Decentralized Server-aided Encryption for Secure Deduplication in Cloud Storage

Youngjoo Shin, Dongyoung Koo, Joobeom Yun, Junbeom Hur

Research output: Contribution to journalArticle

5 Citations (Scopus)

Abstract

Cloud storage provides scalable and low cost resources featuring economies of scale based on multi-tenant architecture. As the amount of data outsourced grows explosively, data deduplication, a technique that eliminates data redundancy, becomes essential. However, deduplication leads to problems with data confidentiality, thereby necessitating secure deduplication solutions. Server-aided encryption schemes have been proposed to achieve the strongest confidentiality but with the cost of managing a key server (KS). Previous schemes, however, are based on a centralized KS that uses only a single secret key assuming a single KS in the system. In cloud storage where multi-tenancy and scalability are crucial, such schemes degrade not only the effectiveness of deduplication but also the scalability with increasing users. In this paper, we extend server-aided encryption to a decentralized setting that consists of multiple KSs. The key idea of our proposed scheme is to construct an inter-KS deduplication algorithm, by which a cloud storage service provider can perform deduplication over ciphertexts from different KSs within a tenant or across tenants. This way, our scheme simultaneously offers flexibility of KS management and cross-tenant deduplication over encrypted data. The novelty of the approach is using a decentralized architecture that does not require any centralized entities for the coordination or pre-sharing of secrets among KSs. Therefore, it allows cloud storage services to offer high deduplication efficiency and scalability while preserving strong data confidentiality. We show the result of performance analysis on the proposed scheme by conducting extensive experiments. In addition, our security analysis demonstrate that the proposed scheme satisfies all desired security properties.

Original languageEnglish
JournalIEEE Transactions on Services Computing
DOIs
Publication statusAccepted/In press - 2017 Sep 1

Fingerprint

Cryptography
Servers
Scalability
Encryption
Redundancy
Costs
Confidentiality
Experiments

Keywords

  • Cloud computing
  • Cloud storage
  • Cross-tenant data deduplication
  • Encryption
  • Message-locked encryption
  • Redundancy
  • Scalability
  • Server-aided encryption
  • Servers

ASJC Scopus subject areas

  • Hardware and Architecture
  • Computer Science Applications
  • Computer Networks and Communications
  • Information Systems and Management

Cite this

Decentralized Server-aided Encryption for Secure Deduplication in Cloud Storage. / Shin, Youngjoo; Koo, Dongyoung; Yun, Joobeom; Hur, Junbeom.

In: IEEE Transactions on Services Computing, 01.09.2017.

Research output: Contribution to journalArticle

@article{33df300279e246e9ba12a4a49c48720a,
title = "Decentralized Server-aided Encryption for Secure Deduplication in Cloud Storage",
abstract = "Cloud storage provides scalable and low cost resources featuring economies of scale based on multi-tenant architecture. As the amount of data outsourced grows explosively, data deduplication, a technique that eliminates data redundancy, becomes essential. However, deduplication leads to problems with data confidentiality, thereby necessitating secure deduplication solutions. Server-aided encryption schemes have been proposed to achieve the strongest confidentiality but with the cost of managing a key server (KS). Previous schemes, however, are based on a centralized KS that uses only a single secret key assuming a single KS in the system. In cloud storage where multi-tenancy and scalability are crucial, such schemes degrade not only the effectiveness of deduplication but also the scalability with increasing users. In this paper, we extend server-aided encryption to a decentralized setting that consists of multiple KSs. The key idea of our proposed scheme is to construct an inter-KS deduplication algorithm, by which a cloud storage service provider can perform deduplication over ciphertexts from different KSs within a tenant or across tenants. This way, our scheme simultaneously offers flexibility of KS management and cross-tenant deduplication over encrypted data. The novelty of the approach is using a decentralized architecture that does not require any centralized entities for the coordination or pre-sharing of secrets among KSs. Therefore, it allows cloud storage services to offer high deduplication efficiency and scalability while preserving strong data confidentiality. We show the result of performance analysis on the proposed scheme by conducting extensive experiments. In addition, our security analysis demonstrate that the proposed scheme satisfies all desired security properties.",
keywords = "Cloud computing, Cloud storage, Cross-tenant data deduplication, Encryption, Message-locked encryption, Redundancy, Scalability, Server-aided encryption, Servers",
author = "Youngjoo Shin and Dongyoung Koo and Joobeom Yun and Junbeom Hur",
year = "2017",
month = "9",
day = "1",
doi = "10.1109/TSC.2017.2748594",
language = "English",
journal = "IEEE Transactions on Services Computing",
issn = "1939-1374",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - Decentralized Server-aided Encryption for Secure Deduplication in Cloud Storage

AU - Shin, Youngjoo

AU - Koo, Dongyoung

AU - Yun, Joobeom

AU - Hur, Junbeom

PY - 2017/9/1

Y1 - 2017/9/1

N2 - Cloud storage provides scalable and low cost resources featuring economies of scale based on multi-tenant architecture. As the amount of data outsourced grows explosively, data deduplication, a technique that eliminates data redundancy, becomes essential. However, deduplication leads to problems with data confidentiality, thereby necessitating secure deduplication solutions. Server-aided encryption schemes have been proposed to achieve the strongest confidentiality but with the cost of managing a key server (KS). Previous schemes, however, are based on a centralized KS that uses only a single secret key assuming a single KS in the system. In cloud storage where multi-tenancy and scalability are crucial, such schemes degrade not only the effectiveness of deduplication but also the scalability with increasing users. In this paper, we extend server-aided encryption to a decentralized setting that consists of multiple KSs. The key idea of our proposed scheme is to construct an inter-KS deduplication algorithm, by which a cloud storage service provider can perform deduplication over ciphertexts from different KSs within a tenant or across tenants. This way, our scheme simultaneously offers flexibility of KS management and cross-tenant deduplication over encrypted data. The novelty of the approach is using a decentralized architecture that does not require any centralized entities for the coordination or pre-sharing of secrets among KSs. Therefore, it allows cloud storage services to offer high deduplication efficiency and scalability while preserving strong data confidentiality. We show the result of performance analysis on the proposed scheme by conducting extensive experiments. In addition, our security analysis demonstrate that the proposed scheme satisfies all desired security properties.

AB - Cloud storage provides scalable and low cost resources featuring economies of scale based on multi-tenant architecture. As the amount of data outsourced grows explosively, data deduplication, a technique that eliminates data redundancy, becomes essential. However, deduplication leads to problems with data confidentiality, thereby necessitating secure deduplication solutions. Server-aided encryption schemes have been proposed to achieve the strongest confidentiality but with the cost of managing a key server (KS). Previous schemes, however, are based on a centralized KS that uses only a single secret key assuming a single KS in the system. In cloud storage where multi-tenancy and scalability are crucial, such schemes degrade not only the effectiveness of deduplication but also the scalability with increasing users. In this paper, we extend server-aided encryption to a decentralized setting that consists of multiple KSs. The key idea of our proposed scheme is to construct an inter-KS deduplication algorithm, by which a cloud storage service provider can perform deduplication over ciphertexts from different KSs within a tenant or across tenants. This way, our scheme simultaneously offers flexibility of KS management and cross-tenant deduplication over encrypted data. The novelty of the approach is using a decentralized architecture that does not require any centralized entities for the coordination or pre-sharing of secrets among KSs. Therefore, it allows cloud storage services to offer high deduplication efficiency and scalability while preserving strong data confidentiality. We show the result of performance analysis on the proposed scheme by conducting extensive experiments. In addition, our security analysis demonstrate that the proposed scheme satisfies all desired security properties.

KW - Cloud computing

KW - Cloud storage

KW - Cross-tenant data deduplication

KW - Encryption

KW - Message-locked encryption

KW - Redundancy

KW - Scalability

KW - Server-aided encryption

KW - Servers

UR - http://www.scopus.com/inward/record.url?scp=85029143232&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85029143232&partnerID=8YFLogxK

U2 - 10.1109/TSC.2017.2748594

DO - 10.1109/TSC.2017.2748594

M3 - Article

AN - SCOPUS:85029143232

JO - IEEE Transactions on Services Computing

JF - IEEE Transactions on Services Computing

SN - 1939-1374

ER -