A Security Client-side Deduplication with Encrypted Data in Cloud Storage

FU An-min; SONG Jian-ye; SU Mang; LI Shuai

doi:10.3969/j.issn.0372-2112.2017.12.006

您当前的位置：

首页 >

文章列表页 >

A Security Client-side Deduplication with Encrypted Data in Cloud Storage

更新时间：2025-07-16

- A Security Client-side Deduplication with Encrypted Data in Cloud Storage
- Acta Electronica Sinica Vol. 45, Issue 12, Pages: 2863-2872(2017)
- 作者机构：
  
  南京理工大学计算机科学与工程学院,江苏,南京,210094
- 作者简介：
- 基金信息：
- DOI：10.3969/j.issn.0372-2112.2017.12.006
  CLC： TP393
- Published Online：25 December 2017，
  
  Published：2017
- 稿件说明：
移动端阅览
FU An-min, SONG Jian-ye, SU Mang, et al. A Security Client-side Deduplication with Encrypted Data in Cloud Storage[J]. Acta Electronica Sinica, 2017, 45(12): 2863-2872.
DOI：

FU An-min, SONG Jian-ye, SU Mang, et al. A Security Client-side Deduplication with Encrypted Data in Cloud Storage[J]. Acta Electronica Sinica, 2017, 45(12): 2863-2872. DOI： 10.3969/j.issn.0372-2112.2017.12.006.

摘要

云存储环境下，客户端数据去重能在本地进行文件重复性检测，有效地节约存储空间和网络带宽.然而，客户端去重仍面临着很多安全挑战.首先，由于将文件哈希值作为重复性检测的证据，攻击者很可能通过一个文件的哈希值获得整个文件；其次，为了保护数据隐私，收敛加密被广泛运用于数据去重方案，但是由于数据本身是可预测的，所以收敛加密仍不可避免地遭受暴力字典攻击.为了解决上述问题，本文首次利用盲签名构造了一个安全的密钥生成协议，通过引入一个密钥服务器，实现了对收敛密钥的二次加密，有效地预防了暴力字典攻击；并进一步提出了一个基于块密钥签名的拥有权证明方法，能够有效预防攻击者通过单一的哈希值来获取文件，并能同时实现对密文文件的文件级和块级去重.同时，安全分析表明本文方案在随机预言模型下是可证明安全的，并能够满足收敛密钥安全、标签一致性和抗暴力字典攻击等更多安全属性.此外，与现有方案相比，实验结果表明本文方案在文件上传和文件去重方面的计算开销相对较小.

Abstract

In cloud storage environment

client-side data deduplication can detect duplicated files at local

so as to save storage space and network bandwidth effectively.However

client-side deduplication still faces many security challenges.Firstly

since the file hash value is regarded as the evidence of duplication detection

the attacker is likely to obtain a whole file via a hash of the file.Secondly

to ensure the privacy of data

convergent encryption has been widely used in data deduplication technology

but the data itself is predictable

so that convergent encryption still inevitably suffered from violence dictionary attacks.To solve problems mentioned above

this paper uses blind signature to construct a secure key generation protocol

by introducing a key server to achieve the secondary encryption of keys

which efficiently prevents violence dictionary attacks.Furthermore

we propose a Proof of Ownership method based on block key signature.It can effectively prevent the attacker from obtaining the file through a single hash value and can realize the file-level and block-level deduplication of the encrypted file simultaneously.Meanwhile

the security analysis shows that our scheme can be proved to be secure in the random oracle model and can meet the security properties such as convergence key security

tag consistency and anti-violence dictionary attacks.In addition

compared with the existing schemes

the experimental results show that the computational overhead of our scheme is relatively small in terms of file upload and file deduplication.

关键词

Keywords

references

Views

309

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

An Improved E-Cash System Based on Restrictive Blind Signature

Related Author

WANG Chang-ji

PEI Ding-yi

JIANG Wen-bao

Related Institution

State Key Lab.of Information Security,Graduate School of USTC

Computer Center of Institute of High Energy Physics of CAS

State Key Lab.of Information SecurityGraduate School of USTCBeijing 100039China

Computer Center of Institute of High Energy Physics of CASBeijing

⁰