Secure Deduplication Scheme for Cloud Encrypted Data

Secure Deduplication Scheme for Cloud Encrypted Data

Vishal Passricha (National Institute of Technology Kurukshetra, India), Ashish Chopra (National Institute of Technology Kurukshetra, India) and Shubhanshi Singhal (Technology Education and Research Integrated Institutions, Kurukshetra, India)
DOI: 10.4018/IJAPUC.2019040103


Cloud storage (CS) is gaining much popularity nowadays because it offers low-cost and convenient network storage services. In this big data era, the explosive growth in digital data moves the users towards CS but this causes a lot of storage pressure on CS systems because a large volume of this data is redundant. Data deduplication is an effective data reduction technique. The dynamic nature of data makes security and ownership of data as a very important issue. Proof-of-ownership schemes are a robust way to check the ownership claimed by any owner. However, this method affects the deduplication process because encryption methods have varying characteristics. A convergent encryption (CE) scheme is widely used for secure data deduplication. The problem with the CE-based scheme is that the user can decrypt the cloud data while he has lost his ownership. This article addresses the problem of ownership revocation by proposing a secure deduplication scheme for encrypted data. The proposed scheme enhances the security against unauthorized encryption and poison attack on the predicted set of data.
Article Preview

1. Introduction

In this digital era, the data is growing at an enormous rate hence the word ‘Big Data’ is introduced. Social networks and mobile computing systems are major players in generating Big Data. The 33 ZB of data was produced in 2018, and it is estimated that nearly 175 ZB of data will be produced in 2025 (Reinsel, Gantz, & Rydning, 2018). To store this huge volume of data, cloud services provide the cloud storage (CS) that are set-up at different geographical locations. CS is highly prevalent nowadays because it offers low-cost and location independent virtual storage and processing resources (Armbrust et al., 2010). As the volume of data is rising exponentially, cloud service providers (CSP) are required to adopt some techniques for managing disk space and enhancing reliability. Data deduplication is a technique that identifies and eliminates the redundant data and stores an only single instance of it. It improves both savings of storage space and network bandwidth (Bolosky, Douceur, Ely, & Theimer, 2000; Clements, Ahmad, Vilayannur, & Li, 2009; Douceur, Adya, Bolosky, Simon, & Theimer, 2002). Dropbox (Dropbox, 2014), Google Drive (Drive, 2016), and IDrive (IDRIVE, 2017) have also adopted deduplication techniques to reduce resource consumption.

CS security is also a challenging issue. CS adopts various data integrity checking schemes for security, but client-side deduplication always arises security issues. Malicious users may download any file by cheating the cloud server (CSS). Proof-of-ownership is the highly adaptable approach for secure client-side deduplication. By this, the owner can effectively prove to cloud server his ownership that he indeed holds the whole file. The customer usually encrypts his private data with his own encryption key and uploads the encrypted data to CS to preserve his privacy. Randomization in encryption, i.e., different keys generate different ciphertext for the same data, leads to infeasibility in deduplication.

Convergent encryption (CE) is a good solution to this problem. In CE, the encryption key is derived from the data itself for encryption (Storer, Greenan, Long, & Miller, 2008). Therefore, every user having the same data will get the same ciphertext. By this, deduplication of encrypted data is made possible. The major security flaw in CE is that key derivation process is deterministic, i.e., same files always derive the same encryption key. If attackers get the key, then CE becomes worthless (Storer et al., 2008). The problem of CE is solved by DupLESS (Bellare, Keelveedhi, & Ristenpart, 2013a) by providing a robust security scheme. However, in early proposed CE schemes including DupLESS, a user may decrypt the data after losing his ownership of uploaded data, i.e., ownership revocation.

In this paper, a secure deduplication scheme is proposed to store encrypted data. It ensures the authorized access to the shared data which is examined as a major challenge for secure and efficient CS services (Mulazzani, Schrittwieser, Leithner, Huber, & Weippl, 2011). The ownership changes dynamically hence each ownership group is handled by a group key management mechanism. The proposed scheme guarantees no leaking of any confidential information. This paper is organized as follows: related work is given in section 2. Section 3 describes the system model and security requirements. Chapter 4 explains the preliminaries and notations. The proposed secure deduplication scheme is demonstrated in section 5. The security results of the proposed scheme are described in section 6. Finally, section 7 concludes the paper.

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 11: 4 Issues (2019): 2 Released, 2 Forthcoming
Volume 10: 4 Issues (2018)
Volume 9: 4 Issues (2017)
Volume 8: 4 Issues (2016)
Volume 7: 4 Issues (2015)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing