为了解决舰船混合云应用场景下攻击者利用重复数据删除作为隐通道获取用户隐私信息的问题,提出一种基于差分隐私的舰船云数据多副本安全共享方法,将差分隐私的随机性与轻量级数据加密进行结合,在减少对计算资源占用的同时实现用户隐私信息在混合云上安全共享。本文所提出的方法能够有效抵御侧信道攻击,保证在私有云上和公有云上仅有一个数据副本,用户文件的关键信息均存放在可信的私有云上。
In ship hybrid cloud environment, adversary may use data deduplication as a side channel to eavesdrop users' privacy. This paper presents a secuity sharing approach for ship cloud data based on differential privacy model, which integrates randomization of differential privacy model with lightweight data encryption. This approach achieves privacy data security sharing in hybrid cloud with less computing resource and ensure only one copy in the server. All of the users' file key information is in the dependable privacy cloud.
2018,40(4): 130-134 收稿日期:2018-02-05
DOI:10.3404/j.issn.1672-7649.2018.04.027
分类号:TP393
作者简介:郭飞军(1975-),男,硕士,副教授,研究方向为计算机应用、云数据安全
参考文献:
[1] 李加彦, 韩敏. 基于云计算的船联网大规模数据存储研究[J]. 舰船科学技术, 2016, 38(1):121-123.
[2] 付印金, 肖侬, 刘芳. 重复数据删除关键技术研究进展[J]. 计算机研究与发展, 2012, 49(1):12-20.
[3] PAULO J, PEREIRA J. A survey and classification of storage deduplication systems[J]. ACM Computing Surveys(CSUR), 2014, 47(1):11.
[4] 任君, 熊金波, 姚志强. 基于差分隐私模型的云数据副本安全控制方案[J]. 网络与信息安全学报, 2017, 3(5):38-46.
[5] SORIA-COMAS J, DOMINGO-FERRER J. Big data privacy:challenges to privacy principles and models[J]. Data Science and Engineering, 2016, 1(1):21-28.
[6] DWORK C. Differential privacy[C]//Proceedings of the 33rd International Colloquium on Automata, Languages and Programming(ICALP) Venice, Italy, 2006:1-12.
[7] DWORK C, MCSHERRY F, NISSIM K, et al. Calibrating noise to sensitivity in private data analysis[C]//Proceedings of the 3th Theory of Cryptography Conference, New York, USA, 2006:363-385.
[8] MCSHERRY F, TALWAR K. Mechanism design via differentail privacy[C]//Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science, Providence, RI, USA, 2007:94-103.
[9] 张啸剑, 孟小峰. 面向数据发布和分析的差分隐私保护[J]. 计算机学报, 2014, 37(4):927-949.
[10] HAY M, RASTOGI V, MIKLAU G, et al. Boosting the accuracy of differentially private histograms through consistency[C]//Proceedings of the 36th Conference of Very Large Databases(VLDB). Istanbul, Turkey, 2010:1021-1032.
[11] XU J, ZHANG Z, XIAO X, et al. Differentially private histogram publication[C]//Proceedings of IEEE 28th International Conference on Data Engineering(ICDE). Washington D C, USA, 2012:32-43.
[12] CHEN R, FUNG B C M, DESAI B C, et al. Differentially private transit data publication:A case study on the montreal transportation system[C]//Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining(SIGKDD). Beijing, China, 2012:493-502.
[13] QARDAJI W H, YANG W, Li N. Differentially private grids for geospatial data[C]//Proceedings of IEEE 29th International Conference on Data Engineering(ICDE). Brisbane, Australia, 2013:757-768.
[14] DOUCEUR J R, ADRA A, BOLOSKY J, et al. Reclaiming space from duplicate files in a serverless distributed file system[C]//The International Conference on Distributed Computing Systems. 2002:617-624.
[15] BELLARE M, KEELVEEDHI S, RISTENPART T. Message-locked encryption and secure deduplication[C]//Advances in Cryptology-EUROCRYPT. 2013:296-312.
[16] KEELVEEDHI S, BELLARE M, RISTENPART T. DupLESS:server-aided encryption for deduplicated storage[C]//The 22nd USENIX Security Symposium. 2013:179-194.
[17] HARNIK D, PINKAS B, SHULMAN-PELEG A. Side channels in cloud services:deduplication in cloud storage[J]. IEEE Security & Privacy, 2010, 8(6):40-47.
[18] LEE S, CHOI D. Privacy-preserving cross-user sourcebased data deduplication in cloud storage[C]//The International Conference on ICT Convergence, 2012:329-330.
