计算机工程与应用 ›› 2019, Vol. 55 ›› Issue (17): 112-116.DOI: 10.3778/j.issn.1002-8331.1807-0215

• 网络、通信与安全 • 上一篇    下一篇

基于存储网关的数据安全去重方案

柳毅,王平雁   

  1. 广东工业大学 计算机学院,广州 510006
  • 出版日期:2019-09-01 发布日期:2019-08-30

Secure Data Deduplication Scheme Based on Storage Gateway

LIU Yi, WANG Pingyan   

  1. School of Computers, Guangdong University of Technology, Guangzhou 510006, China
  • Online:2019-09-01 Published:2019-08-30

摘要: 在实行客户端去重的云存储系统中,通过所有权证明可以解决攻击者仅凭借文件摘要获得整个文件的问题。然而,基于所有权证明的去重方案容易遭受侧信道攻击。攻击者通过上传文件来观察是否发生去重,即可判断该文件是否存在于云服务器中。基于存储网关提出一种改进的所有权证明去重方案,存储网关代替用户与云服务器进行交互,使得去重过程对用户透明,并采用流量混淆的方法抵抗侧信道攻击和关联文件攻击。分析与比较表明,该方案降低了客户端计算开销,并提高了安全性。

关键词: 云存储, 数据去重, 存储网关, 侧信道攻击, 所有权证明

Abstract: In a cloud storage system with client-side deduplication, proof of ownership can be used to solve the problem of an adversary getting an entire file via the file hash only. However, schemes based on proof of ownership are vulnerable to side-channel attacks. An adversary can observe the occurrence of deduplication by uploading a file and then infer whether the file exists in the cloud server. An improved proof of ownership deduplication scheme based on storage gateway is proposed. Storage gateway, instead of user, interacts with cloud server, so that the deduplication is transparent to the user. The scheme uses the method of traffic obfuscation to resist side-channel attacks and related-files attack. Analyses and comparisons show that the scheme reduces computation overhead on client-side and improves security.

Key words: cloud storage, data deduplication, storage gateway, side-channel attacks, proof of ownership