scholarly journals Locked Deduplication of Encrypted Data to Counter Identification Attacks in Cloud Storage Platforms

Energies ◽  
2020 ◽  
Vol 13 (11) ◽  
pp. 2742
Author(s):  
Taek-Young Youn ◽  
Nam-Su Jho ◽  
Keonwoo Kim ◽  
Ku-Young Chang ◽  
Ki-Woong Park
Keyword(s):  
Cloud Storage ◽  
Storage Management ◽  
Communication Overhead ◽  
Or Efficiency ◽  
Encrypted Data ◽  
Server Side ◽  
Efficient Storage ◽  
Data Owner ◽  
Client Side ◽  
First Time

Deduplication of encrypted data is a significant function for both the privacy of stored data and efficient storage management. Several deduplication techniques have been designed to provide improved security or efficiency. In this study, we focus on the client-side deduplication technique, which has more advantages than the server-side deduplication technique, particularly in communication overhead, owing to conditional data transmissions. From a security perspective, poison, dictionary, and identification attacks are considered as threats against client-side deduplication. Unfortunately, in contrast to other attacks, identification attacks and the corresponding countermeasures have not been studied in depth. In identification attacks, an adversary tries to identify the existence of a specific file. Identification attacks should be countered because adversaries can use the attacks to break the privacy of the data owner. Therefore, in the literature, some counter-based countermeasures have been proposed as temporary remedies for such attacks. In this paper, we present an analysis of the security features of deduplication techniques against identification attacks and show that the lack of security of the techniques can be eliminated by providing uncertainness to the conditional responses in the deduplication protocol, which are based on the existence of files. We also present a concrete countermeasure, called the time-locked deduplication technique, which can provide uncertainness to the conditional responses by withholding the operation of the deduplication functionality until a predefined time. An additional cost for locking is incurred only when the file to be stored does not already exist in the server’s storage. Therefore, our technique can improve the security of client-side deduplication against identification attacks at almost the same cost as existing techniques, except in the case of files uploaded for the first time.

scholarly journals What If Keys Are Leaked? towards Practical and Secure Re-Encryption in Deduplication-Based Cloud Storage

Information ◽  
2021 ◽  
Vol 12 (4) ◽  
pp. 142
Author(s):  
Weijing You ◽  
Lei Lei ◽  
Bo Chen ◽  
Limin Liu
Keyword(s):  
Experimental Evaluation ◽  
Cloud Storage ◽  
Security Analysis ◽  
Encrypted Data ◽  
Cloud Data ◽  
Storage Cost ◽  
Outsourced Data ◽  
Proof Of Ownership ◽  
Client Side ◽  
Over Time

By only storing a unique copy of duplicate data possessed by different data owners, deduplication can significantly reduce storage cost, and hence is used broadly in public clouds. When combining with confidentiality, deduplication will become problematic as encryption performed by different data owners may differentiate identical data which may then become not deduplicable. The Message-Locked Encryption (MLE) is thus utilized to derive the same encryption key for the identical data, by which the encrypted data are still deduplicable after being encrypted by different data owners. As keys may be leaked over time, re-encrypting outsourced data is of paramount importance to ensure continuous confidentiality, which, however, has not been well addressed in the literature. In this paper, we design SEDER, a SEcure client-side Deduplication system enabling Efficient Re-encryption for cloud storage by (1) leveraging all-or-nothing transform (AONT), (2) designing a new delegated re-encryption (DRE), and (3) proposing a new proof of ownership scheme for encrypted cloud data (PoWC). Security analysis and experimental evaluation validate security and efficiency of SEDER, respectively.

scholarly journals Efficient Client-Side Deduplication of Encrypted Data With Public Auditing in Cloud Storage

IEEE Access ◽  
2018 ◽  
Vol 6 ◽  
pp. 26578-26587 ◽  
Author(s):  
Taek-Young Youn ◽  
Ku-Young Chang ◽  
Kyung-Hyune Rhee ◽  
Sang Uk Shin
Keyword(s):  
Cloud Storage ◽  
Encrypted Data ◽  
Public Auditing ◽  
Client Side

Attributes Based Storage System for Secure De-Duplication of Encrypt Data in Cloud

2020 ◽  
Vol 17 (4) ◽  
pp. 1937-1942
Author(s):  
S. Sivasankari ◽  
V. Lavanya ◽  
G. Saranya ◽  
S. Lavanya
Keyword(s):  
Cloud Storage ◽  
Storage System ◽  
Third Party ◽  
Encrypted Data ◽  
Storage Cost ◽  
Multiple Data ◽  
Outsourced Data ◽  
Data Owner ◽  
Encrypt Data ◽  
Cloud Server

These days, Cloud storage is gaining importance among individual and institutional users. Individual and foundations looks for cloud server as a capacity medium to diminish their capacity load under nearby devices. In such storage services, it is necessary to avoid duplicate content/repetitive storage of same data to be avoided. By reducing the duplicate content in cloud storage reduces storage cost. De-duplication is necessary when multiple data owner outsource the same data, issues related to security and ownership to be considered. As the cloud server is always considered to be non trusted, as it is maintained by third party, thus the data stored in cloud is always encrypted and uploaded, thus randomization property of encryption affects de-duplication. It is necessary to propose a serverside de-duplication scheme for handling encrypted data. The proposed scheme allows the cloud server to control access to outsourced data even when the ownership changes dynamically.

Public auditing for encrypted data with client-side deduplication in cloud storage

2015 ◽  
Vol 20 (4) ◽  
pp. 291-298 ◽  
Author(s):  
Kai He ◽  
Chuanhe Huang ◽  
Hao Zhou ◽  
Jiaoli Shi ◽  
Xiaomao Wang ◽  
...  
Keyword(s):  
Cloud Storage ◽  
Encrypted Data ◽  
Public Auditing ◽  
Client Side

scholarly journals Accounting and Privacy Preserving of Data Owner in Cloud Storage

2021 ◽  
Vol 10 (6) ◽  
pp. 14-17
Author(s):  
Mohan A. ◽  
vamshikrishna P.
Keyword(s):  
Distributed Computing ◽  
Cloud Storage ◽  
Cloud Provider ◽  
Confidential Information ◽  
Encrypted Data ◽  
Access Policy ◽  
Attribute Based Encryption ◽  
Data Owner ◽  
Edos Attacks ◽  
Ciphertext Policy

People use the support of distributed computing however can't completely believe the cloud suppliers to have protection and confidential information. To guarantee secrecy, data owners relocate encoded information rather than plain texts. To divide the encoded documents with different clients, Ciphertext-Policy Attribute-based Encryption (CP-ABE) can be utilized. But this cannot become secure against some other assaults. Many other schemes did not gave guarantee that the cloud provider has the power to check whether a downloader can unscramble or not. Consequently, these files are accessible to everybody who is approachable to the cloud storage. An intentionally harmful assailant can download a great many records to start Economic Denial of Sustainability (EDoS) attacks, it will to a great extent expend the cloud asset. The owner will bear all the expenses for the cloud storage but the cloud provider doesn’t provide the whole information about the access or usage. There is no transparency for the owner. We have to solve these concerns. In order to this we are going to propose a solution for securing the encrypted data from EDoS attacks and providing the owner whole usage information about the cloud storage. We are implementing by using the arbitrary access policy of CP-ABE.

scholarly journals Techniques used to formulate confidential data by means of fragmentation and hybrid encryption

2019 ◽  
Vol 6 (6) ◽  
pp. 68-86
Author(s):  
Olly Beckham ◽  
Gord Oldman ◽  
Julie Karrie ◽  
Dorth Craig
Keyword(s):  
Cloud Computing ◽  
Cloud Storage ◽  
Service Providers ◽  
Cloud Service ◽  
Secure Computation ◽  
Hybrid Encryption ◽  
Server Side ◽  
Novel Technology ◽  
Confidential Data ◽  
Client Side

Cloud computing is a concept shifting in the approach how computing resources are deployed and purchased. Even though the cloud has a capable, elastic, and consistent design, several security concerns restrain customers to completely accept this novel technology and move from traditional computing to cloud computing. In the article, we aspire to present a form of a novel architectural model for offering protection to numerous cloud service providers with the intention to devise and extend security means for cloud  computing. In this work, we presented a two-tier architecture for security in multi-clouds; one at the client side, and other at the server side. The article presented a security domination outline for multi-clouds and supports security needs like Confidentiality, Integrity, Availability, Authorization, and Non-repudiation for cloud storage. Through this document we have anticipated, HBDaSeC, a secure-computation protocol to ease the challenges of enforcing the protection of data for information security in the cloud.

DYNAMIC REST SERVICES ORCHESTRATION USING THE KNOWLEDGE BASE

2019 ◽  
Author(s):  
Kostyantyn Kharchenko
Keyword(s):  
Knowledge Base ◽  
Service Oriented Architecture ◽  
Main Idea ◽  
The Real ◽  
Server Side ◽  
Service Oriented ◽  
Services Orchestration ◽  
Client Side ◽  
Abstract Operation ◽  
Microservice Architecture

The approach to organizing the automated calculations’ execution process using the web services (in particular, REST-services) is reviewed. The given solution will simplify the procedure of introduction of the new functionality in applied systems built according to the service-oriented architecture and microservice architecture principles. The main idea of the proposed solution is in maximum division of the server-side logic development and the client-side logic, when clients are used to set the abstract computation goals without any dependencies to existing applied services. It is proposed to rely on the centralized scheme to organize the computations (named as orchestration) and to put to the knowledge base the set of rules used to build (in multiple steps) the concrete computational scenario from the abstract goal. It is proposed to include the computing task’s execution subsystem to the software architecture of the applied system. This subsystem is composed of the service which is processing the incoming requests for execution, the service registry and the orchestration service. The clients send requests to the execution subsystem without any references to the real-world services to be called. The service registry searches the knowledge base for the corresponding input request template, then the abstract operation description search for the request template is performed. Each abstract operation may already have its implementation in the form of workflow composed of invocations of the real applied services’ operations. In case of absence of the corresponding workflow in the database, this workflow implementation could be synthesized dynamically according to the input and output data and the functionality description of the abstract operation and registered applied services. The workflows are executed by the orchestrator service. Thus, adding some new functions to the client side can be possible without any changes at the server side. And vice versa, adding new services can impact the execution of the calculations without updating the clients.

A New User-controlled and Efficient Encrypted Data Sharing Model in Cloud Storage

2019 ◽  
Vol 13 (4) ◽  
pp. 356-363
Author(s):  
Yuezhong Wu ◽  
Wei Chen ◽  
Shuhong Chen ◽  
Guojun Wang ◽  
Changyun Li
Keyword(s):  
Data Sharing ◽  
Data Security ◽  
Cloud Storage ◽  
Screening Program ◽  
Original Data ◽  
Third Party ◽  
Active System ◽  
Encrypted Data ◽  
Active User ◽  
User Data

Background: Cloud storage is generally used to provide on-demand services with sufficient scalability in an efficient network environment, and various encryption algorithms are typically applied to protect the data in the cloud. However, it is non-trivial to obtain the original data after encryption and efficient methods are needed to access the original data. Methods: In this paper, we propose a new user-controlled and efficient encrypted data sharing model in cloud storage. It preprocesses user data to ensure the confidentiality and integrity based on triple encryption scheme of CP-ABE ciphertext access control mechanism and integrity verification. Moreover, it adopts secondary screening program to achieve efficient ciphertext retrieval by using distributed Lucene technology and fine-grained decision tree. In this way, when a trustworthy third party is introduced, the security and reliability of data sharing can be guaranteed. To provide data security and efficient retrieval, we also combine active user with active system. Results: Experimental results show that the proposed model can ensure data security in cloud storage services platform as well as enhance the operational performance of data sharing. Conclusion: The proposed security sharing mechanism works well in an actual cloud storage environment.

Sign in / Sign up

Export Citation Format

Share Document