摘要
针对单一云存储服务提供商可能对数据进行垄断控制和现有云存储去重系统采用的收敛加密算法容易遭受暴力攻击等问题,提出了一种采用签名与哈希技术的云存储去重方案,通过在数据去重过程中采用双层校验机制对数据完整性进行审计,能够校验文件的完整性和精确地定位到损坏的数据块;同时构造Merkle哈希树来生成校验值,计算出去重标签,保证重复数据能够被检测;使用Mapbox和Lockbox结合的机制加密数据信息,保证非授权用户无法对文件进行访问。安全性分析及仿真实验结果表明,方案有效抵制暴力攻击,并能够降低去重标签的计算开销和减少存储空间。
To address the problem that data is monopolized by a single cloud storage service provider and convergence encryption adopted for existing cloud storage systems is vulnerable to brute-force attacks,a cloud storage deduplication scheme using signature and Hash technology is proposed.The scheme which uses a two-layer verification mechanism to audit data integrity,can check the integrity of the file and locate the damaged data block accurately.And a merkle Hash tree is constructed to generate the check coefficient and duplicate-lable,so that the duplicate data can be detected.In addition,a combination of Mapbox and Lockbox is used to encrypt data,which ensures that the unauthaorized users can not access the files directly.The security analysis and simulation results show that the scheme can effectively resist the brute-force attacks,reduce the computation cost of duplicate-lable generation and storage space.
作者
张桂鹏
匡振曦
陈平华
ZHANG Guipeng;KUANG Zhenxi;CHEN Pinghua(School of Computer,Guangdong University of Technology,Guangzhou 510006,China)
出处
《计算机工程与应用》
CSCD
北大核心
2020年第1期76-82,共7页
Computer Engineering and Applications
基金
国家自然科学基金(No.61572144)
广东省科技计划项目(No.2017B030307002)
关键词
数据去重
多云存储
双层校验机制
Merkle哈希树
data deduplication
multiple cloud storage
two-layer verification mechanism
Merkle Hash tree