Secure Proof of Ownership Using Merkle Tree for Deduplicated Storage,Automatic Control and Computer Sciences

当前位置： X-MOL 学术 › Aut. Control Comp. Sci. › 论文详情

Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)

Secure Proof of Ownership Using Merkle Tree for Deduplicated Storage
Automatic Control and Computer Sciences ( IF 0.6 ) Pub Date : 2020-09-14 , DOI: 10.3103/s0146411620040033
Jay Dave , Avijit Dutta , Parvez Faruki , Vijay Laxmi , Manoj Singh Gaur

Abstract

In cloud services, deduplication is a widely used data reduction technique to minimize storage and communication overhead. Nonetheless, deduplication introduces a serious security risk: a malicious client can obtain access to a file on storage by learning just a piece of information about the file. Proof of ownership schemes provides protection against this security risk as it enables the server to check whether the client actually owns a particular file in its entirety. However, a malicious client may misuse proof of ownership procedure to waste resources at the server. For that, she sends a large number of upload requests and tries to keep the server busy in computing challenges and verifying responses. In this paper, we propose a secure proof of ownership scheme using Merkle tree. In this approach, cloud server precomputes the challenges-responses to avoid computational overhead during subsequent upload. Moreover, cloud server does not need to retain resources until the response is received since our approach is a stateless protocol. Security analysis demonstrates that a malicious client without having entire file cannot prove herself as an owner of the file. As a proof of concept, we implement our approach in a realistic environment and demonstrate that it outperforms the existing proof of ownership schemes in terms of challenge generation, communication, and response verification cost.

中文翻译：

使用Merkle树进行重复数据删除存储的安全所有权证明

摘要

在云服务中，重复数据删除是一种广泛使用的数据缩减技术，可最大程度地减少存储和通信开销。但是，重复数据删除带来了严重的安全风险：恶意客户端可以通过仅学习有关文件的信息来获取对存储文件的访问权限。所有权证明方案可以防止这种安全风险，因为它使服务器可以检查客户端是否真正整体上拥有特定文件。但是，恶意客户端可能会滥用所有权证明程序以浪费服务器上的资源。为此，她发送了大量上载请求，并尝试使服务器忙于计算挑战和验证响应。在本文中，我们提出了使用Merkle树的安全所有权证明方案。用这种方法云服务器会预先计算挑战-响应，以避免后续上传期间的计算开销。此外，由于我们的方法是无状态协议，因此云服务器不需要在收到响应之前就保留资源。安全分析表明，没有完整文件的恶意客户端无法证明自己是该文件的所有者。作为概念证明，我们在现实的环境中实施我们的方法，并证明它在挑战生成，通信和响应验证成本方面优于现有的所有权证明计划。安全分析表明，没有完整文件的恶意客户端无法证明自己是该文件的所有者。作为概念证明，我们在现实的环境中实施我们的方法，并证明它在挑战生成，通信和响应验证成本方面优于现有的所有权证明计划。安全分析表明，没有完整文件的恶意客户端无法证明自己是该文件的所有者。作为概念的证明，我们在现实的环境中实施我们的方法，并证明它在挑战生成，通信和响应验证成本方面优于现有的所有权证明计划。

更新日期：2020-09-14

点击分享查看原文

点击收藏

阅读更多本刊最新论文