Chuan Qin,Jingwei Li,Patrick P. C. Lee

DOI: https://doi.org/10.1145/3032966

2016-12-19

Abstract:Rekeying refers to an operation of replacing an existing key with a new key for encryption. It renews security protection, so as to protect against key compromise and enable dynamic access control in cryptographic storage. However, it is non-trivial to realize efficient rekeying in encrypted deduplication storage systems, which use deterministic content-derived encryption keys to allow deduplication on ciphertexts. We design and implement REED, a rekeying-aware encrypted deduplication storage system. REED builds on a deterministic version of all-or-nothing transform (AONT), such that it enables secure and lightweight rekeying, while preserving the deduplication capability. We propose two REED encryption schemes that trade between performance and security, and extend REED for dynamic access control. We implement a REED prototype with various performance optimization techniques and demonstrate how we can exploit similarity to mitigate key generation overhead. Our trace-driven testbed evaluation shows that our REED prototype maintains high performance and storage efficiency.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Jian Liu,N. Asokan,Benny Pinkas

DOI: https://doi.org/10.1145/2810103.2813623

2015-01-01

Abstract:Encrypting data on client-side before uploading it to a cloud storage is essential for protecting users' privacy. However client-side encryption is at odds with the standard practice of deduplication. Reconciling client-side encryption with cross-user deduplication is an active research topic. We present the first secure cross-user deduplication scheme that supports client-side encryption without requiring any additional independent servers. Interestingly, the scheme is based on using a PAKE (password authenticated key exchange) protocol. We demonstrate that our scheme provides better security guarantees than previous efforts. We show both the effectiveness and the efficiency of our scheme, via simulations using realistic datasets and an implementation.

Xin Tang,Linna Zhou,Yongfeng Huang,Chin-Chen Chang

DOI: https://doi.org/10.1109/trustcom/bigdatase.2018.00128

2018-01-01

Abstract:Cross-user deduplication is an emerging technique to ease the burden of cloud storage in big data era by storing only one copy of duplicate data. Efficiency reflects the feasibility and is a basic consideration when applying the deduplication scheme. However, in order to achieve certain level of security, existing works suffer from heavy overhead of computation as well as communication, which is a big obstacle for the actual deployment. In this paper, we propose an efficient cross-user deduplication scheme for encrypted data, which takes the lead to consider the efficiency during deduplication and makes it a reality to achieve secure deduplication in a lightweight way. To ensure the efficiency, we utilize the proposed re-encryption technique together with a non-interactive convergent key generation scheme to eliminate the cost of users and support batch verification of recovered data. The simulation results show that, with the same level of security guaranteed, the proposed scheme is more efficient comparing with the state of the art.

Saiyu Qi,Wei Wei,Jianfeng Wang,Shifeng Sun,Leszek Rutkowski,Tingwen Huang,Janusz Kacprzyk,Yong Qi

DOI: https://doi.org/10.1109/tmc.2023.3263901

IF: 6.075

2023-01-01

IEEE Transactions on Mobile Computing

Abstract:Data deduplication is of vital importance for mobile cloud computing to cope with the explosive growth of outsourced mobile data. In order to ensure the privacy of sensitive mobile data against an untrusted cloud, Message-Locked Encryption (MLE) has been proposed to enable deduplication over ciphertext. However, MLE prohibits data access control since it uses deterministic content-derived encryption keys. Recently, a lightweight rekeying-aware encrypted deduplication system (REED) has been proposed to achieve dynamic access control for secure data deduplication. However, REED is vulnerable to key-retaining attack and stub-retaining attack, which leads to insecure access revocation, and thus cannot support secure dynamic access control. In response, we present AC-Dedup, an encrypted deduplication storage system that supports secure dynamic access control for mobile cloud storage. At the core of AC-Dedup are two novel encryption techniques named mixed message locked encryption and random stub re-encryption to resist the two types of attacks, respectively. To the best of our knowledge, AC-Dedup is the first practical system that achieves secure data deduplication and secure dynamic access control simultaneously. We conduct security analysis and experimental evaluation on mobile device and cloud platform with real-world IoT datasets. The results show that AC-Dedup enables secure and efficient dynamic access control while preserving deduplication effectiveness.

computer science, information systems,telecommunications

Xinyan Wu,Jin Li,Huanwei Wang,Xiaoguang Liu,Weifeng Wu,Fagen Li

DOI: https://doi.org/10.1016/j.jisa.2024.103774

IF: 4.96

2024-04-24

Journal of Information Security and Applications

Abstract:Encryption deduplication technology first encrypts the file or chunks of data, then detects and removes duplicate ciphertexts, storing only one copy on the cloud storage server (CSP). Although traditional encryption deduplication schemes have the function of ciphertext deduplication, they also have a serious problem. Since the key generation algorithm and the encryption algorithm are deterministic, the frequency of plaintext chunking will be leaked. It is possible for the attacker to infer the information of the plaintext. We propose a Randomized Encryption deduplication method against Frequency Attack (REFA) that provides high randomness in ciphertexts. The core idea of REFA is that after obtaining a convergence key generated with the aid of a key server, the user randomizes the convergence key with a random value of the same length. Then, REFA encrypts the plaintext chunk with a randomized key. Our scheme hides the random value in the ciphertext and encrypts the convergence key for user ownership verification. REFA perfectly masks the frequency of plaintext chunks and has high storage efficiency and data security. Furthermore, the CSP performs ciphertext updates with ciphertexts uploaded by subsequent users. REFA can effectively protect against frequency analysis attacks.

computer science, information systems

Kang Sun,Lingdi Ping,Jiebing Wang,Zugen Liu,Xuezeng Pan

DOI: https://doi.org/10.1109/imsccs.2006.208

2006-01-01

Abstract:Cryptographic algorithms are usually compute-intensive and more efficiently implemented in hardware than in software. By taking advantage of FPGA technology, some work offers high performance and flexible solutions for cryptographic algorithms. But FPGAs still have some drawbacks. To overcome inherent shortages of FPGA, a novel asynchronous reconfigurable cryptographic engine (ARCEN) is introduced. In this architecture, reconfigurable cryptographic array is the kernel. It routes signals asynchronously between adjacent cells through Neighbor-to-Neighbor wires with 4-phase handshaking protocol. Computation circuit for reconfigurable cell is developed with modified DSDCVS logic. Experiment results show that the architecture has a better performance than FPGA.

GU Bolun,XU Zikai,LI Weihai,YU Nenghai

DOI: https://doi.org/10.11959/j.issn.2096-109x.2024055

2024-01-01

Abstract:With the rapid development and application of the Internet, traditional storage resources have been found unable to meet the growing demand for massive data storage. An increasing number of users have attempted to upload their data to third-party cloud servers for unified storage. Efficient deduplication and secure file sharing in the cloud have emerged as critical concerns. Moreover, users have always preferred to customize their passwords for encrypting and decrypting files, only sharing encrypted files when necessary. Based on this preference, a deterministic stepwise encryption algorithm was first designed. It was such that when the keys for the two steps of encryption satisfied a certain relationship, the two steps of encryption could be equivalent to a single encryption process. A novel key-customizable encrypted deduplication scheme with access control for cloud storage was proposed, utilizing the deterministic stepwise encryption algorithm to encrypt files and a ciphertext-policy attribute-based encryption algorithm to encrypt file keys. This scheme not only offered the flexibility to customize encryption and decryption keys for different users with the same files, but also ensured secure file sharing through a dynamic access control mechanism. Moreover, the optional access control component was made compatible with the majority of existing ciphertext-policy attribute-based encryption (CP-ABE) schemes, even allowing for different CP-ABE schemes within different attribute groups. Security analysis results show that the proposed scheme achieves the highest level of security under the current encrypted deduplication paradigm. Experimental and analytical results indicate that it effectively meets the practical needs of cloud service providers and users, and also achieves acceptable efficiency.

Heyi Tang,Yong Cui,Chaowen Guan,Jianping Wu,Jian Weng,Kui Ren

DOI: https://doi.org/10.1145/2897845.2897846

2016-01-01

Abstract:To secure cloud storage and enforce access control, data encryption has become essential, given the ever increasing cyber threat everywhere. Attribute-based Encryption (ABE) crypto systems are widely considered as a promising solution under such a context for its security strength, scalability and control flexibility. One major challenge, however, for applying ABE-based techniques in real world applications is its high overhead in various aspects. In this research, we are particularly concerned with the storage size expansion in existing ABE schemes. This combined with the vast-size nature of the cloud data poses an enormous challenge to the effective usage of the cloud data storage space and affects the utility of data deduplication. Normally, data deduplication is carried out based on identifying similar and even identical contents both within and between data files, however, these patterns will be destroyed after performing data encryption using any semantically secure encryption scheme including ABE. In this research, we focus on ciphertexts deduplication under ABE, which to our best knowledge is the first of such an effort. Our fundamental observation stems from the structure of ABE ciphertexts and the possible similarities among different access structures. We show how to design a secure ciphertext deduplication scheme based on a classical CP-ABE scheme by innovatively modifying the construction with a recursive algorithm, eliminating the duplicated secrets and adding additional randomness to some certain ciphertext. We then give a detailed analysis on the proposed scheme with respect to both efficiency and security. To thoroughly assess the performance of the proposed scheme, we also implement a prototype system and conduct comprehensive experiments, which shows that our ciphertext reduplication scheme could reduce up to 80% computation and storage cost in the best case.

Yunling Wang,Meixia Miao,Jianfeng Wang,Xuefeng Zhang

DOI: https://doi.org/10.1016/j.csi.2021.103523

2021-10-01

Abstract:<p>Secure deduplication is a promising solution to greatly reduce the storage space of the cloud. However, the encryption key is deterministically derived from the plaintext, such that who owns the plaintext has the derived key to decrypt the ciphertext. Therefore, how to revoke a user in deduplication schemes is a critical challenge. In the existing work, when updating the data authority, the data owner has to download the data from the cloud, decrypt, re-encrypt and finally upload them to the cloud. This process increases the communication and computation overheads. In this paper, we first propose a multi-user updatable encryption scheme. Specifically, the data owner can update the remote ciphertext under a new group key by sending an update token to the cloud. Then we adopt this technique to propose a new secure deduplication scheme supporting efficiently revoking an unauthorized user. In our scheme, the data owner just needs to send a token to the cloud to update the data authority, which saves the communication and computation costs. The security and efficiency analysis demonstrate that our proposed deduplication scheme can achieve the desired security properties with high efficiency.</p>

computer science, software engineering, hardware & architecture

Cui Li,Rongmao Chen,Yi Wang,Qianqian Xing,Baosheng Wang

DOI: https://doi.org/10.1109/tdsc.2024.3353811

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:To address the confidentiality concerns of malicious adversaries that fully compromise the message broker in pub/sub based IoT systems, several researchers use proxy re-encryption (PRE) to realize end-to-end encrypted message distribution (from publisher to subscriber). However, the all-or-nothing share feature of PRE poses a problem that the share cannot be efficiently revoked. The only way for publishers to revoke the access rights of subscribers is to pick a new public-private key pair and re-generate the re-encryption keys for all the remaining subscribers, which hampers the scalability in practice. To realize efficient user revocation, we present REEDS, an efficient revocable end-to-end encrypted message distribution system for IoT. The core of REEDS is a novel proxy-aided identity-based conditional proxy re-encryption (PIB-CPRE) scheme. Essentially, we use a binary-tree structure to organize re-encryption keys, so that the update of re-encryption keys is reduced from linear to logarithmic in the number of subscribers. We show that REEDS satisfies confidentiality, efficient immediate revocation, decentralized authorization, and maintains low overhead for publishers and subscribers. The prototype system is implemented and its performance is evaluated. The results show that REEDS is not only easy to deploy over existing message brokers but also highly efficient.

computer science, information systems, software engineering, hardware & architecture

Ling Liu,Yuqing Zhang,Xuejun Li

DOI: https://doi.org/10.1109/tcc.2018.2869333

IF: 5.697

2021-04-01

IEEE Transactions on Cloud Computing

Abstract:Deduplication, which can save storage cost by enabling us to store only one copy of identical data, becomes unprecedentedly significant with the dramatic increase in data stored in the cloud. For the purpose of ensuring data confidentiality, they are usually encrypted before outsourced. Traditional encryption will inevitably result in multiple different ciphertexts produced from the same plaintext by different users’ secret keys, which hinders data deduplication. Convergent encryption makes deduplication possible since it naturally encrypts the same plaintexts into the same ciphertexts. One attendant problem is how to reliably and effectively manage a huge number of convergent keys. Several deduplication schemes have been proposed to deal with the convergent key management problem. However, they either need to introduce key management servers or require interaction between data owners. In this paper, we design a novel client-side deduplication protocol named KeyD without such an independent key management server by utilizing the identity-based broadcast encryption (IBBE) technique. Users only interact with the cloud service provider (CSP) during the process of data upload and download. Security analysis demonstrates that KeyD ensures data confidentiality and convergent key security, and well protects the ownership privacy simultaneously. A thorough and detailed performance comparison shows that our scheme makes a better tradeoff among the storage cost, communication and computation overhead.

computer science, information systems, theory & methods

Yilei Wang,Dongjie Yan,Fagen Li,Hu Xiong

2017-01-01

Abstract:Proxy re-encryption (PRE) enables a semi-trusted proxy to delegate the decryption right by re-encrypting the ciphertext under the delegator’s public key to an encryption under the public key of delegatee. Fueled by the translation ability, PRE is regarded as a promising candidate to secure data sharing in a cloud environment. However, the security of the PRE will be totally destroyed in case the secret key of the delegator or the delegatee has been exposed. Despite the key exposure seems inevitable, the PRE scheme with resistance against secret key leakage has never been presented before. To deal with this intractable problem, we propose a key-insulated proxy reencryption (KIPRE) scheme by incorporating the mechanisms of PRE and key-insulated cryptosystem. In the proposed scheme, the lifetime of the secret key associated with the user, i.e., the delegator or the delegatee, has been divided into several periods. In each time period, the user can interact with his/her physically-secure but computation-limited helper to update his/her temporary secret key. On the contrary, the public keys of the users remained unchanged during the whole lifetime of the system. We then apply our KIPRE scheme to construct a practical solution to the problem of sharing sensitive information in public clouds with resilience to the key exposure. The performance evaluation and the security analysis demonstrate that our scheme is efficient and practical.

WeiDong Zhong,Xu An Wang,Ziqing Wang,Yi Ding

DOI: https://doi.org/10.1109/CIS.2011.217

2011-01-01

Abstract:Proxy re-encryption (PRE) allows a proxy to transform a cipher text for Alice (delegator) to be the one which can be decrypted by Bob (delegatee). Since it is introduced by Blaze et al. in 1998, many variants of PRE have been proposed. In this paper, we concentrate on two of them: anonymous conditional proxy re-encryption (ACPRE) and constrained proxy re-encryption with keyword search (PRES). Conditional proxy re-encryption (CPRE) is a primitive which only allows those cipher texts satisfying the condition can be re-encrypted correctly by the proxy. Anonymous conditional proxy re-encryption (ACPRE) requires the proxy not knowing which condition the cipher text associated with. PRES is a primitive which allows the proxy simultaneously re-encrypt and search the delegator's cipher text. Based on the PRES proposed by Shao et al., We show the definition of constrained proxy re-encryption with keyword search (CPRES), give its security models and discuss its potential applications. At last, based on a concrete ACPRE scheme, we construct a concrete CPRES scheme.

Xu An Wang,Ziqing Wang,Yi Ding,Shujun Bai

DOI: https://doi.org/10.1109/cis.2011.213

2011-01-01

Abstract:The traditional proxy re-encryption (PRE) or conditional proxy re-encryption (CPRE) can re-encrypt infinite times on the delegator's cipher text. However many practical applications do not need this property, they prefer the delegator can control on the times the proxy can re-encrypt. In this paper, we introduce a new kind of proxy re-encryption: k-times proxy re-encryption (KPRE). To construct a concrete KPRE scheme, we add public/private key to the proxy. In k-times proxy re-encryption, the proxy can only re-encrypt k times, otherwise the proxy's private key will be exposed. We construct a concrete IND-RCCA secure KPRE scheme by combining the k-times signature and Libert et al's IND-RCCA PRE scheme in PKC'08.

Shahnawaz Ahmad,Mohd. Arif,Javed Ahmad,Mohd. Nazim,Shabana Mehfuz

DOI: https://doi.org/10.1002/cpe.8205

2024-06-23

Concurrency and Computation Practice and Experience

Abstract:Summary The exponential growth of data poses a critical challenge for cloud storage systems. Redundant data consumes valuable storage space and increases infrastructure costs. Data deduplication, a technique for eliminating duplicate data copies, offers a promising solution. However, existing deduplication techniques often compromise data security, especially when dealing with encrypted data. This paper proposes a novel approach that merges convergent encryption (CE) with data deduplication. CE leverages user data itself to generate unique encryption keys, enabling secure deduplication on encrypted data. We analyze existing literature on secure data deduplication and categorize various techniques using UML activity diagrams. We then present our proposed CE‐based deduplication system, outlining its functionalities through UML diagrams. This research contributes to the field of secure data storage by proposing a novel and secure deduplication approach. By demonstrating its efficiency and security benefits, this work paves the way for more efficient and secure cloud storage solutions. Finally, we demonstrate the system's effectiveness through a comparative analysis, highlighting its potential to significantly improve storage efficiency while maintaining data security.

computer science, theory & methods, software engineering

Fucai Luo,Haiyan Wang,Willy Susilo,Xingfu Yan,Xiaofan Zheng

DOI: https://doi.org/10.1109/tifs.2024.3357240

IF: 7.231

2024-02-02

IEEE Transactions on Information Forensics and Security

Abstract:Proxy re-encryption (PRE), as a promising cryptographic primitive for secure data sharing in clouds, has been widely studied for decades. PRE allows the proxies to use the re-encryption keys to convert ciphertexts computed under the delegator's public key into ones that can be decrypted using the delegatees' secret keys, without knowing anything about the underlying plaintext. This delegable property of decryption rights enables flexible cloud data sharing, but it raises an important issue: if some proxies reveal their re-encryption keys, or collude with some delegatees to create a pirate decoder, then anyone who gains access to the pirate decoder can decrypt all ciphertexts computed under the delegator's public key without the delegator's permission. This paper opens up a potentially new avenue of research to address the above (re-encryption) key abuse problem by proposing the first public trace-and-revoke PRE system, where the malicious delegatees and proxies involved in the generation of a pirate decoder can be identified by anyone who gains access to the pirate decoder, and their decryption capabilities can subsequently be revoked by the content distributor. Our construction is multi-hop, supports user revocation and public (black-box) traceability, and achieves significant efficiency advantages over previous constructions. Technically, our construction is a generic transformation from inner-product functional PRE (IPFPRE) that we introduce to trace-and-revoke PRE. In addition, we instantiate our generic construction of trace-and-revoke PRE from the Learning with Errors (LWE) assumption, which was widely believed to be quantum-resistant. This is achieved by proposing the first LWE-based IPFPRE scheme, which may be of independent interest. Finally, we conduct a comprehensive performance evaluation of our LWE-based trace-and-revoke PRE scheme, and the experimental results show that the proposed LWE-based trace-and-revoke PRE scheme is practical and outperforms current state-of-the-art traceable PRE schemes.

computer science, theory & methods,engineering, electrical & electronic

Feixiang Zhao,Jian Weng,Wenli Xie,Lin Hou,Ming Li

DOI: https://doi.org/10.1007/s10623-024-01467-x

IF: 1.4

2024-09-03

Designs Codes and Cryptography

Abstract:Proxy re-encryption (PRE) is a cryptosystem that realizes efficient encrypted data sharing by allowing a third party proxy to transform a ciphertext intended for a delegator (i.e., Alice) to a ciphertext intended for a delegatee (i.e., Bob). Attribute-based proxy re-encrypftion (AB-PRE) generalizes PRE to the attribute-based scenarios, enabling fine-grained access control on ciphertexts. However, the existing AB-PRE schemes do not adequately address the following problems: (1) the risk of decryption key leakage, and (2) the need of time-based delegation. To resolve these problems, we introduce a primitive called time-based attribute-based proxy re-encryption (TB-AB-PRE) with decryption key update. TB-AB-PRE associates keys with the current time information and supports efficient periodical decryption key update for each time transition. This property guarantees that a compromise of a decryption key for some time does not breach the security of ciphertexts from the others. Leveraging this time-based property, the proposed TB-AB-PRE elegantly achieves time-based delegation which enables Alice to decide which ciphertexts can be transformed and their decryptable timeframe after being transformed. The proposed construction is proven to be secure against honest re-encryption attacks with decryption key exposure resistance, under the learning with errors assumption.

mathematics, applied,computer science, theory & methods

Yan Tang,Jianwei Yin,ShuiGuang Deng,Ying Li

DOI: https://doi.org/10.1109/MASCOTS.2016.71

2016-01-01

Abstract:Specific requirements and characteristics of primary storage make designing desirable deduplication schemes a sophisticated task. In this paper, we propose DIODE, a Dynamic Inline-Offline DEduplication scheme that provides salient read/write performance and space-saving simultaneously for primary storage systems. DIODE orchestrates inline and offline processes in a dynamic manner. We propose two innovative mechanisms in DIODE: Context-aware Threshold Adjustment (CTA) for inline-phase deduplication and Deferred Priority-based Enforcement (DPE) for offline-phase deduplication, respectively. CTA mechanism enables selective inline deduplication under a dynamically updated threshold. Data skipped during inline-phase is regarded as candidates for offline-phase, and is handled in a prioritized order under the governance of DPE mechanism. Inline deduplication works in concert with offline deduplication so as to complement the weakness of each other.

Jingyuan Fan,Chaowen Guan,Kui Ren,Chunming Qiao

DOI: https://doi.org/10.1109/tnet.2018.2846791

2018-01-01

IEEE/ACM Transactions on Networking

Abstract:To eliminate redundant transfers over WAN links and improve network efficiency, middleboxes have been deployed at ingress/egress. These middleboxes can operate on individual packets and are application layer protocol transparent. They can identify and remove duplicated byte strings on the fly. However, with the increasing use of HTTPS, current redundancy elimination (RE) solution can no longer work without violating end-to-end privacy. In this paper, we present RE over encrypted traffic (REET), the first middlebox-based system that supports both intra-user and inter-user packet-level RE directly over encrypted traffic. REET realizes this by using a novel protocol with limited overhead and protects end users from honestbut-curious middleboxes. We implement REET and show its performance for both end users and middleboxes using several hundred gigabytes of network traffic traces collected from a large U.S. university.

Zhenhua Chen,Shundong Li,Yimin Guo,Yilei Wang,Yunjie Chu

DOI: https://doi.org/10.1007/978-3-319-11698-3_7

2014-01-01

Abstract:In this paper, we introduce a new concept of limited proxy re-encryption with keyword search (LPREKS) for fine-grained data access control in cloud computing, which combines the function of limited proxy re-encryption (LPRE) and that of public key encryption with keyword search (PEKS). However, an LPREKS scheme cannot be obtained by directly combining those two schemes since the resulting scheme is no longer proven secure in our security model. Our scheme is proven semantically secure under the modified Bilinear Diffie-Hellman (mBDH) assumption and the q-Decisional Bilinear Diffie-Hellman inversion (qDBDHI) assumption in the random oracle model. Our proposal realizes three desired situations as follows: (1) the proxy cloud server can re-encrypt the delegated data containing some keyword which matches the trapdoor from delegatee, (2) the proxy can only reencrypt a limited number of delegated data to the delegatee; otherwise, the private key of the proxy will be exposed, and (3) the proxy cloud server learns nothing about the contents of data and keyword.