基于自适应MSB可逆信息隐藏的图像云数据密文安全去重机制

Adaptive MSB Reversible Data Hiding Based Security Deduplication for Encrypted Images in Cloud Storage

随着信息技术的飞速发展,越来越多以图像为代表的多媒体数据被重复上传到云平台进行存储,造成了用户通信开销和云端存储开销的极大浪费。此外,明文状态的图像数据存储在云端,导致数据机密性被破坏。尽管密文图像云数据去重技术在一定程度上解决了以上问题,但去重过程中产生的可区分响应为攻击者创建了一个侧信道,将泄露用户数据的存在性隐私。同时,为实现加密密钥在数据持有者间的传递,用户和云均需要付出巨大的额外代价。鉴于此,提出了一种基于自适应MSB可逆信息隐藏的高效密文图像安全去重机制,其能够在有效抵抗侧信道攻击的同时实现较低的通信开销和存储开销。具体来说,创新性地将密文域可逆信息隐藏技术引入密文去重框架,将用于传递随机密钥的辅助信息嵌入加密图像中并发送给云,从而消除辅助信息的传输和存储开销。此外,优化了现有的去重方案,即使请求图像并未存储于云端,用户也无需开展额外的密文上传工作,从而保证响应的不可区分性。安全性分析和实验结果表明,与现有方案相比,该方案能够以轻量级的方式抵抗侧信道攻击。

With the rapid development of information technologies,more and more multimedia data represented by images are repeatedly uploaded to the cloud for storage,resulting in a great waste of communication and storage overhead.In addition,the plaintext images are directly stored in the cloud,which brings about the problem of confidentiality breach.Even though ciphertext deduplication is an effective means to deal with these problems,the differentiated response actually creates a side channel for attackers,which makes the existence privacy of data in cloud storage at risk.At the same time,in order to achieve key transferring between data owners,a huge amount of extra overhead is required.Thus,this paper proposes an efficient adaptive MSB reversible data hiding based secure deduplication(EMSD),which is able to effectively resist side channel attacks and save communication and storage overhead.Specifically,we innovatively introduce the reversible data hiding for encrypted images into ciphertext deduplication,and embed the auxiliary information for key transferring into the encrypted images before sending to the cloud.Thus the extra communication and storage overhead for auxiliary information are successfully eliminated.Furthermore,we optimize the existing deduplication scheme to ensure that even if the image in deduplication request is not duplicate,extra ciphertext uploading is not needed,thus indistinguishable response is achieved.Security analysis and experimental results show that,the proposed scheme is able to resist side channel attack in a lightweight way comparing with existing schemes.