Advertisement

Secure Random Encryption for Deduplicated Storage

  • Jay Dave
  • Shweta Saharan
  • Parvez Faruki
  • Vijay Laxmi
  • Manoj Singh Gaur
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10717)

Abstract

In Storage Services, Deduplication is used to reduce the data size by eliminating storage of duplicate data. Deduplication is an effective data reduction technique to minimize the storage cost as well as communication cost. However, Deduplication raises significant security issues. Malicious users and semi-trusted Storage Server tries to learn the data outsourced by other users. Encrypting the data at user side before uploading to Storage Server is essential for protecting outsourced data. However, conventional deterministic encryption techniques are vulnerable to brute-force attacks and dictionary attacks for predictable files. In this paper, we propose secure random key based encryption technique for Deduplicated Storage. In our approach, user encrypts the file with a randomly chosen key. Random key is encrypted by set of hash values generated from plaintext file. In this way, our approach provides protection against brute-force attack and dictionary attack. We analyze security of our approach with theoretical proof and experimental analysis.

References

  1. 1.
    Gantz, J., Reinsel, D.: The digital universe in 2020: Big data, bigger digital shadows, and biggest growth in the far east. IDC iView: IDC Analyze the future 2007, pp. 1–16 (2012)Google Scholar
  2. 2.
    Malhotra, J., Bakal, J.: A survey and comparative study of data deduplication techniques. In: 2015 International Conference on Pervasive Computing (ICPC), pp. 1–5. IEEE, January 2015Google Scholar
  3. 3.
    Nam, Y., Lu, G., Park, N., Xiao, W., Du, D.H.: Chunk fragmentation level: an effective indicator for read performance degradation in deduplication storage. In: 2011 IEEE 13th International Conference on High Performance Computing and Communications (HPCC), pp. 581–586. IEEE, September 2011Google Scholar
  4. 4.
    Douceur, J.R., Adya, A., Bolosky, W.J., Simon, P., Theimer, M.: Reclaiming space from duplicate files in a serverless distributed file system. In: 2002 Proceedings of 22nd International Conference on Distributed Computing Systems, pp. 617–624. IEEE (2002)Google Scholar
  5. 5.
    Harnik, D., Pinkas, B., Shulman-Peleg, A.: Side channels in cloud services: deduplication in cloud storage. IEEE Secur. Priv. 8(6), 40–47 (2010)CrossRefGoogle Scholar
  6. 6.
    Anderson, P., Zhang, L.: Fast and secure laptop backups with encrypted de-duplication. In: LISA, December 2010Google Scholar
  7. 7.
    Wilcox-O’Hearn, Z., Warner, B.: Tahoe: the least-authority filesystem. In: Proceedings of the 4th ACM international workshop on Storage security and survivability, pp. 21–26. ACM, October 2008Google Scholar
  8. 8.
    Bellare, M., Keelveedhi, S., Ristenpart, T.: Message-locked encryption and secure deduplication. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 296–312. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38348-9_18 CrossRefGoogle Scholar
  9. 9.
    Abadi, M., Boneh, D., Mironov, I., Raghunathan, A., Segev, G.: Message-locked encryption for lock-dependent messages. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 374–391. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_21 CrossRefGoogle Scholar
  10. 10.
    Stanek, J., Sorniotti, A., Androulaki, E., Kencl, L.: A secure data deduplication scheme for cloud storage. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 99–118. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45472-5_8 Google Scholar
  11. 11.
    Li, J., Chen, X., Li, M., Li, J., Lee, P.P., Lou, W.: Secure deduplication with efficient and reliable convergent key management. IEEE Trans. Parallel Distrib. Syst. 25(6), 1615–1625 (2014)CrossRefGoogle Scholar
  12. 12.
    Puzio, P., Molva, R., Onen, M., Loureiro, S.: ClouDedup: Secure deduplication with encrypted data for cloud storage. In: 2013 IEEE 5th International Conference on Cloud Computing Technology and Science (CloudCom), vol. 1, pp. 363–370. IEEE December 2013Google Scholar
  13. 13.
    Chen, R., Mu, Y., Yang, G., Guo, F.: BL-MLE: block-level message-locked encryption for secure large file deduplication. IEEE Trans. Inf. Forensics Secur. 10(12), 2643–2652 (2015)CrossRefGoogle Scholar
  14. 14.
    Xu, J., Chang, E.C., Zhou, J.: Weak leakage-resilient client-side deduplication of encrypted data in cloud storage. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 195–206. ACM, May 2013Google Scholar
  15. 15.
    Liu, J., Asokan, N., Pinkas, B.: Secure deduplication of encrypted data without additional independent servers. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 874–885. ACM October 2015Google Scholar
  16. 16.
    Shah, P., So, W.: Lamassu: storage-efficient host-side encryption. In: USENIX Annual Technical Conference, pp. 333–345, July 2015Google Scholar
  17. 17.
    Zhou, Y., Feng, D., Xia, W., Fu, M., Huang, F., Zhang, Y., Li, C.: SecDep: a user-aware efficient fine-grained secure deduplication scheme with multi-level key management. In: 2015 31st Symposium on Mass Storage Systems and Technologies (MSST), pp. 1–14. IEEE, May 2015Google Scholar
  18. 18.
    Kaaniche, N., Laurent, M.: A secure client side deduplication scheme in cloud storage environments. In: 2014 6th International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–7. IEEE, March 2014Google Scholar
  19. 19.
    Armknecht, F., Bohli, J.M., Karame, G.O., Youssef, F.: Transparent data deduplication in the cloud. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 886–900. ACM October 2015Google Scholar
  20. 20.
    Hur, J., Koo, D., Shin, Y., Kang, K.: Secure data deduplication with dynamic ownership management in cloud storage. IEEE Trans. Knowl. Data Eng. 28(11), 3113–3125 (2016)CrossRefGoogle Scholar
  21. 21.
    Halevi, S., Harnik, D., Pinkas, B., Shulman-Peleg, A.: Proofs of ownership in remote storage systems. In: Proceedings of the 18th ACM conference on Computer and communications security, pp. 491–500. ACM, October 2011Google Scholar
  22. 22.
    Di Pietro, R., Sorniotti, A.: Boosting efficiency and security in proof of ownership for deduplication. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, pp. 81–82. ACM May 2012Google Scholar
  23. 23.
    Li, J., Li, J., Xie, D., Cai, Z.: Secure auditing and deduplicating data in cloud. IEEE Trans. Comput. 65(8), 2386–2396 (2016)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Faruki, P., Bhandari, S., Laxmi, V., Gaur, M., Conti, M.: DroidAnalyst: synergic app framework for static and dynamic app analysis. In: Abielmona, R., Falcon, R., Zincir-Heywood, N., Abbass, H.A. (eds.) Recent Advances in Computational Intelligence in Defense and Security. SCI, vol. 621, pp. 519–552. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-26450-9_20 CrossRefGoogle Scholar
  25. 25.
    Faruki, P., Laxmi, V., Gaur, M.S., Vinod, P.: Behavioural detection with API call-grams to identify malicious PE files. In: Proceedings of the First International Conference on Security of Internet of Things, pp. 85–91. ACM, August 2012Google Scholar
  26. 26.
    Faruki, P., Laxmi, V., Ganmoor, V., Gaur, M.S., Bharmal, A.: Droidolytics: robust feature signature for repackaged android apps on official and third party android markets. In: 2013 2nd International Conference on Advanced Computing, Networking and Security (ADCONS), pp. 247–252. IEEE, December 2013Google Scholar
  27. 27.
    Sinha, L., Bhandari, S., Faruki, P., Gaur, M.S., Laxmi, V., Conti, M.: Flowmine: Android app analysis via data flow. In: 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC), pp. 435–441. IEEE, January 2016Google Scholar
  28. 28.
    Faruki, P., Kumar, V., B., A., Gaur, M.S., Laxmi, V., Conti, M.: Platform neutral sandbox for analyzing malware and resource hogger apps. In: Tian, J., Jing, J., Srivatsa, M. (eds.) SecureComm 2014. LNICSSITE, vol. 152, pp. 556–560. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-23829-6_43 CrossRefGoogle Scholar
  29. 29.
    Dave, J., Das, M.L.: Securing SQL with access control for database as a service model. In: Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies, p. 104. ACM, March 2016Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Jay Dave
    • 1
  • Shweta Saharan
    • 1
  • Parvez Faruki
    • 2
  • Vijay Laxmi
    • 1
  • Manoj Singh Gaur
    • 3
  1. 1.Malaviya National Institute of TechnologyJaipurIndia
  2. 2.Government MCA CollegeAhmedabadIndia
  3. 3.Indian Institute of TechnologyJammuIndia

Personalised recommendations