A key-sharing based secure deduplication scheme in cloud storage

Abstract The data deduplication technique can efficiently eliminate redundant data by keeping only one copy of the duplicate data. Convergent encryption (CE) has been widely used in secure deduplication to save storage space and reduce data upload bandwidth, but it still faces two problems. One is that CE is not semantically secure, and suffers from an offline brute-force attack when the data is selected from a predictable set. Another is the convergent key (CK) management problem. CE requires each user holds an independent master key to encrypt its CK then stores them in the cloud, thus different users would store the same key for the duplicate copies. As the scale of users and data expand, the number of CK increase linearly. Therefore, so many keys stored repeatedly is a type of redundancy and brings about a key management issue. To enhance the security of CE, current schemes usually interact with a third party to generate a CK, but this brings an additional burden to the system. Recently, several schemes have been proposed for efficient CK management, but these schemes are confronted with a heavy computation and communication overhead and cannot resist the collusion attack. To deal with the above two problems, we propose a key-sharing method based on proof of ownership for secure deduplication. In the new scheme, only the initial uploader of the data owner encrypts the data with a randomly-chosen CK and then distributes the CK in the cloud, and only the users possessing the claimed data can retrieve the CK. The CK only needs to store once for a single duplicate data. Furthermore, our scheme adopts a deduplication check on the plaintexts and the consistency policy, and only a few owners need to encrypt the duplicate data. Analysis shows that our scheme is more efficient and remains secure in the proposed security model.

[1]  Jin Li,et al.  A Hybrid Cloud Approach for Secure Authorized Deduplication , 2015, IEEE Transactions on Parallel and Distributed Systems.

[2]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[3]  Lukas Kencl,et al.  Enhanced Secure Thresholded Data Deduplication Scheme for Cloud Storage , 2018, IEEE Transactions on Dependable and Secure Computing.

[4]  Mihir Bellare,et al.  Interactive Message-Locked Encryption and Secure Deduplication , 2015, Public Key Cryptography.

[5]  Shucheng Yu,et al.  Secure and constant cost public cloud storage auditing with deduplication , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[6]  Jin Li,et al.  Secure Deduplication with Efficient and Reliable Convergent Key Management , 2014, IEEE Transactions on Parallel and Distributed Systems.

[7]  Hyunsoo Kwon,et al.  Scalable and Reliable Key Management for Secure Deduplication in Cloud Storage , 2017, 2017 IEEE 10th International Conference on Cloud Computing (CLOUD).

[8]  Junzuo Lai,et al.  Practical public key encryption with selective opening security for receivers , 2019, Inf. Sci..

[9]  Marvin Theimer,et al.  Reclaiming space from duplicate files in a serverless distributed file system , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[10]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[11]  Tong Li,et al.  Data security against receiver corruptions: SOA security for receivers from simulatable DEMs , 2019, Inf. Sci..

[12]  Mihir Bellare,et al.  DupLESS: Server-Aided Encryption for Deduplicated Storage , 2013, USENIX Security Symposium.

[13]  Yitao Duan,et al.  Distributed Key Generation for Encrypted Deduplication: Achieving the Strongest Privacy , 2014, CCSW.

[14]  Xiaofeng Chen,et al.  Secure Distributed Deduplication Systems with Improved Reliability , 2015, IEEE Trans. Computers.

[15]  Witold Pedrycz,et al.  Publicly verifiable privacy-preserving aggregation and its application in IoT , 2019, J. Netw. Comput. Appl..

[16]  Tong Li,et al.  Outsourced privacy-preserving classification service over encrypted data , 2018, J. Netw. Comput. Appl..

[17]  Bo-Suk Yang,et al.  Attribute-Based Cloud Data Integrity Auditing for Secure Outsourced Storage , 2020, IEEE Transactions on Emerging Topics in Computing.

[18]  Emmanuelle Anceaume,et al.  A Secure Two-Phase Data Deduplication Scheme , 2014, 2014 IEEE Intl Conf on High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf on Embedded Software and Syst (HPCC,CSS,ICESS).

[19]  Kim-Kwang Raymond Choo,et al.  Fuzzy Identity-Based Data Integrity Auditing for Reliable Cloud Storage Systems , 2019, IEEE Transactions on Dependable and Secure Computing.

[20]  Xiaojiang Du,et al.  Efficient attribute-based encryption with attribute revocation for assured data deletion , 2018, Inf. Sci..

[21]  Mohsen Guizani,et al.  Assured Data Deletion With Fine-Grained Access Control for Fog-Based Industrial Applications , 2018, IEEE Transactions on Industrial Informatics.

[22]  Benny Pinkas,et al.  Proofs of ownership in remote storage systems , 2011, CCS '11.

[23]  Yong Yu,et al.  Identity-Based Remote Data Integrity Checking With Perfect Data Privacy Preserving for Cloud Storage , 2017, IEEE Transactions on Information Forensics and Security.

[24]  Darrell D. E. Long,et al.  Secure data deduplication , 2008, StorageSS '08.

[25]  Alessandro Sorniotti,et al.  A Secure Data Deduplication Scheme for Cloud Storage , 2014, Financial Cryptography.

[26]  Fredric T. Howard New visual perspectives on fibonacci numbers , 2004 .

[27]  Xiaochun Cheng,et al.  M-SSE: An Effective Searchable Symmetric Encryption With Enhanced Security for Mobile Devices , 2018, IEEE Access.