信息网络安全 ›› 2020, Vol. 20 ›› Issue (11): 43-50.doi: 10.3969/j.issn.1671-1122.2020.11.006

• 技术研究 • 上一篇    下一篇

一种基于秘密共享算法的安全数据去重方案

郎为民(), 王雪丽, 张汉, 裴云祥   

  1. 国防科技大学信息通信学院,武汉 430010
  • 收稿日期:2020-04-27 出版日期:2020-11-10 发布日期:2020-12-31
  • 通讯作者: 郎为民 E-mail:wemlang@163.com
  • 作者简介:郎为民(1976—),男,河北,教授,博士,主要研究方向为信息安全和物联网等|王雪丽(1999—),女,湖北,本科,主要研究方向为数据去重和信息安全等|张汉(1994—),男,辽宁,硕士研究生,主要研究方向为云计算和数据去重等|裴云祥(1996—),男,湖南,硕士研究生,主要研究方向为人工智能和信息安全等
  • 基金资助:
    国家自然科学基金(61601490);国防科技大学2018年科研计划(ZK18-03-23)

A Secure Data Deduplication Scheme Based on Secret Sharing Algorithm

LANG Weimin(), WANG Xueli, ZHANG Han, PEI Yunxiang   

  1. School of Information and Communication, National University of Defense Technology, Wuhan 430010, China
  • Received:2020-04-27 Online:2020-11-10 Published:2020-12-31
  • Contact: LANG Weimin E-mail:wemlang@163.com

摘要:

作为优化存储空间、改善网络带宽、降低总体开销的关键技术之一,数据去重已成为云服务提供商(CSP)外包数据管理不可或缺的一部分,但也面临着数据机密性、完整性和隐私性等诸多安全问题。文章提出一种集容错能力、机密性和高效密钥管理于一体的安全数据去重方案。该方案采用基于置换有序二进制(POB)编码系统的秘密共享算法将数据块分解为多个随机份额,并通过所有权证明(PoW)进一步确保数据安全性。同时,方案采用基于中国剩余定理(CRT)的秘密共享算法将密钥分为多个随机块,并发送给相应的密钥管理服务器,从而将密钥开销降至最低。实验结果证明,文章方案在功能和效率方面明显优于其他方案,且能有效对抗两类攻击者(即不诚实服务器和外部攻击者)和两类攻击方式(即重复伪造攻击和擦除攻击)。

关键词: 数据去重, 秘密共享, 所有权证明, 置换有序二进制, 中国剩余定理

Abstract:

As one of the key technologies to optimize storage space, improve network bandwidth and reduce overall overhead, data deduplication has been an indispensable part of cloud service provider (CSP) solutions on outsourced data management, but it also faces many security issues, such as data confidentiality, integrity and privacy. This paper proposes a secure data deduplication scheme which integrates fault tolerance, confidentiality and efficient key management. The scheme adopts a secret sharing algorithm based on a permutation ordered binary (POB) number system to decompose the data block into multiple random shares, and enhances data security by introducing the proof of ownership (PoW) concept. Moreover, The scheme applies a secret sharing algorithm based on the Chinese Remainder Theorem (CRT) to divide the key into multiple random blocks and sends them to the corresponding key management server (KMS) to minimize the key overhead. Experimental results show that the scheme overwhelms the other schemes in terms of function and efficiency and can effectively resist two types of attackers (i.e. dishonest servers and external attackers) and two types of attack modes (i.e. duplicate faking attacks and erasure attacks).

Key words: data deduplication, secret sharing, proof of ownership (PoW), permutation ordered binary (POB), Chinese Remainder Theorem (CRT)

中图分类号: