Xuewei Ma,Wenyuan Yang,Yuesheng Zhu,Zhiqiang Bai

DOI: https://doi.org/10.1109/ipccc55026.2022.9894331

2022-01-01

Abstract:Encrypted data deduplication is an important technique for saving storage space and network bandwidth, which has been widely used in cloud storage. Recently, a number of schemes that solve the problem of data deduplication with dynamic ownership management have been proposed. However, these schemes suffer from low efficiency when the dynamic ownership changes a lot. To this end, in this paper, we propose a novel server-side deduplication scheme for encrypted data in a hybrid cloud architecture, where a public cloud (Pub-CSP) manages the storage and a private cloud (Pri-CSP) plays a role as the data owner to perform deduplication and dynamic ownership management. Further, to reduce the communication overhead we use an initial uploader check mechanism to ensure only the first uploader needs to perform encryption, and adopt an access control technique that verifies the validity of the data users before they download data. Our security analysis and performance evaluation demonstrate that our proposed server-side deduplication scheme has better performance in terms of security, effectiveness, and practicability compared with previous schemes. Meanwhile, our method can efficiently resist collusion attacks and duplicate faking attacks.

Xuexue Jin,Lingbo Wei,Mengke Yu,Nenghai Yu,Jinyuan Sun

DOI: https://doi.org/10.1109/ICCChina.2013.6671119

2013-01-01

Abstract:Cloud computing is viewed as the next generation architecture of IT companies. As promising as it is, cloud computing also brings forth many new security issues when users outsource sensitive data to cloud servers. To keep sensitive users' data confidential against untrusted servers, existing solutions usually apply cryptographic methods. With data encryption, the same file will become different from each other, thus deduplication which is widely adopted by cloud storage service providers meets some challenges. Current method to solve the problem is to make use of some information computed from the shared file to achieve deduplication of encrypted data, say convergent encryption. But this piece of information which is computable from the file via a deterministic public algorithm is not really meant to be secret. To this end, we propose a scheme to address the deduplication of encrypted data efficiently and securely with the help of ensuring the ownership of the shared file, encrypting data using keys at user's will and realizing the anonymous store through the digital credential. We achieve this aims through proof of ownership (POW), proxy re-encryption (PRE) and digital credential.

JIN Xue-xue,YU Neng-hai,ZHANG Chi,SUN Chang-xiang

DOI: https://doi.org/10.3969/j.issn.1009-8054.2013.05.028

2013-01-01

Abstract:For the requirements by efficient and secure data storage in cloud storage,a de-duplication scheme of encrypted data with proof of ownership is proposed.Firstly,a data owner is identified by taking advantage of the proof of ownership based on Merkle Hash Tree.After that,encrypted data is deduplicated by combining the proxy re-encryption.For some selfish clients an incentive mechanism is given.And the security of this proposed scheme is analysed.The experiment results show that the overhead of communication and computing required for reduction of storage space and bandwidth is very low.

Jian Liu,N. Asokan,Benny Pinkas

DOI: https://doi.org/10.1145/2810103.2813623

2015-01-01

Abstract:Encrypting data on client-side before uploading it to a cloud storage is essential for protecting users' privacy. However client-side encryption is at odds with the standard practice of deduplication. Reconciling client-side encryption with cross-user deduplication is an active research topic. We present the first secure cross-user deduplication scheme that supports client-side encryption without requiring any additional independent servers. Interestingly, the scheme is based on using a PAKE (password authenticated key exchange) protocol. We demonstrate that our scheme provides better security guarantees than previous efforts. We show both the effectiveness and the efficiency of our scheme, via simulations using realistic datasets and an implementation.

Yunling Wang,Meixia Miao,Jianfeng Wang,Xuefeng Zhang

DOI: https://doi.org/10.1016/j.csi.2021.103523

2021-10-01

Abstract:<p>Secure deduplication is a promising solution to greatly reduce the storage space of the cloud. However, the encryption key is deterministically derived from the plaintext, such that who owns the plaintext has the derived key to decrypt the ciphertext. Therefore, how to revoke a user in deduplication schemes is a critical challenge. In the existing work, when updating the data authority, the data owner has to download the data from the cloud, decrypt, re-encrypt and finally upload them to the cloud. This process increases the communication and computation overheads. In this paper, we first propose a multi-user updatable encryption scheme. Specifically, the data owner can update the remote ciphertext under a new group key by sending an update token to the cloud. Then we adopt this technique to propose a new secure deduplication scheme supporting efficiently revoking an unauthorized user. In our scheme, the data owner just needs to send a token to the cloud to update the data authority, which saves the communication and computation costs. The security and efficiency analysis demonstrate that our proposed deduplication scheme can achieve the desired security properties with high efficiency.</p>

computer science, software engineering, hardware & architecture

GU Bolun,XU Zikai,LI Weihai,YU Nenghai

DOI: https://doi.org/10.11959/j.issn.2096-109x.2024055

2024-01-01

Abstract:With the rapid development and application of the Internet, traditional storage resources have been found unable to meet the growing demand for massive data storage. An increasing number of users have attempted to upload their data to third-party cloud servers for unified storage. Efficient deduplication and secure file sharing in the cloud have emerged as critical concerns. Moreover, users have always preferred to customize their passwords for encrypting and decrypting files, only sharing encrypted files when necessary. Based on this preference, a deterministic stepwise encryption algorithm was first designed. It was such that when the keys for the two steps of encryption satisfied a certain relationship, the two steps of encryption could be equivalent to a single encryption process. A novel key-customizable encrypted deduplication scheme with access control for cloud storage was proposed, utilizing the deterministic stepwise encryption algorithm to encrypt files and a ciphertext-policy attribute-based encryption algorithm to encrypt file keys. This scheme not only offered the flexibility to customize encryption and decryption keys for different users with the same files, but also ensured secure file sharing through a dynamic access control mechanism. Moreover, the optional access control component was made compatible with the majority of existing ciphertext-policy attribute-based encryption (CP-ABE) schemes, even allowing for different CP-ABE schemes within different attribute groups. Security analysis results show that the proposed scheme achieves the highest level of security under the current encrypted deduplication paradigm. Experimental and analytical results indicate that it effectively meets the practical needs of cloud service providers and users, and also achieves acceptable efficiency.

Liangmin Wang,Xiaofeng Chen,Yuan Chen,Tao Jiang,Jianfeng Ma,Xu Yuan,Ke Cheng

DOI: https://doi.org/10.1109/TDSC.2022.3185313

2023-05-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Data deduplication is of critical importance to reduce the storage cost for clients and to relieve the unnecessary storage pressure for cloud servers. While various techniques have been proposed for secure deduplication of identical files/blocks, the effective and secure deduplication solutions on fuzzy similar data (image, video, and others) which occupy a large portion in the real world across wide applications, remain open. In this article, we propose a novel deduplication system, named Fuzzy Deduplication (FuzzyDedup), to implement the secure deduplication of similar data (i.e., similar files, chunks, or blocks). In particular, we leverage the similarity-preserving hash, a fuzzy extractor based on error-correcting codes, and the encryption with customized design to construct a fuzzy-style deduplication encryption scheme (FuzzyMLE), achieving the ciphertext-based deduplication for similar data. Besides, to defend against data ownership cheating attack and duplicate-faking attack, a fuzzy-style proof of ownership scheme (FuzzyPoW) is designed for the cloud server to securely verify a client in possession of the similar data. To further enhance security and efficiency, we also propose both server-aided and random-tag FuzzyMLE to make FuzzyDedup robust against off-line brute-force attack and to support tag randomization, respectively. Then, we design Hamming distance reduction and tag cutting optimization algorithms to improve the tag query efficiency of FuzzyDedup. In the end, we formally prove the security of our solution and conduct experiments on real-world datasets for performance evaluation. Experimental results exhibit the efficiency of FuzzyDedup in terms of computation cost and communication overhead.

Computer Science

J. Gnana Jeslin,P. Mohan Kumar

DOI: https://doi.org/10.3390/sym14071392

2022-07-07

Symmetry

Abstract:The number of customers transferring information to cloud storage has grown significantly, with the rising prevalence of cloud computing. The rapidly rising data volume in the cloud, mostly on one side, is followed by a large replication of data. On the other hand, if there is a single duplicate copy of stored symmetrical information in the de-duplicate cloud backup the manipulation or lack of a single copy may cause untold failure. Thus, the deduplication of files and the auditing of credibility are extremely necessary and how they are achieved safely and effectively must be addressed in academic and commercial contexts urgently. In order to tune in this task by using application recognition, data similitude, and locality to simplify decentralized deduplication with two-tier internode and application deduction, we suggest a flexible direct decentralized symmetry deduplication architecture in a cloud scenario. It first distributes application logic to the contents of the directory through implementation-oriented steering to maintain a deployment location and also attributes the same kind of information to the cloud backup node with the storage node specificity by means of a hand printing-based network model to attain adequate global deduplication performance. We build up a new ownership mechanism during file deduplication to ensure continuity of tagging and symmetrical modeling and verify shared ownership. In addition, we plan an effective ownership policy maintenance plan. In order to introduce a probabilistic key process and reduce key storage capacity, a user-helped key is used for in-user block deduplication. Finally, the protection and efficiency audit demonstrate that the data integrity and accuracy of our system are ensured and symmetrically effective in the management of data ownership.

Jingyi Li,Yidong Li,Jigang Wu,Zikai Zhang,Yi Jin

DOI: https://doi.org/10.1109/tnse.2024.3369630

IF: 6.6

2024-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Data deduplication schemes have been widely used in cloud storage systems to save storage space by eliminating duplicate outsourced data. However, the reduction of redundancy leads to decreased data availability and unbalanced data distribution. This paper proposes a blockchain-based decentralized storage system with reliable deduplication and storage balance strategy to provide reliability for deduplicated outsourced data. Encrypted data is split into chunks by a ramp secret sharing scheme, and it is distributed to multiple independent cloud servers. States of the chunks are recorded on the tamper-proofed blockchain and they can be used to recover the raw data or support the verification of user identity. To balance the distribution of data among storage servers, a heuristic matching algorithm is designed to efficiently allocate the available storage space. The allocation services are published by autonomous smart contracts and other participants gain rewards by giving the best matching results of data chunks and storage servers. Formulation analysis demonstrates the correctness of the proposed scheme in terms of data consistency, integrity, and reliability. Experimental results show that the proposed scheme preserves the confidentiality of outsourced data with acceptable computational consumption.

engineering, multidisciplinary,mathematics, interdisciplinary applications

GE Wenting,LI Weihai,YU Nenghai

DOI: https://doi.org/10.11959/j.issn.2096-109x.2023066

2023-01-01

Abstract:Due to the existing cloud data deduplication schemes mainly focus on file-level deduplication.A scheme was proposed, based on attribute encryption, to support data block-level weight removal.Double granularity weight removal was performed for both file-level and data block-level, and data sharing was achieved through attribute encryption.The algorithm was designed on the hybrid cloud architecture Repeatability detection and consistency detection were conducted by the private cloud based on file labels and data block labels.A Merkle tree was established based on block-level labels to support user ownership proof.When a user uploaded the cipher text, the private cloud utilized linear secret sharing technology to add access structures and auxiliary information to the cipher text.It also updated the overall cipher text information for new users with permissions.The private cloud served as a proxy for re-encryption and proxy decryption, undertaking most of the calculation when the plaintext cannot be obtained, thereby reducing the computing overhead for users.The processed cipher text and labels were stored in the public cloud and accessed by the private cloud.Security analysis shows that the proposed scheme can achieve PRV-CDA (Privacy Choose-distribution attacks) security in the private cloud.In the simulation experiment, four types of elliptic curve encryption were used to test the calculation time for key generation, encryption, and decryption respectively, for different attribute numbers with a fixed block size, and different block sizes with a fixed attribute number.The results align with the characteristics of linear secret sharing.Simulation experiments and cost analysis demonstrate that the proposed scheme can enhance the efficiency of weight removal and save time costs.

Saiyu Qi,Wei Wei,Jianfeng Wang,Shifeng Sun,Leszek Rutkowski,Tingwen Huang,Janusz Kacprzyk,Yong Qi

DOI: https://doi.org/10.1109/tmc.2023.3263901

IF: 6.075

2023-01-01

IEEE Transactions on Mobile Computing

Abstract:Data deduplication is of vital importance for mobile cloud computing to cope with the explosive growth of outsourced mobile data. In order to ensure the privacy of sensitive mobile data against an untrusted cloud, Message-Locked Encryption (MLE) has been proposed to enable deduplication over ciphertext. However, MLE prohibits data access control since it uses deterministic content-derived encryption keys. Recently, a lightweight rekeying-aware encrypted deduplication system (REED) has been proposed to achieve dynamic access control for secure data deduplication. However, REED is vulnerable to key-retaining attack and stub-retaining attack, which leads to insecure access revocation, and thus cannot support secure dynamic access control. In response, we present AC-Dedup, an encrypted deduplication storage system that supports secure dynamic access control for mobile cloud storage. At the core of AC-Dedup are two novel encryption techniques named mixed message locked encryption and random stub re-encryption to resist the two types of attacks, respectively. To the best of our knowledge, AC-Dedup is the first practical system that achieves secure data deduplication and secure dynamic access control simultaneously. We conduct security analysis and experimental evaluation on mobile device and cloud platform with real-world IoT datasets. The results show that AC-Dedup enables secure and efficient dynamic access control while preserving deduplication effectiveness.

computer science, information systems,telecommunications

Xin Tang,Linna Zhou,Yongfeng Huang,Chin-Chen Chang

DOI: https://doi.org/10.1109/trustcom/bigdatase.2018.00128

2018-01-01

Abstract:Cross-user deduplication is an emerging technique to ease the burden of cloud storage in big data era by storing only one copy of duplicate data. Efficiency reflects the feasibility and is a basic consideration when applying the deduplication scheme. However, in order to achieve certain level of security, existing works suffer from heavy overhead of computation as well as communication, which is a big obstacle for the actual deployment. In this paper, we propose an efficient cross-user deduplication scheme for encrypted data, which takes the lead to consider the efficiency during deduplication and makes it a reality to achieve secure deduplication in a lightweight way. To ensure the efficiency, we utilize the proposed re-encryption technique together with a non-interactive convergent key generation scheme to eliminate the cost of users and support batch verification of recovered data. The simulation results show that, with the same level of security guaranteed, the proposed scheme is more efficient comparing with the state of the art.

Ling Liu,Yuqing Zhang,Xuejun Li

DOI: https://doi.org/10.1109/tcc.2018.2869333

IF: 5.697

2021-04-01

IEEE Transactions on Cloud Computing

Abstract:Deduplication, which can save storage cost by enabling us to store only one copy of identical data, becomes unprecedentedly significant with the dramatic increase in data stored in the cloud. For the purpose of ensuring data confidentiality, they are usually encrypted before outsourced. Traditional encryption will inevitably result in multiple different ciphertexts produced from the same plaintext by different users’ secret keys, which hinders data deduplication. Convergent encryption makes deduplication possible since it naturally encrypts the same plaintexts into the same ciphertexts. One attendant problem is how to reliably and effectively manage a huge number of convergent keys. Several deduplication schemes have been proposed to deal with the convergent key management problem. However, they either need to introduce key management servers or require interaction between data owners. In this paper, we design a novel client-side deduplication protocol named KeyD without such an independent key management server by utilizing the identity-based broadcast encryption (IBBE) technique. Users only interact with the cloud service provider (CSP) during the process of data upload and download. Security analysis demonstrates that KeyD ensures data confidentiality and convergent key security, and well protects the ownership privacy simultaneously. A thorough and detailed performance comparison shows that our scheme makes a better tradeoff among the storage cost, communication and computation overhead.

computer science, information systems, theory & methods

Heyi Tang,Yong Cui,Chaowen Guan,Jianping Wu,Jian Weng,Kui Ren

DOI: https://doi.org/10.1145/2897845.2897846

2016-01-01

Abstract:To secure cloud storage and enforce access control, data encryption has become essential, given the ever increasing cyber threat everywhere. Attribute-based Encryption (ABE) crypto systems are widely considered as a promising solution under such a context for its security strength, scalability and control flexibility. One major challenge, however, for applying ABE-based techniques in real world applications is its high overhead in various aspects. In this research, we are particularly concerned with the storage size expansion in existing ABE schemes. This combined with the vast-size nature of the cloud data poses an enormous challenge to the effective usage of the cloud data storage space and affects the utility of data deduplication. Normally, data deduplication is carried out based on identifying similar and even identical contents both within and between data files, however, these patterns will be destroyed after performing data encryption using any semantically secure encryption scheme including ABE. In this research, we focus on ciphertexts deduplication under ABE, which to our best knowledge is the first of such an effort. Our fundamental observation stems from the structure of ABE ciphertexts and the possible similarities among different access structures. We show how to design a secure ciphertext deduplication scheme based on a classical CP-ABE scheme by innovatively modifying the construction with a recursive algorithm, eliminating the duplicated secrets and adding additional randomness to some certain ciphertext. We then give a detailed analysis on the proposed scheme with respect to both efficiency and security. To thoroughly assess the performance of the proposed scheme, we also implement a prototype system and conduct comprehensive experiments, which shows that our ciphertext reduplication scheme could reduce up to 80% computation and storage cost in the best case.

Shahnawaz Ahmad,Mohd. Arif,Javed Ahmad,Mohd. Nazim,Shabana Mehfuz

DOI: https://doi.org/10.1002/cpe.8205

2024-06-23

Concurrency and Computation Practice and Experience

Abstract:Summary The exponential growth of data poses a critical challenge for cloud storage systems. Redundant data consumes valuable storage space and increases infrastructure costs. Data deduplication, a technique for eliminating duplicate data copies, offers a promising solution. However, existing deduplication techniques often compromise data security, especially when dealing with encrypted data. This paper proposes a novel approach that merges convergent encryption (CE) with data deduplication. CE leverages user data itself to generate unique encryption keys, enabling secure deduplication on encrypted data. We analyze existing literature on secure data deduplication and categorize various techniques using UML activity diagrams. We then present our proposed CE‐based deduplication system, outlining its functionalities through UML diagrams. This research contributes to the field of secure data storage by proposing a novel and secure deduplication approach. By demonstrating its efficiency and security benefits, this work paves the way for more efficient and secure cloud storage solutions. Finally, we demonstrate the system's effectiveness through a comparative analysis, highlighting its potential to significantly improve storage efficiency while maintaining data security.

computer science, theory & methods, software engineering

Jin, Chunhua

DOI: https://doi.org/10.1007/s12083-024-01734-7

IF: 3.488

2024-06-05

Peer-to-Peer Networking and Applications

Abstract:Cloud storage has attracted widespread attention due to its advantages such as convenience, low cost, and easy scalability. With the explosion of cloud data volumes, security and performance issues are becoming major concerns. Countermeasures like data deduplication and integrity auditing techniques have been extensively studied. However, traditional auditable deduplication protocols face significant challenges related to confidentiality, reliability, and efficiency. Aiming to address these challenges, a blockchain-based auditable deduplication scheme for multi-cloud storage is proposed in this paper. Specifically, this scheme leverages blockchain technology and bilinear pairing cryptosystem to achieve an auditable deduplication mechanism that not only saves storage space but also checks data integrity. Furthermore, convergent encryption and threshold secret sharing algorithms are utilized to enhance storage confidentiality and system reliability. Batch auditing and anti-repeated auditing techniques are also adopted to improve auditing efficiency. Finally, security analysis and performance evaluation reveal that the proposed scheme achieves the expected security and performance requirements.

computer science, information systems,telecommunications

ZHAO Tian,LI Hui,YANG Xin,WANG Han,ZENG Ming,GUO Haisheng,WANG Dezheng

DOI: https://doi.org/10.12142/ztecom.202102009

2021-01-01

Abstract:In architecture of cloud storage, the deduplication technology encrypted with the convergent key is one of the important data compression technologies, which effectively improves the utilization of space and bandwidth. To further refine the usage scenarios for various user permissions and enhance user’s data security, we propose a blockchain-based differential authorized deduplication system. The proposed system optimizes the traditional Proof of Vote（PoV） consensus algorithm and simplifies the existing differential authorization process to realize credible management and dynamic update of authority. Based on the decentralized property of blockchain, we overcome the centralized single point fault problem of traditional differentially authorized deduplication system. Besides, the operations of legitimate users are recorded in blocks to ensure the traceability of behaviors.

K. Rajkumar,U. Hariharan,V. Dhanakoti,N. Muthukumaran

DOI: https://doi.org/10.1007/s11276-023-03448-9

IF: 2.701

2023-08-29

Wireless Networks

Abstract:Cloud storage is the ideal solution for outsourcing big data since the cloud can store a large amount of data. Cloud storage, on the other hand, raises additional problems about data duplication, fine-grained access control, and privacy, all of these factors are crucial for cloud large data storage. Data duplication approaches based on encrypted data schemes now available do not provide for fine-grained access control. This paper proposes a secure framework for managing data using rapid asymmetric maximum based dynamic size chunking and fuzzy logic for deduplication. Chunking, fingerprinting, hashing, and writing are the four main process of the proposed method. Initially, chunking is done to split the files into chunks. Rapid Asymmetric Maximum (RAM) based Dynamic Size Chunking (DSC) is used in the proposed method. These chunked files are then fingerprinted using hashing process for ensuring data authentication. Then B-tree indexing approach is used in the proposed method in order to keep the fingerprinted in an organized state. General Type2-Fuzzy logic is using Ant Lion Optimization (ALO) is used for detecting duplicate files in the documents. In the cloud storage platform, only non-duplicate documents are safely kept. The Triple Data Encryption Standard is used to do a security study before outsourcing non-duplicate data to a third-party cloud server. The total computation time of the proposed technique is 0.4 s in the inline phase and 0.04 s in the offline phase, and the deduplication ratio is 95% in the inline phase and 90% in the offline phase. This proposed deduplication approach requires less storage, which reduces memory use and processing time.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xue Yan Liu,Li Juan Huan,Wen Jing Li,Rui Rui Sun

DOI: https://doi.org/10.1016/j.sysarc.2023.103032

IF: 5.836

2023-12-05

Journal of Systems Architecture

Abstract:In cloud storage, attribute-based keyword searchable encryption realizes multi-user fine-grained authorization access control and outsourcing data sharing. However, (1) resisting key regeneration is an urgent problem to be solved in practical applications of attribute-based keyword search; (2) the general attribute-based keyword search scheme ignores the application scenario where multiple data owners jointly manage files. In addition, the interaction of data between intelligent terminals and cloud servers has become more frequent, leading to issues such as central load, transmission efficiency, and data privacy protection in cloud computing. To address the above issues, we propose an attribute-based searchable encryption scheme with the multi-data owner based on edge computing. In this scheme, the Pedersen (k,n) secret sharing protocol and the Reciprocal protocol are used to realize the common management and sharing of data by the multi-data owner to enhance data security. Secondly, the attribute set and identity information of each user are embedded into the private key to prevent key regeneration and resist user collusion attacks. Thirdly, edge computing is introduced, and part of the storage and decryption work is outsourced to edge nodes to reduce the computing load of users and data transmission bandwidth. Security proof and performance analysis show that the proposed scheme has strong security and practicability in multi-user sharing scenarios such as Online Education with multi-data owners.

computer science, software engineering, hardware & architecture

Shucheng Yu,Cong Wang,Kui Ren,Wenjing Lou

2014-01-01

Abstract:Cloud computing provides an economical and efficient solution for sharing group resource with cloud users. Sharing data in a multi-owner manner while preserving data and identity privacy from an untrusted cloud due to the frequent change of the membership. Cloud intend the secure multiple data sharing between the data users by using the cloud computing. By leveraging group signature and dynamic broadcast encryption techniques. Any user can share the data with other users. The storage overhead and encryption computation cost of our scheme are independent with the number of revoked users the security of our scheme with rigorous proofs, and demonstrate the efficiency of our scheme in experiments.