Jian Liu,N. Asokan,Benny Pinkas

DOI: https://doi.org/10.1145/2810103.2813623

2015-01-01

Abstract:Encrypting data on client-side before uploading it to a cloud storage is essential for protecting users' privacy. However client-side encryption is at odds with the standard practice of deduplication. Reconciling client-side encryption with cross-user deduplication is an active research topic. We present the first secure cross-user deduplication scheme that supports client-side encryption without requiring any additional independent servers. Interestingly, the scheme is based on using a PAKE (password authenticated key exchange) protocol. We demonstrate that our scheme provides better security guarantees than previous efforts. We show both the effectiveness and the efficiency of our scheme, via simulations using realistic datasets and an implementation.

Wu Jiyi,Zhang Jianlin,Fu Jianqing,Ping Lingdi

DOI: https://doi.org/10.3969/j.issn.1000-0801.2011.02.013

2011-01-01

Abstract:As the latest development of the distributed storage technology,cloud storage is the product of the integration of distributed storage and virtualization technologies.Cloud storage is a method that allows you to use storage facilities available on the Internet.Relative to the current C/S computing model cloud storage file systems,including GFS,HDFS,Sector,we proposed a general model of peer-to-peer based Cloud Storage file system,and constructed a prototype system named MingCloud based on Kademlia algorithm.Focused on redundancy scheme selection and design of the storage system,our experiment used the Cauchy Codes as coding algorithm to assess the system from many aspects,including the impact of K bucket size on system availability,the impact of File block number on system availability,comparison of system availability under same redundancy.Compared with the redundant mode of complete copy,the Erasure Code model provided more satisfactory system availability,and more suitable to apply to the P2P cloud storage system.

GU Bolun,XU Zikai,LI Weihai,YU Nenghai

DOI: https://doi.org/10.11959/j.issn.2096-109x.2024055

2024-01-01

Abstract:With the rapid development and application of the Internet, traditional storage resources have been found unable to meet the growing demand for massive data storage. An increasing number of users have attempted to upload their data to third-party cloud servers for unified storage. Efficient deduplication and secure file sharing in the cloud have emerged as critical concerns. Moreover, users have always preferred to customize their passwords for encrypting and decrypting files, only sharing encrypted files when necessary. Based on this preference, a deterministic stepwise encryption algorithm was first designed. It was such that when the keys for the two steps of encryption satisfied a certain relationship, the two steps of encryption could be equivalent to a single encryption process. A novel key-customizable encrypted deduplication scheme with access control for cloud storage was proposed, utilizing the deterministic stepwise encryption algorithm to encrypt files and a ciphertext-policy attribute-based encryption algorithm to encrypt file keys. This scheme not only offered the flexibility to customize encryption and decryption keys for different users with the same files, but also ensured secure file sharing through a dynamic access control mechanism. Moreover, the optional access control component was made compatible with the majority of existing ciphertext-policy attribute-based encryption (CP-ABE) schemes, even allowing for different CP-ABE schemes within different attribute groups. Security analysis results show that the proposed scheme achieves the highest level of security under the current encrypted deduplication paradigm. Experimental and analytical results indicate that it effectively meets the practical needs of cloud service providers and users, and also achieves acceptable efficiency.

JIN Xue-xue,YU Neng-hai,ZHANG Chi,SUN Chang-xiang

DOI: https://doi.org/10.3969/j.issn.1009-8054.2013.05.028

2013-01-01

Abstract:For the requirements by efficient and secure data storage in cloud storage,a de-duplication scheme of encrypted data with proof of ownership is proposed.Firstly,a data owner is identified by taking advantage of the proof of ownership based on Merkle Hash Tree.After that,encrypted data is deduplicated by combining the proxy re-encryption.For some selfish clients an incentive mechanism is given.And the security of this proposed scheme is analysed.The experiment results show that the overhead of communication and computing required for reduction of storage space and bandwidth is very low.

Lei Zhou,Anmin Fu,Yi Mu,Huaqun Wang,Shui Yu,Yinxia Sun

DOI: https://doi.org/10.1016/j.ins.2020.08.031

IF: 8.1

2021-02-01

Information Sciences

Abstract:<p>In the era of big data, there are several insuperable research challenges in establishing Electronic Medical Record (EMR) for updating massive data with traditional methods. It is an attractive option to create the cloud-based EMR system, since cloud provides elastic and affordable data storage and management services. However, once the medical records are uploaded into the cloud, the owner will lose the control over the data, and sensitive contents might be accessed or modified by unauthorized entities. To address this issue, we propose a multicopy provable data possession for cloud-based EMR systems, which ensures the integrity and privacy of EMR data. In particular, to achieve data updates, we design a novel dynamic structure that improves the Merkle Hash Tree for multicopy storage, which achieves full dynamics efficiently and safely. Moreover, a random masking technique is employed in our proposal to generate distinguishable replica blocks of one block. Our construction prevents a verifier from obtaining medical records from challenge responses, but also eliminates exposing the content to unauthorized entities. Our security analysis shows that our scheme is provably secure. Evaluation experiments demonstrate that the proposal has lower communication and computation costs in comparison with the existing schemes.</p>

computer science, information systems

Jin, Chunhua

DOI: https://doi.org/10.1007/s12083-024-01734-7

IF: 3.488

2024-06-05

Peer-to-Peer Networking and Applications

Abstract:Cloud storage has attracted widespread attention due to its advantages such as convenience, low cost, and easy scalability. With the explosion of cloud data volumes, security and performance issues are becoming major concerns. Countermeasures like data deduplication and integrity auditing techniques have been extensively studied. However, traditional auditable deduplication protocols face significant challenges related to confidentiality, reliability, and efficiency. Aiming to address these challenges, a blockchain-based auditable deduplication scheme for multi-cloud storage is proposed in this paper. Specifically, this scheme leverages blockchain technology and bilinear pairing cryptosystem to achieve an auditable deduplication mechanism that not only saves storage space but also checks data integrity. Furthermore, convergent encryption and threshold secret sharing algorithms are utilized to enhance storage confidentiality and system reliability. Batch auditing and anti-repeated auditing techniques are also adopted to improve auditing efficiency. Finally, security analysis and performance evaluation reveal that the proposed scheme achieves the expected security and performance requirements.

computer science, information systems,telecommunications

Zirui Guo,Kai Zhang,Lifei Wei,Siyuan Chen,Liangliang Wang

DOI: https://doi.org/10.1016/j.sysarc.2023.102913

IF: 5.836

2023-06-03

Journal of Systems Architecture

Abstract:Multi-copy data possession on multi-cloud storage service provides resource-constrained users with a secure and effective way to process data maintenance. To enable integrity for the outsourced data, numerous multi-copy data auditing schemes for multi-cloud storage have been proposed. Nevertheless, existing solutions suffer from the following limitations: (i) cannot support dynamic data updates; (ii) fail to consider the user revocation feature; (iii) may leak the privacy of user identity. To address these limitations, we propose a new identity-based multi-copy data auditing scheme for multi-cloud storage, termed RDIMM . We introduce a new variant of Merkle Tree to enable fully dynamic data updates, in which all copies of a raw block are kept in the same leaf node. In addition, we design a new key generation strategy and a private key update technique, where the cost of user revocation is independent of the total number of file blocks owned by the revoked user. Moreover, we conduct a comprehensive correctness analysis and security analysis of our proposed RDIMM. In addition, we provide detailed theoretical analysis and experimental simulations, which illustrate the effective functionality and practical performance compared to state-of-the-art works.

computer science, software engineering, hardware & architecture

Jingyi Li,Yidong Li,Jigang Wu,Zikai Zhang,Yi Jin

DOI: https://doi.org/10.1109/tnse.2024.3369630

IF: 6.6

2024-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Data deduplication schemes have been widely used in cloud storage systems to save storage space by eliminating duplicate outsourced data. However, the reduction of redundancy leads to decreased data availability and unbalanced data distribution. This paper proposes a blockchain-based decentralized storage system with reliable deduplication and storage balance strategy to provide reliability for deduplicated outsourced data. Encrypted data is split into chunks by a ramp secret sharing scheme, and it is distributed to multiple independent cloud servers. States of the chunks are recorded on the tamper-proofed blockchain and they can be used to recover the raw data or support the verification of user identity. To balance the distribution of data among storage servers, a heuristic matching algorithm is designed to efficiently allocate the available storage space. The allocation services are published by autonomous smart contracts and other participants gain rewards by giving the best matching results of data chunks and storage servers. Formulation analysis demonstrates the correctness of the proposed scheme in terms of data consistency, integrity, and reliability. Experimental results show that the proposed scheme preserves the confidentiality of outsourced data with acceptable computational consumption.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Xuexue Jin,Lingbo Wei,Mengke Yu,Nenghai Yu,Jinyuan Sun

DOI: https://doi.org/10.1109/ICCChina.2013.6671119

2013-01-01

Abstract:Cloud computing is viewed as the next generation architecture of IT companies. As promising as it is, cloud computing also brings forth many new security issues when users outsource sensitive data to cloud servers. To keep sensitive users' data confidential against untrusted servers, existing solutions usually apply cryptographic methods. With data encryption, the same file will become different from each other, thus deduplication which is widely adopted by cloud storage service providers meets some challenges. Current method to solve the problem is to make use of some information computed from the shared file to achieve deduplication of encrypted data, say convergent encryption. But this piece of information which is computable from the file via a deterministic public algorithm is not really meant to be secret. To this end, we propose a scheme to address the deduplication of encrypted data efficiently and securely with the help of ensuring the ownership of the shared file, encrypting data using keys at user's will and realizing the anonymous store through the digital credential. We achieve this aims through proof of ownership (POW), proxy re-encryption (PRE) and digital credential.

Xuewei Ma,Wenyuan Yang,Yuesheng Zhu,Zhiqiang Bai

DOI: https://doi.org/10.1109/ipccc55026.2022.9894331

2022-01-01

Abstract:Encrypted data deduplication is an important technique for saving storage space and network bandwidth, which has been widely used in cloud storage. Recently, a number of schemes that solve the problem of data deduplication with dynamic ownership management have been proposed. However, these schemes suffer from low efficiency when the dynamic ownership changes a lot. To this end, in this paper, we propose a novel server-side deduplication scheme for encrypted data in a hybrid cloud architecture, where a public cloud (Pub-CSP) manages the storage and a private cloud (Pri-CSP) plays a role as the data owner to perform deduplication and dynamic ownership management. Further, to reduce the communication overhead we use an initial uploader check mechanism to ensure only the first uploader needs to perform encryption, and adopt an access control technique that verifies the validity of the data users before they download data. Our security analysis and performance evaluation demonstrate that our proposed server-side deduplication scheme has better performance in terms of security, effectiveness, and practicability compared with previous schemes. Meanwhile, our method can efficiently resist collusion attacks and duplicate faking attacks.

Heyi Tang,Yong Cui,Chaowen Guan,Jianping Wu,Jian Weng,Kui Ren

DOI: https://doi.org/10.1145/2897845.2897846

2016-01-01

Abstract:To secure cloud storage and enforce access control, data encryption has become essential, given the ever increasing cyber threat everywhere. Attribute-based Encryption (ABE) crypto systems are widely considered as a promising solution under such a context for its security strength, scalability and control flexibility. One major challenge, however, for applying ABE-based techniques in real world applications is its high overhead in various aspects. In this research, we are particularly concerned with the storage size expansion in existing ABE schemes. This combined with the vast-size nature of the cloud data poses an enormous challenge to the effective usage of the cloud data storage space and affects the utility of data deduplication. Normally, data deduplication is carried out based on identifying similar and even identical contents both within and between data files, however, these patterns will be destroyed after performing data encryption using any semantically secure encryption scheme including ABE. In this research, we focus on ciphertexts deduplication under ABE, which to our best knowledge is the first of such an effort. Our fundamental observation stems from the structure of ABE ciphertexts and the possible similarities among different access structures. We show how to design a secure ciphertext deduplication scheme based on a classical CP-ABE scheme by innovatively modifying the construction with a recursive algorithm, eliminating the duplicated secrets and adding additional randomness to some certain ciphertext. We then give a detailed analysis on the proposed scheme with respect to both efficiency and security. To thoroughly assess the performance of the proposed scheme, we also implement a prototype system and conduct comprehensive experiments, which shows that our ciphertext reduplication scheme could reduce up to 80% computation and storage cost in the best case.

Yunling Wang,Meixia Miao,Jianfeng Wang,Xuefeng Zhang

DOI: https://doi.org/10.1016/j.csi.2021.103523

2021-10-01

Abstract:<p>Secure deduplication is a promising solution to greatly reduce the storage space of the cloud. However, the encryption key is deterministically derived from the plaintext, such that who owns the plaintext has the derived key to decrypt the ciphertext. Therefore, how to revoke a user in deduplication schemes is a critical challenge. In the existing work, when updating the data authority, the data owner has to download the data from the cloud, decrypt, re-encrypt and finally upload them to the cloud. This process increases the communication and computation overheads. In this paper, we first propose a multi-user updatable encryption scheme. Specifically, the data owner can update the remote ciphertext under a new group key by sending an update token to the cloud. Then we adopt this technique to propose a new secure deduplication scheme supporting efficiently revoking an unauthorized user. In our scheme, the data owner just needs to send a token to the cloud to update the data authority, which saves the communication and computation costs. The security and efficiency analysis demonstrate that our proposed deduplication scheme can achieve the desired security properties with high efficiency.</p>

computer science, software engineering, hardware & architecture

Zheng Tu,Xu An Wang,Weidong Du,Zexi Wang,Ming Lv

DOI: https://doi.org/10.1016/j.jksuci.2023.01.021

IF: 9.006

2023-02-08

Journal of King Saud University - Computer and Information Sciences

Abstract:The security of the data in the cloud server suffers great challenges, and how to ensure the integrity of the outsourced data in the cloud servers is a problem that should be solved. Cloud data auditing technique is such a solution , which allows to check data integrity without retrieving them from the cloud. In case single-copy data may be violated by malicious attackers, Zhang et al. proposed a multi-copy cloud data auditing scheme MCAM in 2020. However, in their scheme, an attacker can forge the evidence for integrity verification only by exploiting public information and the cloud server can compromise the integrity verification even it does not store any data. In this paper, we identify these security flaws in MCAM and design a new evidence verification algorithm to fix them. Then, we propose a multi-copy cloud data auditing scheme based on our evidence verification algorithm and MCAM. In security analysis, we prove that our multi-copy cloud data auditing scheme can fix the security flaws of MCAM. Thus, our scheme is more secure than MCAM. In performance analysis, we show that our scheme is more communication efficient than MCAM. Finally, we point out one potential application of our scheme.

computer science, information systems

GE Wenting,LI Weihai,YU Nenghai

DOI: https://doi.org/10.11959/j.issn.2096-109x.2023066

2023-01-01

Abstract:Due to the existing cloud data deduplication schemes mainly focus on file-level deduplication.A scheme was proposed, based on attribute encryption, to support data block-level weight removal.Double granularity weight removal was performed for both file-level and data block-level, and data sharing was achieved through attribute encryption.The algorithm was designed on the hybrid cloud architecture Repeatability detection and consistency detection were conducted by the private cloud based on file labels and data block labels.A Merkle tree was established based on block-level labels to support user ownership proof.When a user uploaded the cipher text, the private cloud utilized linear secret sharing technology to add access structures and auxiliary information to the cipher text.It also updated the overall cipher text information for new users with permissions.The private cloud served as a proxy for re-encryption and proxy decryption, undertaking most of the calculation when the plaintext cannot be obtained, thereby reducing the computing overhead for users.The processed cipher text and labels were stored in the public cloud and accessed by the private cloud.Security analysis shows that the proposed scheme can achieve PRV-CDA (Privacy Choose-distribution attacks) security in the private cloud.In the simulation experiment, four types of elliptic curve encryption were used to test the calculation time for key generation, encryption, and decryption respectively, for different attribute numbers with a fixed block size, and different block sizes with a fixed attribute number.The results align with the characteristics of linear secret sharing.Simulation experiments and cost analysis demonstrate that the proposed scheme can enhance the efficiency of weight removal and save time costs.

Bo An,Yan Li,Junming Ma,Gang Huang,Xiangqun Chen,Donggang Cao

DOI: https://doi.org/10.1109/icws.2019.00056

2019-01-01

Abstract:The increasing popularity of cloud storage is leading many organizations to move their data into the cloud. However, putting all data in one cloud causes problems such as vendor lock-in, increased service costs, and data availability. In this paper, we introduce DCStore, a Cloud-of-Clouds storage service designed for an organization to outsource their data into the clouds. To achieve the goal of cost-efficient and high-available, we combine three key techniques. First, DCStore eliminates the redundant data at client-side to save storage cost via application-aware chunking method. Second, DCStore uses an inner-chunk based erasure coding scheme to distribute unique chunks across multiple clouds for high availability. Finally, a container-based share management strategy is used for performance optimization. Our experimental evaluations show that DCStore can improve the performance and cost efficiency significantly, compared with existing Cloud-of-Clouds storage systems.

Jian Zhang,Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/iwqos.2017.7969107

2017-01-01

Abstract:With the development of cloud storage, data owners no longer physically possess their data and thus how to ensure the integrity of their outsourced data becomes a challenging task. Several protocols have been proposed to audit cloud storage, all of which rely mainly on data block tags to check data integrity. However, their block tag constructions employ cryptographic operations, which makes them computationally complex. In this paper, we investigate a secure cloud storage protocol based on the classic discrete logarithm problem. Our protocol generates data block tags with only basic algebraic operations, which brings substantial computation savings compared with previous work. We also strictly prove that the proposed protocol is secure under a definition which captures the real-world uses of cloud storage. In order to fit more application scenarios, we extend the proposed protocol to support data dynamics by employing an index vector and third-party public auditing by using a random masking number, both of which are efficient and provably secure. At last, theoretical analysis and experimental evaluation are provided to validate the superiority of the proposed protocol.

Haoyu Zheng,Shengke Zeng,Hongwei Li,Zhijun Li

DOI: https://doi.org/10.1109/tdsc.2024.3362796

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Cloud storage provides highly available and low cost resources to users. However, as massive amounts of outsourced data grow rapidly, an effective data deduplication scheme is necessary. This is a hot and challenging field, in which there are quite a few researches. However, most of previous works require dual-server fashion to be against brute-force attacks and do not support batch checking. It is not practicable for the massive data stored in the cloud. In this paper, we present a secure batch deduplication scheme for backup system. Besides, our scheme resists the brute-force attacks without the aid of other servers. The core idea of the batch deduplication is to separate users into different groups by using short hashes. Within each group, we leverage group key agreement and symmetric encryption to achieve secure batch checking and semantically secure storage. We also extensively evaluate its performance and overhead based on different datasets. We show that our scheme saves the data storage by up to 89.84%. These results show that our scheme is efficient and scalable for cloud backup system and can also ensure data confidentiality.

computer science, information systems, software engineering, hardware & architecture

K. Rajkumar,U. Hariharan,V. Dhanakoti,N. Muthukumaran

DOI: https://doi.org/10.1007/s11276-023-03448-9

IF: 2.701

2023-08-29

Wireless Networks

Abstract:Cloud storage is the ideal solution for outsourcing big data since the cloud can store a large amount of data. Cloud storage, on the other hand, raises additional problems about data duplication, fine-grained access control, and privacy, all of these factors are crucial for cloud large data storage. Data duplication approaches based on encrypted data schemes now available do not provide for fine-grained access control. This paper proposes a secure framework for managing data using rapid asymmetric maximum based dynamic size chunking and fuzzy logic for deduplication. Chunking, fingerprinting, hashing, and writing are the four main process of the proposed method. Initially, chunking is done to split the files into chunks. Rapid Asymmetric Maximum (RAM) based Dynamic Size Chunking (DSC) is used in the proposed method. These chunked files are then fingerprinted using hashing process for ensuring data authentication. Then B-tree indexing approach is used in the proposed method in order to keep the fingerprinted in an organized state. General Type2-Fuzzy logic is using Ant Lion Optimization (ALO) is used for detecting duplicate files in the documents. In the cloud storage platform, only non-duplicate documents are safely kept. The Triple Data Encryption Standard is used to do a security study before outsourcing non-duplicate data to a third-party cloud server. The total computation time of the proposed technique is 0.4 s in the inline phase and 0.04 s in the offline phase, and the deduplication ratio is 95% in the inline phase and 90% in the offline phase. This proposed deduplication approach requires less storage, which reduces memory use and processing time.

computer science, information systems,telecommunications,engineering, electrical & electronic

Qingyang Zhang,Zhiming Zhang,Jie Cui,Hong Zhong,Yang Li,Chengjie Gu,Debiao He

DOI: https://doi.org/10.1109/tpds.2023.3323155

IF: 5.3

2023-12-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:As the disruptor of cloud storage, decentralized storage could lead to a major shift in how organizations store data in the future. To ensure data availability, users generally encrypt the data and distribute it to multiple storage service providers. It is necessary to study data integrity verification in decentralized storage. Although some recent studies have proposed the using blockchain technology to assist auditing work in decentralized storage networks, the on-chain overhead still increases linearly with an increase in audit requests. Blockchain networks will inevitably be overloaded. In this study, we propose an efficient data integrity auditing scheme for multiple copies in decentralized storage. Particularly, using different polynomial commitment schemes, we first propose a basic scheme for verifying multiple copies of a single file, and then we propose an efficient batch auditing scheme for multiple copies of multiple files. Our scheme can significantly reduce the computation overhead of storage service providers while keeping the on-chain storage overhead constant. Security analysis and performance analysis show that our scheme is efficient and practical.

computer science, theory & methods,engineering, electrical & electronic

Yilin Yuan,Fan Yang,Xiao Wang,Yimin Tian,Zichen Li

DOI: https://doi.org/10.7717/peerj-cs.1790

2024-01-17

PeerJ Computer Science

Abstract:Nowadays, more people are choosing to use cloud storage services to save space and reduce costs. To enhance the durability and persistence, users opt to store important data in the form of multiple copies on cloud servers. However, outsourcing data in the cloud means that it is not directly under the control of users, raising concerns about security and integrity. Recent research has found that most existing multicopy integrity verification schemes can correctly perform integrity verification even when multiple copies are stored on the same Cloud Service Provider (CSP), which clearly deviates from the initial intention of users wanting to store files on multiple CSPs. With these considerations in mind, this paper proposes a scheme for synchronizing the integrity verification of copies, specifically focusing on strongly privacy Internet of Things (IoT) electronic health record (EHR) data. First, the paper addresses the issues present in existing multicopy integrity verification schemes. The scheme incorporates the entity Cloud Service Manager (CSM) to assist in the model construction, and each replica file is accompanied with its corresponding homomorphic verification tag. To handle scenarios where replica files stored on multiple CSPs cannot provide audit proof on time due to objective reasons, the paper introduces a novel approach called probability audit. By incorporating a probability audit, the scheme ensures that replica files are indeed stored on different CSPs and guarantees the normal execution of the public auditing phase. The scheme utilizes identity-based encryption (IBE) for the detailed design, avoiding the additional overhead caused by dealing with complex certificate issues. The proposed scheme can withstand forgery attack, replace attack, and replay attack, demonstrating strong security. The performance analysis demonstrates the feasibility and effectiveness of the scheme.

computer science, information systems, artificial intelligence, theory & methods