A Novel Deduplication-Based Covert Channel in Cloud Storage Service

To efficiently provide cloud storage services, most providers implement data deduplication schemes so as to reduce storage and network bandwidth consumption. Due to its broad application, many security issues about data deduplication have been investigated, such as data security, user privacy, etc. Nevertheless, we note that the threat of establishing covert channel over cloud storage has not been fully investigated. In particular, existing studies only demonstrate the potential of a single-bit channel, in which a sender can upload one of the two predefined files for a receiver to infer the information of "0" and "1". In this paper, we design a more powerful deduplicationbased covert channel that can be used to transmit a complete message. Specifically, the key features of our design include: (1) a synchronization scheme that can establish a covert channel between a sender and a receiver, and (2) a novel coding scheme that allows each file to represent multiple bits in the message. To evaluate the proposed design, we implement the covert channel and conduct extensive experiments in different cloud storage systems. Our work highlights a more severe security threat in cloud storage services.

[1]  Christoph Neumann,et al.  Improving the Resistance to Side-Channel Attacks on Cloud Storage Services , 2012, 2012 5th International Conference on New Technologies, Mobility and Security (NTMS).

[2]  Benny Pinkas,et al.  Side Channels in Cloud Services: Deduplication in Cloud Storage , 2010, IEEE Security & Privacy.

[3]  Jie Xu,et al.  Dynamic Data Deduplication in Cloud Storage , 2014, 2014 IEEE 8th International Symposium on Service Oriented System Engineering.

[4]  Xiaoyu Song,et al.  On the Formal Characterization of Covert Channel , 2004, AWCC.

[5]  Edgar R. Weippl,et al.  Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space , 2011, USENIX Security Symposium.

[6]  Tobias Pulls (More) Side Channels in Cloud Storage - Linking Data to Users , 2011, PrimeLife.

[7]  Dooho Choi,et al.  Privacy-preserving cross-user source-based data deduplication in cloud storage , 2012, 2012 International Conference on ICT Convergence (ICTC).

[8]  Roberto Di Pietro,et al.  Boosting efficiency and security in proof of ownership for deduplication , 2012, ASIACCS '12.

[9]  Benny Pinkas,et al.  Proofs of ownership in remote storage systems , 2011, CCS '11.

[10]  João Paulo,et al.  A Survey and Classification of Storage Deduplication Systems , 2014, ACM Comput. Surv..

[11]  Shouhuai Xu,et al.  Secure and efficient proof of storage with deduplication , 2012, CODASPY '12.

[12]  Mai Mansour Dahshan,et al.  Data security in cloud storage services , 2014, CLOUD 2014.