Improving the Resistance to Side-Channel Attacks on Cloud Storage Services

Heen, Olivier; Neumann, Christoph; Montalvo, Luis; Defrance, Serge

doi:10.1109/ntms.2012.6208705

Cited by 25 publications

(21 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The rationale is that if a proxy, sitting between the user and cloud, able to cache dc requests, it can obfuscate the network traffic by manipulating the order of transmitting data. For example, Heen et al [14] assumed that each user will be equipped with a gateway from the cloud storage provider. In this sense, the gateway can break the deterministic relation between dc requests and dc responses by the late forwarding policy.…”

Section: State-of-the-art Solutions and Their Weaknessesmentioning

confidence: 99%

“…Based on the above observation, a straightforward strategy for the side channel defense is to randomize the duplicate check procedures. Unfortunately, only very few countermeasures [14], [15], [20], [26], [30] have been deployed in the cloud storage system or been proposed in the literature.…”

Section: Introductionmentioning

confidence: 99%

“…Existing solutions [15], [26] usually involve parameters to be heuristically chosen. The most prominent feature of ZEUS is that it does not have any parameter to be manually selected, thus avoiding the difficulty in having a Mozy [22] × × Harnik et al [15] × × Lee and Choi [20] × × Heen et al [14] × Wang et al [30] × × Shin and Kim [26] × Armknecht et al [1] × × ZEUS (this paper) ZEUS + (this paper) ×…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Privacy Aware Data Deduplication for Side Channel in Cloud Storage

Gochhayat

Conti

et al. 2020

IEEE Trans. Cloud Comput.

View full text Add to dashboard Cite

Cloud storage services enable individuals and organizations to outsource data storage to remote servers. Cloud storage providers generally adopt data deduplication, a technique for eliminating redundant data by keeping only a single copy of a file, thus saving a considerable amount of storage and bandwidth. However, an attacker can abuse deduplication protocols to steal information. For example, an attacker can perform the duplicate check to verify whether a file (e.g., a pay slip, with a specific name and salary amount) is already stored (by someone else), hence breaching the user privacy. In this paper, we propose ZEUS (zero-knowledge deduplication response) framework. We develop ZEUS and ZEUS + , two privacy-aware deduplication protocols: ZEUS provides weaker privacy guarantees while being more efficient in the communication cost, while ZEUS + guarantees stronger privacy properties, at an increased communication cost. To the best of our knowledge, ZEUS is the first solution which addresses two-side privacy by neither using any extra hardware nor depending on heuristically chosen parameters used by the existing solutions, thus reducing both cost and complexity of the cloud storage. In summary, through the evaluation on real datasets and comparison to existing solutions, our proposed framework demonstrates its capability of eliminating data deduplication-based side channel and at the same time keeping the deduplication benefits.

show abstract

Section: State-of-the-art Solutions and Their Weaknessesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Privacy Aware Data Deduplication for Side Channel in Cloud Storage

Gochhayat

Conti

et al. 2020

IEEE Trans. Cloud Comput.

View full text Add to dashboard Cite

show abstract

“…There have been lots of efforts devoted to deal with these issues and provide a secure and efficient data deduplication [8], [10], [11], [4], [5], [12], [13], [6], [14], [7], [15], [16]. However, we are not aware of any single solution that is capable of addressing, at the same time, the three types of attacks that malicious users can attempt on the deduplication system.…”

Section: Backup Time Observationmentioning

confidence: 99%

“…However, this method does not address the others types of attacks mentioned in Section I. In [12], the authors propose a gateway-based deduplication scheme which relies on users gateways to run the deduplication process. In order to mitigate the attacks based on network traffic monitoring, gateways send a random network traffic compounded of encrypted packets with a Time-To-Live (TTL) parameter equal to 1.…”

Section: Related Workmentioning

confidence: 99%

A Secure Two-Phase Data Deduplication Scheme

Meye

Raipin

Tronel

et al. 2014

2014 IEEE Intl Conf on High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security

View full text Add to dashboard Cite

Data grows at the impressive rate of 50% per year, and 75% of the digital world is a copy 1 ! Although keeping multiple copies of data is necessary to guarantee their availability and long term durability, in many situations the amount of data redundancy is immoderate. By keeping a single copy of repeated data, data deduplication is considered as one of the most promising solutions to reduce the storage costs, and improve users experience by saving network bandwidth and reducing backup time. However, this solution must now solve many security issues to be completely satisfying. In this paper we target the attacks from malicious clients that are based on the manipulation of data identifiers and those based on backup time and network traffic observation. We present a deduplication scheme mixing an intraand an inter-user deduplication in order to build a storage system that is secure against the aforementioned type of attacks by controlling the correspondence between files and their identifiers, and making the inter-user deduplication unnoticeable to clients using deduplication proxies. Our method provides global storage space savings, per-client bandwidth network savings between clients and deduplication proxies, and global network bandwidth savings between deduplication proxies and the storage server. The evaluation of our solution compared to a classic system shows that the overhead introduced by our scheme is mostly due to data encryption which is necessary to ensure confidentiality.

show abstract

A Preventive Method for Host Level Security in Cloud Infrastructure

Ramamoorthy

Rajalakshmi

2016

Proceedings of the 3rd International Symposium on Big Data and Cloud Computing Challenges (ISBCC – 16’)

View full text Add to dashboard Cite

Improving the Resistance to Side-Channel Attacks on Cloud Storage Services

Cited by 25 publications

References 7 publications

Privacy Aware Data Deduplication for Side Channel in Cloud Storage

Privacy Aware Data Deduplication for Side Channel in Cloud Storage

A Secure Two-Phase Data Deduplication Scheme

A Preventive Method for Host Level Security in Cloud Infrastructure

Contact Info

Product

Resources

About