一种基于秘密共享算法的安全数据去重方案

doi:10.3969/j.issn.1671-1122.2020.11.006

信息网络安全 ›› 2020, Vol. 20 ›› Issue (11): 43-50.doi: 10.3969/j.issn.1671-1122.2020.11.006

一种基于秘密共享算法的安全数据去重方案

郎为民(), 王雪丽, 张汉, 裴云祥

国防科技大学信息通信学院,武汉 430010

收稿日期:2020-04-27 出版日期:2020-11-10 发布日期:2020-12-31
通讯作者: 郎为民 E-mail:wemlang@163.com
作者简介:郎为民（1976—）,男,河北,教授,博士,主要研究方向为信息安全和物联网等|王雪丽（1999—）,女,湖北,本科,主要研究方向为数据去重和信息安全等|张汉（1994—）,男,辽宁,硕士研究生,主要研究方向为云计算和数据去重等|裴云祥（1996—）,男,湖南,硕士研究生,主要研究方向为人工智能和信息安全等
基金资助:
国家自然科学基金(61601490);国防科技大学2018年科研计划(ZK18-03-23)

A Secure Data Deduplication Scheme Based on Secret Sharing Algorithm

LANG Weimin(), WANG Xueli, ZHANG Han, PEI Yunxiang

School of Information and Communication, National University of Defense Technology, Wuhan 430010, China

Received:2020-04-27 Online:2020-11-10 Published:2020-12-31
Contact: LANG Weimin E-mail:wemlang@163.com

摘要/Abstract

摘要：

作为优化存储空间、改善网络带宽、降低总体开销的关键技术之一,数据去重已成为云服务提供商（CSP）外包数据管理不可或缺的一部分,但也面临着数据机密性、完整性和隐私性等诸多安全问题。文章提出一种集容错能力、机密性和高效密钥管理于一体的安全数据去重方案。该方案采用基于置换有序二进制（POB）编码系统的秘密共享算法将数据块分解为多个随机份额,并通过所有权证明（PoW）进一步确保数据安全性。同时,方案采用基于中国剩余定理（CRT）的秘密共享算法将密钥分为多个随机块,并发送给相应的密钥管理服务器,从而将密钥开销降至最低。实验结果证明,文章方案在功能和效率方面明显优于其他方案,且能有效对抗两类攻击者（即不诚实服务器和外部攻击者）和两类攻击方式（即重复伪造攻击和擦除攻击）。

关键词: 数据去重, 秘密共享, 所有权证明, 置换有序二进制, 中国剩余定理

Abstract:

As one of the key technologies to optimize storage space, improve network bandwidth and reduce overall overhead, data deduplication has been an indispensable part of cloud service provider (CSP) solutions on outsourced data management, but it also faces many security issues, such as data confidentiality, integrity and privacy. This paper proposes a secure data deduplication scheme which integrates fault tolerance, confidentiality and efficient key management. The scheme adopts a secret sharing algorithm based on a permutation ordered binary (POB) number system to decompose the data block into multiple random shares, and enhances data security by introducing the proof of ownership (PoW) concept. Moreover, The scheme applies a secret sharing algorithm based on the Chinese Remainder Theorem (CRT) to divide the key into multiple random blocks and sends them to the corresponding key management server (KMS) to minimize the key overhead. Experimental results show that the scheme overwhelms the other schemes in terms of function and efficiency and can effectively resist two types of attackers (i.e. dishonest servers and external attackers) and two types of attack modes (i.e. duplicate faking attacks and erasure attacks).

Key words: data deduplication, secret sharing, proof of ownership (PoW), permutation ordered binary (POB), Chinese Remainder Theorem (CRT)

中图分类号:

TP309

郎为民, 王雪丽, 张汉, 裴云祥. 一种基于秘密共享算法的安全数据去重方案[J]. 信息网络安全, 2020, 20(11): 43-50.

LANG Weimin, WANG Xueli, ZHANG Han, PEI Yunxiang. A Secure Data Deduplication Scheme Based on Secret Sharing Algorithm[J]. Netinfo Security, 2020, 20(11): 43-50.

图/表 8

图1

图2

表1

表2

图3

表3

图4

图5

参考文献 14

[1]	XIA Wen, ZOU Xiangyu, JIANG Hong, et al. The Design of Fast Content-defined Chunking for Data Deduplication-based Storage Systems[J]. IEEE Transactions on Parallel and Distributed Systems, 2020,31(9):2017-2031.
[2]	LIU Xueyan, LU Tingting, HE Xiaomei, et al. Verifiable Attribute-based Keyword Search over Encrypted Cloud Data Supporting Data Deduplication[J]. IEEE Access, 2020,8(3):52062-52074.
[3]	ZHANG Yucheng, FU Min, WU Xinyun, et al. Improving Restore Performance of Packed Datasets in Deduplication Systems via Reducing Persistent Fragmented Chunks[J]. IEEE Transactions on Parallel and Distributed Systems, 2020,31(7):1651-1664.
[4]	PRIYANKA S, NISHANT A, BALASUBRAMANIAN R. Secure Data Deduplication Using Secret Sharing Schemes over Cloud[J]. Future Generation Computer Systems, 2018,78(5):156-167.
[5]	YOUNGJOO S, DONGYOUNG K, JUNBEOM H, et al. Decentralized Server-aided Encryption for Secure Deduplication in Cloud Storage[J]. IEEE Transactions on Services Computing, 2018,11(4):621-636.
[6]	HYUNSOO K, CHANGHEE H, KYUNGTAE K, et al. Secure Deduplication with Reliable and Revocable Key Management in Fog Computing[J]. Peer-to-Peer Networking and Applications, 2018,11(6):1153-1167.
[7]	HALEVI S, HARNIK D, PINKAS B, et al. Proofs of Ownership in Remote Storage Systems[C]// ACM. The 18th ACM Conference on Computer and Communications Security, October 17-21, 2011, Chicago, USA. New York: ACM, 2011: 491-500.
[8]	PIETRO R D, SORNIOTTI A. Boosting Efficiency and Security in Proof of Ownership for Deduplication [C]//ACM. The 7th ACM Symposium on Information, Computer and Communications Security, May 2-4, 2012, Seoul, Korea. New York: ACM, 2012: 81-82.
[9]	GONZÁLEZ-MANZANO L, ORFILA A. An Efficient Confidentiality-preserving Proof of Ownership for Deduplication[J]. Journal of Network and Computer Applications, 2015,50(4):49-59.
[10]	SREEKUMAR A, SUNDAR S. An Efficient Secret Sharing Scheme for n out of n Scheme Using POB-Number System[J]. International Journal on Information Processing, 2009,3(4):77-83.
[11]	ASMUTH C, BLOOM J. A Modular Approach to Key Safeguarding[J]. IEEE Transactions on Information Theory, 1983,29(2):208-210.
[12]	MIGNOTTE M. How to Share a Secret[M]// Springer. Cryptography. Heidelberg: Springer, Berlin, Heidelberg, 1983: 371-375.
[13]	XU Jia, CHANG E C, ZHOU Jianying. Weak Leakage-resilient Client-side Deduplication of Encrypted Data in Cloud Storage[C]// ACM. ACM Sigsac Symposium on Information, Computer and Communications Security, November 4-8, 2013, Berlin, Germany. New York: ACM, 2013: 195-206.
[14]	KOO Dongyoung, HUR Junbeom. Privacy-preserving Deduplication of Encrypted Data with Dynamic Ownership Management in Fog Computing[J]. Future Generation Computer Systems, 2018,78(2):739-752.

符号	含义
F	上传的文件
F_j	F的第j个数据块
F_jl	F的第j个数据块的第l个份额
CSS_j	第j台CSS
$I{{D}_{CS{{S}_{j}}}}$	第j台CSS的标识
KMS_k	第k台KMS
$I{{D}_{KM{{S}_{k}}}} $	第k台KMS的标识
n	F中的数据块数
m	每个数据块所分解的份额数
L	F的标签
${{L}_{{{F}_{j}}}} $	F中第j个数据块的标签
${{T}_{F}} $	CSS_j上F的标签
${{T}_{{{F}_{j}}}} $	CSS_j上F的第j个数据块的标签
O_jl	采用POB编码系统时,F的第j个数据块的第l个份额中1的个数
Q_jlk	KMS_k上F的第j个数据块的第l个份额中1的个数
${{T}_{{{O}_{jlk}}}} $	KMS_k上F的第j个数据块的第l个份额的标签
H	哈希运算

去重后的数据体量原始数据体量	数据集
去重后的数据体量原始数据体量	数据集1	数据集2	数据集3
16 MB	13.27 MB	7.68 MB	11.88 MB
32 MB	26.61 MB	15.04 MB	23.71 MB
64 MB	54.12 MB	41.29 MB	47.55 MB

	XU^[13]等人方案	KOO^[14]等人方案	本文方案
公共参数	—	$2{{C}_{\mathbf{Z}}}$	—
CSS	${{C}_{F}}+\text{4}{{C}_{H}}$	${{C}_{F}}+\left\| O \right\|{{C}_{G}}$	L
用户	—	${{C}_{\mathbf{Z}}}$	—

一种基于秘密共享算法的安全数据去重方案

A Secure Data Deduplication Scheme Based on Secret Sharing Algorithm

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 14

相关文章 13

编辑推荐

Metrics

本文评价

[1]	郎为民, 马卫国, 张寅, 姚晋芳. 一种支持数据所有权动态管理的数据去重方案[J]. 信息网络安全, 2020, 20(6): 1-9.
[2]	刘晓芬, 陈晓峰, 连桂仁, 林崧. 基于d级单粒子的可认证多方量子秘密共享协议[J]. 信息网络安全, 2020, 20(3): 51-55.
[3]	张艺, 刘红燕, 咸鹤群, 田呈亮. 基于授权记录的云存储加密数据去重方法[J]. 信息网络安全, 2020, 20(3): 75-82.
[4]	刘成基, 李志慧, 司萌萌, 白晨明. 基于局域区分的六粒子正交纠缠态的量子秘密共享方案[J]. 信息网络安全, 2018, 18(4): 56-64.
[5]	孟庆全, 杨晓元, 钟卫东, 张帅伟. 抵抗差分功耗攻击的秘密共享S盒实现与优化[J]. 信息网络安全, 2018, 18(2): 71-77.
[6]	唐春明, 魏伟明. 基于安全两方计算的具有隐私性的回归算法[J]. 信息网络安全, 2018, 18(10): 10-16.
[7]	王永建, 张健, 程少豫, 铁小辉. 面向云计算的同态加密改进设计[J]. 信息网络安全, 2017, 17(3): 21-26.
[8]	张言胜, 汪学明, 仇各各. 一种新的动态门限数字签名方案研究[J]. 信息网络安全, 2016, 16(6): 62-67.
[9]	程资, 靳俐荣, 石金晶. 基于RS码生成机制的(k,n)门限量子秘密共享方案[J]. 信息网络安全, 2016, 16(4): 44-49.
[10]	张璐;徐燕红;张浩;田伟. 基于秘密共享的安全云存储方案[J]. , 2013, 13(4): 0-0.
[11]	封化民;孙轶茹;孙莹. 基于身份认证加密的匿名私钥共享方案[J]. , 2013, 13(11): 0-0.
[12]	朱建忠;姚志强. 基于Asmuth-Bloom门限方案的小波域数字水印技术[J]. , 2012, 12(12): 0-0.
[13]	邱伟星;关一鸣;黄华. DES加密算法在秘密共享中的应用[J]. , 2011, 11(3): 0-0.