基于Bloom Filter的混合云存储安全去重方案

针对现有云存储系统中数据去重采用的收敛加密算法容易遭到暴力破解以及猜测攻击等不足，提出一种基于布隆过滤器的混合云存储安全去重方案BFHDedup，改进现有混合云存储系统模型，私有云部署密钥服务器Key Server支持布隆过滤器认证用户的权限身份，实现了用户的细粒度访问控制。同时使用双层加密机制，在传统收敛加密算法基础上增加额外的加密算法并且将文件级别去重和块级别去重相结合实现细粒度去重。此外，BFHDedup采用密钥加密链机制应对去重带来的密钥管理难题。安全性分析及仿真实验结果表明，该方案在可容忍的时间开销代价下实现了较高的数据机密性，有效抵抗暴力破解以及猜测攻击，提高了去重比率并且减少了存储空间。

Secure deduplication approach based on Bloom Filter in hybrid cloud storage environments

To address the problem that convergent encryption used for data deduplication is vulnerable to brute-force attack and guessing attack in existing cloud storage systems, this paper presents a secure deduplication approach based on Bloom Filter in hybrid cloud storage environments （called BFHDedup）. Of the major importance is modification of the existing hybrid cloud storage system model, key server is deployed in the private cloud which supports bloom filter to authenticate users’ identities to achieve fine-grained user access control. Also, this approach adds extra encryption algorithm based on the traditional convergent encryption algorithm to doubly encrypt data and combines file-level deduplication with block-level deduplication to reach fine-grained deduplication. Moreover, a key encryption chain scheme is used to deal with the key management problem. Security analysis and simulation results show that, the proposed scheme achieves high data confidentiality, improves deduplication ratio and reduces the storage space at the expense of tolerable time overhead, which is effective against brute-force attack and guessing attack.