Secure Proof of Ownership Using Merkle Tree for Deduplicated Storage

Abstract In cloud services, deduplication is a widely used data reduction technique to minimize storage and communication overhead. Nonetheless, deduplication introduces a serious security risk: a malicious client can obtain access to a file on storage by learning just a piece of information about the file. Proof of ownership schemes provides protection against this security risk as it enables the server to check whether the client actually owns a particular file in its entirety. However, a malicious client may misuse proof of ownership procedure to waste resources at the server. For that, she sends a large number of upload requests and tries to keep the server busy in computing challenges and verifying responses. In this paper, we propose a secure proof of ownership scheme using Merkle tree. In this approach, cloud server precomputes the challenges-responses to avoid computational overhead during subsequent upload. Moreover, cloud server does not need to retain resources until the response is received since our approach is a stateless protocol. Security analysis demonstrates that a malicious client without having entire file cannot prove herself as an owner of the file. As a proof of concept, we implement our approach in a realistic environment and demonstrate that it outperforms the existing proof of ownership schemes in terms of challenge generation, communication, and response verification cost.

[1]  Vijay Laxmi,et al.  MimeoDroid: Large Scale Dynamic App Analysis on Cloned Devices via Machine Learning Classifiers , 2016, 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W).

[2]  Vijay Laxmi,et al.  AndroSimilar: Robust signature for detecting variants of Android malware , 2015, J. Inf. Secur. Appl..

[3]  Vijay Laxmi,et al.  Secure and efficient proof of ownership for deduplicated cloud storage , 2017, SIN.

[4]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[5]  Li Lin,et al.  ms‐PoSW: A multi‐server aided proof of shared ownership scheme for secure deduplication in cloud , 2017, Concurr. Comput. Pract. Exp..

[6]  Lorena González-Manzano,et al.  An efficient confidentiality-preserving Proof of Ownership for deduplication , 2015, J. Netw. Comput. Appl..

[7]  Muttukrishnan Rajarajan,et al.  Android Security: A Survey of Issues, Malware Penetration, and Defenses , 2015, IEEE Communications Surveys & Tutorials.

[8]  Jing Chen,et al.  Proofs of Ownership and Retrievability in Cloud Storage , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[9]  Vijay Kumar,et al.  Platform Neutral Sandbox for Analyzing Malware and Resource Hogger Apps , 2014, SecureComm.

[10]  Tao Jiang,et al.  Secure and Efficient Cloud Data Deduplication with Ownership Management , 2020, IEEE Transactions on Services Computing.

[11]  S. Abirami,et al.  Proof of Retrieval and Ownership for Secure Fuzzy Deduplication of Multimedia Data , 2018 .

[12]  Benny Pinkas,et al.  Side Channels in Cloud Services: Deduplication in Cloud Storage , 2010, IEEE Security & Privacy.

[13]  Roberto Di Pietro,et al.  Proof of ownership for deduplication systems: A secure, scalable, and efficient solution , 2016, Comput. Commun..

[14]  Marvin Theimer,et al.  Reclaiming space from duplicate files in a serverless distributed file system , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[15]  Stefan Dziembowski,et al.  Intrusion-Resilience Via the Bounded-Storage Model , 2006, TCC.

[16]  Chao Yang,et al.  Provable ownership of files in deduplication cloud storage , 2015, Secur. Commun. Networks.

[17]  Jay Dave,et al.  Securing SQL with Access Control for Database as a Service Model , 2016, ICTCS.

[18]  Roberto Di Pietro,et al.  Boosting efficiency and security in proof of ownership for deduplication , 2012, ASIACCS '12.

[19]  Bhavya Shah,et al.  Bloom Filter Based Privacy Preserving Deduplication System , 2018, ISEA-ISAP.

[20]  Min Chen,et al.  Message-locked proof of ownership and retrievability with remote repairing in cloud , 2016, Secur. Commun. Networks.

[21]  Vijay Laxmi,et al.  AndroSimilar: robust statistical feature signature for Android malware detection , 2013, SIN.

[22]  Kim-Kwang Raymond Choo,et al.  ase-PoW: A Proof of Ownership Mechanism for Cloud Deduplication in Hierarchical Environments , 2016, SecureComm.

[23]  ChenMin,et al.  Message-locked proof of ownership and retrievability with remote repairing in cloud , 2016 .

[24]  Syed Taqi Ali,et al.  MPoWS: Merged Proof of Ownership and Storage for Block Level Deduplication in Cloud Storage , 2018, 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT).

[25]  Roberto Di Pietro,et al.  A tunable proof of ownership scheme for deduplication using Bloom filters , 2014, 2014 IEEE Conference on Communications and Network Security.

[26]  Vijay Laxmi,et al.  Mining control flow graph as API call-grams to detect portable executable malware , 2012, SIN '12.

[27]  Giovanni Di Crescenzo,et al.  Perfectly Secure Password Protocols in the Bounded Retrieval Model , 2006, TCC.

[28]  Mihir Bellare,et al.  Message-Locked Encryption and Secure Deduplication , 2013, EUROCRYPT.

[29]  Vijay Laxmi,et al.  Secure Random Encryption for Deduplicated Storage , 2017, ICISS.

[30]  Benny Pinkas,et al.  Proofs of ownership in remote storage systems , 2011, CCS '11.