{"title":"Comments on “Privacy Aware Data Deduplication for Side Channel in Cloud Storage”","authors":"Xin Tang;Yudan Zhu;Mingjun Fu","doi":"10.1109/TCC.2024.3376996","DOIUrl":null,"url":null,"abstract":"Cross-user deduplication is an emerging technique to eliminate uploading of redundant data in cloud storage. Even though it is able to improve storage and communication efficiency simultaneously, it suffers from the problem of privacy leakage by side channel attack, which is a major obstacle to the practical application of this technique. In order to achieve a secure cross-user deduplication, Yu et al. recently proposed a zero-knowledge response (ZEUS) scheme, together with an advanced countermeasure ZEUS\n<inline-formula><tex-math>$^\\mathrm{+}$</tex-math></inline-formula>\n by combining ZEUS and the random threshold solution, each of which is claimed to be secure against side channel attack. However, in this paper we show that both ZEUS and ZEUS\n<inline-formula><tex-math>$^\\mathrm{+}$</tex-math></inline-formula>\n are easily subject to a random chunk generation attack, which in turn undermines the claimed security. Furthermore, we also propose a simple but effective method to improve the existing schemes.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 2","pages":"814-817"},"PeriodicalIF":5.3000,"publicationDate":"2024-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Cloud Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10471900/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Cross-user deduplication is an emerging technique to eliminate uploading of redundant data in cloud storage. Even though it is able to improve storage and communication efficiency simultaneously, it suffers from the problem of privacy leakage by side channel attack, which is a major obstacle to the practical application of this technique. In order to achieve a secure cross-user deduplication, Yu et al. recently proposed a zero-knowledge response (ZEUS) scheme, together with an advanced countermeasure ZEUS
$^\mathrm{+}$
by combining ZEUS and the random threshold solution, each of which is claimed to be secure against side channel attack. However, in this paper we show that both ZEUS and ZEUS
$^\mathrm{+}$
are easily subject to a random chunk generation attack, which in turn undermines the claimed security. Furthermore, we also propose a simple but effective method to improve the existing schemes.
跨用户重复数据删除是一种新兴技术,可消除云存储中的冗余数据上传。尽管它能同时提高存储和通信效率,但却存在侧信道攻击导致隐私泄露的问题,这是该技术实际应用的一大障碍。为了实现安全的跨用户重复数据删除,Yu 等人最近提出了一种零知识响应(ZEUS)方案,并结合 ZEUS 和随机阈值方案提出了一种先进的对策 ZEUS$^\mathrm{+}$,据称每种对策都能安全地抵御侧信道攻击。然而,在本文中,我们发现 ZEUS 和 ZEUS$^\mathrm{+}$ 都很容易受到随机块生成攻击,这反过来又破坏了所宣称的安全性。此外,我们还提出了一种简单而有效的方法来改进现有方案。
期刊介绍:
The IEEE Transactions on Cloud Computing (TCC) is dedicated to the multidisciplinary field of cloud computing. It is committed to the publication of articles that present innovative research ideas, application results, and case studies in cloud computing, focusing on key technical issues related to theory, algorithms, systems, applications, and performance.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
