首页 | 本学科首页   官方微博 | 高级检索  
     

基于存储网关的数据安全去重方案
引用本文:柳毅,王平雁. 基于存储网关的数据安全去重方案[J]. 计算机工程与应用, 2019, 55(17): 112-116. DOI: 10.3778/j.issn.1002-8331.1807-0215
作者姓名:柳毅  王平雁
作者单位:广东工业大学 计算机学院,广州 510006
摘    要:在实行客户端去重的云存储系统中,通过所有权证明可以解决攻击者仅凭借文件摘要获得整个文件的问题。然而,基于所有权证明的去重方案容易遭受侧信道攻击。攻击者通过上传文件来观察是否发生去重,即可判断该文件是否存在于云服务器中。基于存储网关提出一种改进的所有权证明去重方案,存储网关代替用户与云服务器进行交互,使得去重过程对用户透明,并采用流量混淆的方法抵抗侧信道攻击和关联文件攻击。分析与比较表明,该方案降低了客户端计算开销,并提高了安全性。

关 键 词:云存储  数据去重  存储网关  侧信道攻击  所有权证明  

Secure Data Deduplication Scheme Based on Storage Gateway
LIU Yi,WANG Pingyan. Secure Data Deduplication Scheme Based on Storage Gateway[J]. Computer Engineering and Applications, 2019, 55(17): 112-116. DOI: 10.3778/j.issn.1002-8331.1807-0215
Authors:LIU Yi  WANG Pingyan
Affiliation:School of Computers, Guangdong University of Technology, Guangzhou 510006, China
Abstract:In a cloud storage system with client-side deduplication, proof of ownership can be used to solve the problem of an adversary getting an entire file via the file hash only. However, schemes based on proof of ownership are vulnerable to side-channel attacks. An adversary can observe the occurrence of deduplication by uploading a file and then infer whether the file exists in the cloud server. An improved proof of ownership deduplication scheme based on storage gateway is proposed. Storage gateway, instead of user, interacts with cloud server, so that the deduplication is transparent to the user. The scheme uses the method of traffic obfuscation to resist side-channel attacks and related-files attack. Analyses and comparisons show that the scheme reduces computation overhead on client-side and improves security.
Keywords:cloud storage  data deduplication  storage gateway  side-channel attacks  proof of ownership  
点击此处可从《计算机工程与应用》浏览原始摘要信息
点击此处可从《计算机工程与应用》下载免费的PDF全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号