論文使用權限 Thesis access permission:自定論文開放時間 user define
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available
博碩士論文 etd-0712113-103524 詳細資訊
Title page for etd-0712113-103524
論文名稱 Title |
具隱私保護之雲端重複資料刪除機制 Privacy Preserving Data Deduplication in Cloud Storage |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
56 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2013-07-12 |
繳交日期 Date of Submission |
2013-08-12 |
關鍵字 Keywords |
資料加密、重複資料刪除技術、隱私保護、雲端儲存、資料壓縮 Data Compression, Encryption, Data Deduplication, Privacy Protection, Cloud Storage |
||
統計 Statistics |
本論文已被瀏覽 5695 次,被下載 75 次 The thesis/dissertation has been browsed 5695 times, has been downloaded 75 times. |
中文摘要 |
近年來,雲端服務受到熱烈的討論,其主要的概念為資源重複利用。雲端伺服器將未使用的資源(運算能力與儲存空間)分配給所需要的使用者,且於使用完畢後收回並重新分配,以避免不必要的資源浪費。此外,雲端服務亦可降低使用者端對於硬體設備的需求,使用者只需利用輕便的操作裝置,即可獲得雲端強大的運算能力與龐大的儲存空間,提升資源取得之便利性。然而,雲端服務即為使用者將資料託付雲端伺服器進行運算或儲存,資料的掌控權由使用者轉移至雲端伺服器,因此使用者的隱私與資料的機密性成了一大隱憂。 另一方面,就雲端儲存服務而言,眾多使用者上傳其各自檔案,易發生相同檔案重複儲存之狀況,雲端伺服器若能刪除重複儲存之檔案,即可更有效地使用其儲存資源,亦可將節省的儲存空間提供給更多使用者,以提升整體之收益,因此重複資料刪除技術對雲端儲存服務而言是一項不可或缺的技術。 結合上述兩點,此篇論文針對雲端儲存服務之隱私保護與重複資料刪除技術進行分析,證明其兩者相互衝突且無法兼具,並提出一可行的重複加密資料刪除機制,以達到雲端伺服器可避免儲存重複加密資料,且使用者隱私亦可得到一定的保障。 |
Abstract |
In recent years, cloud computing has become increasingly popular. The goal of cloud computing is to reuse resources such as computing and storage resources. A cloud server dynamically allocates the necessary resources that each user requests, and retrieves them when users do not need them. Therefore, a cloud server can re-allocate the retrieved resources to other users, and each user pays only for what she/he has used. However, it raises issues regarding privacy and data confidentiality because all the data are computed or stored in the cloud. This is a subject of concern for users, and it affects their willingness to use cloud services. On the other hand, a cloud storage server typically performs a specialized data compression technique (data deduplication) to eliminate duplicate data because the storage resources are not infinite. Using data deduplication, the cloud storage server can avoid the waste of storage space, and storage resources can be utilized more efficiently. With regard to the issues mentioned above, we analyze several encrypted data deduplication mechanisms and prove that data deduplication conflicts with semantic security. In addition, we propose an encrypted data deduplication mechanism in which the cloud storage server can eliminate duplicate ciphertexts. |
目次 Table of Contents |
論文審定書i Acknowledgments iii 摘要iv Abstract v List of Figures viii List of Tables ix Chapter 1 Introduction 1 1.1 Overview of Data Deduplication . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1.1 Target-Based Data Deduplication . . . . . . . . . . . . . . . . . . . . 2 1.1.2 Source-Based Data Deduplication . . . . . . . . . . . . . . . . . . . . 2 1.2 Security in Data Deduplication . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.4 Organization of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Chapter 2 Related Works 5 2.1 Data Deduplication on Ciphertext . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2 Convergent Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.3 Harnik et al.’s Mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.4 Wang et al.’s Mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.5 Other Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Chapter 3 Security of Ciphertext Deduplication 11 3.1 Semantic Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.2 Un-recognizability of Duplicate Ciphertexts . . . . . . . . . . . . . . . . . . . 12 3.3 Problem Reduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Chapter 4 Encrypted Data Deduplication Mechanism 18 4.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 4.1.1 Hash Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 4.1.2 Homomorphic Encryption . . . . . . . . . . . . . . . . . . . . . . . . 19 4.2 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 4.3 Encrypted Data Deduplication Mechanism . . . . . . . . . . . . . . . . . . . . 21 4.3.1 Cipher Structure Construction . . . . . . . . . . . . . . . . . . . . . . 21 4.3.2 Encrypted Data Deduplication . . . . . . . . . . . . . . . . . . . . . . 22 Chapter 5 Discussions 26 5.1 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 5.2 Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 5.2.1 Data Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 5.2.2 Computation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 5.3 Comparison on Security Issues . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Chapter 6 Conclusion 34 Bibliography 34 Appendix A Hybrid Data Deduplication Mechanism 39 A.1 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 A.2 Un-Encrypted Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 A.3 Encrypted Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 A.3.1 Cipher Structure Construction . . . . . . . . . . . . . . . . . . . . . . 41 A.3.2 Encrypted Data Deduplication . . . . . . . . . . . . . . . . . . . . . . 43 A.3.3 Cipher Structure Decryption . . . . . . . . . . . . . . . . . . . . . . . 43 A.4 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 |
參考文獻 References |
[1] P. Anderson and L. Zhang. Fast and secure laptop backups with encrypted de-duplication. In Proc. 24th Int. Conf. on Large Installation System Administration (LISA 2010), pages 1–8, 2010. [2] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song. Provable data possession at untrusted stores. In Proc. 14th ACM Conf. Computer and Comm. Security (CCS ’07), pages 598–609, 2007. [3] J. Benaloh. Dense probabilistic encryption. In Proc. Workshop Selected Areas of Cryptography, pages 120–128, 1994. [4] D. Boneh, E. Goh, and K. Nissim. Evaluating 2-dnf formulas on ciphertexts. In Proc. 2nd Theory of Cryptography Conference (TCC 2005), pages 325–341, 2005. [5] B. Carbunar and R. Sion. Toward private joins on outsourced data. IEEE Trans. Knowledge and Data Engineering, 24(9):1699–1710, 2012. [6] J. Daemen and V. Rijmen. The advanced encryption standard (AES). United States National Institute of Standards and Technology (NIST), Federal Information Processing Standards Publication 197, November 26 2001. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf. [7] J. R. Douceur, A. Adya, W. J. Bolosky, D. Simon, and M. Theimer. Reclaiming space from deduplicate files in a serverless distributed file system. In Proc. 22nd Int. Conf. on Distributed Computing Systems (ICDCS 2002), pages 617–624, 2002. [8] T. Elgamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. on Information Theory, 31(4):469–472, 1985. [9] C. I. Fan and S. Y. Huang. Controllable privacy preserving search based on symmetric predicate encryption in cloud storage. Future Generation Computer Systems, 2012. doi: 10.1016/j.future.2012.05.005, http://www.sciencedirect.com/science/article/pii/S0167739X1200101X. [10] D. Geer. Reducing the storage burden via data deduplication. IEEE Computer, 41(12):15–17, 2008. [11] C. Gentry. Fully homomorphic encryption using ideal lattices. In Proc. ACM Symposium on Theory of Computing (STOC 2009), pages 169–178, 2009. [12] S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28(2):270–299, 1984. [13] Z. Hao, S. Zhong, and N. Yu. A privacy-preserving remote data integrity checking protocol with data dynamics and public verifiability. IEEE Trans. Knowledge and Data Engineering, 23(9):1432–1437, 2011. [14] J. Harauz, L. M. Kaufman, and B. Potter. Data security in the world of cloud computing. IEEE Security and Privacy, 7(4):61–64, 2009. [15] D. Harnik, B. Pinkas, and A. Shulman-Peleg. Side channels in cloud services: Deduplication in cloud storage. IEEE Security and Privacy, 8(6):40–47, 2010. [16] Q. He, Z. Li, and X. Zhang. Data deduplication techniques. In Proc. 2010 Int. Conf. on Future Information Technology and Management Engineering (FITME 2010), pages 430–433, 2010. [17] J. Hur. Improving security and efficiency in attribute-based data sharing. IEEE Trans. Knowledge and Data Engineering, 2011. [18] K. Jin and E. L. Miller. The effectiveness of deduplication on virtual machine disk images. In Proc. SYSTOR 2009: The Israeli Experimental Systems Conference, page Article No. 7, 2009. [19] S. Lee and D. Choi. Privacy-preserving cross-user source-based data deduplication in cloud storage. In Proc. IEEE International Conference on ICT Convergence (ICTC 2012), pages 329–330, 2012. [20] C. Liu, D. Ju, Y. Gu, Y. Zhang, D.Wang, and D.H.C. Du. Semantic data de-duplication for archival storage systems. In Proc. 13th IEEE Asia-Pacific Computer Systems Architecture Conference (ACSAC 2008), pages 1–9, 2008. [21] A. Muthitacharoen, B. Chen, and D. Mazi`eres. A low-bandwidth network file system. In Proc. 18th ACM Symposium on Operating Systems Principles (SOSP2011), page 174–187, 2011. [22] National Security Agency (NSA). Secure hash standard (SHS). United States National Institute of Standards and Technology (NIST), Federal Information Processing Standards Publication 180-4, March 2012. http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf. [23] P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. Advances in Cryptology —EUROCRYPT’99, pages 223–238, 1999. [24] J. H. Park. Efficient hidden vector encryption for conjunctive queries on encrypted data. IEEE Trans. Knowledge and Data Engineering, 23(10):1483–1497, 2011. [25] J. Pettitt. ”RE: Hash of plaintext as key?”, cypherpunks mailing list, http://cypherpunks.venona.com/date/1996/02/msg02013.html. [26] R. Rivest, L. Adleman, and M. Dertouzos. On data banks and privacy homomorphisms. Foundations of Secure Computation, pages 169–177, 1978. [27] R. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, 1978. http://people.csail.mit.edu/rivest/Rsapaper.pdf. [28] W. Stallings. In Cryptography and Network Security, 2010. [29] M. W. Storer, K. Greenan, D. D.E. Long, and E. L. Miller. Secure data deduplication. In Proc. 4th ACM International Workshop on Storage Security and Survivability, pages 1–10, 2008. [30] C.Wang, Z. Qin, J. Peng, and J.Wang. A novel encryption scheme for data deduplication system. In Proc. IEEE Int. Conf. on Communications, Circuits and Systems (ICCCAS 2010), pages 265–269, 2010. [31] X. Wu, L. Xu, and X. Zhang. A certificateless proxy re-encryption scheme for cloud-based data sharing. In Proc. 18th Computer and Communications Security (CCS 2011), pages 869–872, 2011. [32] J. Xu, E. Chang, and J. Zhou. Leakage-resilient client-side deduplication of encrypted data in cloud storage. In Cryptology ePrint Archive: Report 2011/538, 2011. http://eprint.iacr.org/2011/538. [33] X. Yi, M. G. Kaosar, R. Paulet, and E. Bertino. Single-database private information retrieval from fully homomorphic encryption. IEEE Trans. Knowledge and Data Engineering, 25(5):1125–1134, 2013. [34] M. L. Yiu, I. Assent, and C. S. Jensen. Outsourced similarity search on metric data assets. IEEE Trans. Knowledge and Data Engineering, 24(2):338–352, 2012. [35] D. Zissis and D. Lekkas. Addressing cloud computing security issues. Future Generation Computer Systems, 28(3):583–592, 2012. |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |
國立中山大學 圖書與資訊處 │ 諮詢服務:2452 論文審查小組 │ 服務信箱 │ 系統開發維運:圖資處知識創新組
Office of Library and Information Services, National Sun Yat-sen University │ Contact Us : 2452 Thesis Format Review Team , Mail │ Development and operations : Knowledge Innovation Division, LIS