A Cloud Storage Encrypted Data Deduplication Method Based on Authorization Records

doi:10.3969/j.issn.1671-1122.2020.03.010

Abstract

Abstract:

Data deduplication can be used to remove redundant data in cloud storage system, which can improve storage efficiency and save network bandwidth. In order to protect data privacy, cloud users tend to upload data in the form of encrypted ciphertext. However, it makes the data deduplication more difficult. It is a hot issue in cloud computing security filed that how to achieve safe and efficient data deduplication under the premise of ensuring data privacy. This paper proposes a method for deduplication of encrypted data in cloud storage based on authorization records. Based on bilinear mapping, data tag scheme is adopted which is used for duplicate check, and designs an authorization record storage structure. According to the popularity of data, different encryption strategies are applied. We get converted keys by proxy re-encryption. Without any real-time online the third party to participate in, to ensure that the tag does not leak any exploitable information. By implementing the proof of ownership, the security of deduplication data can be ensured. The correctness and security of our scheme are analyzed and proved. The experimental results show the feasibility and efficiency of our scheme.

Key words: authorization record, bilinear mapping, data deduplication, data popularity, proxy re-encryption

CLC Number:

TP309

ZHANG Yi, LIU Hongyan, XIAN Hequn, TIAN Chengliang. A Cloud Storage Encrypted Data Deduplication Method Based on Authorization Records[J]. Netinfo Security, 2020, 20(3): 75-82.

Figures/Tables 8

References 15

[1]	FU Yinjin, XIAO Nong, LIU Fang.Research and Development on Key Techniques of Data Deduplication[J]. Journal of Computer Research and Development, 2012, 49(1): 12-20.
	付印金,肖侬,刘芳.重复数据删除关键技术研究进展[J].计算机研究与发展,2012,49(1):12-20.
[2]	AO Li, SHU Jiwu, LI Mingqiang.Data Deduplication Techniques[J]. Journal of Software, 2010, 21(5): 916-929.
	敖莉,舒继武,李明强.重复数据删除技术[J].软件学报,2010,21(5):916-929.
[3]	DOUCEUR J R, ADYA A, BOLOSKY W J, et al.Reclaiming Space from Duplicate Files in a Serverless Distributed File System[C]//IEEE. Proceedings of the 22nd International Conference on Distributed Computing Systems, July 2-5, 2002, Vienna, Austria. New York: IEEE, 2002: 5-20.
[4]	BELLARE M, KEELVEEDHI S, RISTENPART T.Message-Locked Encryption and Secure Deduplication[C]//Springer. The 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 26-30, 2013, Athens, Greece. Heidelberg: Springer, 2013: 296-312.
[5]	LIU Jian, ASOKAN N, PINKAS B.Secure Deduplication of Encrypted Data without Additional Servers[C]//ACM. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, October 12-16, 2015, Denver, USA. New York: ACM, 2015: 874-885.
[6]	STANEK J, SORNIOTTI A, ANDROULAKI E, KENCL L.A Secure Data Deduplication Scheme for Cloud Storage[C]//Springer. International Conference on Financial Cryptography and Data Security, March 3-7, 2014, Christ Church, Barbados. Heidelberg: Springer, 2014: 99-118.
[7]	PUZIO P, MOLVA R, ÖNEN M, LOUREIRO S.PerfectDedup: Secure Data Deduplication[C]//Springer, International Workshop on Data Privacy Management, September 21-22, 2015, Vienna, Austria. Heidelberg: Springer, 2015: 150-166.
[8]	HUR J, KOO D, SHIN Y, KANG K.Secure Data Deduplication with Dynamic Ownership Management in Cloud Storage[J]. IEEE Transactions on Knowledge and Data Engineering, 2016, 28(11): 3113-3125.
[9]	YAN Z, DING W, YU X, et al.Deduplication on Encrypted Big Data in Cloud[J]. IEEE Transactions on Big Data, 2016, 2(2): 138-150.
[10]	ZHANG Shuguang, XIAN Hequn, WANG Yazhe, et al.Secure Encrypted Data Deduplication Method Based on Offline Key Distribution[J]. Journal of Software, 2018, 29(7): 66-72.
	张曙光,咸鹤群,王雅哲,等.基于离线密钥分发的加密数据重复删除方法[J].软件学报, 2018,29(27):66-72.
[11]	GREEN M, ATENIESE G.Identity-Based Proxy Re-encryption[C]// Springer. International Conference on Applied Cryptography and Network Security, June 5-8, 2007, Zhuhai, China. Heidelberg: Springer, 2007: 288-306.
[12]	DI P R, SORNIOTTI A.Boosting Efficiency and Security in Proof of Ownership for Deduplication[C]//ACM. Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, May 2-4, 2012, Seoul, Korea. New York: ACM, 2012: 81-82.
[13]	CARO A D, IOVINO V.JPBC: Java Pairing Based Cryptography[C]//IEEE. Proceedings of the 16th IEEE Symposium on Computers and Communications, June 28-July 1, 2011, Corfu, Greece. New York: IEEE, 2011: 850-855.
[14]	LOUKIDES M, ORAM A.Programming with GNU Software[M]. Sebastopol: O'Reilly Media, 1996.
[15]	VIEGA J, MESSIER M, CHANDRA P.Network Security with OpenSSL[M]. Sebastopol: O'Reilly Media, 2002.

符号	定义	符号	定义
{U_i}(i∈[1,n])	用户集合	EU	已有上传者
CU	当前上传者	Th	数据流行度阈值
M	数据M	Tag(M)	M的数据标签
θ	可忽略值	η	系统安全参数
AuthRec	所有数据的授权记录表	count(M)	拥有数据M的用户数量

数据标签	授权用户	被授权用户
1	U₁	U₁
1	U₁	U₂
1	U₁	U₃
1	U₃	U₆
2	U₉	U₉
…	…	…

数据标签	授权用户	被授权用户
1	U₁	U₁
1	U₁	U₂
1	U₁	U₆
2	U₉	U₉
…	…	…