• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>Symposium on Mass Storage Systems and Technologies >SecDep: A user-aware efficient fine-grained secure deduplication scheme with multi-level key management
【24h】

SecDep: A user-aware efficient fine-grained secure deduplication scheme with multi-level key management

机译:SecDep:具有多级密钥管理的用户感知的高效细粒度安全重复数据删除方案

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Nowadays, many customers and enterprises backup their data to cloud storage that performs deduplication to save storage space and network bandwidth. Hence, how to perform secure deduplication becomes a critical challenge for cloud storage. According to our analysis, the state-of-the-art secure deduplication methods are not suitable for cross-user finegrained data deduplication. They either suffer brute-force attacks that can recover files falling into a known set, or incur large computation (time) overheads. Moreover, existing approaches of convergent key management incur large space overheads because of the huge number of chunks shared among users. Our observation that cross-user redundant data are mainly from the duplicate files, motivates us to propose an efficient secure deduplication scheme SecDep. SecDep employs User-Aware Convergent Encryption (UACE) and Multi-Level Key management (MLK) approaches. (1) UACE combines cross-user file-level and inside-user chunk-level deduplication, and exploits different secure policies among and inside users to minimize the computation overheads. Specifically, both of file-level and chunk-level deduplication use variants of Convergent Encryption (CE) to resist brute-force attacks. The major difference is that the file-level CE keys are generated by using a server-aided method to ensure security of cross-user deduplication, while the chunk-level keys are generated by using a user-aided method with lower computation overheads. (2) To reduce key space overheads, MLK uses file-level key to encrypt chunk-level keys so that the key space will not increase with the number of sharing users. Furthermore, MLK splits the file-level keys into share-level keys and distributes them to multiple key servers to ensure security and reliability of file-level keys. Our security analysis demonstrates that SecDep ensures data confidentiality and key security. Our experiment results based on several large real-world datasets show that SecDep is mor- time-efficient and key-space-efficient than the state-of-the-art secure deduplication approaches.
机译:如今,许多客户和企业将其数据备份到云存储中,该云存储执行重复数据删除以节省存储空间和网络带宽。因此,如何执行安全的重复数据删除成为云存储的关键挑战。根据我们的分析,最新的安全重复数据删除方法不适用于跨用户的细粒度数据重复数据删除。他们要么遭受蛮力攻击,要么可以恢复属于已知集合的文件,要么招致巨大的计算(时间)开销。此外,由于用户之间共享的块数量巨大,因此现有的融合密钥管理方法会产生较大的空间开销。我们发现跨用户冗余数据主要来自重复文件,这促使我们提出了一种有效的安全重复数据删除方案SecDep。 SecDep采用了用户感知的聚合加密(UACE)和多级密钥管理(MLK)方法。 (1)UACE结合了跨用户文件级重复数据删除和内部用户块级重复数据删除,并在用户内部和内部利用不同的安全策略来最大程度地减少计算开销。具体来说,文件级和块级重复数据删除均使用收敛加密(CE)的变体来抵御暴力攻击。主要区别在于,使用服务器辅助方法生成文件级CE密钥以确保跨用户重复数据删除的安全性,而使用用户辅助方法生成块级密钥则具有较低的计算开销。 (2)为减少密钥空间开销,MLK使用文件级密钥对块级密钥进行加密,以使密钥空间不会随着共享用户数的增加而增加。此外,MLK将文件级密钥拆分为共享级密钥,并将它们分发到多个密钥服务器,以确保文件级密钥的安全性和可靠性。我们的安全性分析表明SecDep可确保数据机密性和密钥安全性。我们基于几个大型实际数据集的实验结果表明,与最新的安全重复数据删除方法相比,SecDep具有更高的时间效率和密钥空间效率。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号