| With the advent of the era of big data,cloud storage as one of the most important ser-vices of cloud computing significantly facilitates users to outsource their data to cloud for storage and share them with authorized users.As the amount of outsourced data grows ex-plosively,data deduplication technique has been widely investigated as it can eliminate data redundancy to reduce storage space and associated maintenance costs.However,since cloud service providers are not fully trusted by users,considering security and privacy concerns of outsourced data,users are likely to encrypt data with their private keys prior to outsourcing.Traditional encryption technologies impede the development of data deduplication technique,especially for inter-user deduplication,as an identical data will be encrypted into different ci-phertexts by different users' keys.In the face of these random ciphertexts,data deduplication technique mainly includes two challenges:on the one hand,it is difficult for cloud service providers to identify whether two different ciphertexts correspond to the same plaintext;on the other hand,how to efficiently ensure that users with the same data can decrypt the stored unique ciphertext.Therefore,how to effectively conduct data deduplication over encrypted data becomes a burning issue.To address this issue,data deduplication over the ciphertext do-main is deeply investigated in this thesis,and three efficient secure data deduplication schemes are provided.Firstly,a two-level cross-domains(two domains)deduplication architecture is investi-gated,and an efficient secure data deduplication scheme is proposed.This scheme resists offline brute-force attacks launched by the cloud service provider,and efficiently allows users owing the same data to decrypt the stored unique ciphertext.In addition,this scheme also considers protecting the equality information(i.e.,the information that whether two differ-ent ciphertexts correspond to an identical plaintext).Although such information disclosure is inevitable in secure data deduplication,its leakage can be minimized by skillfully using the bilinear groups of composite order technique to allow only the cloud service provider to check data duplicate between two different domains.Both theoretical analysis and simulation results prove that this scheme outperforms existing related schemes,in terms of computation,com-munication and storage overheads.In addition,the time complexity of duplicate search in this scheme is reduced from linear to logarithmic.Secondly,when the number of domains is greater than two,it is difficult to address the above-mentioned two challenges of secure data deduplication.Although many existing schemes try to overcome this difficulty,they have to sacrifice the efficiency,which os in-evitably contrary to requirements of practical applications.To overcome this issue,an effi-cient secure data deduplication used to multi-domains(n domains)architecture is introduced.Specifically,by generating a random tag and a constant number of random ciphertexts for each data,this scheme not only achieves the semantic security,but also addresses the two challenges of secure data deduplication.Besides,by allowing only the agent and the cloud service provider to check the duplicate among data uploaded by users in the same domain and the duplicate among data uploaded by users from different domains,respectively,this scheme can protect the equality information from disclosure as much as possible.In addition,this scheme also achieves the verification of data integrity.Both theoretical analysis and simula-tion experiments are conducted to prove that this scheme outperforms existing related schemes,especially the computational costs and the time complexity of duplicate search.Finally,considering the access control in cloud storage,an efficient secure deduplica-tion scheme that supports user-defined access control is presented.Specifically,by allowing only the cloud service provider to authorize data access on behalf of data owners,this scheme can maximally eliminate duplicates without violating the privacy of cloud users.Besides,this scheme also achieves the verification of tag consistency to resist the duplicate faking attack,which is a special attack launched by malicious users in secure data deduplication.Detailed security analysis shows that this scheme achieves data confidentiality,tag consistency and access control while resisting brute-force attacks.Furthermore,extensive simulations demon-strate that this scheme outperforms existing authorized secure deduplication schemes,in terms of computation,communication and storage overheads as well as the effectiveness of dedupli-cation. |
PDF Full Text Request