摘要
随着云计算服务的广泛应用,为了节省磁盘空间和带宽,出现了一种新技术:客户端去重复化.但近期发现了一种针对该技术的新型攻击:攻击者只需获得原始文件的一个摘要信息,即文件的散列值,即可从服务器端获得全部原始文件.为了解决上述安全问题,提出了一个密码学安全的、高效的证明方案来支持多客户端加密文件的去重复删除场景.通过抽样检测、动态系数和随机选择的原始文件检索值使方案达到安全与高效的目标;同时,还提出了一种巧妙的分布式捎带技术,将文件加密密钥的分发过程与所有权证明过程同步实施.最后,对所提方案进行了严格的安全性证明和深入的性能分析与仿真,结果表明,所提的方案不仅能达到可证明的安全级别,而且执行效率较高,尤其在减少客户端计算负载方面.
Abstract As the rapid adoption of cloud storage services, a new technology of client side deduplication is proposed to save the bandwidth of uploading copies of existing files to the server. This promising technology, however, has been recently found being vulnerable to a new kind of attack, in which by learning just a small piece of information about the file, namely its Hash value, an attacker is able to get the entire file from the server. To solve the problems mentioned above, we propose a cryptographically secure and efficient scheme to support cross-user client side deduplication over encrypted file. The new scheme utilizes the technique of spot checking in which the client only need to access small portions of the original file, dynamic coefficients, randomly chosen indices of the original files and a subtle approach to distribute the file encrypting key among clients to satisfy security requirements. Extensive security analysis shows that the proposed scheme can generate provable ownership of the encrypted file (POEF) with the presence of the curious server, and maintain a high detection probability of the client misbehavior. Both performance analysis and simulation results demonstrate that our proposed scheme is much more efficient than the existing schemes, especially in reducing the burden of the client.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2015年第1期248-258,共11页
Journal of Computer Research and Development
基金
国家自然科学基金青年基金项目(61303219
61100230)
国家自然科学基金重点项目(60633020)
中央高校基本科研业务费专项资金项目(K5051303007)
陕西省自然科学基金项目(2014JQ8295)
