,2014,1:10-18.
[2]Dutch M.Understanding data deduplication ratios[C]//SNIA Data Management Forum,2008.
[3]Wei J,Jiang H,Zhou K,et al.MAD2:A scalable highthroughput exact deduplication approach for network backup services[C]//IEEE Symposium on MASS Storage Systems and Technologies,2010:1-14.
[4]Zhang W,Tang H,Jiang H,et al.Multi-level selective deduplication for VM snapshots in cloud storage[C]//2012IEEE Fifth International Conference on Cloud Computing,2012:550-557.
[5]Zhang Y,Ansari N.On protocol-independent data redundancy elimination[J].IEEE Communications Surveys&Tutorials,2014,16(1):455-472.
[6]Douceur J R,Adya A,Bolosky W J,et al.Reclaiming space from duplicate files in a serverless distributed file system[C]//International Conference on Distributed Computing Systems,2002:617-624.
[7]Li J,Chen X,Huang X,et al.Secure distributed deduplication systems with improved reliability[J].IEEE Transactions on Computers,2015,64(12):3569-3579.
[8]Li J,Chen X,Li M,et al.Secure deduplication with efficient and reliable convergent key management[J].IEEE Transactions on Parallel&Distributed Systems,2014,25(6):1615-1625.
[9]Anderson P,Zhang L.Fast and secure laptop backups with encrypted de-duplication[C]//International Conference on Large Installation System Administration,2010:1-8.
[10]Rahumed A,Chen H C H,Tang Y,et al.A secure cloud backup system with assured deletion and version control[C]//ICPPW’11 Proceedings of the 2011 40th International Conference on Parallel Processing Workshops,2011:160-167.
[11]Storer M W,Greenan K,Long D D E,et al.Secure data deduplication[C]//ACM Workshop on Storage Security and Survivability,Storagess 2008,Alexandria,VA,USA,October,2008:1-10.
[12]Wilcox-O’Hearn Z,Warner B.Tahoe:The least-authority file system[C]//ACM Workshop on Storage Security and Survivability,Storagess 2008,Alexandria,VA,USA,October,2008:21-26.
[13]Bellare M,Keelveedhi S,Ristenpart T.Message-locked encryption and secure deduplication[C]//Annual International Conference on the Theory and Applications of Cryptographic Techniques.Berlin,Heidelberg:Springer,2013:296-312.
[14]Abadi M,Boneh D,Mironov I,et al.Message-locked encryption for lock-dependent messages[M]//Advances in Cryptology-CRYPTO 2013.Berlin,Heidelberg:Springer,2013:374-391.
[15]Stanek J,Sorniotti A,Androulaki E,et al.A secure data deduplication scheme for cloud storage[M]//Financial Cryptography and Data Security.Berlin Heidelberg:Springer,2014:99-118.
[16]Bellare M,Keelveedhi S,Ristenpart T.Dup LESS:Serveraided encryption for deduplicated storage[C]//Usenix Conference on Security,2013:179-194.
[17]Duan Y.Distributed key generation for encrypted deduplication:Achieving the strongest privacy[C]//Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security,2014:57-68.
[18]Li J,Li Y K,Chen X,et al.A hybrid cloud approach for secure authorized deduplication[J].IEEE Transactions on Parallel and Distributed Systems,2015,26(5):1206-1216.
[19]Telkar S A,Shaikh M Z.Enhanced secured hybrid cloudedupe system for data deduplication[J].International Journal of Innovations&Advancement in Computer Science,2015,4(4).
[20]Halevi S,Harnik D,Pinkas B,et al.Proofs of ownership in remote storage systems[C]//Proceedings of the 18th ACM Conference on Computer and Communications Security,2011:491-500.
[21]Puzio P,Molva R,Onen M,et al.Block-level de-duplication with encrypted data[J].Ronpub Ug,2014,1:10-18.