[IEEE CloudCom 2013] ClouDedup - Secure Deduplication with Encrypted Data

5,517 views

Published on

With the continuous and exponential increase of the number of users and the size of their data, data deduplication becomes more and more a necessity for cloud storage providers.
By storing a unique copy of duplicate data, cloud providers greatly reduce their storage and data transfer costs.
The advantages of deduplication unfortunately come with a high cost in terms of new security and privacy challenges.
We propose ClouDedup, a secure and efficient storage service which assures block-level deduplication and data confidentiality at the same time.
Although based on convergent encryption, ClouDedup remains secure thanks to the definition of a component that implements an additional encryption operation and an access control mechanism.
Furthermore, as the requirement for deduplication at block-level raises an issue with respect to key management, we suggest to include a new component in order to implement the key management for each block together with the actual deduplication operation.
We show that the overhead introduced by these new components is minimal and does not impact the overall storage and computational costs.

Published in: Technology, Business
5 Comments
3 Likes
Statistics
Notes
No Downloads
Views
Total views
5,517
On SlideShare
0
From Embeds
0
Number of Embeds
677
Actions
Shares
0
Downloads
301
Comments
5
Likes
3
Embeds 0
No embeds

No notes for slide

[IEEE CloudCom 2013] ClouDedup - Secure Deduplication with Encrypted Data

  1. 1. ClouDedup: Secure Deduplication with Encrypted Data Pasquale Puzio SecludIT & EURECOM pasquale@secludit.com Refik Molva (EURECOM) Melek Önen (EURECOM) Sergio Loureiro (SecludIT) IEEE CloudCom 2013, Bristol, UK December 3rd ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  2. 2. 1 Deduplication ● Storing duplicated data only once ● Total space savings up to 90-95% in backup applications ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  3. 3. 2 Deduplication ...but it does not work on encrypted data! D = Hello World D = Hello World ENCRYPTION with K1 ENCRYPTION with K2 owhfgr0wgr[w hfrw0[h0[ergh e0[gh0[eg dfjl;dbfrwbfirbf roepthwobgfr ugtwertgrtwu ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  4. 4. 3 Convergent Encryption Data Encryption key derived from Data K = hash(Data) D = Hello World D = Hello World ENCRYPTION with H(D) ENCRYPTION with H(D) klfgwilegfiorw egtriegtiergiei ergriegrigfifiw klfgwilegfiorw egtriegtiergiei ergriegrigfifiw ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  5. 5. 4 Convergent Encryption ● Convergent Encryption is vulnerable to “dictionary attacks” [Perttula et al] ● Solutions based on key agreement infeasible in the Cloud ● How to achieve safe Convergent Encryption in the Cloud ? ⇨ Additional deterministic encryption with the same secret key for all users ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  6. 6. 5 Solution – Additional Encryption ● Convergent encryption by Users ● Additional Encryption by server/gateway ○ ○ ○ ○ Deterministic Unique key known only by the server No key exchange/sharing Security by design ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  7. 7. 6 Solution - Metadata Block-level deduplication + convergent encryption ⇨ New requirement: key management SOLUTION ▪ metadata manager ▪ ▪ deduplication on encrypted blocks management of block keys ▪ separation between data and metadata ⇨ independance from actual storage ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  8. 8. 7 Metadata Manager ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  9. 9. 8 Solution – putting all together ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  10. 10. 9 Metadata Overhead ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  11. 11. 10 Performance ● Storage/retrieval cost is linear with block count ● Deduplication cost is constant ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  12. 12. 11 Security ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  13. 13. 12 Conclusion ● Confidentiality and block-level deduplication ● Countermeasure against CE vulnerabilities ● Negligible performance impact ● Storage agnostic ● Transparent to the storage provider ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  14. 14. 13 Future Work ● Prototype for performance analysis (ongoing, current results are promising) ● Typical operations such as edit, append and delete ● Data sharing ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio
  15. 15. THANK YOU ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage Pasquale Puzio

×