| 引用本文: |
-
刘小梅,唐鑫,杨舒婷,陈雄,高语灿.基于 Reed-Solomon 编码的抗边信道攻击云数据安全去重方法[J].信息安全学报,2022,7(6):80-93 [点击复制]
- LIU Xiaomei,TANG Xin,YANG Shuting,CHEN Xiong,GAO Yucan.Reed-Solomon Coding Based Secure Deduplication for Cloud Storage with Resistance Against Side Channel Attack[J].Journal of Cyber Security,2022,7(6):80-93 [点击复制]
|
|
| 摘要: |
| 跨用户数据去重技术, 通过在用户端减少重复数据上传来提高云端数据存储效率和用户的带宽使用效率。然而, 在数据上传过程中, 云服务商反馈给用户的确定性去重响应为攻击者建立了一个极具安全风险的边信道, 攻击者利用该边信道可推断出目标数据在云端的存在性隐私。现有的抗边信道攻击跨用户去重方法, 采用各种混淆策略试图扰乱攻击者的判断, 然而, 这些方法难以实现完全混淆, 攻击者仍然可通过字典攻击、附加块攻击等方式达到数据窃取的目的。目前, 如何防止攻击者利用边信道窃取数据的存在性隐私, 成为了跨用户数据去重技术亟待解决的重要问题。为应对这一挑战, 本文采用了一种基于广义去重的新型跨用户安全去重框架, 将原始数据从字节层面分解为基和偏移量, 对基进行跨用户去重, 并对偏移量进行云端去重。特别地, 本文采用 Reed-Solomon 纠删码编码思想实现基的提取, 使得从相似的数据中可以较高概率提取出相同的基。不仅可以实现对攻击者的混淆, 还可以有效节省通信开销和云端存储开销。此外, 为了进一步提高效率, 本文在偏移量上传前, 引入数据压缩算法, 减少偏移量间的冗余数据量。实验结果表明, 在实现有效抵抗边信道攻击的前提下, 本方法相比该领域最新工作在通信和存储效率等方面具有显著优势。 |
| 关键词: 广义去重 边信道攻击 云存储 Reed-Solomon 编码 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2022.11.05 |
| 投稿时间:2022-06-20修订日期:2022-10-10 |
| 基金项目:本课题得到国家自然科学基金项目( No. 62102113)、 国际关系学院国家安全高精尖学科建设科研专项基金资助项目( No. 2021GA08)、国际关系学院大学生学术支持计划项目( No. 3262022SYJ012)以及国际关系学院中央高校基本科研业务项目( No. 3262022T20)资助。 |
|
| Reed-Solomon Coding Based Secure Deduplication for Cloud Storage with Resistance Against Side Channel Attack |
|
LIU Xiaomei, TANG Xin, YANG Shuting, CHEN Xiong, GAO Yucan
|
| (School of Cyber Science and Engineering, University of International Relations, Beijing 100091, China) |
| Abstract: |
| Cross-user data deduplication technology improves cloud data storage efficiency and user bandwidth usage efficiency by reducing repeated data uploads on the user side. However, during the data uploading process, the deduplication response fed back to the user by the cloud service provider a side channel with a very high security risk for the attacker, and the attacker can use this side channel to infer the existence of the target data in the cloud. The existing cross-user deduplication methods against side-channel attacks use various obfuscation strategies to try to disrupt the attacker's judgment. However, these methods are still difficult to achieve complete obfuscation, and attackers can still use dictionary attacks, additional block attacks, etc. to complete the attack. At present, how to prevent attackers from stealing the existential privacy of data by using side channels has become an important problem to be solved urgently in cross-user data deduplication technology. To address this challenge, this paper adopts a new cross-user security deduplication framework based on generalized deduplication. We decompose the original data into bases and offsets from the byte level, then we conduct cross-user deduplicates on the bases, and deduplicate the offsets in the cloud side. In particular, this paper adopts the idea of Reed-Solomon erasure coding to achieve basis extraction, so that the same bases can be extracted from similar data with a high probability. Not only can confuse attackers, but also effectively save communication bandwidth and cloud storage overhead. In addition, in order to further improve the efficiency, this paper introduces a data compression algorithm before uploading the deviation to reduce the amount of redundant data between the offsets. Under the premise of effectively resisting side-channel attacks, the experimental results show that this method has significant advantages in communication and storage efficiency compared with the latest work in this field. |
| Key words: generalized deduplication side channel attack cloud storage Reed-Solomon coding |
