What If Keys Are Leaked? towards Practical and Secure Re-Encryption in Deduplication-Based Cloud Storage

Weijing You; Lei Lei; Bo Chen; Limin Liu

doi:10.3390/info12040142

What If Keys Are Leaked? towards Practical and Secure Re-Encryption in Deduplication-Based Cloud Storage

Information ◽

10.3390/info12040142 ◽

2021 ◽

Vol 12 (4) ◽

pp. 142

Author(s):

Weijing You ◽

Lei Lei ◽

Bo Chen ◽

Limin Liu

Keyword(s):

Experimental Evaluation ◽

Cloud Storage ◽

Security Analysis ◽

Encrypted Data ◽

Cloud Data ◽

Storage Cost ◽

Outsourced Data ◽

Proof Of Ownership ◽

Client Side ◽

Over Time

By only storing a unique copy of duplicate data possessed by different data owners, deduplication can significantly reduce storage cost, and hence is used broadly in public clouds. When combining with confidentiality, deduplication will become problematic as encryption performed by different data owners may differentiate identical data which may then become not deduplicable. The Message-Locked Encryption (MLE) is thus utilized to derive the same encryption key for the identical data, by which the encrypted data are still deduplicable after being encrypted by different data owners. As keys may be leaked over time, re-encrypting outsourced data is of paramount importance to ensure continuous confidentiality, which, however, has not been well addressed in the literature. In this paper, we design SEDER, a SEcure client-side Deduplication system enabling Efficient Re-encryption for cloud storage by (1) leveraging all-or-nothing transform (AONT), (2) designing a new delegated re-encryption (DRE), and (3) proposing a new proof of ownership scheme for encrypted cloud data (PoWC). Security analysis and experimental evaluation validate security and efficiency of SEDER, respectively.

Download Full-text

Towards Virtuous Cloud Data Storage Using Access Policy Hiding in Ciphertext Policy Attribute-Based Encryption

Future Internet ◽

10.3390/fi13110279 ◽

2021 ◽

Vol 13 (11) ◽

pp. 279

Author(s):

Siti Dhalila Mohd Satar ◽

Masnida Hussin ◽

Zurina Mohd Hanapi ◽

Mohamad Afendee Mohamed

Keyword(s):

Data Storage ◽

Cloud Storage ◽

Security Analysis ◽

Data Access ◽

Logical Connective ◽

Encrypted Data ◽

Cloud Data ◽

Access Policy ◽

Attribute Based Encryption ◽

Ciphertext Policy

Managing and controlling access to the tremendous data in Cloud storage is very challenging. Due to various entities engaged in the Cloud environment, there is a high possibility of data tampering. Cloud encryption is being employed to control data access while securing Cloud data. The encrypted data are sent to Cloud storage with an access policy defined by the data owner. Only authorized users can decrypt the encrypted data. However, the access policy of the encrypted data is in readable form, which results in privacy leakage. To address this issue, we proposed a reinforcement hiding in access policy over Cloud storage by enhancing the Ciphertext Policy Attribute-based Encryption (CP-ABE) algorithm. Besides the encryption process, the reinforced CP-ABE used logical connective operations to hide the attribute value of data in the access policy. These attributes were converted into scrambled data along with a ciphertext form that provides a better unreadability feature. It means that a two-level concealed tactic is employed to secure data from any unauthorized access during a data transaction. Experimental results revealed that our reinforced CP-ABE had a low computational overhead and consumed low storage costs. Furthermore, a case study on security analysis shows that our approach is secure against a passive attack such as traffic analysis.

Download Full-text

Attributes Based Storage System for Secure De-Duplication of Encrypt Data in Cloud

Journal of Computational and Theoretical Nanoscience ◽

10.1166/jctn.2020.8470 ◽

2020 ◽

Vol 17 (4) ◽

pp. 1937-1942

Author(s):

S. Sivasankari ◽

V. Lavanya ◽

G. Saranya ◽

S. Lavanya

Keyword(s):

Cloud Storage ◽

Storage System ◽

Third Party ◽

Encrypted Data ◽

Storage Cost ◽

Multiple Data ◽

Outsourced Data ◽

Data Owner ◽

Encrypt Data ◽

Cloud Server

These days, Cloud storage is gaining importance among individual and institutional users. Individual and foundations looks for cloud server as a capacity medium to diminish their capacity load under nearby devices. In such storage services, it is necessary to avoid duplicate content/repetitive storage of same data to be avoided. By reducing the duplicate content in cloud storage reduces storage cost. De-duplication is necessary when multiple data owner outsource the same data, issues related to security and ownership to be considered. As the cloud server is always considered to be non trusted, as it is maintained by third party, thus the data stored in cloud is always encrypted and uploaded, thus randomization property of encryption affects de-duplication. It is necessary to propose a serverside de-duplication scheme for handling encrypted data. The proposed scheme allows the cloud server to control access to outsourced data even when the ownership changes dynamically.

Download Full-text

Anonymous deduplication of encrypted data with proof of ownership in cloud storage

2013 IEEE/CIC International Conference on Communications in China (ICCC) ◽

10.1109/iccchina.2013.6671119 ◽

2013 ◽

Cited By ~ 6

Author(s):

Xuexue Jin ◽

Lingbo Wei ◽

Mengke Yu ◽

Nenghai Yu ◽

Jinyuan Sun

Keyword(s):

Cloud Storage ◽

Encrypted Data ◽

Proof Of Ownership

Download Full-text

Secure Deduplication Scheme for Cloud Encrypted Data

International Journal of Advanced Pervasive and Ubiquitous Computing ◽

10.4018/ijapuc.2019040103 ◽

2019 ◽

Vol 11 (2) ◽

pp. 27-40

Author(s):

Vishal Passricha ◽

Ashish Chopra ◽

Shubhanshi Singhal

Keyword(s):

Low Cost ◽

Digital Data ◽

Network Storage ◽

Data Deduplication ◽

Dynamic Nature ◽

Encrypted Data ◽

Cloud Data ◽

Redundant Data ◽

Proof Of Ownership ◽

Data Reduction Technique

Cloud storage (CS) is gaining much popularity nowadays because it offers low-cost and convenient network storage services. In this big data era, the explosive growth in digital data moves the users towards CS but this causes a lot of storage pressure on CS systems because a large volume of this data is redundant. Data deduplication is an effective data reduction technique. The dynamic nature of data makes security and ownership of data as a very important issue. Proof-of-ownership schemes are a robust way to check the ownership claimed by any owner. However, this method affects the deduplication process because encryption methods have varying characteristics. A convergent encryption (CE) scheme is widely used for secure data deduplication. The problem with the CE-based scheme is that the user can decrypt the cloud data while he has lost his ownership. This article addresses the problem of ownership revocation by proposing a secure deduplication scheme for encrypted data. The proposed scheme enhances the security against unauthorized encryption and poison attack on the predicted set of data.

Download Full-text

Security Analysis on a Public POR Scheme in Cloud Storage

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.556-562.5395 ◽

2014 ◽

Vol 556-562 ◽

pp. 5395-5399

Author(s):

Jian Hong Zhang ◽

Wen Jing Tang

Keyword(s):

Data Storage ◽

Cloud Storage ◽

Security Analysis ◽

Data Integrity ◽

Data File ◽

Cloud Data ◽

Security Proof ◽

Cloud Server ◽

Cloud Data Storage ◽

Active Attack

Data integrity is one of the biggest concerns with cloud data storage for cloud user. Besides, the cloud user’s constrained computing capabilities make the task of data integrity auditing expensive and even formidable. Recently, a proof-of-retrievability scheme proposed by Yuan et al. has addressed the issue, and security proof of the scheme was provided. Unfortunately, in this work we show that the scheme is insecure. Namely, the cloud server who maliciously modifies the data file can pass the verification, and the client who executes the cloud storage auditing can recover the whole data file through the interactive process. Furthermore, we also show that the protocol is vulnerable to an efficient active attack, which means that the active attacker is able to arbitrarily modify the cloud data without being detected by the auditor in the auditing process. After giving the corresponding attacks to Yuan et al.’s scheme, we suggest a solution to fix the problems.

Download Full-text

Theory and application of encrypted sequential data processing: search and computation

10.32920/ryerson.14644056 ◽

2021 ◽

Author(s):

Hoi Ting Poon

Keyword(s):

Cloud Storage ◽

Keyword Search ◽

Computational Cost ◽

Bloom Filters ◽

Sequential Data ◽

User Privacy ◽

Three Solutions ◽

Encrypted Data ◽

Storage Cost ◽

Target Values

Cloud Computing has seen a dramatic rise in adoption in the past decade amid se- curity and privacy concerns. One area of consensus is that encryption is necessary, as anonymization techniques have been shown to be unreliable. However, the processing of encrypted data has proven to be difficult. Briefly, the goal is to maintain security over remotely stored and accessed data while achieving reasonable storage cost and perfor- mance. Search is the most basic and central functionality of a privacy-protected cloud storage system actively being investigated. Recent works have looked at enabling more specialized search functions. In this thesis, we explore the problem of searching and pro- cessing of sequential data. We propose three solutions targeting textual data, with em- phasis respectively on security, storage cost and performance. Our first solution achieves a high level of security with reduced communication, storage and computational cost by exploiting properties of natural languages. Our second solution achieves a minimal storage cost by taking advantage of the space efficiency of Bloom filters. Both propos- als were also first to enable non-keyword search in phrases. Using a subsequence-based solution, our final phrase search scheme is currently the fastest phrase search protocol in literature. We also show how sequential data search schemes can be extended to in- clude auditing with minimal additional cost. The solution is capable of achieving proof of retrievability with unbounded number of audits. A sample application which enables searching and computing over target values of encrypted XML files is also demonstrated. In terms of media, we describe an encrypted cloud media storage solution that simultane- ously protects user privacy and enables copyright verification, and is the first to achieve security against dishonest participants. We also describe a framework where practical scalable privacy-protected copyright detection can be performed. Finally, an application of sequence querying over generic data in the form of an Anti-Virus over encrypted cloud storage is demonstrated. A private scanning solution and a public Anti-Virus as a ser- vice solution are described, noting that the technique can be conceptualized as a generic pattern matching solution on encrypted data. We also include some directions on future work and unexplored applications.

Download Full-text

Efficient Client-Side Deduplication of Encrypted Data With Public Auditing in Cloud Storage

IEEE Access ◽

10.1109/access.2018.2836328 ◽

2018 ◽

Vol 6 ◽

pp. 26578-26587 ◽

Cited By ~ 12

Author(s):

Taek-Young Youn ◽

Ku-Young Chang ◽

Kyung-Hyune Rhee ◽

Sang Uk Shin

Keyword(s):

Cloud Storage ◽

Encrypted Data ◽

Public Auditing ◽

Client Side

Download Full-text

METHOD TO ACHIEVE SECURITY AND STORAGE SERVICES IN CLOUD COMPUTING

International Journal of Communication Networks and Security ◽

10.47893/ijcns.2013.1077 ◽

2013 ◽

pp. 10-13

Author(s):

SYED SADDAM HUSSAIN ◽

R.VINOD KUMAR

Keyword(s):

Cloud Storage ◽

Distributed Storage ◽

Security Risks ◽

Cloud Data ◽

Outsourced Data ◽

Cloud Storage Service ◽

Byzantine Failure ◽

Storage Correctness ◽

Cloud Applications ◽

And Storage

Cloud storage enables users to remotely store their data and enjoy the on-demand high quality cloud applications without the burden of local hardware and software management. Though the benefits are clear, such a service is also relinquishing users ‘physical possession of their outsourced data, which inevitably poses new security risks toward the correctness of the data in cloud. In order to address this new problem and further achieve a secure and dependable cloud storage service, we propose in this paper a flexible distributed storage integrity auditing mechanism, utilizing the homomorphism token and distributed erasure-coded data. The proposed design allows users to audit the cloud storage with very lightweight communication and computation cost. The auditing result not only ensures strong cloud storage correctness guarantee, but also simultaneously achieves fast data error localization, i.e., the identification of misbehaving server. Considering the cloud data are dynamic in nature, the proposed design further supports secure and efficient dynamic operations on outsourced data, including block modification, deletion, and append. Analysis shows the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks)

Download Full-text

An effective, secure and efficient tagging method for integrity protection of outsourced data in a public cloud storage

PLoS ONE ◽

10.1371/journal.pone.0241236 ◽

2020 ◽

Vol 15 (11) ◽

pp. e0241236 ◽

Cited By ~ 1

Author(s):

Reem ALmarwani ◽

Ning Zhang ◽

James Garside

Keyword(s):

Cloud Storage ◽

Security Analysis ◽

Third Party ◽

Public Cloud ◽

Data Confidentiality ◽

Public And Private ◽

Outsourced Data ◽

Integrity Protection ◽

And Performance ◽

Constrained Devices

Data Integrity Auditing (DIA) is a security service for checking the integrity of data stored in a PCS (Public Cloud Storage), a third-party based storage service. A DIA service is provided by using integrity tags (hereafter referred to tags). This paper proposes a novel tagging method, called Tagging of Outsourced Data (TOD), for generating and verifying tags of files. TOD has a number of unique properties: (i) it supports both public and private verifiability, and achieves this property with a low level of overhead at the user end, making it particularly attractive to mobile users with resource-constrained devices, (ii) it protects data confidentiality, supports dynamic tags and is resilient against tag forgery and tag tampering (i.e. by authorised insiders) at the same time in more secure and efficient, making the method more suited to the PCS environment, (iii) it supports tags deduplication, making it more efficient, particularly for the user who has many files with data redundancy. Comprehensive security analysis and performance evaluation have been conducted to demonstrate the efficacy and efficiency of the approach taken in the design.

Download Full-text

Locked Deduplication of Encrypted Data to Counter Identification Attacks in Cloud Storage Platforms

Energies ◽

10.3390/en13112742 ◽

2020 ◽

Vol 13 (11) ◽

pp. 2742

Author(s):

Taek-Young Youn ◽

Nam-Su Jho ◽

Keonwoo Kim ◽

Ku-Young Chang ◽

Ki-Woong Park

Keyword(s):

Cloud Storage ◽

Storage Management ◽

Communication Overhead ◽

Or Efficiency ◽

Encrypted Data ◽

Server Side ◽

Efficient Storage ◽

Data Owner ◽

Client Side ◽

First Time

Deduplication of encrypted data is a significant function for both the privacy of stored data and efficient storage management. Several deduplication techniques have been designed to provide improved security or efficiency. In this study, we focus on the client-side deduplication technique, which has more advantages than the server-side deduplication technique, particularly in communication overhead, owing to conditional data transmissions. From a security perspective, poison, dictionary, and identification attacks are considered as threats against client-side deduplication. Unfortunately, in contrast to other attacks, identification attacks and the corresponding countermeasures have not been studied in depth. In identification attacks, an adversary tries to identify the existence of a specific file. Identification attacks should be countered because adversaries can use the attacks to break the privacy of the data owner. Therefore, in the literature, some counter-based countermeasures have been proposed as temporary remedies for such attacks. In this paper, we present an analysis of the security features of deduplication techniques against identification attacks and show that the lack of security of the techniques can be eliminated by providing uncertainness to the conditional responses in the deduplication protocol, which are based on the existence of files. We also present a concrete countermeasure, called the time-locked deduplication technique, which can provide uncertainness to the conditional responses by withholding the operation of the deduplication functionality until a predefined time. An additional cost for locking is incurred only when the file to be stored does not already exist in the server’s storage. Therefore, our technique can improve the security of client-side deduplication against identification attacks at almost the same cost as existing techniques, except in the case of files uploaded for the first time.

Download Full-text