Secure Encrypted Data Deduplication Method Based on Offline Key Distribution
Author:
Affiliation:

Fund Project:

National Natural Science Foundation of China (61303197); Open Project Program of the Key Laboratory of Network Assessment Technology, CAS

  • Article
  • | |
  • Metrics
  • |
  • Reference [40]
  • |
  • Related [20]
  • | | |
  • Comments
    Abstract:

    Secure data deduplication has received great attention from both academic and industrial societies. It is highly motivated for cloud service providers to delete duplicated data from their storage. Plaintext data deduplication is a simple problem, but users tend to encrypt their data with their own keys before uploading them to the cloud, which makes it difficult to perform cross user deduplication. Most current solutions to the problem rely on trusted third parties. In this study, an encrypted data deduplication scheme is presented based on an offline key distribution protocol. A bilinear mapping is constructed to verify whether different encrypted data originate from the same plaintext. Secure key storage and key delivery is achieved by using the broadcast encryption technique. An original uploading user of some data can validate successive uploading users via the cloud service provider, and the data encryption key can be distributed in an offline manner. The cloud service provider can accomplish encrypted data deduplication with no online interaction with any trusted third party. The security of the proposed scheme is analyzed and proven. Simulation experiments show that the scheme is efficient and applicable.

    Reference
    [1] Fu YX, Luo SM, Shu JW. Survey of secure cloud storage system and key technologies. Journal of Computer Research and Development, 2013,50(1):136-145(in Chinese with English abstract).
    [2] Fu YJ, Xiao N, Liu F. Research and development on key techniques of data deduplication. Journal of Computer Research and Development, 2012,49(1):12-20(in Chinese with English abstract).
    [3] Ao L, Shu JW, Li MQ. Data deduplication techniques. Ruan Jian Xue Bao/Journal of Software, 2010,21(5):916-929(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3761.htm[doi:10. 3724/SP.J.1001.2010.03761]
    [4] Jeramiah B. Opendedup:Open-Source deduplication put to the test. Belltown Media, 2013. http://opendedup.org/
    [5] Meyer DT, Bolosky WJ. A study of practical deduplication. ACM Trans. on Storage (TOS), 2012,7(4):14.
    [6] Douceur JR, Adya A, Bolosky WJ, et al. Reclaiming space from duplicate files in aserverless distributed file system. In:Proc. of the ICDCS. IEEE, 2002. 617-624.
    [7] Puzio P, Molva R, Onen M. Cloudedup:Secure deduplication with encrypted data for cloud storage. In:Proc. of the CloudCom. IEEE Computer Society, 2013. 363-370.
    [8] Puzio P, Molva R, Önen M. PerfectDedup:Secure data deduplication. In:Proc. of the Int'l Workshop on Data Privacy Management. Springer Int'l Publishing, 2015. 150-166.
    [9] Stanek J, Sorniotti A, Androulak E, et al. A secure data deduplication scheme for cloud storage. In:Christin N, Safavi-Naini R, eds. LNCS 8437. Springer-Verlag, 2014. 99-118.
    [10] Xu J, Chang E C, Zhou J. Weak leakage-resilient client-side deduplication of encrypted data in cloud storage. In:Proc. of the ACM SIGSAC Symp. on Information, Computer and Communications Security. ACM, 2013. 195-206.
    [11] Adya A, Bolosky WJ, Castro M, et al. Farsite:Federated, available, and reliable storage for an incompletely trusted environment. ACM SIGOPS Operating Systems Review, 2002,36(SI):1-14.
    [12] Hur J, Koo D, Shin Y, et al. Secure data deduplication with dynamic ownership management in cloud storage. IEEE Trans. on Knowledge and Data Engineering, 2016,28(11):1.
    [13] Perttula. Attacks on convergent encryption. 2008. https://tahoe-lafs.org/hacktahoelafs/drew_perttula.html
    [14] Bellare M, Keelveedhi S, Ristenpart T. Message-Locked encryption and secure deduplication. In:Proc. of the EUROCRYPT. LNCS 7881, Springer-Verlag, 2013. 296-312.
    [15] Mihir B, Keelveedhi S, Ristenpart T. DupLESS:Server-Aided encryption for deduplicated storage. In:Proc. of the 22nd USENIX Conf. on Security. USENIX Association, 2013. 179-194.
    [16] Douceur JR. The Sybil attack. In:Proc. of the Peer-to-Peer Systems. Springer-Verlag, 2002. 251-260.
    [17] Liu J, Asokan N, Pinkas B. Secure deduplication of encrypted data without additional servers. Technical Report, 455, ePrint archive, 2015. https://eprint.iacr.org/2015/455
    [18] Li L, Xue R, Zhang HG, Feng DG, Wang L. Security analysis of authenticated key exchange protocol based on password. ACTA ELECTRONICA SINICA, 2005,33(1):166-170(in Chinese with English abstract).
    [19] Hu XX, Zhang ZF, Liu WF. Universal composable password authenticated key exchange protocol in the standard model. Ruan Jian Xue Bao/Journal of Software, 2011,22(11):2820-2832(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3910.htm[doi:10.3724/SP.J.1001.2011.03910]
    [20] Cui H, Deng RH, Li Y. Attribute-Based storage supporting secure deduplication of encrypted data in cloud. IEEE Trans. on Big Data, 2016, 1-13.
    [21] Zhang XS. The construction and calculation of bilinear pairs in cryptography[Ph.D. Thesis]. Beijing:The Chinese Academy of Sciences, 2012(in Chinese with English abstract).
    [22] Chen YM, Cheng XG, Wang S. Pairing certificateless signature scheme based on information network security. Netinfo Security, 2017,(3):53-58(in Chinese with English abstract).
    [23] Sakai R, Furukawa J. Identity-Based broadcast encryption. Journal of Electronics & Information Technology, 2007,33(4):1047-1050.
    [24] Delerablée C. Identity-Based broadcast encryption with constant size ciphertexts and private keys. In:Proc. of the Advances in Crypotology, Int'l Conf. on Theory and Application of Cryptology and Information Security. Springer-Verlag, 2007. 200-215.
    [25] Tan ZW, Liu ZJ, Xiao HG. A fully public key tracing and revocation scheme provably secure against adaptive adversary. Ruan Jian Xue Bao/Journal of Software, 2005,16(7):1333-1343(in Chinese with English abstract). http://www.jos.org.cn/jos/ch/reader/create_pdf.aspx?file_no=20050716&journal_id=jos[doi:10.1360/jos161333]
    [26] Pang LJ, Li HX, Jiao LC. Design and analysis of a provable secure multi-recipient public key encryption scheme. Ruan Jian Xue Bao/Journal of Software, 2009,20(10):2907-2914(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3552.htm[doi:10.3724/SP.J.1001.2009.03552]
    [27] Lynn B. The pairing-based cryptographic library. 2015. http://crypto.Stanford.edu/pbc/
    [28] Loukides M, Oram A. Programming with GNU SoftWare. O'Reilly & Associates, 1997,86(3):350-359.
    [29] Steiner M. The PBC_bce broadcast encryption library. 2006. https://crypto.stanford.edu/pbc/bce/
    [30] Hu XT, Qin ZP, Zhang H, Hao GS. Research and improved implementation of AES algorithm in OpenSSL. Control & Automation, 2009,25(12):83-85.
    附中文参考文献:
    [1] 傅颖勋,罗圣美,舒继武.安全云存储系统与关键技术综述.计算机研究与发展,2013,50(1):136-145.
    [2] 付印金,肖侬,刘芳.重复数据删除关键技术研究进展.计算机研究与发展,2012,49(1):12-20.
    [3] 敖莉,舒继武,李明强.重复数据删除技术.软件学报,2010,21(5):916-929. http://www.jos.org.cn/1000-9825/3761.htm[doi:10. 3724/SP.J.1001.2010.03761]
    [18] 李莉,薛锐,张焕国,冯登国,王丽娜.基于口令认证的密钥交换协议的安全性分析.电子学报,2005,33(1):166-170.
    [19] 胡学先,张振峰,刘文芬.标准模型下通用可组合的口令认证密钥交换协议.软件学报,2011,22(11):2820-2832. http://www.jos.org.cn/1000-9825/3910.htm[doi:10.3724/SP.J.1001.2011.03910]
    [21] 张旭升,林东岱.密码学中双线性对的构造与计算[博士学位论文].北京:中国科学院大学,2012.
    [22] 陈亚萌,程相国,王硕.基于双线性对的无证书群签名方案研究.信息网络安全,2017,(3):53-58.
    [25] 谭作文,刘卓军,肖红光.一个安全公钥广播加密方案.软件学报,2005,16(7):1333-1343. http://www.jos.org.cn/jos/ch/reader/create_pdf.aspx?file_no=20050716&journal_id=jos[doi:10.1360/jos161333]
    [26] 庞辽军,李慧贤,焦李成,王育民.可证明安全的多接收者公钥加密方案设计与分析.软件学报,2009,20(10):2907-2914. http://www.jos.org.cn/1000-9825/3552.htm[doi:10.3724/SP.J.1001.2009.03552]
    Cited by
    Comments
    Comments
    分享到微博
    Submit
Get Citation

张曙光,咸鹤群,王雅哲,刘红燕,侯瑞涛.基于离线密钥分发的加密数据重复删除方法.软件学报,2018,29(7):1909-1921

Copy
Share
Article Metrics
  • Abstract:4802
  • PDF: 6659
  • HTML: 3258
  • Cited by: 0
History
  • Received:May 29,2017
  • Revised:July 13,2017
  • Online: October 17,2017
You are the first2033333Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063