Secure deduplication of encrypted data without additional independent servers

Jian Liu; N. Asokan; Benny Pinkas

doi:10.1145/2810103.2813623

Secure deduplication of encrypted data without additional independent servers

Jian Liu, N. Asokan, Benny Pinkas

CS@BIU

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

181 Scopus citations

Abstract

Encrypting data on client-side before uploading it to a cloud storage is essential for protecting users'privacy. However client-side encryption is at odds with the standard practice of deduplication. Reconciling client-side encryption with cross-user deduplication is an active research topic. We present the first secure cross-user deduplication scheme that supports client-side encryption without requiring any additional independent servers. Interestingly, the scheme is based on using a PAKE (password authenticated key exchange) protocol. We demonstrate that our scheme provides better security guarantees than previous efforts. We show both the effectiveness and the efficiency of our scheme, via simulations using realistic datasets and an implementation.

Original language	English
Title of host publication	CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	874-885
Number of pages	12
ISBN (Electronic)	9781450338325
DOIs	https://doi.org/10.1145/2810103.2813623
State	Published - 12 Oct 2015
Event	22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015 - Denver, United States Duration: 12 Oct 2015 → 16 Oct 2015

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
Volume	2015-October
ISSN (Print)	1543-7221

Conference

Conference	22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015
Country/Territory	United States
City	Denver
Period	12/10/15 → 16/10/15

Bibliographical note

Funding Information:
This work was supported in part by the "Cloud Security Services" project funded by the Academy of Finland (283135), the EU 7th Framework Program (FP7/2007-2013) under grant agreement n. 609611 (PRACTICE) and a grant from the Israel Ministry of Science and Technology. We thank Ivan Martinovic for suggesting the analogy between our system and web-caching proxies. We thank Billy Brumley, Kaitai Liang, and the reviewers for their valuable feedback.

Publisher Copyright:
© 2015 ACM.

Keywords

Cloud storage
Deduplication
PAKE
Semantically secure encryption

Access to Document

10.1145/2810103.2813623

Cite this

Liu, J., Asokan, N., & Pinkas, B. (2015). Secure deduplication of encrypted data without additional independent servers. In CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (pp. 874-885). (Proceedings of the ACM Conference on Computer and Communications Security; Vol. 2015-October). Association for Computing Machinery. https://doi.org/10.1145/2810103.2813623

@inproceedings{5614fa311d0b4df194a3e3e248fc018d,

title = "Secure deduplication of encrypted data without additional independent servers",

abstract = "Encrypting data on client-side before uploading it to a cloud storage is essential for protecting users'privacy. However client-side encryption is at odds with the standard practice of deduplication. Reconciling client-side encryption with cross-user deduplication is an active research topic. We present the first secure cross-user deduplication scheme that supports client-side encryption without requiring any additional independent servers. Interestingly, the scheme is based on using a PAKE (password authenticated key exchange) protocol. We demonstrate that our scheme provides better security guarantees than previous efforts. We show both the effectiveness and the efficiency of our scheme, via simulations using realistic datasets and an implementation.",

keywords = "Cloud storage, Deduplication, PAKE, Semantically secure encryption",

author = "Jian Liu and N. Asokan and Benny Pinkas",

note = "Publisher Copyright: {\textcopyright} 2015 ACM.; 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015 ; Conference date: 12-10-2015 Through 16-10-2015",

year = "2015",

month = oct,

day = "12",

doi = "10.1145/2810103.2813623",

language = "אנגלית",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "874--885",

booktitle = "CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security",

}

Liu, J, Asokan, N & Pinkas, B 2015, Secure deduplication of encrypted data without additional independent servers. in CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, vol. 2015-October, Association for Computing Machinery, pp. 874-885, 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, Denver, United States, 12/10/15. https://doi.org/10.1145/2810103.2813623

Secure deduplication of encrypted data without additional independent servers. / Liu, Jian; Asokan, N.; Pinkas, Benny.
CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2015. p. 874-885 (Proceedings of the ACM Conference on Computer and Communications Security; Vol. 2015-October).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Secure deduplication of encrypted data without additional independent servers

AU - Liu, Jian

AU - Asokan, N.

AU - Pinkas, Benny

PY - 2015/10/12

Y1 - 2015/10/12

N2 - Encrypting data on client-side before uploading it to a cloud storage is essential for protecting users'privacy. However client-side encryption is at odds with the standard practice of deduplication. Reconciling client-side encryption with cross-user deduplication is an active research topic. We present the first secure cross-user deduplication scheme that supports client-side encryption without requiring any additional independent servers. Interestingly, the scheme is based on using a PAKE (password authenticated key exchange) protocol. We demonstrate that our scheme provides better security guarantees than previous efforts. We show both the effectiveness and the efficiency of our scheme, via simulations using realistic datasets and an implementation.

AB - Encrypting data on client-side before uploading it to a cloud storage is essential for protecting users'privacy. However client-side encryption is at odds with the standard practice of deduplication. Reconciling client-side encryption with cross-user deduplication is an active research topic. We present the first secure cross-user deduplication scheme that supports client-side encryption without requiring any additional independent servers. Interestingly, the scheme is based on using a PAKE (password authenticated key exchange) protocol. We demonstrate that our scheme provides better security guarantees than previous efforts. We show both the effectiveness and the efficiency of our scheme, via simulations using realistic datasets and an implementation.

KW - Cloud storage

KW - Deduplication

KW - PAKE

KW - Semantically secure encryption

UR - http://www.scopus.com/inward/record.url?scp=84954136616&partnerID=8YFLogxK

U2 - 10.1145/2810103.2813623

DO - 10.1145/2810103.2813623

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:84954136616

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 874

EP - 885

BT - CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

T2 - 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015

Y2 - 12 October 2015 through 16 October 2015

ER -

Secure deduplication of encrypted data without additional independent servers

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this