共查询到20条相似文献,搜索用时 15 毫秒
1.
目前云数据安全存储方案中,数据拥有者加密数据上传到云中,但却不能很好的支持加密数据分享,尤其是分享给多个用户时,可扩展性不强。针对这个问题本文提出一种基于身份的代理重加密方案,该方案不需要云完全可信但却又能灵活地进行数据安全共享。在具体构造上,结合基于身份的加密,用一个强不可伪造的一次签名方案使被转化后的密文具有公开验证性,且能达到被转化后的密文在标准模型下具有选择密文安全性。由于该类方案无需使用公钥证书、能支持细粒度的访问控制且可扩展性较好,因此可以较好的适用于安全云数据共享。 相似文献
2.
Chunking is a process to split a file into smaller files called chunks. In some applications, such as remote data compression, data synchronization, and data deduplication, chunking is important because it determines the duplicate detection performance of the system. Content-defined chunking (CDC) is a method to split files into variable length chunks, where the cut points are defined by some internal features of the files. Unlike fixed-length chunks, variable-length chunks are more resistant to byte shifting. Thus, it increases the probability of finding duplicate chunks within a file and between files. However, CDC algorithms require additional computation to find the cut points which might be computationally expensive for some applications. In our previous work (Widodo et al., 2016), the hash-based CDC algorithm used in the system took more process time than other processes in the deduplication system. This paper proposes a high throughput hash-less chunking method called Rapid Asymmetric Maximum (RAM). Instead of using hashes, RAM uses bytes value to declare the cut points. The algorithm utilizes a fix-sized window and a variable-sized window to find a maximum-valued byte which is the cut point. The maximum-valued byte is included in the chunk and located at the boundary of the chunk. This configuration allows RAM to do fewer comparisons while retaining the CDC property. We compared RAM with existing hash-based and hash-less deduplication systems. The experimental results show that our proposed algorithm has higher throughput and bytes saved per second compared to other chunking algorithms. 相似文献
3.
Cloud computing is a novel computing model that enables convenient and on-demand access to a shared pool of configurable computing resources. Auditing services are highly essential to make sure that the data is correctly hosted in the cloud. In this paper, we investigate the active adversary attacks in three auditing mechanisms for shared data in the cloud, including two identity privacy-preserving auditing mechanisms called Oruta and Knox, and a distributed storage integrity auditing mechanism. We show that these schemes become insecure when active adversaries are involved in the cloud storage. Specifically, an active adversary can arbitrarily alter the cloud data without being detected by the auditor in the verification phase. We also propose a solution to remedy the weakness without sacrificing any desirable features of these mechanisms. 相似文献
4.
可去重云存储系统中一般采用收敛加密算法,通过计算数据的哈希值作为其加密密钥,使得重复的数据加密后得到相同的密文,可实现对重复数据的删除;然后通过所有权证明(PoW),验证用户数据的真实性来保障数据安全。针对可去重云存储系统中所有权证明时间开销过高导致整个系统性能下降问题,提出了一种基于布隆过滤器进行所有权证明的高效安全方法,实现用户计算哈希值与初始化值的快速验证。最后,提出一种支持细粒度重复数据删除的BF方案,当文件级数据存在重复时进行所有权证明,否则只需要进行局部的文件块级数据重复检测。通过仿真对比实验,结果表明所提BF方案空间开销低于经典Baseline方案,同时时间开销低于经典Baseline方案,在数据文件越大的情况下性能优势更加明显。 相似文献
5.
Multi-user searchable encryption (MSE) allows a user to encrypt its files in such a way that these files can be searched by other users that have been authorized by the user. The most immediate application of MSE is to cloud storage, where it enables a user to securely outsource its files to an untrusted cloud storage provider without sacrificing the ability to share and search over it. Any practical MSE scheme should satisfy the following properties: concise indexes, sublinear search time, security of data hiding and trapdoor hiding, and the ability to efficiently authorize or revoke a user to search over a file. Unfortunately, there exists no MSE scheme to achieve all these properties at the same time. This seriously affects the practical value of MSE and prevents it from deploying in a concrete cloud storage system. To resolve this problem, we propose the first MSE scheme to satisfy all the properties outlined above. Our scheme can enable a user to authorize other users to search for a subset of keywords in encrypted form. We use asymmetric bilinear map groups of Type-3 and keyword authorization binary tree (KABtree) to construct this scheme that achieves better performance. We implement our scheme and conduct performance evaluation, demonstrating that our scheme is very efficient and ready to be deployed. 相似文献
6.
7.
The growing need for the remote caring of patients at home combined with the ever-increasing popularity of mobile devices due to their ubiquitous nature has resulted in many apps being developed to enable mobile telecare. The Cloud, in combination with mobile technologies has enabled doctors to conveniently monitor and assess a patient’s health while the patient is at the comfort of their own home. This demands sharing of health information between healthcare teams such as doctors and nurses in order to provide better and safer care of patients. However, the sharing of health information introduces privacy and security issues which may conflict with HIPAA standards. In this paper, we attempt to address the issues of privacy and security in the domain of mobile telecare and Cloud computing. We first demonstrate a telecare application that will allow doctors to remotely monitor patients via the Cloud. We then use this system as a basis to showcase our model that will allow patients to share their health information with other doctors, nurses or medical professional in a secure and confidential manner. The key features of our model include the ability to handle large data sizes and efficient user revocation. 相似文献
8.
现有的所有权证明去重方案容易遭受诚实但好奇服务器的威胁影响,借助可信第三方解决该问题将导致开销过大。基于动态bloom filter提出一种改进的、无须可信第三方的所有权证明安全去重方案,采用收敛加密算法抵抗诚实但好奇的服务器,并通过服务器检查数据块密文和标签的一致性来防止数据污染攻击。此外,采用密钥链机制对收敛密钥进行管理,解决了现有方案中收敛密钥占用过多存储空间的问题。分析与比较表明,该方案具有较小的密钥存储开销和传输开销。 相似文献
9.
附加块攻击是威胁云数据跨用户去重安全性的一种重要攻击手段,它通过将随机数量的非命中块附加在待检测文件上,使得云服务商无法判断所检测文件的真实存在性,从而难以通过常规的响应模糊化方法保护云数据的存在性隐私。针对这个问题,提出一种基于响应模糊化的新型抗附加块攻击的云数据安全去重方法。该方法通过计算附加块数量,统计未命中块数,并比较二者以确定响应中包含的最少冗余块数,实现响应模糊化,从而只需付出少量的额外通信开销就可确保攻击者难以根据响应判断所检测文件的存在性。安全性分析和实验结果表明,相比该领域的最新工作,所提方法更高的安全性只需更低的开销,或在开销相当或少量增加的情况下显著提高安全性。 相似文献
10.
尹勤勤 《计算机工程与应用》2018,54(10):73-80
针对现有云存储系统中数据去重采用的收敛加密算法容易遭到暴力破解以及猜测攻击等不足,提出一种基于布隆过滤器的混合云存储安全去重方案BFHDedup,改进现有混合云存储系统模型,私有云部署密钥服务器Key Server支持布隆过滤器认证用户的权限身份,实现了用户的细粒度访问控制。同时使用双层加密机制,在传统收敛加密算法基础上增加额外的加密算法并且将文件级别去重和块级别去重相结合实现细粒度去重。此外,BFHDedup采用密钥加密链机制应对去重带来的密钥管理难题。安全性分析及仿真实验结果表明,该方案在可容忍的时间开销代价下实现了较高的数据机密性,有效抵抗暴力破解以及猜测攻击,提高了去重比率并且减少了存储空间。 相似文献
11.
针对云存储中基于密文策略的属性加密(CP-ABE)访问控制方案存在用户解密开销较大的问题,提出了一种基于代理重加密的CP-ABE (CP-ABE-BPRE)方案,并对密钥的生成方法进行了改进。此方案包含五个组成部分,分别是可信任密钥授权、数据属主、云服务提供商、代理解密服务器和数据访问者,其中云服务器对数据进行重加密,代理解密服务器完成大部分的解密计算。方案能够有效地降低用户的解密开销,在保证数据细粒度访问控制的同时还支持用户属性的直接撤销,并解决了传统CP-ABE方案中因用户私钥被非法盗取带来的数据泄露问题。与其他CP-ABE方案比较,此方案对访问云数据的用户在解密性能方面具有较好的优势。 相似文献
12.
本文提出了一种利用属性基加密(ABE)技术的安全数据检索方案。首先,利用ABE提供丰富的索引词表达能力,从而确保数据安全性;然后,通过平衡云服务提供商运行开销和其它用户参与基于云存储的信息检索服务;最后,使用加密运算替代穷尽搜索,使得搜索过程与现存数据库管理系统机制更加兼容。分析结果表明,相比其他几种较新的方案,本文方案在访问控制和快速搜索中具有更好的性能,且能在数据检索过程中确保数据安全性和用户隐私,适合应用于具有大量数据的云存储系统。 相似文献
13.
Yong CHENG Zhi-ying WANG Jun MA Jiang-jiang WU Song-zhu MEI Jiang-chun REN 《浙江大学学报:C卷英文版》2013,(2):85-97
It is secure for customers to store and share their sensitive data in the cryptographic cloud storage.However,the revocation operation is a sure performance killer in the cryptographic access control system.To optimize the revocation procedure,we present a new efficient revocation scheme which is efficient,secure,and unassisted.In this scheme,the original data are first divided into a number of slices,and then published to the cloud storage.When a revocation occurs,the data owner needs only to retrieve one slice,and re-encrypt and re-publish it.Thus,the revocation process is accelerated by affecting only one slice instead of the whole data.We have applied the efficient revocation scheme to the ciphertext-policy attribute-based encryption(CP-ABE) based cryptographic cloud storage.The security analysis shows that our scheme is computationally secure.The theoretically evaluated and experimentally measured performance results show that the efficient revocation scheme can reduce the data owner’s workload if the revocation occurs frequently. 相似文献
14.
收敛加密可以有效地解决数据加密和去重的矛盾,实现安全去重复,但是收敛加密仍然面临许多安全问题。针对传统的收敛加密容易遭受字典攻击的问题,提出基于Merkle哈希树的收敛加密方案实现数据去重复,通过执行额外的加密操作,加强数据的机密性,有效地避免字典攻击。为了克服传统的收敛加密方案的收敛密钥随着用户数量线性增长的问题,设计收敛密钥共享机制,进一步节省了收敛密钥的存储空间。 相似文献
15.
针对在不可信的云存储中,数据的机密性得不到保证的情况,提出一种新的代理重加密(PRE)算法,并将其应用于云存储访问控制方案中,该方案将一部分密文存储云中共享,另一部分密文直接发送给用户。证明了该访问控制方案在第三方的不可信任的开放环境下云存储中敏感数据的机密性。通过分析对比,结果表明:发送方对密文的传递可控,该方案利用代理重加密的性质,在一对多的云存储访问控制方案中,密文运算量和存储不会随着用户的增长而呈线性增长,显著降低了通信过程中数据运算量和交互量,有效减少数据的存储空间。该方案实现了云存储中敏感数据的安全高效共享。 相似文献
16.
《Journal of Computer and System Sciences》2016,82(2):282-309
Cloud computing has gained popularity in recent years delivering various services as cost-effective platforms. However, the increasing energy consumption needs to be addressed in order to preserve the cost-effectiveness of these systems. In this work, we target the storage infrastructure in a cloud system and introduce several energy efficient storage node allocation methods by exploiting the metadata heterogeneity of cloud users. Our proposed methods preserve load balance on demand and switch inactive nodes into low-energy modes to save energy. We provide a mathematical model to estimate the outcome of proposed methods and conduct theoretical and simulative analyses using real-world workloads. 相似文献
17.
Dong YuanAuthor Vitae Yun Yang Author VitaeXiao Liu Author Vitae Jinjun Chen Author Vitae 《Journal of Parallel and Distributed Computing》2011,71(2):316-332
Many scientific workflows are data intensive: large volumes of intermediate datasets are generated during their execution. Some valuable intermediate datasets need to be stored for sharing or reuse. Traditionally, they are selectively stored according to the system storage capacity, determined manually. As doing science on clouds has become popular nowadays, more intermediate datasets in scientific cloud workflows can be stored by different storage strategies based on a pay-as-you-go model. In this paper, we build an intermediate data dependency graph (IDG) from the data provenances in scientific workflows. With the IDG, deleted intermediate datasets can be regenerated, and as such we develop a novel algorithm that can find a minimum cost storage strategy for the intermediate datasets in scientific cloud workflow systems. The strategy achieves the best trade-off of computation cost and storage cost by automatically storing the most appropriate intermediate datasets in the cloud storage. This strategy can be utilised on demand as a minimum cost benchmark for all other intermediate dataset storage strategies in the cloud. We utilise Amazon clouds’ cost model and apply the algorithm to general random as well as specific astrophysics pulsar searching scientific workflows for evaluation. The results show that benchmarking effectively demonstrates the cost effectiveness over other representative storage strategies. 相似文献
18.
19.
《Expert systems with applications》2014,41(17):7789-7796
Cloud storage offers the users with high quality and on-demand data storage services and frees them from the burden of maintenance. However, the cloud servers are not fully trusted. Whether the data stored on cloud are intact or not becomes a major concern of the users. Recently, Chen et al. proposed a remote data possession checking protocol to address this issue. One distinctive feature of their protocol support data dynamics, meaning that users are allowed to modify, insert and delete their outsourced data without the need to re-run the whole protocol. Unfortunately, in this paper, we find that this protocol fails to achieve its purpose since it is vulnerable to forgery attack and replace attack launched by a malicious server. Specifically, we show how a malicious cloud server can deceive the user to believe that the entire file is well-maintained by using the meta-data related to the file alone, or with only part of the file and its meta-data. Then, we propose an improved protocol to fix the security flaws and formally proved that our proposal is secure under a well-known security model. In addition, our improvement keeps all the desirable features of the original protocol. 相似文献