Provable ownership of files in deduplication cloud storage

With the rapid adoption of cloud storage services, a great deal of data is being stored at remote servers, so a new technology, client-side deduplication, which stores only a single copy of repeating data, is proposed to identify the client’s deduplication and save the bandwidth of uploading copies of existing files to the server. It was recently found, however, that this promising technology is vulnerable to a new kind of attack in which by learning just a small piece of information about the file, namely its hash value, an attacker is able to obtain the entire file from the server. In this paper, to solve this problem, we propose a cryptographically secure and efficient scheme for a client to prove to the server his ownership on the basis of actual possession of the entire original file instead of only partial information about it. Our scheme utilizes the technique of spot checking in which the client only needs to access small portions of the original file, dynamic coefficients and randomly chosen indices of the original files. Our extensive security analysis shows that the proposed scheme can generate provable ownership of the file and maintain high detection probability of client misbehavior. Both performance analysis and simulation results demonstrate that our proposed scheme is much more efficient than the existing schemes, especially in reducing the burden of the client. Copyright © 2013 John Wiley & Sons, Ltd.