| At present,the cloud computing industry presents a fast development trend.More and more cloud storage service providers provide users with low-cost management and storage services by virtue of the high reliability and scalability of cloud storage,which greatly reduces the cost and risk of storing data.With data in the cloud storage systems increases rapidly,cloud storage service providers will use deduplication technology to eliminate redundant data on cloud storage systems and save storage space.However,deduplication technology is incompatible with traditional encryption algorithm,so it is impossible for cloud storage service providers to detect repetitive data by random ciphertext generated by traditional encryption algorithm.In order to solve this problem.Many existing deduplication schemes adopt convergent encryption algorithm to ensure that the same plaintext can be encrypted into the same ciphertext,but the deterministic encryption mechanism used in convergent encryption algorithm will make the schemes vulnerable to off-line dictionary attacks.Secondly,due to physical location isolation of data,users often can not monitor the status of data in real time.Data on cloud storage systems will face security risks such as privacy disclosure,loss and tampering,unauthorized access,etc.Therefore,how to ensure the security of data under the premise of supporting deduplication with encrypted data has become an urgent problem to be solved.In order to solve the above problems,this paper proposes two effective cloud storage data deduplication schemes,Two cloud storage modes are introduced into the existing cloud storage systems: hybrid cloud storage and distributed cloud storage,which realizes fine-grained deduplication of cloud storage systems in different scenarios.The main contents and contributions are as follows:1.A secure deduplication scheme based on Merkle Hash Tree in cloud storage system is proposed.In this scheme,an efficient and secure privilege label is designed by introducing privilege level function and deduplication adjustment coefficient.By using this privilege label,repetitive copies can be detected,and a deduplication supporting access control in hybrid cloud storage system is realized.At the same time,the traditional way of generating encryption key from file content is changed.A secure encryption key is generated by the construction of Merkle Hash Tree,which effectively resists the off-line dictionary attack launched by the adversary against the ciphertext.The analysis of security and performance shows that the scheme can effec tively reduce the computing cost of privilege label and ciphertext,ensure the security of data.2.A secure deduplication scheme supporting integrity audit in cloud storage system is proposed.During the process of data deduplication,it combines global-audit mechanism,local-audit mechanism and remote-audit mechanism to audit the integrity of files and locate the damaged data blocks accurately.It effectively prevents malicious behavior which cloud storage service providers monopolize and tamper with data,and realizes data duplication system under distributed cloud storage architecture.In addition,the deterministic secret sharing scheme is used to improve the fault tolerance and confidentiality of data,when a certain number of data blocks are stolen and lost,the entire file can be reconstructed by using the deterministic secret sharing scheme.The security and performance analysis shows that the scheme can effectively resist the counterfeiting attacks launched by the adversaries,and improve the confidentiality of data. |
PDF Full Text Request