Advertisement

Towards Efficient Re-encryption for Secure Client-Side Deduplication in Public Clouds

  • Lei Lei
  • Quanwei Cai
  • Bo ChenEmail author
  • Jingqiang Lin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9977)

Abstract

By only storing a unique copy of duplicated data possessed by different users, data deduplication can significantly reduce storage cost, and is thus used extensively in cloud storage. When combining with confidentiality, dedupliation will become problematic as encryption performed by different users may differentiate identical data. MLE (Message-Locked Encryption) is thus utilized to derive the same encryption key for the identical data. As keys may be leaked and users may be revoked, re-encrypting the outsourced data is of paramount importance to ensure continuous confidentiality. This problem is unfortunately not well addressed in deduplication-based encrypted cloud storage.

In this paper, we design SEDER, a SEcure client-side Deduplication system for cloud storage enabling Efficient Re-encryption. A salient advantage of SEDER is that it allows data owners to efficiently re-encrypt the data to ensure continuous data confidentiality for cloud storage using client-side deduplication, by smartly leveraging all-or-nothing transform, proofs of ownership as well as delegated re-encryption. Experimental evaluation validates the efficiency of SEDER.

Keywords

Secure deduplication Client-side deduplication Re-encryption Cloud storage 

Notes

Acknowledgments

This work was supported by National Program on Key Basic Research Project of China (973) (2014CB340603). The authors would like to thank the valuable discussion from Qingji Zheng. Bo Chen would also like to thank the support from Center for Information Assurance at the University of Memphis.

References

  1. 1.
    Amazon simple storage service. http://aws.amazon.com/cn/s3/
  2. 2.
  3. 3.
  4. 4.
  5. 5.
  6. 6.
  7. 7.
  8. 8.
    These are not the certs youre looking for. http://dankaminsky.com/2011/08/31/notnotar/
  9. 9.
    Armknecht, F., Bohli, J.M., Karame, G.O., Youssef, F.: Transparent data deduplication in the cloud. In: The ACM SIGSAC Conference, pp. 886–900 (2015)Google Scholar
  10. 10.
    Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., Song, D.: Provable data possession at untrusted stores. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 598–609. ACM (2007)Google Scholar
  11. 11.
    Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9(1), 1–30 (2006)CrossRefzbMATHGoogle Scholar
  12. 12.
    Bellare, M., Keelveedhi, S., Ristenpart, T.: DupLESS: server-aided encryption for deduplicated storage. In: USENIX Conference on Security, pp. 179–194 (2013)Google Scholar
  13. 13.
    Bellare, M., Keelveedhi, S., Ristenpart, T.: Message-locked encryption and secure deduplication. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 296–312. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38348-9_18 CrossRefGoogle Scholar
  14. 14.
    Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998). doi: 10.1007/BFb0054122 CrossRefGoogle Scholar
  15. 15.
    Bowers, K.D., Juels, A., Oprea, A.: Hail: a high-availability and integrity layer for cloud storage. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 187–198. ACM (2009)Google Scholar
  16. 16.
    Chen, B., Ammula, A.K., Curtmola, R.: Towards server-side repair for erasure coding-based distributed storage systems. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, pp. 281–288. ACM (2015)Google Scholar
  17. 17.
    Chen, B., Curtmola, R.: Robust dynamic provable data possession. In: 2012 32nd International Conference on Distributed Computing Systems Workshops, pp. 515–525. IEEE (2012)Google Scholar
  18. 18.
    Chen, B., Curtmola, R.: Robust dynamic remote data checking for public clouds. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 1043–1045. ACM (2012)Google Scholar
  19. 19.
    Chen, B., Curtmola, R.: Towards self-repairing replication-based storage systems using untrusted clouds. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, pp. 377–388. ACM (2013)Google Scholar
  20. 20.
    Chen, B., Curtmola, R., Ateniese, G., Burns, R.: Remote data checking for network coding-based distributed storage systems. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, pp. 31–42. ACM (2010)Google Scholar
  21. 21.
    Cox, L.P., Murray, C.D., Noble, B.D.: Pastiche: making backup cheap and easy. ACM SIGOPS Oper. Syst. Rev. 36(SI), 285–298 (2002)CrossRefGoogle Scholar
  22. 22.
    Curtmola, R., Khan, O., Burns, R., Ateniese, G.: MR-PDP: multiple-replica provable data possession. In: The 28th International Conference on Distributed Computing Systems, ICDCS 2008, pp. 411–420. IEEE (2008)Google Scholar
  23. 23.
    Douceur, J.R., Adya, A., Bolosky, W.J., Dan, S., Theimer, M.: Reclaiming space from duplicate files in a serverless distributed file system. In: International Conference on Distributed Computing Systems, pp. 617–624 (2002)Google Scholar
  24. 24.
    Duan, Y.: Distributed key generation for encrypted deduplication: achieving the strongest privacy. In: CCSW, pp. 57–68 (2014)Google Scholar
  25. 25.
    Erway, C.C., Küpçü, A., Papamanthou, C., Tamassia, R.: Dynamic provable data possession. ACM Trans. Inf. Syst. Secur. (TISSEC) 17(4), 15 (2015)CrossRefGoogle Scholar
  26. 26.
    Halevi, S., Harnik, D., Pinkas, B., Shulman-Peleg, A.: Proofs of ownership in remote storage systems. In: ACM Conference on Computer and Communications Security, pp. 491–500. ACM (2011)Google Scholar
  27. 27.
    Ivan, A.A., Dodis, Y.: Proxy cryptography revisited. In: Network and Distributed System Security Symposium, NDSS 2003 (2003)Google Scholar
  28. 28.
    Killijian, M.O., Powell, D., Es, L.: A survey of cooperative backup mechanisms. Ubiquitous Computing (2006)Google Scholar
  29. 29.
    Li, J., Li, J., Xie, D., Cai, Z.: Secure auditing and deduplicating data in cloud. IEEE Trans. Comput. 1, 1 (2016)MathSciNetGoogle Scholar
  30. 30.
    Li, J., Chen, X., Li, M., Li, J., Lee, P.P.C., Lou, W.: Secure deduplication with efficient and reliable convergent key management. IEEE Trans. Parallel Distrib. Syst. 25(6), 1615–1625 (2014)CrossRefGoogle Scholar
  31. 31.
    Li, J., Li, Y.K., Chen, X., Lee, P.P.C., Lou, W.: A hybrid cloud approach for secure authorized deduplication. IEEE Trans. Parallel Distrib. Syst. 26(5), 1206–1216 (2015)CrossRefGoogle Scholar
  32. 32.
    Li, J., Qin, C., Lee, P.P.C., Li, J.: Rekeying for encrypted deduplication storage. In: IEEE/IFIP International Conference on Dependable Systems and Networks (2016)Google Scholar
  33. 33.
    Liu, J., Asokan, N., Pinkas, B.: Secure deduplication of encrypted data without additional independent servers. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 874–885 (2015)Google Scholar
  34. 34.
    Meyer, D.T., Bolosky, W.J.: A study of practical deduplication. ACM Trans. Storage 7(4), 1 (2012)CrossRefGoogle Scholar
  35. 35.
    Rivest, R.L.: All-or-nothing encryption and the package transform. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 210–218. Springer, Heidelberg (1997). doi: 10.1007/BFb0052348 CrossRefGoogle Scholar
  36. 36.
    Stanek, J., Sorniotti, A., Androulaki, E., Kencl, L.: A secure data deduplication scheme for cloud storage. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 99–118. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-45472-5_8 Google Scholar
  37. 37.
    Storer, M.W., Greenan, K., Long, D.D.E., Miller, E.L.: Secure data deduplication. In: ACM Workshop on Storage Security and Survivability, pp. 1–10 (2008)Google Scholar
  38. 38.
    Tang, H., Cui, Y., Guan, C., Wu, J., Weng, J., Ren, K.: Enabling ciphertext deduplication for secure cloud storage and access control. In: ACM on Asia Conference on Computer and Communications Security (2016)Google Scholar
  39. 39.
    Wang, Q., Wang, C., Li, J., Ren, K., Lou, W.: Enabling public verifiability and data dynamics for storage security in cloud computing. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 355–370. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-04444-1_22 CrossRefGoogle Scholar
  40. 40.
    Xu, J., Chang, E.C., Zhou, J.: Weak leakage-resilient client-side deduplication of encrypted data in cloud storage. In: ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 195–206 (2013)Google Scholar
  41. 41.
    Yu, S., Wang, C., Ren, K., Wenjing, L.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: INFOCOM 2010, pp. 1–9. IEEE (2010)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Lei Lei
    • 1
    • 2
    • 3
  • Quanwei Cai
    • 1
    • 2
  • Bo Chen
    • 4
    • 5
    Email author
  • Jingqiang Lin
    • 1
    • 2
    • 3
  1. 1.Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.Data Assurance and Communication Security Research CenterChinese Academy of SciencesBeijingChina
  3. 3.University of Chinese Academy of SciencesBeijingChina
  4. 4.Department of Computer ScienceUniversity of MemphisMemphisUSA
  5. 5.Center for Information AssuranceUniversity of MemphisMemphisUSA

Personalised recommendations