Jian Liu,N. Asokan,Benny Pinkas

DOI: https://doi.org/10.1145/2810103.2813623

2015-01-01

Abstract:Encrypting data on client-side before uploading it to a cloud storage is essential for protecting users' privacy. However client-side encryption is at odds with the standard practice of deduplication. Reconciling client-side encryption with cross-user deduplication is an active research topic. We present the first secure cross-user deduplication scheme that supports client-side encryption without requiring any additional independent servers. Interestingly, the scheme is based on using a PAKE (password authenticated key exchange) protocol. We demonstrate that our scheme provides better security guarantees than previous efforts. We show both the effectiveness and the efficiency of our scheme, via simulations using realistic datasets and an implementation.

Jin Li,Xiaofeng Chen,Xinyi Huang,Shaohua Tang,Yang Xiang,Mohammad Mehedi Hassan,Abdulhameed Alelaiwi

DOI: https://doi.org/10.1109/tc.2015.2401017

2015-01-01

Abstract:Data deduplication is a technique for eliminating duplicate copies of data, and has been widely used in cloud storage to reduce storage space and upload bandwidth. However, there is only one copy for each file stored in cloud even if such a file is owned by a huge number of users. As a result, deduplication system improves storage utilization while reducing reliability. Furthermore, the challenge of privacy for sensitive data also arises when they are outsourced by users to cloud. Aiming to address the above security challenges, this paper makes the first attempt to formalize the notion of distributed reliable deduplication system. We propose new distributed deduplication systems with higher reliability in which the data chunks are distributed across multiple cloud servers. The security requirements of data confidentiality and tag consistency are also achieved by introducing a deterministic secret sharing scheme in distributed storage systems, instead of using convergent encryption as in previous deduplication systems. Security analysis demonstrates that our deduplication systems are secure in terms of the definitions specified in the proposed security model. As a proof of concept, we implement the proposed systems and demonstrate that the incurred overhead is very limited in realistic environments.

Xinyan Wu,Huanwei Wang,Yangkai Yuan,Fagen Li

DOI: https://doi.org/10.1016/j.sysarc.2023.102858

IF: 5.836

2023-01-01

Journal of Systems Architecture

Abstract:Data deduplication technology is frequently used by many cloud service providers to handle the exponential growth in data. To protect their data privacy, users frequently encrypt their data before uploading it to a cloud storage provider. Therefore, efficient encrypted deduplication technology has been widely studied. Although cloud storage provides convenience for users, it also has the problem of high data concentration. Once an accident occurs in the data center, the impact is enormous. Therefore, it is necessary to back up the ciphertext data after deduplication. In this paper, we propose an efficient encrypted data deduplication technology that supports backup. Our scheme uses a one-way hash chain to verify the legitimacy of a user’s identity. It updates the user’s ownership of the data using the user’s index table. In this paper, we use the XOR operation to re-encrypt data to obtain backup ciphertext, reducing computational complexity. In LEDB, the user can extract the key from the data label. Therefore, the user does not need to manage the key separately. In addition, LEDB supports a two-level deduplication mechanism, which can not only ensure transmission security but also reduce network transmission bandwidth. Finally, LEDB allows the user to determine the integrity of the data before decrypting the ciphertext. Security analysis and experimental results show that our scheme is secure and efficient for data encryption and decryption.

Jingwei Li,Jin Li,Dongqing Xie,Zhang Cai

DOI: https://doi.org/10.1109/tc.2015.2389960

2016-01-01

Abstract:As the cloud computing technology develops during the last decade, outsourcing data to cloud service for storage becomes an attractive trend, which benefits in sparing efforts on heavy data maintenance and management. Nevertheless, since the outsourced cloud storage is not fully trustworthy, it raises security concerns on how to realize data deduplication in cloud while achieving integrity auditing. In this work, we study the problem of integrity auditing and secure deduplication on cloud data. Specifically, aiming at achieving both data integrity and deduplication in cloud, we propose two secure systems, namely SecCloud and SecCloud(+). SecCloud introduces an auditing entity with a maintenance of a MapReduce cloud, which helps clients generate data tags before uploading as well as audit the integrity of data having been stored in cloud. Compared with previous work, the computation by user in SecCloud is greatly reduced during the file uploading and auditing phases. SecCloud(+) is designed motivated by the fact that customers always want to encrypt their data before uploading, and enables integrity auditing and secure deduplication on encrypted data.

J. Gnana Jeslin,P. Mohan Kumar

DOI: https://doi.org/10.3390/sym14071392

2022-07-07

Symmetry

Abstract:The number of customers transferring information to cloud storage has grown significantly, with the rising prevalence of cloud computing. The rapidly rising data volume in the cloud, mostly on one side, is followed by a large replication of data. On the other hand, if there is a single duplicate copy of stored symmetrical information in the de-duplicate cloud backup the manipulation or lack of a single copy may cause untold failure. Thus, the deduplication of files and the auditing of credibility are extremely necessary and how they are achieved safely and effectively must be addressed in academic and commercial contexts urgently. In order to tune in this task by using application recognition, data similitude, and locality to simplify decentralized deduplication with two-tier internode and application deduction, we suggest a flexible direct decentralized symmetry deduplication architecture in a cloud scenario. It first distributes application logic to the contents of the directory through implementation-oriented steering to maintain a deployment location and also attributes the same kind of information to the cloud backup node with the storage node specificity by means of a hand printing-based network model to attain adequate global deduplication performance. We build up a new ownership mechanism during file deduplication to ensure continuity of tagging and symmetrical modeling and verify shared ownership. In addition, we plan an effective ownership policy maintenance plan. In order to introduce a probabilistic key process and reduce key storage capacity, a user-helped key is used for in-user block deduplication. Finally, the protection and efficiency audit demonstrate that the data integrity and accuracy of our system are ensured and symmetrically effective in the management of data ownership.

Xuewei Ma,Wenyuan Yang,Yuesheng Zhu,Zhiqiang Bai

DOI: https://doi.org/10.1109/ipccc55026.2022.9894331

2022-01-01

Abstract:Encrypted data deduplication is an important technique for saving storage space and network bandwidth, which has been widely used in cloud storage. Recently, a number of schemes that solve the problem of data deduplication with dynamic ownership management have been proposed. However, these schemes suffer from low efficiency when the dynamic ownership changes a lot. To this end, in this paper, we propose a novel server-side deduplication scheme for encrypted data in a hybrid cloud architecture, where a public cloud (Pub-CSP) manages the storage and a private cloud (Pri-CSP) plays a role as the data owner to perform deduplication and dynamic ownership management. Further, to reduce the communication overhead we use an initial uploader check mechanism to ensure only the first uploader needs to perform encryption, and adopt an access control technique that verifies the validity of the data users before they download data. Our security analysis and performance evaluation demonstrate that our proposed server-side deduplication scheme has better performance in terms of security, effectiveness, and practicability compared with previous schemes. Meanwhile, our method can efficiently resist collusion attacks and duplicate faking attacks.

Zonghui Li,Gilbert Chen,Yangdong Deng

DOI: https://doi.org/10.1109/tcc.2020.3047403

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:The pervasive deployment of cloud services poses an ever-increasing demand for cross-client deduplication solutions to save network bandwidth, lower storage costs, and improve backup speeds. However, existing solutions typically depend on lock-based approaches relying on a centralized chunk database, which tends to hinder performance scalability. In this article, we present a new cross-client cloud backup solution, named Duplicacy, based on a Lock-Free Deduplication approach. Lock-Free Deduplication stores chunks to network or cloud storage using content hashes as file names. It then adopts a two-step fossil deletion algorithm to solve the hard problem of deleting unreferenced chunks in the presence of concurrent backups, without the need for any locks. Experiments demonstrate that Duplicacy enables significant performance improvement for backups over previous well-known backup tools. In addition, Duplicacy can work with many general-purpose network or cloud storage services which only support a basic set of file operations, and turn them into sophisticated deduplication-aware storage servers without server-side changes.

王灿,秦志光,冯朝胜,彭静

DOI: https://doi.org/10.3724/sp.j.1087.2010.01763

2010-01-01

Journal of Computer Applications

Abstract:In order to combine the data confidentiality and deduplication efficiency,a deduplication-oriented backup-data encryption method was proposed.According to the method,the symmetric keys,which were used to encrypt the chunks,were generated from the hash values of chunk contents in a consistent way.Thus,the one to one correspondence between the chunk plaintext and the chunk ciphertext could be guaranteed.The confidentiality of backup-data in storage and transmission can be protected efficiently on condition that the user's private key and identification password are not leaked simultaneously.The experimental results indicate that the method,unlike the traditional encryption method,can be compatible with the deduplication technology well,and the storage space utilization of encrypted backup-data can be improved notablely.This method is applicable to the backup of massive data,which has the requirement of confidentiality.

Guofeng Zhu,Xingjun Zhang,Longxiang Wang,Yueguang Zhu,Xiaoshe Dong

DOI: https://doi.org/10.1109/NBiS.2012.150

2012-01-01

Abstract:With the explosive growth of data amount, it has become a key issue to reduce the storage space that mass data occupies and the bandwidth consumption during network transmission. Experimental investigation shows that a large amount of redundant data exists in each part of the information processing and storage. Therefore, the issues concerning how to eliminate the redundant information during the backup process are of crucial importance for saving disk space and network bandwidth. This paper adopts the data de-duplication technology to solve the problem of redundant data in the course of backup by designing and implementing a backup system with intelligent data de-duplication named Backup Ded up which includes four de-duplication strategies, that is, SIS, FSP, CDC and SW. Backup Ded up supports the online source-side de-duplication and is capable of selecting different de-duplication algorithms according to the corresponding data types. Meanwhile, it offers the data reliability and security in the backup process. The experimental test results show that Backup Ded up employs multi de-duplication strategies simultaneously to substantially eliminate redundant data in the backup process so as to reach the goal of effectively saving storage space and network bandwidth.

Zheng Yan,Lifang Zhang,Wenxiu Ding,Qinghua Zheng

DOI: https://doi.org/10.1109/tbdata.2017.2701352

2019-01-01

IEEE Transactions on Big Data

Abstract:Cloud storage as one of the most important services of cloud computing helps cloud users break the bottleneck of restricted resources and expand their storage without upgrading their devices. In order to guarantee the security and privacy of cloud users, data are always outsourced in an encrypted form. However, encrypted data could incur much waste of cloud storage and complicate data sharing among authorized users. We are still facing challenges on encrypted data storage and management with deduplication. Traditional deduplication schemes always focus on specific application scenarios, in which the deduplication is completely controlled by either data owners or cloud servers. They cannot flexibly satisfy various demands of data owners according to the level of data sensitivity. In this paper, we propose a heterogeneous data storage management scheme, which flexibly offers both deduplication management and access control at the same time across multiple Cloud Service Providers (CSPs). We evaluate its performance with security analysis, comparison and implementation. The results show its security, effectiveness and efficiency towards potential practical usage.

Jingyi Li,Yidong Li,Jigang Wu,Zikai Zhang,Yi Jin

DOI: https://doi.org/10.1109/tnse.2024.3369630

IF: 6.6

2024-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Data deduplication schemes have been widely used in cloud storage systems to save storage space by eliminating duplicate outsourced data. However, the reduction of redundancy leads to decreased data availability and unbalanced data distribution. This paper proposes a blockchain-based decentralized storage system with reliable deduplication and storage balance strategy to provide reliability for deduplicated outsourced data. Encrypted data is split into chunks by a ramp secret sharing scheme, and it is distributed to multiple independent cloud servers. States of the chunks are recorded on the tamper-proofed blockchain and they can be used to recover the raw data or support the verification of user identity. To balance the distribution of data among storage servers, a heuristic matching algorithm is designed to efficiently allocate the available storage space. The allocation services are published by autonomous smart contracts and other participants gain rewards by giving the best matching results of data chunks and storage servers. Formulation analysis demonstrates the correctness of the proposed scheme in terms of data consistency, integrity, and reliability. Experimental results show that the proposed scheme preserves the confidentiality of outsourced data with acceptable computational consumption.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Jingwei Li,P.C.Lee Patrick,Xiaosong Zhang

2015-01-01

Abstract:In the age of big data, the dramatic growth of data in enterprises poses critical challenge on storage and management. Data deduplication technique recognizes the redundancies in data streams, and just transfers and stores the unique data objects, thereby effectively reducing costs. From security perspective, this paper focuses on the advances of secure deduplication systems. We describe the deduplication architecture as well as its security requirements. Then, we introduce content-based encryption, which is the core methodology of building secure deduplication systems, and analyze the principles and limitations of the state-of-the-art technologies. Finally, we summarize existing works about secure data deduplication systems, and discuss future research directions.

Yukun Zhou,Dan Feng,Wen Xia,Min Fu,Fangting Huang,Yucheng Zhang,Chunguang Li

DOI: https://doi.org/10.1109/msst.2015.7208297

2015-01-01

Abstract:Nowadays, many customers and enterprises backup their data to cloud storage that performs deduplication to save storage space and network bandwidth. Hence, how to perform secure deduplication becomes a critical challenge for cloud storage. According to our analysis, the state-of-the-art secure deduplication methods are not suitable for cross-user fine-grained data deduplication. They either suffer brute-force attacks that can recover files falling into a known set, or incur large computation (time) overheads. Moreover, existing approaches of convergent key management incur large space overheads because of the huge number of chunks shared among users.Our observation that cross-user redundant data are mainly from the duplicate files, motivates us to propose an efficient secure deduplication scheme SecDep. SecDep employs UserAware Convergent Encryption (UACE) and Multi-Level Key management (MLK) approaches. (1) UACE combines cross-user file-level and inside-user chunk-level deduplication, and exploits different secure policies among and inside users to minimize the computation overheads. Specifically, both of file-level and chunk-level deduplication use variants of Convergent Encryption (CE) to resist brute-force attacks. The major difference is that the file-level CE keys are generated by using a server-aided method to ensure security of cross-user deduplication, while the chunk-level keys are generated by using a user-aided method with lower computation overheads. (2) To reduce key space overheads, MLK uses file-level key to encrypt chunk-level keys so that the key space will not increase with the number of sharing users. Furthermore, MLK splits the file-level keys into share-level keys and distributes them to multiple key servers to ensure security and reliability of file-level keys.Our security analysis demonstrates that SecDep ensures data confidentiality and key security. Our experiment results based on several large real-world datasets show that SecDep is more time-efficient and key-space-efficient than the state-of-the-art secure deduplication approaches.

Shengmei Luo,Guangyan Zhang,Chengwen Wu,Samee U. Khan,Keqin Li

DOI: https://doi.org/10.1109/tcc.2015.2511752

IF: 5.697

2020-01-01

IEEE Transactions on Cloud Computing

Abstract:As data progressively grows within data centers, the cloud storage systems continuously facechallenges in saving storage capacity and providing capabilities necessary to move big data within an acceptable time frame. In this paper, we present the Boafft, a cloud storage system with distributed deduplication. The Boafft achieves scalable throughput and capacity usingmultiple data servers to deduplicate data in parallel, with a minimal loss of deduplication ratio. Firstly, the Boafft uses an efficient data routing algorithm based on data similarity that reduces the network overhead by quickly identifying the storage location. Secondly, the Boafft maintains an in-memory similarity indexing in each data server that helps avoid a large number of random disk reads and writes, which in turn accelerates local data deduplication. Thirdly, the Boafft constructs hot fingerprint cache in each data server based on access frequency, so as to improve the data deduplication ratio. Our comparative analysis with EMC's stateful routing algorithm reveals that the Boafft can provide a comparatively high deduplication ratio with a low network bandwidth overhead. Moreover, the Boafft makes better usage of the storage space, with higher read/write bandwidth and good load balance.

Yang Zhang,Yongwei Wu,Guangwen Yang

DOI: https://doi.org/10.1109/grid.2012.21

2012-01-01

Abstract:Creating backup copies is the most commonly used technique to protect from data loss. In order to increase reliability, doing routinely backup is a best practice. Such backup activities will create multiple redundant data streams which is not economic to be directly stored on disk. Similarly, enterprise archival systems usually deal with redundant data, which needs to be stored for later accessing. Deduplication is an essential technique used under these situations, which could avoid storing identical data segments, and thus saves a significant portion of disk usage. Also, recent studies have shown that deduplication could also effectively reduce the disk space used to store virtual machine (VM) disk images. We present droplet, a distributed deduplication storage system that has been designed for high throughput and scalability. Droplet strips input data streams onto multiple storage nodes, thus limits number of stored data segments on each node and ensures the fingerprint index could be fitted into memory. The in-memory finger index avoids the disk bottleneck discussed in Data Domain, ChunkStash and provides excellent lookup performance. The buffering layer in droplet provides good write performance for small data segments. Compression on date segments reduces disk usage one step further.

Yulin Wu,Zoe L. Jiang,Xuan Wang,S. M. Yiu,Peng Zhang

DOI: https://doi.org/10.1109/CSE-EUC.2017.104

2017-01-01

Abstract:Cloud storage service has been increasing in popularity as cloud computing plays an important role in the IT domain. Users can be relieved of the burden of storage and computation, by outsourcing the large data files to the cloud servers. However, from the cloud service providers' point of view, it is wise to utilize the data deduplication techniques to reduce the costs of running large storage system and energy consumption on cloud servers. Based on the dynamic nature of data in the cloud storage system, we not only need to assure the data integrity with an auditing protocol supporting dynamic data operations for users, but also consider resorting to data deduplication techniques in the dynamic data operations for cloud service providers to achieve the goal of reducing costs. Thus, in this paper, we propose a mechanism that combines data deduplication with dynamic data operations in the privacy-preserving public auditing for secure cloud storage. The analysis of security and performance shows that the proposed mechanism is highly efficient and provably secure.

Hongyu Liu,Leiting Chen,Liyao Zeng

DOI: https://doi.org/10.1007/978-3-319-69471-9_34

2017-01-01

Abstract:Data loss is a severe issue in cloud storage due to a number of confidential files stored on the cloud and thus, cloud servers have become the target of attackers. In this paper, we propose a cloud data integrity checking protocol with deduplication, which can guarantee the remote data integrity while achieving secure deduplication within the same framework. Another bonus of our construction is privacy preserving of the outsourced data, which is denoted as zero-knowledge data privacy, indicating that the third party auditor learns nothing about the stored data during the auditing process. In addition, we demonstrate the performance of our construction by developing a prototype of the protocol.

Jin Li,Xiaofeng Chen,Mingqiang Li,Jingwei Li,Patrick P. C. Lee,Wenjing Lou

DOI: https://doi.org/10.1109/tpds.2013.284

IF: 5.3

2014-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Data deduplication is a technique for eliminating duplicate copies of data, and has been widely used in cloud storage to reduce storage space and upload bandwidth. Promising as it is, an arising challenge is to perform secure deduplication in cloud storage. Although convergent encryption has been extensively adopted for secure deduplication, a critical issue of making convergent encryption practical is to efficiently and reliably manage a huge number of convergent keys. This paper makes the first attempt to formally address the problem of achieving efficient and reliable key management in secure deduplication. We first introduce a baseline approach in which each user holds an independent master key for encrypting the convergent keys and outsourcing them to the cloud. However, such a baseline key management scheme generates an enormous number of keys with the increasing number of users and requires users to dedicatedly protect the master keys. To this end, we propose Dekey , a new construction in which users do not need to manage any keys on their own but instead securely distribute the convergent key shares across multiple servers. Security analysis demonstrates that Dekey is secure in terms of the definitions specified in the proposed security model. As a proof of concept, we implement Dekey using the Ramp secret sharing scheme and demonstrate that Dekey incurs limited overhead in realistic environments.

Jin, Chunhua

DOI: https://doi.org/10.1007/s12083-024-01734-7

IF: 3.488

2024-06-05

Peer-to-Peer Networking and Applications

Abstract:Cloud storage has attracted widespread attention due to its advantages such as convenience, low cost, and easy scalability. With the explosion of cloud data volumes, security and performance issues are becoming major concerns. Countermeasures like data deduplication and integrity auditing techniques have been extensively studied. However, traditional auditable deduplication protocols face significant challenges related to confidentiality, reliability, and efficiency. Aiming to address these challenges, a blockchain-based auditable deduplication scheme for multi-cloud storage is proposed in this paper. Specifically, this scheme leverages blockchain technology and bilinear pairing cryptosystem to achieve an auditable deduplication mechanism that not only saves storage space but also checks data integrity. Furthermore, convergent encryption and threshold secret sharing algorithms are utilized to enhance storage confidentiality and system reliability. Batch auditing and anti-repeated auditing techniques are also adopted to improve auditing efficiency. Finally, security analysis and performance evaluation reveal that the proposed scheme achieves the expected security and performance requirements.

computer science, information systems,telecommunications

K. Rajkumar,U. Hariharan,V. Dhanakoti,N. Muthukumaran

DOI: https://doi.org/10.1007/s11276-023-03448-9

IF: 2.701

2023-08-29

Wireless Networks

Abstract:Cloud storage is the ideal solution for outsourcing big data since the cloud can store a large amount of data. Cloud storage, on the other hand, raises additional problems about data duplication, fine-grained access control, and privacy, all of these factors are crucial for cloud large data storage. Data duplication approaches based on encrypted data schemes now available do not provide for fine-grained access control. This paper proposes a secure framework for managing data using rapid asymmetric maximum based dynamic size chunking and fuzzy logic for deduplication. Chunking, fingerprinting, hashing, and writing are the four main process of the proposed method. Initially, chunking is done to split the files into chunks. Rapid Asymmetric Maximum (RAM) based Dynamic Size Chunking (DSC) is used in the proposed method. These chunked files are then fingerprinted using hashing process for ensuring data authentication. Then B-tree indexing approach is used in the proposed method in order to keep the fingerprinted in an organized state. General Type2-Fuzzy logic is using Ant Lion Optimization (ALO) is used for detecting duplicate files in the documents. In the cloud storage platform, only non-duplicate documents are safely kept. The Triple Data Encryption Standard is used to do a security study before outsourcing non-duplicate data to a third-party cloud server. The total computation time of the proposed technique is 0.4 s in the inline phase and 0.04 s in the offline phase, and the deduplication ratio is 95% in the inline phase and 90% in the offline phase. This proposed deduplication approach requires less storage, which reduces memory use and processing time.

computer science, information systems,telecommunications,engineering, electrical & electronic