Distributed Key Generation for Encrypted Deduplication

Duan, Yitao

doi:10.1145/2664168.2664169

Cited by 65 publications

(29 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It adopts oblivious PRF to make sure that Cs generate their keys without revealing their files, or letting the Cs learn anything about the secret. Duan [11] and Shin [17] later used decentralized architectures to distributed the trust of the third party in DupLESS.…”

Section: Related Workmentioning

confidence: 99%

Secure Deduplication of Encrypted Data: Refined Model and New Constructions

Liu

Duan

et al. 2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Cloud providers tend to save storage via cross-user deduplication, while users who care about privacy tend to encrypt their files on client-side. Secure deduplication of encrypted data (SDoE) is an active research topic. In this paper, we propose a formal security model for this problem. We also propose two singleserver SDoE protocols and prove their security in our model. We evaluate their deduplication effectiveness via simulations with realistic datasets.

show abstract

Section: Related Workmentioning

confidence: 99%

Secure Deduplication of Encrypted Data: Refined Model and New Constructions

Liu

Duan

et al. 2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Other approaches, such as blinded BLS signatures [21], can be used to implement MLE key generation. This work considers a single key manager, while our design can be generalized to multiple key managers for improved availability [29]. Server: REED performs server-side deduplication.…”

Section: Architecturementioning

confidence: 99%

“…DupLESS [13] implements server-aided MLE. Duan [29] improves the robustness of key management in DupLESS via threshold signature [58]. Zheng et al [69] propose a layer-level strategy specifically for video deduplication.…”

Section: Related Workmentioning

confidence: 99%

The Design and Implementation of a Rekeying-Aware Encrypted Deduplication Storage System

Qin

Lee

2017

ACM Trans. Storage

View full text Add to dashboard Cite

Rekeying refers to an operation of replacing an existing key with a new key for encryption. It renews security protection, so as to protect against key compromise and enable dynamic access control in cryptographic storage. However, it is non-trivial to realize efficient rekeying in encrypted deduplication storage systems, which use deterministic content-derived encryption keys to allow deduplication on ciphertexts. We design and implement REED, a rekeying-aware encrypted deduplication storage system. REED builds on a deterministic version of all-or-nothing transform (AONT), such that it enables secure and lightweight rekeying, while preserving the deduplication capability. We propose two REED encryption schemes that trade between performance and security, and extend REED for dynamic access control. We implement a REED prototype with various performance optimization techniques and demonstrate how we can exploit similarity to mitigate key generation overhead. Our trace-driven testbed evaluation shows that our REED prototype maintains high performance and storage efficiency.

show abstract

“…Server-aided MLE protects against brute-force attacks by maintaining content-to-key mappings in a dedicated key manager, and has been implemented in various storage system prototypes [8,12,53,56]. Given that the dedicated key manager is a single-point-of-failure, Duan [24] proposes to maintain a quorum of key managers via threshold signature for fault-tolerant key management. Note that all the above systems build on deterministic encryption to preserve the deduplication capability of ciphertext chunks, and hence are vulnerable to the inference attacks studied in this paper.…”

Section: Related Workmentioning

confidence: 99%

Information Leakage in Encrypted Deduplication via Frequency Analysis

Qin

Lee

et al. 2017

2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

View full text Add to dashboard Cite

Encrypted deduplication combines encryption and deduplication to simultaneously achieve both data security and storage efficiency. State-of-the-art encrypted deduplication systems mainly build on deterministic encryption to preserve deduplication effectiveness. However, such deterministic encryption reveals the underlying frequency distribution of the original plaintext chunks. This allows an adversary to launch frequency analysis against the ciphertext chunks and infer the content of the original plaintext chunks. In this paper, we study how frequency analysis affects information leakage in encrypted deduplication, from both attack and defense perspectives. Specifically, we target backup workloads, and propose a new inference attack that exploits chunk locality to increase the coverage of inferred chunks. We further combine the new inference attack with the knowledge of chunk sizes and show its attack effectiveness against variable-size chunks. We conduct trace-driven evaluation on both real-world and synthetic datasets and show that our proposed attacks infer a significant fraction of plaintext chunks under backup workloads. To defend against frequency analysis, we present two defense approaches, namely MinHash encryption and scrambling. Our trace-driven evaluation shows that our combined MinHash encryption and scrambling scheme effectively mitigates the severity of the inference attacks, while maintaining high storage efficiency and incurring limited metadata access overhead.

show abstract

Distributed Key Generation for Encrypted Deduplication

Cited by 65 publications

References 37 publications

Secure Deduplication of Encrypted Data: Refined Model and New Constructions

Secure Deduplication of Encrypted Data: Refined Model and New Constructions

The Design and Implementation of a Rekeying-Aware Encrypted Deduplication Storage System

Information Leakage in Encrypted Deduplication via Frequency Analysis

Contact Info

Product

Resources

About