[DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage

•Download as PPTX, PDF•

1 like•2,290 views

With the continuous increase of cloud storage adopters, data deduplication has become a necessity for cloud providers. By storing a unique copy of duplicate data, cloud providers greatly reduce their storage and data transfer costs. Unfortunately, deduplication introduces a number of new security challenges. We propose PerfectDedup, a novel scheme for secure data deduplication, which takes into account the popularity of the data segments and leverages the properties of Perfect Hashing in order to assure block-level deduplication and data condentiality at the same time. We show that the client-side overhead is minimal and the main computational load is outsourced to the cloud storage provider.

Technology

PerfectDedup
Secure Data Deduplication
Pasquale PUZIO
pasquale@secludit.com
SecludIT & EURECOM
Refik Molva (EURECOM)
Melek Önen (EURECOM)
Sergio Loureiro (SecludIT)
10th DPM International Workshop on Data Privacy Management
Vienna, Austria, September 21st 2015

Agenda
• Problem Statement
– Data Deduplication for Cloud Storage
– Convergent Encryption
• Our solution
– Data Popularity
– Perfect Hashing
– PerfectDedup: Secure Popularity Detection
– Security
– Performance Evaluation
2

Deduplication
• Storing duplicate data only once
• Cross-user + Client-side + Block-level
3

Deduplication vs Encryption
… but it does not work on encrypted data!
D = Hello
World
D = Hello
World
ENCRYPTION with K1 ENCRYPTION with K2
owhfgr0wgr[w
hfrw0[h0[ergh
e0[gh0[eg
dfjl;dbfrwbfirbf
roepthwobgfr
ugtwertgrtwu
4

Convergent Encryption
• Data Encryption key derived from Data
K = hash(Data)
• Deterministic & Symmetric Encryption
D = Hello
World
D = Hello
World
ENCRYPTION with H(D) ENCRYPTION with H(D)
klfgwilegfiorw
egtriegtiergiei
ergriegrigfifiw
klfgwilegfiorw
egtriegtiergiei
ergriegrigfifiw
5
Douceur, John R., et al. "Reclaiming space from duplicate files in a serverless distributed file system." Distributed Computing Systems, 2002.
Proceedings. 22nd International Conference on. IEEE, 2002.

Convergent Encryption
MISSING
INFORMATION
How to achieve safe
Convergent Encryption
in the Cloud ?
6
Drew Perttula, Brian Warner, and Zooko Wilcox-O'Hearn, 2008-03-20
https://tahoe-lafs.org/hacktahoelafs/drew_perttula.html

Data Popularity
• Different protection based on data-segment
popularity
• Popular data  Not confidential  To be
deduplicated  Convergent Encryption
• Unpopular data  Confidential  To be
protected  Semantically-Secure Encryption
7
Stanek, Jan, et al. "A secure data deduplication scheme for cloud storage." Financial Cryptography and Data Security. Springer Berlin Heidelberg,
2014. 99-118.

How to securely detect popularity ?
CSP
.
.
.
B
.
.
.
Is block B popular ?
YES / NO
• Block B must not be disclosed if it is unpopular (sensitive)
CLIENT
8

PHF-based Lookup
9
ID
Belazzougui, Djamal, Fabiano C. Botelho, and Martin Dietzfelbinger. "Hash, displace, and compress." Algorithms-ESA 2009. Springer Berlin
Heidelberg, 2009. 682-693.

PerfectDedup
• Based on «Secure» Perfect Hashing
– One-wayness
• Popular block IDs  Collision-free hash
function (PHF)
• BENEFITS:
– Efficient (linear) generation of a new PHF
(outsourced to the Cloud)
– Compact representation of PHF
– Very efficient (constant) evaluation on a block ID
10

Security
UNPOPULAR
P
POPULAR
P
CSP
.
.
.
.
.
.
PHF(ID) = i
i ID
Block is popular
1-to-1 mapping
No confidentiality issue
11

Security
UNPOPULAR
P
POPULAR
P
CSP
.
.
.
.
.
.
PHF(ID) = i
i ID’
Block is unpopular
Collisions are well-distributed
One-wayness property
12

PerfectDedup
CSP
.
.
.
B
.
.
.
Is block B popular ?
YES / NO
INDEX
SERVICE
If NO
POPULARITY
TRANSITION ? YES / NO
CLIENT
13

Prototype Implementation
CSP
INDEX SERVICE
CMPH
CMPH
CLIENT
14

Performance Evaluation
0
1
2
3
4
5
6
7
8
9
10
UNPOPULAR FILE POPULARITY TRANSITION POPULAR FILE
Time(inseconds)
Scenario
Client File Split Client Convergent Encryption
Client Popularity Check Client Symmetric Encryption
Idx Service Update Cloud Generate PHF
Cloud Store Hash Table Cloud Popularity Check
Cloud Upload Processing
15

Conclusions
• Popularity-based Deduplication
• Secure Perfect Hashing
• Secure & Lightweight for the client
• Costly tasks outsourced to the Cloud
• Low overhead
16

Future Work
• Optimization of PHF generation
• Deployment in real production environments
17

THANK YOU
Questions ?
Don’t be shy !
pasquale@secludit.com

Viewers also liked

Nexgen Technology Address: Nexgen Technology No :66,4th cross,Venkata nagar, Near SBI ATM, Puducherry. Email Id: praveen@nexgenproject.com. www.nexgenproject.com Mobile: 9751442511,9791938249 Telephone: 0413-2211159. NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km

Secure auditing and deduplicating data in cloud

nexgentech15

Deduplication

Lars Marius Garshol

Data deduplication is one of important data compression techniques for eliminating duplicate copies of repeating data, and has been widely used in cloud storage to reduce the amount of storage space and save bandwidth. To protect the confidentiality of sensitive data while supporting deduplication, the convergent encryption technique has been proposed to encrypt the data before outsourcing. To better protect data security, this paper makes the first attempt to formally address the problem of authorized data deduplication. Different from traditional deduplication systems, the differential privileges of users are further considered in duplicate check besides the data itself.We also present several new deduplication constructions supporting authorized duplicate check in a hybrid cloud architecture. Security analysis demonstrates that our scheme is secure in terms of the definitions specified in the proposed security model. As a proof of concept, we implement a prototype of our proposed authorized duplicate check scheme and conduct testbed experiments using our prototype. We show that our proposed authorized duplicate check scheme incurs minimal overhead compared to normal operations.

A Hybrid Cloud Approach for Secure Authorized Deduplication

SWAMI06

Deduplication in Open Spurce Cloud

Mangali Praveen Kumar

Deduplication reduces the amount of disk storage needed to retain and protect data by ratios of 10-30x and greater, making a disk a cost-effective alternative to tape. Data on disk is available online and onsite for longer retention periods, and restores become fast and reliable. Storing only unique data on disk also means that data can be cost-effectively replicated over existing networks to remote sites for disaster recovery and consolidated tape operations.

EMC Deduplication Fundamentals

emcbaltics

Internet of Things and its applications

Pasquale Puzio

Internet-of-things- (IOT) - a-seminar - ppt - by- mohan-kumar-g

Mohan Kumar G

Internet of Things

Vala Afshar

Viewers also liked (8)

Secure auditing and deduplicating data in cloud

Deduplication

A Hybrid Cloud Approach for Secure Authorized Deduplication

Deduplication in Open Spurce Cloud

EMC Deduplication Fundamentals

Internet of Things and its applications

Internet-of-things- (IOT) - a-seminar - ppt - by- mohan-kumar-g

Internet of Things

Similar to [DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage

Zero-Knowledge Proofs: Identity Proofing and Authentication

Clare Nelson, CISSP, CIPP-E

FRONTIERS IN CRYPTOGRAPHY

LINE Corporation

Access Control & Encryption In Cloud Environments

James Wernicke

Improving privacy in blockchain using homomorphic encryption

Razi Rais

Ryan_Holt_MS_Thesis_Project_Presentation

Ryan Holt

Splunk September 2023 User Group PDX.pdf

Amanda Richardson

Moderator: Christofer Hoff Chief Security Architect, Juniper Networks Security is an amazingly polarizing topic; it is considered either salvation or superfluous depending on experience and expectation The operational, organizational and technical impacts due to the massively disruptive nature of Cloud computing are equally polarizing Combine the two topics and you’ve got fantastic fodder for lively discourse, debate and perspective Our spectacular panel of notable architects, technologists, specialist practitioners and entrepreneurs from industry and the enterprise will lead us through a lively interactive discussion around this exciting topic

Forecast 2012 Panel: Cloud Security Christofer Hoff

Open Data Center Alliance

doc1.pdf

sheet1.pdf

lecture7.pdf

paper1.pdf

paper8.pdf

Title "Emerging Data Privacy and Security for Cloud" Abstract: Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Gartner includes data ethics and privacy on their list of the top 10 strategic technology trends of 2019, placing it on the same level as AI-driven development, blockchain, and edge computing. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data — how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers. Companies continue to transition to more costefficient cloud-based solutions, their email and other valuable data migrate along with them. The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value. Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation are often discussed in the context of identifying individuals whose information may be in a database. Secure multi-party computation (also known as secure computation, multi-party computation (MPC), or privacy-preserving computation) is a subfield of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private. We will discuss how these emerging data privacy technologies can limit the privacy impact on individuals whose information is in a database. Let’s break down the differences and see where these techniques fit best in an organization’s security and privacy strategy and align with privacy law requirements. You will learn - The latest trends and strategies for securing sensitive data in cloud and the enterprise - How to discover and capture your data inventory - What’s needed to prevent a data breach by securing your critical data and protect your reputation

Emerging Data Privacy and Security for Cloud

Ulf Mattsson

20170406 Genomics@Google - KeyGene - Wageningen

Allen Day, PhD

Puzzle Lock

Senad Aruc

Berlin 6 Open Access Conference: Christian Zier

Cornelius Puschmann

DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014

Andris Soroka

This talk will introduce Zero-Knowledge Proofs (ZKPs) and explain why they are a key element in a growing number of privacy-preserving, digital-identity platforms. Clare will provide basic illustrations of ZKPs and leave the necessary mathematics foundations to the readers. After this talk you will understand that there is a variety of ZKPs, it’s still early days, and why ZKP is such a perfect tool for digital identity platforms. This talk includes significant updates from the newly-organized ZKProof Standardization organization plus a signal of maturity: one of the first known ZKP vulnerabilities. Clare will explain why ZKPs are so powerful, and why they are building blocks for a range of applications including privacy-preserving cryptocurrency such as Zcash, Ethereum, Artificial Intelligence, and older versions of Trusted Platform Modules (TPMs). The presentation includes many backup slides for future learning and researching, including four slides of references.

Zero-Knowledge Proofs in Light of Digital Identity

Clare Nelson, CISSP, CIPP-E

A Multilingual, Scientific Poem on Model-Driven Security in a Vietnamese Kara...

Phu H. Nguyen

Research results in peer-reviewed publications are reproducible, right? If only it was so clear cut. With high profile paper retractions and pushes for better data sharing by funders, publishers and the community, the spotlight is now focussing on the whole way research is conducted around the world. This talk from the Software Sustainability Institute's Collaborations Workshop 2014 describes how cloud computing, with Microsoft Azure, is helping researchers realize the goals of scientific reproducibility. Find out more at www.azure4research.com

Reproducible Research and the Cloud

Microsoft Azure for Research

Similar to [DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage (20)

Zero-Knowledge Proofs: Identity Proofing and Authentication

FRONTIERS IN CRYPTOGRAPHY

Access Control & Encryption In Cloud Environments

Improving privacy in blockchain using homomorphic encryption

Ryan_Holt_MS_Thesis_Project_Presentation

Splunk September 2023 User Group PDX.pdf

Forecast 2012 Panel: Cloud Security Christofer Hoff

doc1.pdf

sheet1.pdf

lecture7.pdf

paper1.pdf

paper8.pdf

Emerging Data Privacy and Security for Cloud

20170406 Genomics@Google - KeyGene - Wageningen

Puzzle Lock

Berlin 6 Open Access Conference: Christian Zier

DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014

Zero-Knowledge Proofs in Light of Digital Identity

A Multilingual, Scientific Poem on Model-Driven Security in a Vietnamese Kara...

Reproducible Research and the Cloud

Recently uploaded

How to convert PDF to text with Nanonets

naman860154

Evaluating the top large language models.pdf

ChristopherTHyatt

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Delhi Call girls

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

Presentation on how to chat with PDF using ChatGPT code interpreter

naman860154

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

CNv6 Instructor Chapter 6 Quality of Service

giselly40

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

In an era where artificial intelligence (AI) stands at the forefront of business innovation, Information Architecture (IA) is at the core of functionality. See “There’s No AI Without IA” – (from 2016 but even more relevant today) Understanding and leveraging how Information Architecture (IA) supports AI synergies between knowledge engineering and prompt engineering is critical for senior leaders looking to successfully deploy AI for internal and externally facing knowledge processes. This webinar be a high-level overview of the methodologies that can elevate AI-driven knowledge processes supporting both employees and customers. Core Insights Include: Strategic Knowledge Engineering: Delve into how structuring AI's knowledge base is required to prevent hallucinations, enable contextual retrieval of accurate information. This will include discussion of gold standard libraries of use cases support testing various LLMs and structures and configurations of knowledge base. Precision in Prompt Engineering: Learn the art of crafting prompts that direct AI to deliver targeted, relevant responses, thereby optimizing customer experiences and business outcomes. Unified Approach for Enhanced AI Performance: Explore the intersection of knowledge and prompt engineering to develop AI systems that are not only more responsive but also aligned with overarching business strategies. Guiding Principles for Implementation: Equip yourself with best practices, ethical guidelines, and strategic considerations for embedding these technologies into your business ecosystem effectively. This webinar is designed to empower business and technology leaders with the knowledge to harness the full potential of AI, ensuring their organizations not only keep pace with digital transformation but lead the charge. Join us to map a roadmap to fully leverage Information Architecture (IA) and AI chart a course towards a future where AI is a key pillar of strategic innovation and business success.

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Earley Information Science

Tech Trends Report 2024 Future Today Institute.pdf

hans926745

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Recently uploaded (20)

How to convert PDF to text with Nanonets

Evaluating the top large language models.pdf

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Partners Life - Insurer Innovation Award 2024

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Boost Fertility New Invention Ups Success Rates.pdf

Driving Behavioral Change for Information Management through Data-Driven Gree...

Finology Group – Insurtech Innovation Award 2024

How to Troubleshoot Apps for the Modern Connected Worker

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Presentation on how to chat with PDF using ChatGPT code interpreter

2024: Domino Containers - The Next Step. News from the Domino Container commu...

GenCyber Cyber Security Day Presentation

CNv6 Instructor Chapter 6 Quality of Service

Boost PC performance: How more available memory can improve productivity

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Tech Trends Report 2024 Future Today Institute.pdf

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

[DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage

1. PerfectDedup Secure Data Deduplication Pasquale PUZIO pasquale@secludit.com SecludIT & EURECOM Refik Molva (EURECOM) Melek Önen (EURECOM) Sergio Loureiro (SecludIT) 10th DPM International Workshop on Data Privacy Management Vienna, Austria, September 21st 2015

2. Agenda • Problem Statement – Data Deduplication for Cloud Storage – Convergent Encryption • Our solution – Data Popularity – Perfect Hashing – PerfectDedup: Secure Popularity Detection – Security – Performance Evaluation 2

3. Deduplication • Storing duplicate data only once • Cross-user + Client-side + Block-level 3

4. Deduplication vs Encryption … but it does not work on encrypted data! D = Hello World D = Hello World ENCRYPTION with K1 ENCRYPTION with K2 owhfgr0wgr[w hfrw0[h0[ergh e0[gh0[eg dfjl;dbfrwbfirbf roepthwobgfr ugtwertgrtwu 4

5. Convergent Encryption • Data Encryption key derived from Data K = hash(Data) • Deterministic & Symmetric Encryption D = Hello World D = Hello World ENCRYPTION with H(D) ENCRYPTION with H(D) klfgwilegfiorw egtriegtiergiei ergriegrigfifiw klfgwilegfiorw egtriegtiergiei ergriegrigfifiw 5 Douceur, John R., et al. "Reclaiming space from duplicate files in a serverless distributed file system." Distributed Computing Systems, 2002. Proceedings. 22nd International Conference on. IEEE, 2002.

6. Convergent Encryption MISSING INFORMATION How to achieve safe Convergent Encryption in the Cloud ? 6 Drew Perttula, Brian Warner, and Zooko Wilcox-O'Hearn, 2008-03-20 https://tahoe-lafs.org/hacktahoelafs/drew_perttula.html

7. Data Popularity • Different protection based on data-segment popularity • Popular data  Not confidential  To be deduplicated  Convergent Encryption • Unpopular data  Confidential  To be protected  Semantically-Secure Encryption 7 Stanek, Jan, et al. "A secure data deduplication scheme for cloud storage." Financial Cryptography and Data Security. Springer Berlin Heidelberg, 2014. 99-118.

8. How to securely detect popularity ? CSP . . . B . . . Is block B popular ? YES / NO • Block B must not be disclosed if it is unpopular (sensitive) CLIENT 8

9. PHF-based Lookup 9 ID Belazzougui, Djamal, Fabiano C. Botelho, and Martin Dietzfelbinger. "Hash, displace, and compress." Algorithms-ESA 2009. Springer Berlin Heidelberg, 2009. 682-693.

10. PerfectDedup • Based on «Secure» Perfect Hashing – One-wayness • Popular block IDs  Collision-free hash function (PHF) • BENEFITS: – Efficient (linear) generation of a new PHF (outsourced to the Cloud) – Compact representation of PHF – Very efficient (constant) evaluation on a block ID 10

11. Security UNPOPULAR P POPULAR P CSP . . . . . . PHF(ID) = i i ID Block is popular 1-to-1 mapping No confidentiality issue 11

12. Security UNPOPULAR P POPULAR P CSP . . . . . . PHF(ID) = i i ID’ Block is unpopular Collisions are well-distributed One-wayness property 12

13. PerfectDedup CSP . . . B . . . Is block B popular ? YES / NO INDEX SERVICE If NO POPULARITY TRANSITION ? YES / NO CLIENT 13

14. Prototype Implementation CSP INDEX SERVICE CMPH CMPH CLIENT 14

15. Performance Evaluation 0 1 2 3 4 5 6 7 8 9 10 UNPOPULAR FILE POPULARITY TRANSITION POPULAR FILE Time(inseconds) Scenario Client File Split Client Convergent Encryption Client Popularity Check Client Symmetric Encryption Idx Service Update Cloud Generate PHF Cloud Store Hash Table Cloud Popularity Check Cloud Upload Processing 15

16. Conclusions • Popularity-based Deduplication • Secure Perfect Hashing • Secure & Lightweight for the client • Costly tasks outsourced to the Cloud • Low overhead 16

17. Future Work • Optimization of PHF generation • Deployment in real production environments 17

18. THANK YOU Questions ? Don’t be shy ! pasquale@secludit.com

Editor's Notes

Hello everyone, my name’s Pasquale Puzio. I’m a PhD student at EURECOM & SecludIT under the supervision of Refik MOLVA and Sergio LOUREIRO. Today I’m gonna talk about PerfectDedup, which is our last work on secure data deduplication Data Deduplication + Confidentiality
Let’s talk quickly about the agenda. Today I’ll first explain what data deduplication is and why it became interesting for researchers. Then I’ll explain how deduplication can be combined with encryption, in particular convergent encryption. This will bring me to the vulnerabilities of CE. Finally I’ll present our solution based on data popularity and perfect hashing.
Basic idea: store duplicated data only once Explain Mention experiments
Key and encryption are deterministic
Researchers noticed that data may need different levels of protection depending on its popularity This assumption works pretty well in all common scenarios, except for a few extreme cases However in our scheme the user can skip the protocol and just encrypt his file Explain when a block becomes popular -> popularity threshold is reached Mention an example
The problem is shifted to secure popularity detection: if popular do this, if unpopular do that PIR would not be efficient in the case of block-level deduplication Explain that different encryption requires the user to know if data is popular Simple solution -> look for convergent encrypted block -> not secure
Let’s go into more detail Index does not reveal anything on the block because of collisions Lookup protocols use hash tables, databases use perfect hashing based indices, we need a secure lookup protocol
We decided to design a new protocol based on perfect hashing Secure because we added the one-wayness property which is foundamental for the security of the protocol
No confidentiality issue because block is popular
On the other hand, collisions protect unpopular data Several pre-images corresponding to the same image
Now let’s have a closer look at the architecture We need a trusted index service in order to handle the popularity transition, that is that phase in which a block that was unpopular becomes popular after reaching a popularity threshold Explain protocol
Focus on CMPH Mention that we modified CMPH in order to make it secure (one-way)
Upload of a 10MB file in three different scenarios: file was unpopular, triggered a popularity transition, was popular The take-away from this slide is that all client operations are really lightweight Example: popularity check -> outperforms PIR by far Costly operations are outsourced to the cloud Fix colors
Outperforms the previous existing solutions

[DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (8)

Similar to [DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage

Similar to [DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage (20)

Recently uploaded

Recently uploaded (20)

[DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage

Editor's Notes