This presentation is on Prototype Implementation and Evaluation for research paper titled "Secure De-duplication with encrypted data for cloud storage" by Eurecom and SecludIT.
http://www.eurecom.fr/en/publication/4110/detail/cloudedup-secure-deduplication-with-encrypted-data-for-cloud-storage
Apidays New York 2024 - The value of a flexible API Management solution for O...
ClouDedup - Secure De-duplication with encrypted data for cloud storage
1. sagar UDAY KUMAR
keerthi kumar KEMPAIAH HONNAPPA
Date(month/year): 06/2014
Organizations: Eurecom and SecludIT
Mr. Pasquale Puzio
Ph.D., student
SecludIT and EURECOM
Mr. Sergio Loureiro Ph.D.,
CEO and Co-Founder,
SecludIT
Prof. Refik Molva Ph.D.,
Head of Department,
Communications & Computer Security,
EURECOM
Prof. Melek Önen Ph.D.,
Research Engineer,
Communications & Computer Security,
EURECOM
Supervisors:
1
5. Drawback & Solution
Suffer from weakness:
Confirmation Of A File Attack
Learn-The-Remaining-Information Attack
Solution ClouDedup - by Eurecom & SecludIT:
Cross user – Block Level Deduplication
Additional Encryption by Server
Symmetric (AES 256) & key known only by server
MetaDataManager
management of keys
Deduplication
5
8. A B C D E
B
𝐸 𝑘 𝑏
(B)H(B|𝑆𝑖𝑔 𝑃𝑘 𝑢𝑗
(H(A)
)
𝐸 𝑘(𝐸 𝑘 𝑎
(H(B)))
Store first key
locally
𝑘 𝑎=H(A) Signature of Block Encrypted Block Encrypted key
Client
𝐸 𝑘𝑔(𝐸 𝑘 𝑏
(B))𝐸 𝑘𝑔(H(B|𝑆𝑖𝑔 𝑃𝑘 𝑢𝑗
(H(A)
))
𝐸 𝑘𝑔(𝐸 𝑘(𝐸 𝑘 𝑎
(H(B))))
User Id
File Id
Gateway
k
kg
Metadata
Manager
(MM)
F:FileId {user: userId, name : File1}
FB:FileId [BlockId(A), BlockId(B), BlockId(C)..]
B:BlockId(B) {Storage container, count: 1}
L:FileId: BlockId(A):
BlockId(B):
{𝑬 𝒌𝒈(𝑬 𝒌(𝑬 𝒌 𝒂
(H(B))))}
S:FileId:BlockId(B) [𝑬 𝒌𝒈(H(B|𝑺𝒊𝒈 𝑷𝒌 𝒖𝒋
(H(A)))]
𝑬 𝒌𝒈(𝑬 𝒌 𝒃
(B))
𝑃𝑘 𝑈𝑗= private key of 𝑢𝑠𝑒𝑟𝑗
𝑘 𝑏 = H(B)
Upload Phase - Instance
9. 9
Client
Gateway MM
Cloud Storage
Provider
Request
(fileId,UserI
d) forward request
(fileId,UserId) User Authorization
and Download
requests for
{Block1Id,Block2Id...
.}
Return Data Blocks
{Block1,Block2....}{Block1,Block2....},
signatures, keys
After Signature
verification -
Decrypted
({Block1,Block2....},
signatures, keys)
Downloa
d
Request
Decryption,
Re-Build
file
Download Phase - Instance
10. Performance Evaluation - Setup
10
Client and GW @ VM – Eurecom
S3server and MM @ VM – Amazon EC2
Upload/Download/Delete – Data sets
Same experiment is repeated for 10 times
Save Log files
11. ClouDedup: Time consumption at
Client11
0.297751.836974
63.9095
68.5815
1.39545 0.21357
32.47381
Activitywise Time consumption in seconds (15 MB file)
Total time : upload(66.044), download(70.19), delete (32.473)
13. Bottleneck
Detailed analysis revealed us the delay was mainly at two areas.
At MetaDataManager (MM) – (upload -33.3501 seconds for 15 MB
File)
- MM has to upload/download/delete blocks to/from the Cloud.
At Proxy
- Delay because of the data transfer time.
- Client to Proxy – (upload -13.2349 seconds for 15 MB File)
- Proxy to MM – (upload - 16.8265 seconds for 15 MB File)
- Transfer of larger HTTPS requests.
- GW and MM process request when entire request body is
received
13
18. Conclusion
Implementation : ClouDedup prototype from
scratch
Performance Evaluation of ClouDedup
Comparison of ClouDedup Performance with
other service providers
Bottleneck analysis - delay in proxy & MM by
waiting for the entire file to be received
GUI skeleton for user ease
ClouDedup Windows Shell Extension
18