| With the development of cloud computing technology, more and more individuals and businesses start using the cheap and convenient cloud storage service to transfer the operation and storage, this mode produces a large amount of redundant data. To save the user's upload bandwidth and cloud service provider's storage resources, client-side de-duplication technology is widely used in cloud storage service. However, the researchers Harnik et al.(S & P Magazine'2010) and Halevi et al.(CCS'2011) indicates the current client de-duplication technology has some security flaws, so that the external attacker can access the user's private data, resulting in disclosure of user privacy.Xu(ASIACCS'2013) proposed multi-client cross de-duplication solution for sensitive data, called Xu-CDE, to protect the privacy of user's data in the scene that external attackers and honest but curious servers exist. However, because in this protocol the file ownership certification process lacks freshness, it can not resist the replay attack, and with the file itself as an encryption key, if the file is large, the encryption process is very inefficient. For the deficiencies described above, the security strengthened de-duplication protocol for encrypted file is proposed, called MRN-CDE(MLE based and Radom Number modified Client-side De-duplication of Encrypted Data in Cloud). The application of random number in the file ownership certification process ensures every user authentication's effectiveness timely. The key to encrypt the file is extracted from the original file, this method is more efficient than encrypting files with the file itself, and more secure than using file hashes to encrypt files.The security strengthened de-duplication protocol for encrypted file MRN-CDE although can safely encrypt files with de-duplication, but only in the last step of the protocol it can discern whether there is poison attack or the user isn't owner of the file, which will cause the system facing a huge risk of denial of service attacks. And, with cloud file de-duplication's development, group file sharing scenarios appear in enterprises, such as within the group members can upload, download and modify the same file. For the new requirements, a new group file sharing de-duplication protocol for encrypted file is proposed, called FS-CDE. By utilizing POW to execute subsequent certification of file ownership, and using the proxy re-encryption technology to distribute key across authenticated users, at the same time, use the credentials stored at the server to determine the permission for group members to access the encrypted files. In the premise of ensuring the security of the protocol, FS-CDE need not to proceed to the final step, but in the first phase of the protocol, which is file ownership certification stage, the protocol will be able to discern whether a poison attack or follow-up were not the real owner for the upload files, and to meet the new demands of group file sharing scenarios.Security analysis and experimental tests show the security strengthened de-duplication protocol for encrypted file MRN-CDE is safer and more efficient than Xu-CDE protocol. The group file sharing de-duplication protocol for encrypted file can meet the needs of the group file sharing scenarios. |
PDF Full Text Request