Secure Data Deduplication with Dynamic Ownership Management in Cloud Storage

In cloud storage services, deduplication technology is commonly used to reduce the space and bandwidth requirements of services by eliminating redundant data and storing only a single copy of them. Deduplication is most effective when multiple users outsource the same data to the cloud storage, but it raises issues relating to security and ownership. Proof-of-ownership schemes allow any owner of the same data to prove to the cloud storage server that he owns the data in a robust way. However, many users are likely to encrypt their data before outsourcing them to the cloud storage to preserve privacy, but this hampers deduplication because of the randomization property of encryption. Recently, several deduplication schemes have been proposed to solve this problem by allowing each owner to share the same encryption key for the same data. However, most of the schemes suffer from security flaws, since they do not consider the dynamic changes in the ownership of outsourced data that occur frequently in a practical cloud storage service. In this paper, we propose a novel server-side deduplication scheme for encrypted data. It allows the cloud server to control access to outsourced data even when the ownership changes dynamically by exploiting randomized convergent encryption and secure ownership group key distribution. This prevents data leakage not only to revoked users even though they previously owned that data, but also to an honest-but-curious cloud storage server. In addition, the proposed scheme guarantees data integrity against any tag inconsistency attack. Thus, security is enhanced in the proposed scheme. The efficiency analysis results demonstrate that the proposed scheme is almost as efficient as the previous schemes, while the additional computational overhead is negligible.

[1]  Dutch T. Meyer,et al.  A study of practical deduplication , 2011, TOS.

[2]  David Hutchison,et al.  A survey of key management for secure group communication , 2003, CSUR.

[3]  Benny Pinkas,et al.  Proofs of ownership in remote storage systems , 2011, CCS '11.

[4]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[5]  Jing Peng,et al.  A novel encryption scheme for data deduplication system , 2010, 2010 International Conference on Communications, Circuits and Systems (ICCCAS).

[6]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[7]  Mingqiang Li,et al.  CDStore: Toward Reliable, Secure, and Cost-Efficient Cloud Storage via Convergent Dispersal , 2015, IEEE Internet Computing.

[8]  Jia Xu,et al.  Weak leakage-resilient client-side deduplication of encrypted data in cloud storage , 2013, ASIA CCS '13.

[9]  Nenghai Yu,et al.  Anonymous deduplication of encrypted data with proof of ownership in cloud storage , 2013, 2013 IEEE/CIC International Conference on Communications in China (ICCC).

[10]  Jin Li,et al.  A Hybrid Cloud Approach for Secure Authorized Deduplication , 2015, IEEE Transactions on Parallel and Distributed Systems.

[11]  Darrell D. E. Long,et al.  Secure data deduplication , 2008, StorageSS '08.

[12]  K. C. Almeroth,et al.  Multicast group behavior in the Internet's multicast backbone (MBone) , 1997 .

[13]  Mihir Bellare,et al.  Message-Locked Encryption and Secure Deduplication , 2013, EUROCRYPT.

[14]  Xiaofeng Chen,et al.  Secure Distributed Deduplication Systems with Improved Reliability , 2015, IEEE Trans. Computers.

[15]  Yonggang Wen,et al.  Private data deduplication protocols in cloud storage , 2012, SAC '12.

[16]  Catherine A. Meadows,et al.  Security of Ramp Schemes , 1985, CRYPTO.

[17]  Marvin Theimer,et al.  Reclaiming space from duplicate files in a serverless distributed file system , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[18]  Jin Li,et al.  Convergent Dispersal: Toward Storage-Efficient Security in a Cloud-of-Clouds , 2014, HotCloud.

[19]  Mihir Bellare,et al.  DupLESS: Server-Aided Encryption for Deduplicated Storage , 2013, USENIX Security Symposium.

[20]  Yang Tang,et al.  A Secure Cloud Backup System with Assured Deletion and Version Control , 2011, 2011 40th International Conference on Parallel Processing Workshops.

[21]  Alessandro Sorniotti,et al.  Reconciling End-to-End Confidentiality and Data Reduction In Cloud Storage , 2014, CCSW.

[22]  Mihir Bellare,et al.  Interactive Message-Locked Encryption and Secure Deduplication , 2015, Public Key Cryptography.

[23]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[24]  Rynson W. H. Lau,et al.  Knowledge and Data Engineering for e-Learning Special Issue of IEEE Transactions on Knowledge and Data Engineering , 2008 .

[25]  Le Zhang,et al.  Fast and Secure Laptop Backups with Encrypted De-duplication , 2010, LISA.

[26]  Brian Warner,et al.  Tahoe: the least-authority filesystem , 2008, StorageSS '08.

[27]  Jin Li,et al.  Secure Deduplication with Efficient and Reliable Convergent Key Management , 2014, IEEE Transactions on Parallel and Distributed Systems.

[28]  A. Shulman-Peleg,et al.  Side channels in cloud services , the case of deduplication in cloud storage , 2011 .

[29]  Edgar R. Weippl,et al.  Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space , 2011, USENIX Security Symposium.