Peer-to-Peer Networking and Applications

, Volume 11, Issue 2, pp 277–286 | Cite as

Whispers in the cloud storage: A novel cross-user deduplication-based covert channel design

  • Hermine Hovhannisyan
  • Wen Qi
  • Kejie Lu
  • Rongwei Yang
  • Jianping Wang
Article

Abstract

To efficiently provide cloud storage services, most providers implement data deduplication schemes so as to reduce storage and network bandwidth consumption. Due to its broad application, many security issues about data deduplication have been investigated, such as data security, user privacy, etc. Nevertheless, we note that the threat of establishing covert channel over cloud storage has not been fully investigated. In particular, existing studies only demonstrate the potential of a single-bit channel, in which a sender can upload one of the two predefined files for a receiver to infer the information of “0” and “1”. In this paper, we design a more powerful deduplication-based covert channel that can be used to transmit a complete message. Specifically, the key features of our design include: (1) a synchronization scheme that can establish a covert channel between a sender and a receiver, and (2) a novel coding scheme that allows each file to represent multiple bits in the message. To evaluate the proposed design, we implement the covert channel and conduct extensive experiments in different cloud storage systems. Our work highlights a more severe security threat in cloud storage services.

Keywords

Cloud storage service Deduplication Covert channel 

Notes

Acknowledgments

The work is supported in part by a General Research Fund from Hong Kong Research Grant Council under project 122913 and project 61272462 from NSFC China, and by the Shanghai Oriental Scholar Program.

References

  1. 1.
    Juniper Research: Cloud Services To Be Adopted By 3.6bn Consumers Globally By 2018. www.juniperresearch.com/press-release/cloud-computing-pr1 (2014)
  2. 2.
    Leesakul W, Townend P, Jie X (2014) Dynamic data deduplication in cloud storage. In: Proceedings of IEEE service oriented system engineering (SOSE). Oxford, pp 320–325Google Scholar
  3. 3.
    Paulo J, Pereira J (2014) A survey and classification of storage deduplication systems. ACM Comput Surv (CSUR) 47(1):11CrossRefGoogle Scholar
  4. 4.
    Dutch M, Freeman L (2009) Understanding data de-duplication ratios. SNIAGoogle Scholar
  5. 5.
    Heen O, Neumann C, Montalvo L, Defrance S (2012) Improving the resistance to side-channel attacks on cloud storage services. In: Proceedings of 5th international conference on new technologies, mobility and security (NTMS). Istanbul, pp 1–5Google Scholar
  6. 6.
    Lee S, Choi D (2012) Privacy-preserving cross-user source-based data deduplication in cloud storage. In: Proceedings of ICT convergence (ICTC). Jeju, pp 329–330Google Scholar
  7. 7.
    Dahshan M, Elkassass S (2014) Data security in cloud storage services. In: The 5th international conference on cloud computing, GRIDs and virtualization. Venice, pp 1–5Google Scholar
  8. 8.
    Van Der Laan W (2011) Dropship- dropbox api utilities. https://github.com/driverdan/dropship
  9. 9.
    Ju S, Song X (2004) On the formal characterization of covert channel. Content computing. Lecture Notes in Computer Science, vol 3309, pp 155–160Google Scholar
  10. 10.
    Harnik D, Pinkas B, Shulman-Peleg A (2010) Side channels in cloud services: deduplication in cloud storage. IEEE Secur Priv 8(6):40–47CrossRefGoogle Scholar
  11. 11.
    Mulazzani M, Schrittwieser S, Leithner M, Huber M, Weippl E (2011) Dark clouds on the horizon: using cloud storage as attack vector and online slack space. In: Proceedings of the 20th USENIX conference on security. San Francisco, pp 65–76Google Scholar
  12. 12.
    Halevi S, Harnik D, Pinkas B, Shulman-Peleg A (2011) Proofs of ownership in remote storage systems. In: Proceedings of 18th ACM conference on computer and communications security (CCS). Chicago, pp 491–500Google Scholar
  13. 13.
    Zheng Q, Xu S (2012) Secure and efficient proof of storage with deduplication. In: Proceedings of 2nd ACM conference on data and application security and privacy (CODASPY). San Antonio, pp 1–12Google Scholar
  14. 14.
    Di Pietro R, Sorniotti A (2012) Boosting efficiency and security in proof of ownership for deduplication. Seoul, pp 81–82Google Scholar
  15. 15.
    Pulls T (2012) (More) Side channels in cloud storage. Privacy and Identity Management for Life 375:102–115CrossRefGoogle Scholar
  16. 16.
    Russell D (2010) Data deduplication will be even bigger in 2010. GartnerGoogle Scholar
  17. 17.
    Neelaveni P, Vijayalakshmi M (2014) A survey on deduplication in cloud storage. Asian J Inf Technol 13 (6):320–330Google Scholar

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  1. 1.Department of Computer ScienceCity University of Hong KongKowloonHong Kong
  2. 2.School of Computer EngineeringShanghai University of Electric PowerShanghaiChina
  3. 3.Department of Electrical and Computer EngineeringUniversity of Puerto Rico at MayagüezMayagüezPuerto Rico
  4. 4.School of Computer Science and TechnologyUniversity of Science and Technology of China(USTC)HefeiChina

Personalised recommendations