Simulating secure cloud storage schemes

Cloud storage services have become a popular solution to store large amounts of data generated by users and enterprises, because they provide an affordable and practical solution. In order to gain efficiency and reduce storage costs, cloud storage servers may remove duplicated copies of the same stored data. This process is called cross-user data deduplication. However, this beneficial procedure is not carried out if the users encrypt their files with their personal keys. To make deduplication and encryption compatible, we can deterministically encrypt a file using a key generated from the file itself. This process is called Message-Locked Encryption (MLE). This thesis aims to analyze and evaluate the security of using MLE in combination with different deduplication strategies. The information leakage incurred by MLE and conventional encryption is studied. A testing environment is also developed to test these schemes in order to fullfil the objectives. After the experiments, we have confirmed that a curious cloud storage server may obtain information about the stored files even when they are encrypted. This leakage is more significant for MLE scheme, but it also exists when the users encrypt the files with their personal keys. This confirms and advances the work of Ritzdorf et al. [18].

[1]  Refik Molva,et al.  PerfectDedup: Secure Data Deduplication , 2015, DPM/QASA@ESORICS.

[2]  Jin Li,et al.  Secure Deduplication with Efficient and Reliable Convergent Key Management , 2014, IEEE Transactions on Parallel and Distributed Systems.

[3]  Dutch T. Meyer,et al.  A study of practical deduplication , 2011, TOS.

[4]  Refik Molva,et al.  Block-level De-duplication with Encrypted Data , 2014, Open J. Cloud Comput..

[5]  João Paulo,et al.  A Survey and Classification of Storage Deduplication Systems , 2014, ACM Comput. Surv..

[6]  Marvin Theimer,et al.  Feasibility of a serverless distributed file system deployed on an existing set of desktop PCs , 2000, SIGMETRICS '00.

[7]  Benny Pinkas,et al.  Side Channels in Cloud Services: Deduplication in Cloud Storage , 2010, IEEE Security & Privacy.

[8]  Darrell D. E. Long,et al.  Secure data deduplication , 2008, StorageSS '08.

[9]  Mihir Bellare,et al.  Message-Locked Encryption and Secure Deduplication , 2013, EUROCRYPT.

[10]  Marvin Theimer,et al.  Reclaiming space from duplicate files in a serverless distributed file system , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[11]  Mihir Bellare,et al.  DupLESS: Server-Aided Encryption for Deduplicated Storage , 2013, USENIX Security Symposium.

[12]  Raju Rangaswami,et al.  I/O Deduplication: Utilizing content similarity to improve I/O performance , 2010, TOS.

[13]  Ghassan O. Karame,et al.  Transparent Data Deduplication in the Cloud , 2015, CCS.

[14]  Kave Eshghi,et al.  A Framework for Analyzing and Improving Content-Based Chunking Algorithms , 2005 .

[15]  Chengwei Zhang,et al.  Leap-based Content Defined Chunking — Theory and Implementation , 2015, 2015 31st Symposium on Mass Storage Systems and Technologies (MSST).

[16]  Hubert Ritzdorf,et al.  On Information Leakage in Deduplicated Storage Systems , 2016, CCSW.