Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
ClouDedup:
Secure Deduplication with
Encrypted Data
Pasquale Puzio
SecludIT & EURECOM

pasquale@secludit.com
Refik Molva (...
1

Deduplication
● Storing duplicated data only once
● Total space savings up to 90-95% in backup
applications

ClouDedup:...
2

Deduplication
...but it does not work on encrypted data!

D = Hello
World

D = Hello
World

ENCRYPTION with K1

ENCRYPT...
3

Convergent Encryption
Data Encryption key derived from Data
K = hash(Data)

D = Hello
World

D = Hello
World

ENCRYPTIO...
4

Convergent Encryption
● Convergent Encryption is vulnerable to
“dictionary attacks” [Perttula et al]
● Solutions based ...
5

Solution – Additional Encryption
● Convergent encryption by Users
● Additional Encryption by server/gateway
○
○
○
○

De...
6

Solution - Metadata
Block-level deduplication + convergent
encryption
⇨ New requirement: key management
SOLUTION
▪ meta...
7

Metadata Manager

ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage

Pasquale Puzio
8

Solution – putting all together

ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage

Pasquale Puzio
9

Metadata Overhead

ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage

Pasquale Puzio
10

Performance
● Storage/retrieval cost is linear with block
count
● Deduplication cost is constant

ClouDedup: Secure De...
11

Security

ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage

Pasquale Puzio
12

Conclusion
● Confidentiality and block-level deduplication
● Countermeasure against CE vulnerabilities
● Negligible pe...
13

Future Work
● Prototype for performance analysis
(ongoing, current results are promising)
● Typical operations such as...
THANK YOU

ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage

Pasquale Puzio
Upcoming SlideShare
Loading in …5
×

[IEEE CloudCom 2013] ClouDedup - Secure Deduplication with Encrypted Data

5,902 views

Published on

With the continuous and exponential increase of the number of users and the size of their data, data deduplication becomes more and more a necessity for cloud storage providers.
By storing a unique copy of duplicate data, cloud providers greatly reduce their storage and data transfer costs.
The advantages of deduplication unfortunately come with a high cost in terms of new security and privacy challenges.
We propose ClouDedup, a secure and efficient storage service which assures block-level deduplication and data confidentiality at the same time.
Although based on convergent encryption, ClouDedup remains secure thanks to the definition of a component that implements an additional encryption operation and an access control mechanism.
Furthermore, as the requirement for deduplication at block-level raises an issue with respect to key management, we suggest to include a new component in order to implement the key management for each block together with the actual deduplication operation.
We show that the overhead introduced by these new components is minimal and does not impact the overall storage and computational costs.

Published in: Technology, Business

[IEEE CloudCom 2013] ClouDedup - Secure Deduplication with Encrypted Data

  1. 1. ClouDedup: Secure Deduplication with Encrypted Data Pasquale Puzio SecludIT & EURECOM pasquale@secludit.com Refik Molva (EURECOM) Melek Önen (EURECOM) Sergio Loureiro (SecludIT) IEEE CloudCom 2013, Bristol, UK December 3rd ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  2. 2. 1 Deduplication ● Storing duplicated data only once ● Total space savings up to 90-95% in backup applications ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  3. 3. 2 Deduplication ...but it does not work on encrypted data! D = Hello World D = Hello World ENCRYPTION with K1 ENCRYPTION with K2 owhfgr0wgr[w hfrw0[h0[ergh e0[gh0[eg dfjl;dbfrwbfirbf roepthwobgfr ugtwertgrtwu ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  4. 4. 3 Convergent Encryption Data Encryption key derived from Data K = hash(Data) D = Hello World D = Hello World ENCRYPTION with H(D) ENCRYPTION with H(D) klfgwilegfiorw egtriegtiergiei ergriegrigfifiw klfgwilegfiorw egtriegtiergiei ergriegrigfifiw ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  5. 5. 4 Convergent Encryption ● Convergent Encryption is vulnerable to “dictionary attacks” [Perttula et al] ● Solutions based on key agreement infeasible in the Cloud ● How to achieve safe Convergent Encryption in the Cloud ? ⇨ Additional deterministic encryption with the same secret key for all users ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  6. 6. 5 Solution – Additional Encryption ● Convergent encryption by Users ● Additional Encryption by server/gateway ○ ○ ○ ○ Deterministic Unique key known only by the server No key exchange/sharing Security by design ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  7. 7. 6 Solution - Metadata Block-level deduplication + convergent encryption ⇨ New requirement: key management SOLUTION ▪ metadata manager ▪ ▪ deduplication on encrypted blocks management of block keys ▪ separation between data and metadata ⇨ independance from actual storage ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  8. 8. 7 Metadata Manager ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  9. 9. 8 Solution – putting all together ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  10. 10. 9 Metadata Overhead ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  11. 11. 10 Performance ● Storage/retrieval cost is linear with block count ● Deduplication cost is constant ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  12. 12. 11 Security ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  13. 13. 12 Conclusion ● Confidentiality and block-level deduplication ● Countermeasure against CE vulnerabilities ● Negligible performance impact ● Storage agnostic ● Transparent to the storage provider ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  14. 14. 13 Future Work ● Prototype for performance analysis (ongoing, current results are promising) ● Typical operations such as edit, append and delete ● Data sharing ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  15. 15. THANK YOU ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio

×