Solving the Secure Storage Dilemma: An Efficient Scheme for Secure Deduplication with Privacy-Preserving Public Auditing

Existing cloud storage systems obtain the data in its plaintext form and perform conventional (server-side) deduplication mechanisms. However, disclosing the data to the cloud can potentially threaten the security and privacy of users, which is of utmost importance for a realworld cloud storage. This can be solved by secure deduplication mechanisms which enables the user to encrypt the data on the client-side (or via an encryption-as-a-service module) before uploading it to the cloud storage. Conventional client-side encryption solutions unfortunately make the deduplication more challenging. Privacy-preserving public auditing schemes, on the other hand, is also crucial because the clients outsource their data to the cloud providers and then permanently deletes the data from their local storages. In this paper, we consider the problem of secure deduplication over encrypted data stored in the cloud while supporting a privacy-preserving public auditing mechanism. We show that existing solutions cannot support both goals simultaneously due to the conflict of their security and efficiency requirements. In this respect, we present an efficient and secure deduplication scheme that supports client-side encryption and privacy-preserving public auditing. We finally show that our scheme provides better security and efficiency with respect to the very recently proposed existing schemes.

[1]  Jin Li,et al.  Secure Deduplication with Efficient and Reliable Convergent Key Management , 2014, IEEE Transactions on Parallel and Distributed Systems.

[2]  Benny Pinkas,et al.  Secure Deduplication of Encrypted Data without Additional Independent Servers , 2015, CCS.

[3]  Marvin Theimer,et al.  Reclaiming space from duplicate files in a serverless distributed file system , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[4]  Xiaomin Liu,et al.  Efficient Oblivious Pseudorandom Function with Applications to Adaptive OT and Secure Computation of Set Intersection , 2009, TCC.

[5]  Ghassan O. Karame,et al.  Outsourced Proofs of Retrievability , 2014, CCS.

[6]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[7]  Wenjun Luo,et al.  Ensuring the data integrity in cloud data storage , 2011, 2011 IEEE International Conference on Cloud Computing and Intelligence Systems.

[8]  Mihir Bellare,et al.  DupLESS: Server-Aided Encryption for Deduplicated Storage , 2013, USENIX Security Symposium.

[9]  Benny Pinkas,et al.  Keyword Search and Oblivious Pseudorandom Functions , 2005, TCC.

[10]  Alexander Shraer,et al.  Verifying cloud services: present and future , 2013, OPSR.

[11]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[12]  Jia Xu,et al.  Towards efficient proofs of retrievability , 2012, ASIACCS '12.

[13]  Sean Quinlan,et al.  Venti: A New Approach to Archival Storage , 2002, FAST.

[14]  Frédéric Cuppens,et al.  Foundations and Practice of Security , 2011, Lecture Notes in Computer Science.

[15]  Alessandro Sorniotti,et al.  A Secure Data Deduplication Scheme for Cloud Storage , 2014, Financial Cryptography.

[16]  Nigel P. Smart,et al.  Advances in Elliptic Curve Cryptography (London Mathematical Society Lecture Note Series) , 2005 .

[17]  Reza Curtmola,et al.  Remote data checking using provable data possession , 2011, TSEC.

[18]  Alessandro Sorniotti,et al.  Reconciling End-to-End Confidentiality and Data Reduction In Cloud Storage , 2014, CCSW.

[19]  Hui Li,et al.  Panda: Public Auditing for Shared Data with Efficient User Revocation in the Cloud , 2015, IEEE Transactions on Services Computing.

[20]  Zoe L. Jiang,et al.  Privacy-Preserving Public Auditing for Secure Cloud Storage , 2013, IEEE Transactions on Computers.

[21]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[22]  Shucheng Yu,et al.  Secure and constant cost public cloud storage auditing with deduplication , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[23]  Chunlin Chen,et al.  Two-Level Verification of Data Integrity for Data Storage in Cloud Computing , 2011, ICEC 2011.

[24]  Mihir Bellare,et al.  Optimal Asymmetric Encryption-How to Encrypt with RSA , 1995 .

[25]  Cas J. F. Cremers,et al.  The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols , 2008, CAV.

[26]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[27]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[28]  Pin Zhou,et al.  Demystifying data deduplication , 2008, Companion '08.

[29]  André Brinkmann,et al.  Multi-level comparison of data deduplication in a backup scenario , 2009, SYSTOR '09.

[30]  Jia Xu,et al.  Weak leakage-resilient client-side deduplication of encrypted data in cloud storage , 2013, ASIA CCS '13.

[31]  Benny Pinkas,et al.  Side Channels in Cloud Services: Deduplication in Cloud Storage , 2010, IEEE Security & Privacy.

[32]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[33]  David Pointcheval,et al.  Efficient Public-Key Cryptosystems Provably Secure Against Active Adversaries , 1999, ASIACRYPT.

[34]  Benny Pinkas,et al.  Proofs of ownership in remote storage systems , 2011, CCS '11.

[35]  Cong Wang,et al.  Enabling Encrypted Cloud Media Center with Secure Deduplication , 2015, AsiaCCS.

[36]  Jakob Jonsson,et al.  Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 , 2003, RFC.

[37]  Darrell D. E. Long,et al.  Secure data deduplication , 2008, StorageSS '08.

[38]  Martín Abadi,et al.  Message-Locked Encryption for Lock-Dependent Messages , 2013, IACR Cryptol. ePrint Arch..

[39]  G. Kalpana,et al.  Secure Auditing and Deduplicating Data in Cloud , 2016 .

[40]  Mihir Bellare,et al.  Message-Locked Encryption and Secure Deduplication , 2013, EUROCRYPT.

[41]  David Arroyo,et al.  New X.509-based mechanisms for fair anonymity management , 2014, Comput. Secur..

[42]  Mehmet Sabır Kiraz,et al.  A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing , 2016, Journal of Ambient Intelligence and Humanized Computing.

[43]  Osmanbey Uzunkol,et al.  An efficient ID-based message recoverable privacy-preserving auditing scheme , 2015, 2015 13th Annual Conference on Privacy, Security and Trust (PST).

[44]  Cjf Cas Cremers Scyther : semantics and verification of security protocols , 2006 .

[45]  Shigang Chen,et al.  A dynamic Proof of Retrievability (PoR) scheme with O(logn) complexity , 2012, 2012 IEEE International Conference on Communications (ICC).

[46]  Ejaz Ahmed,et al.  A review on remote data auditing in single cloud server: Taxonomy and open issues , 2014, J. Netw. Comput. Appl..

[47]  Cong Wang,et al.  Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing , 2009, ESORICS.

[48]  David Arroyo,et al.  Anonymity Revocation through Standard Infrastructures , 2012, EuroPKI.

[49]  Junbeom Hur,et al.  Secure proof of storage with deduplication for cloud storage systems , 2017, Multimedia Tools and Applications.

[50]  Edgar R. Weippl,et al.  Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space , 2011, USENIX Security Symposium.

[51]  Jeanna Neefe Matthews,et al.  The good, the bad and the ugly of consumer cloud storage , 2010, OPSR.

[52]  Qi Shi,et al.  Anonymous Public-key Certificates for Anonymous and Fair Document Exchange , 2000 .

[53]  Nora Cuppens-Boulahia,et al.  Foundations and Practice of Security : 7th International Symposium, FPS 2014, Montreal, QC, Canada, November 3-5, 2014. Revised Selected Papers , 2015 .

[54]  Shucheng Yu,et al.  Proofs of retrievability with public verifiability and constant communication cost in cloud , 2013, Cloud Computing '13.

[55]  Ning Zhang,et al.  Revocation invocation for accountable anonymous PKI certificate trees , 2004, Proceedings. ISCC 2004. Ninth International Symposium on Computers And Communications (IEEE Cat. No.04TH8769).

[56]  Christian Paquin,et al.  U-Prove Technology Overview V1.1 (Revision 2) , 2013 .

[57]  Huaqun Wang,et al.  Proxy Provable Data Possession in Public Clouds , 2013, IEEE Transactions on Services Computing.

[58]  S. Alaudeen Basha,et al.  Privacy-Preserving in Public Auditing for Secure Cloud , 2014 .

[59]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[60]  Mohamed F. Tolba,et al.  Auditing-as-a-Service for Cloud Storage , 2014, IEEE Conf. on Intelligent Systems.

[61]  Roberto Di Pietro,et al.  Boosting efficiency and security in proof of ownership for deduplication , 2012, ASIACCS '12.

[62]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 1: Basic Techniques , 2001 .

[63]  Osmanbey Uzunkol,et al.  Still Wrong Use of Pairings in Cryptography , 2016, IACR Cryptol. ePrint Arch..

[64]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[65]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.