This document proposes a system for secure client-side data deduplication for cloud storage. It suggests using convergent encryption, where keys are derived from the hash of the plaintext, along with a security model. The solution includes a metadata manager that handles deduplication on encrypted blocks and key management separately from data storage. A prototype is being tested for performance analysis of typical operations like edit, append and delete with promising initial results. The proposed system provides confidentiality while allowing for block-level deduplication with negligible performance impact.
4. For saving resources consumption in both network
bandwidth and storage capacities, many cloud services,
namely Dropbox apply client side deduplication.
Existing deduplication can make it easy for outsiders to
know what's already on storage servers.
5. Proposed the use of the convergent encryption, i.e.,
deriving keys from the hash of plaintext and a security
model for secure data deduplication.
11. Block-level deduplication + convergent encryption
⇨ New requirement: key management
SOLUTION
▪ metadata manager
▪ deduplication on encrypted blocks
▪ management of block keys
▪ separation between data and metadata
⇨ independance from actual storage
14. Operating System : Windows Vista/7/8
Application Server : Tomcat5.0/6.X
Front End : HTML, Java, Jsp
Server side Script : Java Server Pages
Database : Mysql 5.0
15. ● Prototype for performance analysis (ongoing, current results are
promising)
● Typical operations such as edit, append and delete
● Data sharing
Performance
● Storage/retrieval cost is linear with
block count
● Deduplication cost is constant
16. ● Confidentiality and block-level deduplication
● Countermeasure against CE vulnerabilities
● Negligible performance impact
● Storage agnostic
● Transparent to the storage provider