Privacy-preserving deduplication of encrypted data with dynamic ownership management in fog computing

Abstract The explosion in the volume of data generated by end-point devices, arising from IoT proliferation, has lead to the adoption of data outsourcing to dedicated data centers. However, centralized data centers such as cloud storage cannot afford to manage large stores of data in a timely manner. To allow low latency access to large amounts of data, a new computing paradigm, called fog computing, has been introduced. In a fog computing environment, privacy issues surrounding outsourced data become more critical due to its complicated innards of the system. In addition, efficient resource management is another important criterion considering the application of pay-per-use in commercial fog storage. As an extension of cloud storage, most fog storage service providers will choose to adopt data deduplication techniques to minimize resource dissipation. At the same time, data owners may update or remove outsourced data stored in the remote storage to reduce expenses. In this paper, we propose the first privacy-preserving deduplication protocol capable of efficient ownership management in fog computing. It achieves fine-grained access control by introducing user-level key management and update mechanisms. Data-invariant user-level private keys enable data owners to maintain a constant number of keys regardless of the number of outsourced data files. The update of user-level public keys for valid data owners at the remote storage dramatically reduces communication overhead. Security and performance analyses demonstrate the efficiency of the proposed scheme in terms of communication and key management in fog storage.

[1]  Kim-Kwang Raymond Choo,et al.  An Android Social App Forensics Adversary Model , 2016, 2016 49th Hawaii International Conference on System Sciences (HICSS).

[2]  Cong Wang,et al.  Enabling Encrypted Cloud Media Center with Secure Deduplication , 2015, AsiaCCS.

[3]  Joseph K. Liu,et al.  On Lightweight Security Enforcement in Cyber-Physical Systems , 2015, LightSec.

[4]  Kim-Kwang Raymond Choo Secure Key Establishment , 2008, Advances in Information Security.

[5]  Tsuyoshi Murata,et al.  {m , 1934, ACML.

[6]  Kim-Kwang Raymond Choo,et al.  Forensic-by-Design Framework for Cyber-Physical Cloud Systems , 2016, IEEE Cloud Computing.

[7]  M. Shruthi,et al.  Secure Distributed Deduplication Systems with Improved Reliability , 2016 .

[8]  Kim-Kwang Raymond Choo,et al.  Forensic data acquisition from cloud‐of‐things devices: windows Smartphones as a case study , 2017, Concurr. Comput. Pract. Exp..

[9]  Kim-Kwang Raymond Choo,et al.  Towards Lightweight Anonymous Entity Authentication for IoT Applications , 2016, ACISP.

[10]  Daehee Kim,et al.  Selective encryption and component-oriented deduplication for mobile cloud data computing , 2016, 2016 International Conference on Computing, Networking and Communications (ICNC).

[11]  Philip S. Yu,et al.  Differentially private data release for data mining , 2011, KDD.

[12]  Roberto Di Pietro,et al.  ESC: An efficient, scalable, and crypto-less solution to secure wireless networks , 2015, Comput. Networks.

[13]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[14]  Qun Li,et al.  A Survey of Fog Computing: Concepts, Applications and Issues , 2015, Mobidata@MobiHoc.

[15]  Kim-Kwang Raymond Choo,et al.  An adversary model to evaluate DRM protection of video contents on iOS devices , 2016, Comput. Secur..

[16]  Kim-Kwang Raymond Choo,et al.  A Forensically Sound Adversary Model for Mobile Devices , 2015, PloS one.

[17]  Yan Ke,et al.  Efficient Near-duplicate Detection and Sub-image Retrieval , 2004 .

[18]  Ingrid Verbauwhede,et al.  The communication and computation cost of wireless security: extended abstract , 2011, WiSec '11.

[19]  Benny Pinkas,et al.  Proofs of ownership in remote storage systems , 2011, CCS '11.

[20]  Marvin Theimer,et al.  Reclaiming space from duplicate files in a serverless distributed file system , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[21]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[22]  Mario Nemirovsky,et al.  Key ingredients in an IoT recipe: Fog Computing, Cloud computing, and more Fog Computing , 2014, 2014 IEEE 19th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD).

[23]  Claude Castelluccia,et al.  I Have a DREAM! (DiffeRentially privatE smArt Metering) , 2011, Information Hiding.

[24]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[25]  Mihir Bellare,et al.  DupLESS: Server-Aided Encryption for Deduplicated Storage , 2013, USENIX Security Symposium.

[26]  Matthew Green,et al.  Correlation-Resistant Storage via Keyword-Searchable Encryption , 2005, IACR Cryptol. ePrint Arch..

[27]  Laurence T. Yang,et al.  Data Exfiltration From Internet of Things Devices: iOS Devices as Case Studies , 2017, IEEE Internet of Things Journal.

[28]  Lorena González-Manzano,et al.  An efficient confidentiality-preserving Proof of Ownership for deduplication , 2015, J. Netw. Comput. Appl..

[29]  Jean-Sébastien Coron,et al.  Fully Homomorphic Encryption over the Integers with Shorter Public Keys , 2011, IACR Cryptol. ePrint Arch..

[30]  Yonggang Wen,et al.  Private data deduplication protocols in cloud storage , 2012, SAC '12.

[31]  Ertem Esiner,et al.  Layered security for storage at the edge: on decentralized multi-factor access control , 2016, ICDCN.

[32]  Steven D. Galbraith,et al.  Easy decision-Diffie-Hellman groups , 2004, IACR Cryptol. ePrint Arch..

[33]  Ivan Stojmenovic,et al.  The Fog computing paradigm: Scenarios and security issues , 2014, 2014 Federated Conference on Computer Science and Information Systems.

[34]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[35]  João Pedro Barreto,et al.  Hash challenges: Stretching the limits of compare-by-hash in distributed data deduplication , 2012, Inf. Process. Lett..

[36]  Jin Li,et al.  Secure Deduplication with Efficient and Reliable Convergent Key Management , 2014, IEEE Transactions on Parallel and Distributed Systems.

[37]  Benny Pinkas,et al.  Secure Deduplication of Encrypted Data without Additional Independent Servers , 2015, CCS.

[38]  Kim-Kwang Raymond Choo,et al.  A technique to circumvent SSL/TLS validations on iOS devices , 2017, Future Gener. Comput. Syst..

[39]  Xuemin Shen,et al.  Efficient self-healing group key management with dynamic revocation and collusion resistance for SCADA in smart grid , 2015, Secur. Commun. Networks.

[40]  Refik Molva,et al.  Block-level De-duplication with Encrypted Data , 2014, Open J. Cloud Comput..

[41]  Christoph Neumann,et al.  Improving the Resistance to Side-Channel Attacks on Cloud Storage Services , 2012, 2012 5th International Conference on New Technologies, Mobility and Security (NTMS).

[42]  Moonseong Kim,et al.  Efficient and Anonymous Two-Factor User Authentication in Wireless Sensor Networks: Achieving User Anonymity with Lightweight Sensor Computation , 2015, PloS one.

[43]  Hui Li,et al.  Secure multi-server-aided data deduplication in cloud computing , 2015, Pervasive Mob. Comput..

[44]  Refik Molva,et al.  ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[45]  Nenghai Yu,et al.  Anonymous deduplication of encrypted data with proof of ownership in cloud storage , 2013, 2013 IEEE/CIC International Conference on Communications in China (ICCC).

[46]  Jin Li,et al.  Convergent Dispersal: Toward Storage-Efficient Security in a Cloud-of-Clouds , 2014, HotCloud.

[47]  Syed M. Rahman,et al.  An Overview of the Security Concerns in Enterprise Cloud Computing , 2011, ArXiv.

[48]  Kim-Kwang Raymond Choo,et al.  Privacy-Preserving-Outsourced Association Rule Mining on Vertically Partitioned Databases , 2016, IEEE Transactions on Information Forensics and Security.

[49]  Darrell D. E. Long,et al.  Secure data deduplication , 2008, StorageSS '08.

[50]  K. C. Almeroth,et al.  Multicast group behavior in the Internet's multicast backbone (MBone) , 1997 .

[51]  Athanasios V. Vasilakos,et al.  A Markov adversary model to detect vulnerable iOS devices and vulnerabilities in iOS apps , 2017, Appl. Math. Comput..

[52]  Mihir Bellare,et al.  Message-Locked Encryption and Secure Deduplication , 2013, EUROCRYPT.

[53]  Catherine A. Meadows,et al.  Security of Ramp Schemes , 1985, CRYPTO.

[54]  Yitao Duan,et al.  Distributed Key Generation for Encrypted Deduplication: Achieving the Strongest Privacy , 2014, CCSW.

[55]  Yixin Chen,et al.  CompoundEyes: Near-duplicate detection in large scale online video systems in the cloud , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[56]  Hao Jiang,et al.  Multi-level Selective Deduplication for VM Snapshots in Cloud Storage , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[57]  Dooho Choi,et al.  Privacy-preserving cross-user source-based data deduplication in cloud storage , 2012, 2012 International Conference on ICT Convergence (ICTC).

[58]  Jiang Zhu,et al.  Fog Computing: A Platform for Internet of Things and Analytics , 2014, Big Data and Internet of Things.

[59]  Ivan Stojmenovic,et al.  Fog computing: A cloud to the ground support for smart things and machine-to-machine networks , 2014, 2014 Australasian Telecommunication Networks and Applications Conference (ATNAC).

[60]  Hyotaek Lim,et al.  SDM: Smart deduplication for mobile cloud storage , 2017, Future Gener. Comput. Syst..

[61]  Kim-Kwang Raymond Choo,et al.  Cloud based data sharing with fine-grained proxy re-encryption , 2016, Pervasive Mob. Comput..

[62]  Mingqiang Li,et al.  CDStore: Toward Reliable, Secure, and Cost-Efficient Cloud Storage via Convergent Dispersal , 2015, IEEE Internet Computing.

[63]  Jia Xu,et al.  Weak leakage-resilient client-side deduplication of encrypted data in cloud storage , 2013, ASIA CCS '13.

[64]  Benny Pinkas,et al.  Side Channels in Cloud Services: Deduplication in Cloud Storage , 2010, IEEE Security & Privacy.

[65]  Kwangjo Kim,et al.  Security weakness in the Proof of Storage with Deduplication , 2012, IACR Cryptol. ePrint Arch..

[66]  Ronald J. Quinn,et al.  Capturing Nature's Diversity , 2015, PloS one.

[67]  Suman Nath,et al.  Differentially private aggregation of distributed time-series with transformation and encryption , 2010, SIGMOD Conference.

[68]  Joseph K. Liu,et al.  Extended Proxy-Assisted Approach: Achieving Revocable Fine-Grained Encryption of Cloud Data , 2015, ESORICS.

[69]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[70]  Sateesh Addepalli,et al.  Fog computing and its role in the internet of things , 2012, MCC '12.