Research On Deduplication Scheme Over Encrypted Data

The popularity of commercial cloud and fog storage has brought the revolutionary changes for the development of various industries in the society,and the accompanying massive data also challenge the storage capacity of the storage servers.The deduplication over encrypted data is favored by the service providers since this technique can reduce the storage space consumed by the same data in the cloud server while protecting the data privacy.Especially,the research on client-side deduplication has been obtained many advances since it can save more bandwidth resources than server-side deduplication.However,there are still some security problems remained to be solved urgently.Primarily,the malicious users may destroy the integrity of outsourced data by launching the duplicate-faking attack in the initial upload process,which results in that the subsequent users lose their own data after completing the data upload.Besides,during the subsequent upload process,the malicious outside adversaries may obtain the sensitive information of outsourced data by launching the side channel attack,proof replay attacks and collusion authentication attacks,even crack the encrypted data stored in cloud storage through a brute-force attack.Finally,the cloud server cannot guarantee the forward and backward secrecy of outsourced data if they cannot manage the frequent ownership changes of outsourced data.The problems mentioned above have not been well solved in the existing schemes.In response to the security problems in the client-side encrypted data deduplication,this thesis has provided the following countermeasures:1.A randomized client-side encrypted data deduplication scheme is proposed in commercial cloud storage.Firstly,a randomized deduplication protocol is adopted to prevent the data leakage,and thus prevent both the collusive authentication attack and the offline brute-force attack launched by an outside adversary.Secondly,the proposed scheme uses a multi-label data storage mode to effectively solve the problem of data vulnerable to duplicate-faking attack.Finally,the proposed scheme can realize the data sharing while managing the ownership efficiently and robustly with the aid of improved dynamic KEK tree.The security and performance analysis show that the proposed scheme can achieve the expected security requirements with less cost while realizing efficient deduplication.2.A secure block-level client-side encrypted data deduplication scheme is proposed in commercial fog storage.Firstly,the proposed scheme adopts a fuzzy block-level client-side deduplication protocol to alleviate the side channel attack in block-level client deduplication by confusing the response of server during the initial and subsequent uploads.The corresponding data storage mode can effectively resist the duplicate-faking attack.Secondly,a two-level ownership list mechanism and the accompanying update algorithms are used to implement the ownership management in the proposed block-level deduplication scheme.Finally,the proposed scheme designs a dynamic data storage strategy,which can reduce service costs and latency by storing the data according to the service requirements.Security analysis and performance analysis show that the proposed scheme can achieve the expected security requirements while achieving efficient encrypted data deduplication.