Encrypting data on client-side before uploading it to a cloud storage is essential for protecting users'privacy. However client-side encryption is at odds with the standard practice of deduplication. Reconciling client-side encryption with cross-user deduplication is an active research topic. We present the first secure cross-user deduplication scheme that supports client-side encryption without requiring any additional independent servers. Interestingly, the scheme is based on using a PAKE (password authenticated key exchange) protocol. We demonstrate that our scheme provides better security guarantees than previous efforts. We show both the effectiveness and the efficiency of our scheme, via simulations using realistic datasets and an implementation.
|Title of host publication||CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security|
|Publisher||Association for Computing Machinery|
|Number of pages||12|
|State||Published - 12 Oct 2015|
|Event||22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015 - Denver, United States|
Duration: 12 Oct 2015 → 16 Oct 2015
|Name||Proceedings of the ACM Conference on Computer and Communications Security|
|Conference||22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015|
|Period||12/10/15 → 16/10/15|
Bibliographical noteFunding Information:
This work was supported in part by the "Cloud Security Services" project funded by the Academy of Finland (283135), the EU 7th Framework Program (FP7/2007-2013) under grant agreement n. 609611 (PRACTICE) and a grant from the Israel Ministry of Science and Technology. We thank Ivan Martinovic for suggesting the analogy between our system and web-caching proxies. We thank Billy Brumley, Kaitai Liang, and the reviewers for their valuable feedback.
© 2015 ACM.
- Cloud storage
- Semantically secure encryption