Abstract
Cloud providers tend to save storage via cross-user deduplication, while users who care about privacy tend to encrypt their files on client-side. Secure deduplication of encrypted data (SDoE) which aims to reconcile this apparent contradiction is an active research topic. In this paper, we propose a formal security model for SDoE. We also propose two single-server SDoE protocols and prove their security in our model. We evaluate their deduplication effectiveness via simulations with realistic datasets.
J. Liu and L. Duan—These authors are equal contribution.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
We also assume that the implicit authentication property is preserved in the PAKE protocol as in the ideal functionality \(\mathcal {F}_{same-input-pake}\) in [13]. The extention of the constrained-PAKE with implicit authentication is straight forward.
- 2.
The rational of this abort rule can be found in Game 3.
- 3.
We assume a polynomial sized file space.
- 4.
This mapping ensures that all hash queries are answerable.
- 5.
Recall that in the security game for compromised server, we assume that every file has been uploaded into \(\mathbf {DB}_0\), so are \(F_0\) and \(F_1\).
References
Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9(1), 1–30 (2006)
Bellare, M., Keelveedhi, S.: Interactive message-locked encryption and secure deduplication. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 516–538. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46447-2_23
Bellare, M., Keelveedhi, S., Ristenpart, T.: DupLESS: server-aided encryption for deduplicated storage. In: USENIX Security, pp. 179–194. USENIX Association (2013)
Bellare, M., Keelveedhi, S., Ristenpart, T.: Message-locked encryption and secure deduplication. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 296–312. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_18
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_11
Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: 1992 IEEE Computer Society Symposium on Research in Security and Privacy, Proceedings, pp. 72–84, May 1992
Chawla, N.V., Bowyer, K.W., Hall, L.O., Kegelmeyer, W.P.: Smote: synthetic minority over-sampling technique. J. Artif. Int. Res. 16(1), 321–357 (2002)
Douceur, J., Adya, A., Bolosky, W., Simon, P., Theimer, M.: Reclaiming space from duplicate files in a serverless distributed file system. In: 22nd International Conference on Distributed Computing Systems, Proceedings, pp. 617–624 (2002)
Duan, Y.: Distributed key generation for encrypted deduplication: achieving the strongest privacy. In: CCSW, pp. 57–68. ACM (2014)
Harnik, D., Pinkas, B., Shulman-Peleg, A.: Side channels in cloud services: deduplication in cloud storage. IEEE Secur. Priv. 8(6), 40–47 (2010)
Lei, L., Cai, Q., Chen, B., Lin, J.: Towards efficient re-encryption for secure client-side deduplication in public clouds. In: Lam, K.-Y., Chi, C.-H., Qing, S. (eds.) ICICS 2016. LNCS, vol. 9977, pp. 71–84. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-50011-9_6
Liu, J., Asokan, N., Pinkas, B.: Secure deduplication of encrypted data without additional independent servers. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 874–885. ACM, New York (2015)
Liu, J., Asokan, N., Pinkas, B.: Secure deduplication of encrypted data without additional independent servers. Cryptology ePrint Archive, Report 2015/455 (2015). http://eprint.iacr.org/2015/455
Puzio, P., Molva, R., Onen, M., Loureiro, S.: ClouDedup: secure deduplication with encrypted data for cloud storage. In: CloudCom, pp. 363–370. IEEE Computer Society (2013)
Qin, C., Li, J., Lee, P.P.C.: The design and implementation of a rekeying-aware encrypted deduplication storage system. Trans. Storage 13(1), 9:1–9:30 (2017)
Shin, Y., Koo, D., Yun, J., Hur, J.: Decentralized server-aided encryption for secure deduplication in cloud storage. IEEE Trans. Serv. Comput. PP(99), 1 (2017)
Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. IACR Cryptology ePrint Archive 2004:332 (2004)
Stanek, J., Sorniotti, A., Androulaki, E., Kencl, L.: A secure data deduplication scheme for cloud storage. In: FC, pp. 99–118 (2014)
Zhao, Y., Chow, S.S.: Updatable block-level message-locked encryption. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, ASIA CCS 2017, pp. 449–460. ACM, New York (2017)
Acknowledgments
This work was supported in part by TEKES - the Finnish Funding Agency for Innovation (CloSer project, 3881/31/2016) and by Intel (Intel Collaborative Research Institute for Secure Computing, ICRI-SC).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Liu, J., Duan, L., Li, Y., Asokan, N. (2018). Secure Deduplication of Encrypted Data: Refined Model and New Constructions. In: Smart, N. (eds) Topics in Cryptology – CT-RSA 2018. CT-RSA 2018. Lecture Notes in Computer Science(), vol 10808. Springer, Cham. https://doi.org/10.1007/978-3-319-76953-0_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-76953-0_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-76952-3
Online ISBN: 978-3-319-76953-0
eBook Packages: Computer ScienceComputer Science (R0)