With the continuous and exponential increase of the number of users and the size of their data, data deduplication becomes more and more a necessity for cloud storage providers.
By storing a unique copy of duplicate data, cloud providers greatly reduce their storage and data transfer costs.
The advantages of deduplication unfortunately come with a high cost in terms of new security and privacy challenges.
We propose ClouDedup, a secure and efficient storage service which assures block-level deduplication and data confidentiality at the same time.
Although based on convergent encryption, ClouDedup remains secure thanks to the definition of a component that implements an additional encryption operation and an access control mechanism.
Furthermore, as the requirement for deduplication at block-level raises an issue with respect to key management, we suggest to include a new component in order to implement the key management for each block together with the actual deduplication operation.
We show that the overhead introduced by these new components is minimal and does not impact the overall storage and computational costs.
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
[IEEE CloudCom 2013] ClouDedup - Secure Deduplication with Encrypted Data
1. ClouDedup:
Secure Deduplication with
Encrypted Data
Pasquale Puzio
SecludIT & EURECOM
pasquale@secludit.com
Refik Molva (EURECOM)
Melek Önen (EURECOM)
Sergio Loureiro (SecludIT)
IEEE CloudCom 2013, Bristol, UK
December 3rd
ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage
Pasquale Puzio
2. 1
Deduplication
● Storing duplicated data only once
● Total space savings up to 90-95% in backup
applications
ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage
Pasquale Puzio
3. 2
Deduplication
...but it does not work on encrypted data!
D = Hello
World
D = Hello
World
ENCRYPTION with K1
ENCRYPTION with K2
owhfgr0wgr[w
hfrw0[h0[ergh
e0[gh0[eg
dfjl;dbfrwbfirbf
roepthwobgfr
ugtwertgrtwu
ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage
Pasquale Puzio
4. 3
Convergent Encryption
Data Encryption key derived from Data
K = hash(Data)
D = Hello
World
D = Hello
World
ENCRYPTION with H(D)
ENCRYPTION with H(D)
klfgwilegfiorw
egtriegtiergiei
ergriegrigfifiw
klfgwilegfiorw
egtriegtiergiei
ergriegrigfifiw
ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage
Pasquale Puzio
5. 4
Convergent Encryption
● Convergent Encryption is vulnerable to
“dictionary attacks” [Perttula et al]
● Solutions based on key agreement infeasible
in the Cloud
● How to achieve safe Convergent
Encryption in the Cloud ?
⇨ Additional deterministic encryption with
the same secret key for all users
ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage
Pasquale Puzio
6. 5
Solution – Additional Encryption
● Convergent encryption by Users
● Additional Encryption by server/gateway
○
○
○
○
Deterministic
Unique key known only by the server
No key exchange/sharing
Security by design
ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage
Pasquale Puzio
7. 6
Solution - Metadata
Block-level deduplication + convergent
encryption
⇨ New requirement: key management
SOLUTION
▪ metadata manager
▪
▪
deduplication on encrypted blocks
management of block keys
▪ separation between data and metadata
⇨ independance from actual storage
ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage
Pasquale Puzio
11. 10
Performance
● Storage/retrieval cost is linear with block
count
● Deduplication cost is constant
ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage
Pasquale Puzio
13. 12
Conclusion
● Confidentiality and block-level deduplication
● Countermeasure against CE vulnerabilities
● Negligible performance impact
● Storage agnostic
● Transparent to the storage provider
ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage
Pasquale Puzio
14. 13
Future Work
● Prototype for performance analysis
(ongoing, current results are promising)
● Typical operations such as edit, append and
delete
● Data sharing
ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage
Pasquale Puzio