摘要
作为优化存储空间、改善网络带宽、降低总体开销的关键技术之一,数据去重已成为云服务提供商(CSP)外包数据管理不可或缺的一部分,但也面临着数据机密性、完整性和隐私性等诸多安全问题。文章提出一种集容错能力、机密性和高效密钥管理于一体的安全数据去重方案。该方案采用基于置换有序二进制(POB)编码系统的秘密共享算法将数据块分解为多个随机份额,并通过所有权证明(PoW)进一步确保数据安全性。同时,方案采用基于中国剩余定理(CRT)的秘密共享算法将密钥分为多个随机块,并发送给相应的密钥管理服务器,从而将密钥开销降至最低。实验结果证明,文章方案在功能和效率方面明显优于其他方案,且能有效对抗两类攻击者(即不诚实服务器和外部攻击者)和两类攻击方式(即重复伪造攻击和擦除攻击)。
As one of the key technologies to optimize storage space,improve network bandwidth and reduce overall overhead,data deduplication has been an indispensable part of cloud service provider(CSP)solutions on outsourced data management,but it also faces many security issues,such as data confidentiality,integrity and privacy.This paper proposes a secure data deduplication scheme which integrates fault tolerance,confidentiality and efficient key management.The scheme adopts a secret sharing algorithm based on a permutation ordered binary(POB)number system to decompose the data block into multiple random shares,and enhances data security by introducing the proof of ownership(PoW)concept.Moreover,The scheme applies a secret sharing algorithm based on the Chinese Remainder Theorem(CRT)to divide the key into multiple random blocks and sends them to the corresponding key management server(KMS)to minimize the key overhead.Experimental results show that the scheme overwhelms the other schemes in terms of function and efficiency and can effectively resist two types of attackers(i.e.dishonest servers and external attackers)and two types of attack modes(i.e.duplicate faking attacks and erasure attacks).
作者
郎为民
王雪丽
张汉
裴云祥
LANG Weimin;WANG Xueli;ZHANG Han;PEI Yunxiang(School of Information and Communication,National University of Defense Technology,Wuhan 430010,China)
出处
《信息网络安全》
CSCD
北大核心
2020年第11期43-50,共8页
Netinfo Security
基金
国家自然科学基金[61601490]
国防科技大学2018年科研计划[ZK18-03-23]。
关键词
数据去重
秘密共享
所有权证明
置换有序二进制
中国剩余定理
data deduplication
secret sharing
proof of ownership(PoW)
permutation ordered binary(POB)
Chinese Remainder Theorem(CRT)
