A Secure Data Deduplication Scheme Based on Secret Sharing Algorithm

doi:10.3969/j.issn.1671-1122.2020.11.006

Abstract

Abstract:

As one of the key technologies to optimize storage space, improve network bandwidth and reduce overall overhead, data deduplication has been an indispensable part of cloud service provider (CSP) solutions on outsourced data management, but it also faces many security issues, such as data confidentiality, integrity and privacy. This paper proposes a secure data deduplication scheme which integrates fault tolerance, confidentiality and efficient key management. The scheme adopts a secret sharing algorithm based on a permutation ordered binary (POB) number system to decompose the data block into multiple random shares, and enhances data security by introducing the proof of ownership (PoW) concept. Moreover, The scheme applies a secret sharing algorithm based on the Chinese Remainder Theorem (CRT) to divide the key into multiple random blocks and sends them to the corresponding key management server (KMS) to minimize the key overhead. Experimental results show that the scheme overwhelms the other schemes in terms of function and efficiency and can effectively resist two types of attackers (i.e. dishonest servers and external attackers) and two types of attack modes (i.e. duplicate faking attacks and erasure attacks).

Key words: data deduplication, secret sharing, proof of ownership (PoW), permutation ordered binary (POB), Chinese Remainder Theorem (CRT)

CLC Number:

TP309

LANG Weimin, WANG Xueli, ZHANG Han, PEI Yunxiang. A Secure Data Deduplication Scheme Based on Secret Sharing Algorithm[J]. Netinfo Security, 2020, 20(11): 43-50.

Figures/Tables 8

References 14

[1]	XIA Wen, ZOU Xiangyu, JIANG Hong, et al. The Design of Fast Content-defined Chunking for Data Deduplication-based Storage Systems[J]. IEEE Transactions on Parallel and Distributed Systems, 2020,31(9):2017-2031.
[2]	LIU Xueyan, LU Tingting, HE Xiaomei, et al. Verifiable Attribute-based Keyword Search over Encrypted Cloud Data Supporting Data Deduplication[J]. IEEE Access, 2020,8(3):52062-52074.
[3]	ZHANG Yucheng, FU Min, WU Xinyun, et al. Improving Restore Performance of Packed Datasets in Deduplication Systems via Reducing Persistent Fragmented Chunks[J]. IEEE Transactions on Parallel and Distributed Systems, 2020,31(7):1651-1664.
[4]	PRIYANKA S, NISHANT A, BALASUBRAMANIAN R. Secure Data Deduplication Using Secret Sharing Schemes over Cloud[J]. Future Generation Computer Systems, 2018,78(5):156-167.
[5]	YOUNGJOO S, DONGYOUNG K, JUNBEOM H, et al. Decentralized Server-aided Encryption for Secure Deduplication in Cloud Storage[J]. IEEE Transactions on Services Computing, 2018,11(4):621-636.
[6]	HYUNSOO K, CHANGHEE H, KYUNGTAE K, et al. Secure Deduplication with Reliable and Revocable Key Management in Fog Computing[J]. Peer-to-Peer Networking and Applications, 2018,11(6):1153-1167.
[7]	HALEVI S, HARNIK D, PINKAS B, et al. Proofs of Ownership in Remote Storage Systems[C]// ACM. The 18th ACM Conference on Computer and Communications Security, October 17-21, 2011, Chicago, USA. New York: ACM, 2011: 491-500.
[8]	PIETRO R D, SORNIOTTI A. Boosting Efficiency and Security in Proof of Ownership for Deduplication [C]//ACM. The 7th ACM Symposium on Information, Computer and Communications Security, May 2-4, 2012, Seoul, Korea. New York: ACM, 2012: 81-82.
[9]	GONZÁLEZ-MANZANO L, ORFILA A. An Efficient Confidentiality-preserving Proof of Ownership for Deduplication[J]. Journal of Network and Computer Applications, 2015,50(4):49-59.
[10]	SREEKUMAR A, SUNDAR S. An Efficient Secret Sharing Scheme for n out of n Scheme Using POB-Number System[J]. International Journal on Information Processing, 2009,3(4):77-83.
[11]	ASMUTH C, BLOOM J. A Modular Approach to Key Safeguarding[J]. IEEE Transactions on Information Theory, 1983,29(2):208-210.
[12]	MIGNOTTE M. How to Share a Secret[M]// Springer. Cryptography. Heidelberg: Springer, Berlin, Heidelberg, 1983: 371-375.
[13]	XU Jia, CHANG E C, ZHOU Jianying. Weak Leakage-resilient Client-side Deduplication of Encrypted Data in Cloud Storage[C]// ACM. ACM Sigsac Symposium on Information, Computer and Communications Security, November 4-8, 2013, Berlin, Germany. New York: ACM, 2013: 195-206.
[14]	KOO Dongyoung, HUR Junbeom. Privacy-preserving Deduplication of Encrypted Data with Dynamic Ownership Management in Fog Computing[J]. Future Generation Computer Systems, 2018,78(2):739-752.

符号	含义
F	上传的文件
F_j	F的第j个数据块
F_jl	F的第j个数据块的第l个份额
CSS_j	第j台CSS
$I{{D}_{CS{{S}_{j}}}}$	第j台CSS的标识
KMS_k	第k台KMS
$I{{D}_{KM{{S}_{k}}}} $	第k台KMS的标识
n	F中的数据块数
m	每个数据块所分解的份额数
L	F的标签
${{L}_{{{F}_{j}}}} $	F中第j个数据块的标签
${{T}_{F}} $	CSS_j上F的标签
${{T}_{{{F}_{j}}}} $	CSS_j上F的第j个数据块的标签
O_jl	采用POB编码系统时,F的第j个数据块的第l个份额中1的个数
Q_jlk	KMS_k上F的第j个数据块的第l个份额中1的个数
${{T}_{{{O}_{jlk}}}} $	KMS_k上F的第j个数据块的第l个份额的标签
H	哈希运算

去重后的数据体量原始数据体量	数据集
去重后的数据体量原始数据体量	数据集1	数据集2	数据集3
16 MB	13.27 MB	7.68 MB	11.88 MB
32 MB	26.61 MB	15.04 MB	23.71 MB
64 MB	54.12 MB	41.29 MB	47.55 MB

	XU^[13]等人方案	KOO^[14]等人方案	本文方案
公共参数	—	$2{{C}_{\mathbf{Z}}}$	—
CSS	${{C}_{F}}+\text{4}{{C}_{H}}$	${{C}_{F}}+\left\| O \right\|{{C}_{G}}$	L
用户	—	${{C}_{\mathbf{Z}}}$	—