摘要
跨用户数据去重技术,通过在用户端减少重复数据上传来提高云端数据存储效率和用户的带宽使用效率。然而,在数据上传过程中,云服务商反馈给用户的确定性去重响应为攻击者建立了一个极具安全风险的边信道,攻击者利用该边信道可推断出目标数据在云端的存在性隐私。现有的抗边信道攻击跨用户去重方法,采用各种混淆策略试图扰乱攻击者的判断,然而,这些方法难以实现完全混淆,攻击者仍然可通过字典攻击、附加块攻击等方式达到数据窃取的目的。目前,如何防止攻击者利用边信道窃取数据的存在性隐私,成为了跨用户数据去重技术亟待解决的重要问题。为应对这一挑战,本文采用了一种基于广义去重的新型跨用户安全去重框架,将原始数据从字节层面分解为基和偏移量,对基进行跨用户去重,并对偏移量进行云端去重。特别地,本文采用Reed-Solomon纠删码编码思想实现基的提取,使得从相似的数据中可以较高概率提取出相同的基。不仅可以实现对攻击者的混淆,还可以有效节省通信开销和云端存储开销。此外,为了进一步提高效率,本文在偏移量上传前,引入数据压缩算法,减少偏移量间的冗余数据量。实验结果表明,在实现有效抵抗边信道攻击的前提下,本方法相比该领域最新工作在通信和存储效率等方面具有显著优势。
Cross-user data deduplication technology improves cloud data storage efficiency and user bandwidth usage efficiency by reducing repeated data uploads on the user side.However,during the data uploading process,the deduplica-tion response fed back to the user by the cloud service provider a side channel with a very high security risk for the attack-er,and the attacker can use this side channel to infer the existence of the target data in the cloud.The existing cross-user deduplication methods against side-channel attacks use various obfuscation strategies to try to disrupt the attacker's judg-ment.However,these methods are still difficult to achieve complete obfuscation,and attackers can still use dictionary at-tacks,additional block attacks,etc.to complete the attack.At present,how to prevent attackers from stealing the existential privacy of data by using side channels has become an important problem to be solved urgently in cross-user data dedupli-cation technology.To address this challenge,this paper adopts a new cross-user security deduplication framework based on generalized deduplication.We decompose the original data into bases and offsets from the byte level,then we conduct cross-user deduplicates on the bases,and deduplicate the offsets in the cloud side.In particular,this paper adopts the idea of Reed-Solomon erasure coding to achieve basis extraction,so that the same bases can be extracted from similar data with a high probability.Not only can confuse attackers,but also effectively save communication bandwidth and cloud storage overhead.In addition,in order to further improve the efficiency,this paper introduces a data compression algorithm before uploading the deviation to reduce the amount of redundant data between the offsets.Under the premise of effectively re-sisting side-channel attacks,the experimental results show that this method has significant advantages in communication and storage efficiency compared with the latest work in this field.
作者
刘小梅
唐鑫
杨舒婷
陈雄
高语灿
LIU Xiaomei;TANG Xin;YANG Shuting;CHEN Xiong;GAO Yucan(School of Cyber Science and Engineering,University of International Relations,Beijing 100091,China)
出处
《信息安全学报》
CSCD
2022年第6期80-93,共14页
Journal of Cyber Security
基金
国家自然科学基金项目(No.62102113)
国际关系学院国家安全高精尖学科建设科研专项基金资助项目(No.2021GA08)
国际关系学院大学生学术支持计划项目(No.3262022SYJ012)
国际关系学院中央高校基本科研业务项目(No.3262022T20)资助。
