Jianfeng Wang,Xiaofeng Chen,Jin Li,Kamil Kluczniak,Miroslaw Kutylowski

DOI: https://doi.org/10.1504/ijwgs.2017.10006054

2017-01-01

International Journal of Web and Grid Services

Abstract:Data deduplication is a special type of resource usage optimisation. It leads to reduction of the used storage space and network bandwidth by eliminating duplicate copies of the same data file. Convergent encryption, as the state-of-art approach, has been widely adopted to perform secure deduplication in the cross-user scenario. However, all prior solutions do not support user traceability: there is no way to trace the identities of malicious users in case of duplicate faking attacks. To cope with this problem, we propose a deduplication scheme called TrDup. It realises traceability of malicious user's identity by incorporating traceable signatures with message-locked encryption technique. The TrDup construction is followed by its formal security analysis.

Jian Liu,N. Asokan,Benny Pinkas

DOI: https://doi.org/10.1145/2810103.2813623

2015-01-01

Abstract:Encrypting data on client-side before uploading it to a cloud storage is essential for protecting users' privacy. However client-side encryption is at odds with the standard practice of deduplication. Reconciling client-side encryption with cross-user deduplication is an active research topic. We present the first secure cross-user deduplication scheme that supports client-side encryption without requiring any additional independent servers. Interestingly, the scheme is based on using a PAKE (password authenticated key exchange) protocol. We demonstrate that our scheme provides better security guarantees than previous efforts. We show both the effectiveness and the efficiency of our scheme, via simulations using realistic datasets and an implementation.

Jingwei Li,P.C.Lee Patrick,Xiaosong Zhang

2015-01-01

Abstract:In the age of big data, the dramatic growth of data in enterprises poses critical challenge on storage and management. Data deduplication technique recognizes the redundancies in data streams, and just transfers and stores the unique data objects, thereby effectively reducing costs. From security perspective, this paper focuses on the advances of secure deduplication systems. We describe the deduplication architecture as well as its security requirements. Then, we introduce content-based encryption, which is the core methodology of building secure deduplication systems, and analyze the principles and limitations of the state-of-the-art technologies. Finally, we summarize existing works about secure data deduplication systems, and discuss future research directions.

Xin Tang,Linna Zhou,Yongfeng Huang,Chin-Chen Chang

DOI: https://doi.org/10.1109/trustcom/bigdatase.2018.00128

2018-01-01

Abstract:Cross-user deduplication is an emerging technique to ease the burden of cloud storage in big data era by storing only one copy of duplicate data. Efficiency reflects the feasibility and is a basic consideration when applying the deduplication scheme. However, in order to achieve certain level of security, existing works suffer from heavy overhead of computation as well as communication, which is a big obstacle for the actual deployment. In this paper, we propose an efficient cross-user deduplication scheme for encrypted data, which takes the lead to consider the efficiency during deduplication and makes it a reality to achieve secure deduplication in a lightweight way. To ensure the efficiency, we utilize the proposed re-encryption technique together with a non-interactive convergent key generation scheme to eliminate the cost of users and support batch verification of recovered data. The simulation results show that, with the same level of security guaranteed, the proposed scheme is more efficient comparing with the state of the art.

Haoran Yuan,Xiaofeng Chen,Jin Li,Tao Jiang,Jianfeng Wang,Robert H. Deng

DOI: https://doi.org/10.1109/TSC.2019.2948007

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:Data deduplication technique has been widely adopted by commercial cloud storage providers, which is both important and necessary in coping with the explosive growth of data. To further protect the security of users' sensitive data in the outsourced storage mode, many secure data deduplication schemes have been designed and applied in various scenarios. Among these schemes, secure and efficient re-encryption for encrypted data deduplication attracted the attention of many scholars, and many solutions have been designed to support dynamic ownership management. In this paper, we focus on the re-encryption deduplication storage system and show that the recently designed lightweight rekeying-aware encrypted deduplication scheme (REED) is vulnerable to an attack which we call it stub-reserved attack. Furthermore, we propose a secure data deduplication scheme with efficient re-encryption based on the convergent all-or-nothing transform (CAONT) and randomly sampled bits from the Bloom filter. Due to the intrinsic property of one-way hash function, our scheme can resist the stub-reserved attack and guarantee the data privacy of data owners' sensitive data. Moreover, instead of re-encrypting the entire package, data owners are only required to re-encrypt a small part of it through the CAONT, thereby effectively reducing the computation overhead of the system. Finally, security analysis and experimental results show that our scheme is secure and efficient in re-encryption.

Yukun Zhou,Dan Feng,Wen Xia,Min Fu,Fangting Huang,Yucheng Zhang,Chunguang Li

DOI: https://doi.org/10.1109/msst.2015.7208297

2015-01-01

Abstract:Nowadays, many customers and enterprises backup their data to cloud storage that performs deduplication to save storage space and network bandwidth. Hence, how to perform secure deduplication becomes a critical challenge for cloud storage. According to our analysis, the state-of-the-art secure deduplication methods are not suitable for cross-user fine-grained data deduplication. They either suffer brute-force attacks that can recover files falling into a known set, or incur large computation (time) overheads. Moreover, existing approaches of convergent key management incur large space overheads because of the huge number of chunks shared among users.Our observation that cross-user redundant data are mainly from the duplicate files, motivates us to propose an efficient secure deduplication scheme SecDep. SecDep employs UserAware Convergent Encryption (UACE) and Multi-Level Key management (MLK) approaches. (1) UACE combines cross-user file-level and inside-user chunk-level deduplication, and exploits different secure policies among and inside users to minimize the computation overheads. Specifically, both of file-level and chunk-level deduplication use variants of Convergent Encryption (CE) to resist brute-force attacks. The major difference is that the file-level CE keys are generated by using a server-aided method to ensure security of cross-user deduplication, while the chunk-level keys are generated by using a user-aided method with lower computation overheads. (2) To reduce key space overheads, MLK uses file-level key to encrypt chunk-level keys so that the key space will not increase with the number of sharing users. Furthermore, MLK splits the file-level keys into share-level keys and distributes them to multiple key servers to ensure security and reliability of file-level keys.Our security analysis demonstrates that SecDep ensures data confidentiality and key security. Our experiment results based on several large real-world datasets show that SecDep is more time-efficient and key-space-efficient than the state-of-the-art secure deduplication approaches.

Mingyang Song,Zhongyun Hua,Yifeng Zheng,Tao Xiang,Xiaohua Jia

DOI: https://doi.org/10.1109/tdsc.2023.3334475

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In cloud storage systems, secure deduplication plays a critical role in saving storage costs for the cloud server and ensuring data confidentiality for cloud users. Traditional secure deduplication schemes require users to encrypt their outsourced files using specific encryption algorithms that cannot provide semantic security. However, users are unable to directly benefit from the storage savings, as the relation between the actual storage cost and the offered prices remains not transparent. As a result, users may be unwilling to cooperate with the cloud by encrypting their data using semantically secure algorithms. Moreover, data integrity is a significant concern for cloud storage users. To address these issues, this paper proposes a novel transparent and secure deduplication scheme that supports integrity auditing. Compared to previous works, our design can verify the number of file owners and the integrity through one-time proof verification. It also protects the private contents of files and the privacy of file ownership from malicious users. Moreover, our scheme includes a batch auditing method to simultaneously verify the numbers of file owners and the integrity of multiple files. Theoretical analysis confirms the correctness and security of our scheme. Comparison results demonstrate its competing performance over previous solutions

Jin Li,Xiaofeng Chen,Mingqiang Li,Jingwei Li,Patrick P. C. Lee,Wenjing Lou

DOI: https://doi.org/10.1109/tpds.2013.284

IF: 5.3

2014-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Data deduplication is a technique for eliminating duplicate copies of data, and has been widely used in cloud storage to reduce storage space and upload bandwidth. Promising as it is, an arising challenge is to perform secure deduplication in cloud storage. Although convergent encryption has been extensively adopted for secure deduplication, a critical issue of making convergent encryption practical is to efficiently and reliably manage a huge number of convergent keys. This paper makes the first attempt to formally address the problem of achieving efficient and reliable key management in secure deduplication. We first introduce a baseline approach in which each user holds an independent master key for encrypting the convergent keys and outsourcing them to the cloud. However, such a baseline key management scheme generates an enormous number of keys with the increasing number of users and requires users to dedicatedly protect the master keys. To this end, we propose Dekey , a new construction in which users do not need to manage any keys on their own but instead securely distribute the convergent key shares across multiple servers. Security analysis demonstrates that Dekey is secure in terms of the definitions specified in the proposed security model. As a proof of concept, we implement Dekey using the Ramp secret sharing scheme and demonstrate that Dekey incurs limited overhead in realistic environments.

Cheng Guo,Xueru Jiang,Kim-Kwang Raymond Choo,Yingmo Jie

DOI: https://doi.org/10.1016/j.jnca.2020.102664

IF: 7.574

2020-01-01

Journal of Network and Computer Applications

Abstract:Deduplication technology is used extensively in applications such as cloud computing services to optimize their storage performance (e.g., cloud service providers store only one copy of identical data). However, due to the use of encryption (to ensure the confidentiality of data stored in the cloud), it can be challenging for cloud service providers to perform deduplication (e.g., due to the use of different keys on the same content). In this paper, we propose a randomized, secure, cross-user deduplication scheme (R-Dedup). The scheme does not involve any third-party entity (e.g., an additional cloud server) or require assistance from other users. In R-Dedup, the randomness feature means that users with identical copies of a file share the same random value via ElGamal encryption. The security analysis and experimental results demonstrate that R-Dedup is lightweight, and achieves both data privacy and data integrity.

Yan Kit Li,Xiaofeng Chen,Patrick P. C. Lee,Wenjing Lou,Jin Li,Sriram Keelveedhi,Thomas Ristenpart,Mihir Bellare

2020-01-01

Abstract:The popularity and widespread use of Cloud have brought great convenience for data sharing and data storage. The data sharing with a large number of participants take into account issuers like data integrity, efficiency and privacy of the owner for data. In cloud storage services one critical challenge is to manage ever-increasing volume of data storage in cloud. To make data management more scalable in cloud computing field, deduplication a well-known technique of data compression to eliminating duplicate copies of repeating data in storage over a cloud. Even if data deduplication brings a lot of benefits in security and privacy concerns arise as user's sensitive data are susceptible to both attacks insider and outsider. A convergent encryption method enforces data confidentiality while making deduplication feasible. Traditional deduplication systems based on convergent encryption even though provide confidentiality but do not support the duplicate check on basis of differential privileges. This paper presents, the idea of authorized data deduplication proposed to protect data security by including differential privileges of users in the duplicate check. Deduplication systems, users with differential privileges are further considered in duplicate check besides the data itself. To support stronger security the files are encrypted with differential privilege keys. Users are only allowed to perform the duplicate check for files marked with the corresponding privileges to access. The user can verify his/her presence of file after deduplication in cloud with the help of a third party

Yunling Wang,Meixia Miao,Jianfeng Wang,Xuefeng Zhang

DOI: https://doi.org/10.1016/j.csi.2021.103523

2021-10-01

Abstract:<p>Secure deduplication is a promising solution to greatly reduce the storage space of the cloud. However, the encryption key is deterministically derived from the plaintext, such that who owns the plaintext has the derived key to decrypt the ciphertext. Therefore, how to revoke a user in deduplication schemes is a critical challenge. In the existing work, when updating the data authority, the data owner has to download the data from the cloud, decrypt, re-encrypt and finally upload them to the cloud. This process increases the communication and computation overheads. In this paper, we first propose a multi-user updatable encryption scheme. Specifically, the data owner can update the remote ciphertext under a new group key by sending an update token to the cloud. Then we adopt this technique to propose a new secure deduplication scheme supporting efficiently revoking an unauthorized user. In our scheme, the data owner just needs to send a token to the cloud to update the data authority, which saves the communication and computation costs. The security and efficiency analysis demonstrate that our proposed deduplication scheme can achieve the desired security properties with high efficiency.</p>

computer science, software engineering, hardware & architecture

Can Wang,Zhiguang Qin,Jing Peng,Juan Wang

DOI: https://doi.org/10.1109/ICCCAS.2010.5581996

2010-01-01

Abstract:In order to solve the problem that encryption files can not benefit from the data deduplication technology, a novel encryption scheme is proposed. According to the method, the basic encryption unit is transformed from the file to the chunks; and the chunk contents are used to generate the symmetric keys, which ensure the determinate mapping between plaintext and ciphertext of data. The data can be stored and transmitted in security as long as the adversary does not acquire a user's private key and identification password simultaneously. This scheme can mitigate the contradiction between traditional encryption method and deduplication technology well; and is suitable for the application of disk-based, data deduplication system which has the requirement of confidentiality. © 2010 IEEE.

Shahnawaz Ahmad,Mohd. Arif,Javed Ahmad,Mohd. Nazim,Shabana Mehfuz

DOI: https://doi.org/10.1002/cpe.8205

2024-06-23

Concurrency and Computation Practice and Experience

Abstract:Summary The exponential growth of data poses a critical challenge for cloud storage systems. Redundant data consumes valuable storage space and increases infrastructure costs. Data deduplication, a technique for eliminating duplicate data copies, offers a promising solution. However, existing deduplication techniques often compromise data security, especially when dealing with encrypted data. This paper proposes a novel approach that merges convergent encryption (CE) with data deduplication. CE leverages user data itself to generate unique encryption keys, enabling secure deduplication on encrypted data. We analyze existing literature on secure data deduplication and categorize various techniques using UML activity diagrams. We then present our proposed CE‐based deduplication system, outlining its functionalities through UML diagrams. This research contributes to the field of secure data storage by proposing a novel and secure deduplication approach. By demonstrating its efficiency and security benefits, this work paves the way for more efficient and secure cloud storage solutions. Finally, we demonstrate the system's effectiveness through a comparative analysis, highlighting its potential to significantly improve storage efficiency while maintaining data security.

computer science, theory & methods, software engineering

Haoran Yuan,Xiaofeng Chen,Tao Jiang,Xiaoyu Zhang,Zheng Yan,Yang Xiang

DOI: https://doi.org/10.1016/j.ins.2018.05.024

IF: 8.1

2018-01-01

Information Sciences

Abstract:Data deduplication on cloud enables the cloud servers to store a cope of data and eliminate redundant one so that a goal to save storage space and network bandwidth is realized. Recently, many research works which are concerning to the privacy-preserving problem of dynamic ownership management in the secure data deduplication setting are published. However, to our knowledge, the existing schemes are not efficient when the cloud user joining and revocation frequently go on, especially in the absence of a trusted third party in practical cloud storage systems. In this paper, we propose a secure and scalable data deduplication scheme with dynamic user management, which updates dynamic group users in a secure way and restricts the unauthorized cloud users from the sensitive data owned by valid users. To further mitigate the communication overhead, the pre-verified accessing control technology is adopted, which prevents the unauthorized cloud users from downloading data. In other words, our present scheme also ensures that only the valid cloud users are able to download and decrypt the ciphertext from the cloud server. All this reduces the communication overhead in our scheme implementation. (C) 2018 Elsevier Inc. All rights reserved.

Jin Li,Yan Kit Li,Xiaofeng Chen,Patrick P. C. Lee,Wenjing Lou

DOI: https://doi.org/10.1109/tpds.2014.2318320

IF: 5.3

2015-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Data deduplication is one of important data compression techniques for eliminating duplicate copies of repeating data, and has been widely used in cloud storage to reduce the amount of storage space and save bandwidth. To protect the confidentiality of sensitive data while supporting deduplication, the convergent encryption technique has been proposed to encrypt the data before out-sourcing. To better protect data security, this paper makes the first attempt to formally address the problem of authorized data deduplication. Different from traditional deduplication systems, the differential privileges of users are further considered in duplicate check besides the data itself. We also present several new deduplication constructions supporting authorized duplicate check in a hybrid cloud architecture. Security analysis demonstrates that our scheme is secure in terms of the definitions specified in the proposed security model. As a proof of concept, we implement a prototype of our proposed authorized duplicate check scheme and conduct testbed experiments using our prototype. We show that our proposed authorized duplicate check scheme incurs minimal overhead compared to normal operations.

Bo Zhang,Helei Cui,Yaxing Chen,Xiaoning Liu,Zhiwen Yu,Bin Guo

DOI: https://doi.org/10.1007/978-3-031-23020-2_26

2022-01-01

Abstract:With the rapid development of blockchain technology, decentralized cloud storage services are emerging and have been a storage new option in this era. They aim to leverage the unused storage resources across the network to build a more economical and reliable distributed storage network and thus eliminate the trust in the centralized storage providers via matured blockchain consensus mechanisms. However, current solutions either lack the protection of user data privacy or apply conventional encryption methods that cannot support cross-user deduplication over encrypted data. These limitations make them struggle to balance the need for optimized storage space utilization and encrypted data protection, especially in the scenario where the user's files are geographically distributed in different nodes around the world. In this paper, we propose a secure deduplication system in the context of encrypted decentralized cloud storage. It utilizes smart contract to incorporate the message-locked encryption (MLE) scheme, the most prominent cryptographic primitive in secure data deduplication. With a carefully tailored design, our proposed scheme can be seamlessly deployed to the public blockchain with transparency. Together, our design enables secure data deduplication over decentralized storage, while providing stringent cryptographic data privacy guarantees. In particular, our proposed design has a natural benefit to prevent potential malicious attacks such as file ownership cheating and file ciphertext poisoning. We implement a prototype of our system and deploy it to Ethereum. Comprehensive performance evaluations are conducted with real datasets to demonstrate the effectiveness and efficiency of our design.

Ling Liu,Yuqing Zhang,Xuejun Li

DOI: https://doi.org/10.1109/tcc.2018.2869333

IF: 5.697

2021-04-01

IEEE Transactions on Cloud Computing

Abstract:Deduplication, which can save storage cost by enabling us to store only one copy of identical data, becomes unprecedentedly significant with the dramatic increase in data stored in the cloud. For the purpose of ensuring data confidentiality, they are usually encrypted before outsourced. Traditional encryption will inevitably result in multiple different ciphertexts produced from the same plaintext by different users’ secret keys, which hinders data deduplication. Convergent encryption makes deduplication possible since it naturally encrypts the same plaintexts into the same ciphertexts. One attendant problem is how to reliably and effectively manage a huge number of convergent keys. Several deduplication schemes have been proposed to deal with the convergent key management problem. However, they either need to introduce key management servers or require interaction between data owners. In this paper, we design a novel client-side deduplication protocol named KeyD without such an independent key management server by utilizing the identity-based broadcast encryption (IBBE) technique. Users only interact with the cloud service provider (CSP) during the process of data upload and download. Security analysis demonstrates that KeyD ensures data confidentiality and convergent key security, and well protects the ownership privacy simultaneously. A thorough and detailed performance comparison shows that our scheme makes a better tradeoff among the storage cost, communication and computation overhead.

computer science, information systems, theory & methods

Shunrong Jiang,Tao Jiang,Liangmin Wang

DOI: https://doi.org/10.1109/tsc.2017.2771280

IF: 11.019

2017-01-01

IEEE Transactions on Services Computing

Abstract:Data deduplication has been widely used in cloud storage to reduce storage space and communication overhead by eliminating redundant data and storing only one copy for them. In order to achieve secure data deduplication, the convergent encryption scheme and many of its variants are proposed. However, most of these schemes do not consider or cannot address the efficiently dynamic ownership changes and the secure Proof-of-Ownership (PoW), simultaneously. In this paper, we propose a secure data deduplication scheme with efficient PoW process for dynamic ownership management. Specially, our scheme supports both cross-user file-level and inside-user block-level data deduplication. During the file-level deduplication, we construct a new PoW scheme to ensure the tag consistency and achieve the mutual ownership verification. Moreover, we design a lazy update strategy to achieve efficient ownership management. For inside-user block-level deduplication, the user-aided key is used to realize convergent key management and reduce the key storage space. Finally, the security and performance analysis demonstrate that our scheme can ensure data confidentiality and tag consistency, and it is efficient in data ownership management.

Xuexue Jin,Lingbo Wei,Mengke Yu,Nenghai Yu,Jinyuan Sun

DOI: https://doi.org/10.1109/ICCChina.2013.6671119

2013-01-01

Abstract:Cloud computing is viewed as the next generation architecture of IT companies. As promising as it is, cloud computing also brings forth many new security issues when users outsource sensitive data to cloud servers. To keep sensitive users' data confidential against untrusted servers, existing solutions usually apply cryptographic methods. With data encryption, the same file will become different from each other, thus deduplication which is widely adopted by cloud storage service providers meets some challenges. Current method to solve the problem is to make use of some information computed from the shared file to achieve deduplication of encrypted data, say convergent encryption. But this piece of information which is computable from the file via a deterministic public algorithm is not really meant to be secret. To this end, we propose a scheme to address the deduplication of encrypted data efficiently and securely with the help of ensuring the ownership of the shared file, encrypting data using keys at user's will and realizing the anonymous store through the digital credential. We achieve this aims through proof of ownership (POW), proxy re-encryption (PRE) and digital credential.

Meixia Miao,Jianfeng Wang,Hui Li,Xiaofeng Chen

DOI: https://doi.org/10.1016/j.pmcj.2015.03.002

IF: 3.848

2015-01-01

Pervasive and Mobile Computing

Abstract:Cloud computing enables on-demand and ubiquitous access to a centralized pool of configurable resources such as networks, applications, and services. This makes that huge of enterprises and individual users outsource their data into the cloud server. As a result, the data volume in the cloud server is growing extremely fast. How to efficiently manage the ever-increasing datum is a new security challenge in cloud computing. Recently, secure deduplication techniques have attracted considerable interests in the both academic and industrial communities. It can not only provide the optimal usage of the storage and network bandwidth resources of cloud storage providers, but also reduce the storage cost of users. Although convergent encryption has been extensively adopted for secure deduplication, it inevitably suffers from the off-line brute-force dictionary attacks since the message usually can be predictable in practice. In order to address the above weakness, the notion of DupLESS was proposed in which the user can generate the convergent key with the help of a key server. We argue that the DupLESS does not work when the key server is corrupted by the cloud server. In this paper, we propose a new multi-server-aided deduplication scheme based on the threshold blind signature, which can effectively resist the collusion attack between the cloud server and multiple key servers. Furthermore, we prove that our construction can achieve the desired security properties.