Research On Secure Data Deduplication In Cloud Storage

With the development of cloud computing and big data in recent years,the exponential growth of cloud data in cloud storage has become a tendency.As a result,it is unavoidable that a large amount of duplicate data exists within cloud storage systems,which impose a heavy burden on cloud servers.In order to save storage space and network consumption,it has become a critical issue that how to manage these data securely and efficiently.Data deduplication technique is an important measure for cloud service providers to tackle this issue.Deduplication is an efficient technique to eliminate redundant data.Since it saves only one copy of the data,it helps improve the efficiency of cloud storage dramatically.However,deduplication used in cloud storage systems suffers from some security threats.For example,an attacker may access the entire file by using a proof(e.g.a file hash)only.Although existing solut ions have been proposed to mitigate these threats,users' data still suffer from serious threats of security and privacy.In addition,most existing solutions cannot achieve effic iency.Therefore,it is necessary to enhance security and efficiency.This thesis aims at some of the problems and tries to propose corresponding solutions,which are as follows:1.Aiming at the problems of false positives probability,key management and data poisoning attacks in existing schemes based on bloom filter,we propose a deduplication scheme based on dynamic bloom filter.We manage the number of bloom filter in proof of ownership phase dynamically,which helps decrease bloom filter probability and enhance security.In addition,our scheme combines key chaining mechanis m to manage convergent keys in order to mit igate their storage overhead.To resist data poisoning attacks,we check whether the encrypted blocks correspond with their tokens at server side.The security analysis and performance evaluation show that our scheme improves security and efficiency.2.Aiming at proof of ownership and privacy preserving,we propose a deduplication scheme based on storage gateway.With the help of a trusted third party,we obfuscate the traffic in order to prevent attackers from gaining the existence status of data via observing network traffic,which helps resist side channels.In addition,we combine proof of ownership to prevent unauthorized access.The security analys is and performance evaluation show that our scheme reduces computation overhead at client side and enhances security.3.Aiming at the problems of privacy preserving and efficiency in previous side channels resisting schemes,we propose a deduplication scheme based on data popularity,requir ing no third trusted party.We d ivide users' data into popular data and unpopular data and perform corresponding deduplication on them.For unpopular data,we obfuscate the network traffic in duplication check phase to resist side channels.For popular data,we perform deduplication at c lient side,which reduces network bandwidth consumption and helps achieve efficiency.The security analys is and performance evaluation show that our scheme achieves a balance between security and efficiency.