Side Channels in Deduplication: Trade-offs between Leakage and Efficiency

Deduplication removes redundant copies of files or data blocks stored on the cloud. Client-side deduplication, where the client only uploads the file upon the request of the server, provides major storage and bandwidth savings, but introduces a number of security concerns. Harnik et al. (2010) showed how cross-user client-side deduplication inherently gives the adversary access to a (noisy) side-channel that may divulge whether or not a particular file is stored on the server, leading to leakage of user information. We provide formal definitions for deduplication strategies and their security in terms of adversarial advantage. Using these definitions, we provide a criterion for designing good strategies and then prove a bound characterizing the necessary trade-off between security and efficiency.

[1]  Dutch T. Meyer,et al.  A study of practical deduplication , 2011, TOS.

[2]  Benny Pinkas,et al.  Proofs of ownership in remote storage systems , 2011, CCS '11.

[3]  Dooho Choi,et al.  Privacy-preserving cross-user source-based data deduplication in cloud storage , 2012, 2012 International Conference on ICT Convergence (ICTC).

[4]  Herbert Bos,et al.  Flip Feng Shui: Hammering a Needle in the Software Stack , 2016, USENIX Security Symposium.

[5]  References , 1971 .

[6]  Hubert Ritzdorf,et al.  On Information Leakage in Deduplicated Storage Systems , 2016, CCSW.

[7]  Mihir Bellare,et al.  Message-Locked Encryption and Secure Deduplication , 2013, EUROCRYPT.

[8]  Mauro Conti,et al.  Cache Privacy in Named-Data Networking , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems.

[9]  Martín Abadi,et al.  Message-Locked Encryption for Lock-Dependent Messages , 2013, IACR Cryptol. ePrint Arch..

[10]  Mohammad Mannan,et al.  An evaluation of recent secure deduplication proposals , 2016, J. Inf. Secur. Appl..

[11]  Tao Jiang,et al.  Towards Efficient Fully Randomized Message-Locked Encryption , 2016, ACISP.

[12]  Benny Pinkas,et al.  Secure Deduplication of Encrypted Data without Additional Independent Servers , 2015, CCS.

[13]  Benny Pinkas,et al.  Side Channels in Cloud Services: Deduplication in Cloud Storage , 2010, IEEE Security & Privacy.

[14]  Yiwei Thomas Hou,et al.  Modeling the side-channel attacks in data deduplication with game theory , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[15]  Kwangjo Kim,et al.  Differentially private client-side data deduplication protocol for cloud storage services , 2015, Secur. Commun. Networks.

[16]  Marvin Theimer,et al.  Reclaiming space from duplicate files in a serverless distributed file system , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[17]  Mihir Bellare,et al.  DupLESS: Server-Aided Encryption for Deduplicated Storage , 2013, USENIX Security Symposium.

[18]  Herbert Bos,et al.  Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[19]  Alessandro Sorniotti,et al.  A Secure Data Deduplication Scheme for Cloud Storage , 2014, Financial Cryptography.

[20]  Edgar R. Weippl,et al.  Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space , 2011, USENIX Security Symposium.