A tunable proof of ownership scheme for deduplication using Bloom filters

Deduplication is a widely used technique in storage services, since it affords a very efficient usage of resources-being especially effective for consumer-grade storage services (e.g. Dropbox). Deduplication has been shown to suffer from several security weaknesses, the most severe ones enabling a malicious user to obtain possession of a file it is not entitled to. Standard solutions to this problem require users to prove possession of data prior to its upload. Unfortunately, the schemes proposed in the literature are very taxing on either the server or the client side. In this paper, we introduce a novel solution based on Bloom filters that provides a flexible, scalable, and provably secure solution to the weaknesses of deduplication, and that overcomes the deficiencies of existing approaches. We provide a formal description of the scheme, a thorough security analysis, and compare our solution against multiple existing ones, both analytically and by means of extensive benchmarking. Our results confirm the quality and viability of our approach.

[1]  Dalit Naor,et al.  Estimation of deduplication ratios in large data sets , 2012, 012 IEEE 28th Symposium on Mass Storage Systems and Technologies (MSST).

[2]  Roberto Di Pietro,et al.  Boosting efficiency and security in proof of ownership for deduplication , 2012, ASIACCS '12.

[3]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[4]  Roberto Di Pietro,et al.  Scalable and efficient provable data possession , 2008, IACR Cryptol. ePrint Arch..

[5]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[6]  Yonggang Wen,et al.  Private data deduplication protocols in cloud storage , 2012, SAC '12.

[7]  Shouhuai Xu,et al.  Secure and efficient proof of storage with deduplication , 2012, CODASPY '12.

[8]  Chao Yang,et al.  Provable ownership of files in deduplication cloud storage , 2015, Secur. Commun. Networks.

[9]  Rodney S. Tucker,et al.  Green Cloud Computing: Balancing Energy in Processing, Storage, and Transport , 2011, Proceedings of the IEEE.

[10]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[11]  Jia Xu,et al.  Weak leakage-resilient client-side deduplication of encrypted data in cloud storage , 2013, ASIA CCS '13.

[12]  Benny Pinkas,et al.  Side Channels in Cloud Services: Deduplication in Cloud Storage , 2010, IEEE Security & Privacy.

[13]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[14]  Mahmood Ahmadi,et al.  Bloom filter applications in network security: A state-of-the-art survey , 2013, Comput. Networks.

[15]  Darrell D. E. Long,et al.  Secure data deduplication , 2008, StorageSS '08.

[16]  Mihir Bellare,et al.  Message-Locked Encryption and Secure Deduplication , 2013, EUROCRYPT.

[17]  Jie Qiu,et al.  The Method and Tool of Cost Analysis for Cloud Computing , 2009, 2009 IEEE International Conference on Cloud Computing.

[18]  Benny Pinkas,et al.  Proofs of ownership in remote storage systems , 2011, CCS '11.