DupLESS: Server-Aided Encryption for Deduplicated Storage
نویسندگان
چکیده
Cloud storage service providers such as Dropbox, Mozy, and others perform deduplication to save space by only storing one copy of each file uploaded. Should clients conventionally encrypt their files, however, savings are lost. Message-locked encryption (the most prominent manifestation of which is convergent encryption) resolves this tension. However it is inherently subject to brute-force attacks that can recover files falling into a known set. We propose an architecture that provides secure deduplicated storage resisting brute-force attacks, and realize it in a system called DupLESS. In DupLESS, clients encrypt under message-based keys obtained from a key-server via an oblivious PRF protocol. It enables clients to store encrypted data with an existing service, have the service perform deduplication on their behalf, and yet achieves strong confidentiality guarantees. We show that encryption for deduplicated storage can achieve performance and space savings close to that of using the storage service with plaintext data.
منابع مشابه
Distributed Key Generation for Secure Encrypted Deduplication
Large-scale storage systems often attempt to achieve two seemingly conflicting goals: (1) the systems need to reduce the copies of redundant data to save space, a process called deduplication; and (2) users demand encryption of their data to ensure privacy. Conventional encryption makes deduplication on ciphertexts ineffective, as it destroys data redundancy. A line of work, originated from Con...
متن کاملFuzzy retrieval of encrypted data by multi-purpose data-structures
The growing amount of information that has arisen from emerging technologies has caused organizations to face challenges in maintaining and managing their information. Expanding hardware, human resources, outsourcing data management, and maintenance an external organization in the form of cloud storage services, are two common approaches to overcome these challenges; The first approach costs of...
متن کاملAlmost Universal Hash Families are also Storage Enforcing
We show that every almost universal hash function also has the storage enforcement property. Almost universal hash functions have found numerous applications and we show that this new storage enforcement property allows the application of almost universal hash functions in a wide range of remote verification tasks: (i) Proof of Secure Erasure (where we want to remotely erase and securely update...
متن کاملA Secure Code Based Cloud Storage System Using Proxy Re-Encryption Scheme in Cloud Computing
Cloud computing is a model for enabling convenient, on demand network access to a shared pool of computing resources. The cloud storage system consists of a collection of storage servers and key servers. Storing data in a third party cloud system causes serious concern on data confidentiality, so a user divides the data into blocks, encrypts and stores them in various storage servers. The stora...
متن کاملA Server-Aided Computation Protocol Revisited for Confidentiality of Cloud Service
In cloud-computing services, using the SSL/TLS protocol is not enough to ensure data confidentiality. For instance, cloud service providers can see the plaintext after the decryption at the end point of a secure channel. It is wise to introduce an encryption layer between the service client and the communication channel so the data will not be seen by the cloud service provider. The encryption/...
متن کامل