This presentation is on Prototype Implementation and Evaluation for research paper titled "Secure De-duplication with encrypted data for cloud storage" by Eurecom and SecludIT. http://www.eurecom.fr/en/publication/4110/detail/cloudedup-secure-deduplication-with-encrypted-data-for-cloud-storage

1. sagar UDAY KUMAR
keerthi kumar KEMPAIAH HONNAPPA
Date(month/year): 06/2014
Organizations: Eurecom and SecludIT
Mr. Pasquale Puzio
Ph.D., student
SecludIT and EURECOM
Mr. Sergio Loureiro Ph.D.,
CEO and Co-Founder,
SecludIT
Prof. Refik Molva Ph.D.,
Head of Department,
Communications & Computer Security,
EURECOM
Prof. Melek Önen Ph.D.,
Research Engineer,
Communications & Computer Security,
EURECOM
Supervisors:
1

2. Deduplication
2

3. Encryption
3

4. Convergent Encryption
4
Hash(Plain Text)
Hash(Plain Text)

5. Drawback & Solution
 Suffer from weakness:
Confirmation Of A File Attack
Learn-The-Remaining-Information Attack
Solution ClouDedup - by Eurecom & SecludIT:
 Cross user – Block Level Deduplication
 Additional Encryption by Server
Symmetric (AES 256) & key known only by server
 MetaDataManager
management of keys
Deduplication
5

6. High level view of ClouDedup
6

7. Detailed Architecture of
ClouDedup7

8. A B C D E
B
𝐸 𝑘 𝑏
(B)H(B|𝑆𝑖𝑔 𝑃𝑘 𝑢𝑗
(H(A)
)
𝐸 𝑘(𝐸 𝑘 𝑎
(H(B)))
Store first key
locally
𝑘 𝑎=H(A) Signature of Block Encrypted Block Encrypted key
Client
𝐸 𝑘𝑔(𝐸 𝑘 𝑏
(B))𝐸 𝑘𝑔(H(B|𝑆𝑖𝑔 𝑃𝑘 𝑢𝑗
(H(A)
))
𝐸 𝑘𝑔(𝐸 𝑘(𝐸 𝑘 𝑎
(H(B))))
User Id
File Id
Gateway
k
kg
Metadata
Manager
(MM)
F:FileId {user: userId, name : File1}
FB:FileId [BlockId(A), BlockId(B), BlockId(C)..]
B:BlockId(B) {Storage container, count: 1}
L:FileId: BlockId(A):
BlockId(B):
{𝑬 𝒌𝒈(𝑬 𝒌(𝑬 𝒌 𝒂
(H(B))))}
S:FileId:BlockId(B) [𝑬 𝒌𝒈(H(B|𝑺𝒊𝒈 𝑷𝒌 𝒖𝒋
(H(A)))]
𝑬 𝒌𝒈(𝑬 𝒌 𝒃
(B))
𝑃𝑘 𝑈𝑗= private key of 𝑢𝑠𝑒𝑟𝑗
𝑘 𝑏 = H(B)
Upload Phase - Instance

9. 9
Client
Gateway MM
Cloud Storage
Provider
Request
(fileId,UserI
d) forward request
(fileId,UserId) User Authorization
and Download
requests for
{Block1Id,Block2Id...
.}
Return Data Blocks
{Block1,Block2....}{Block1,Block2....},
signatures, keys
After Signature
verification -
Decrypted
({Block1,Block2....},
signatures, keys)
Downloa
d
Request
Decryption,
Re-Build
file
Download Phase - Instance

10. Performance Evaluation - Setup
10
 Client and GW @ VM – Eurecom
 S3server and MM @ VM – Amazon EC2
 Upload/Download/Delete – Data sets
 Same experiment is repeated for 10 times
 Save Log files

11. ClouDedup: Time consumption at
Client11
0.297751.836974
63.9095
68.5815
1.39545 0.21357
32.47381
Activitywise Time consumption in seconds (15 MB file)
Total time : upload(66.044), download(70.19), delete (32.473)

12. Performance of ClouDedup with
Other Service providers – Upload12

13. Bottleneck
Detailed analysis revealed us the delay was mainly at two areas.
 At MetaDataManager (MM) – (upload -33.3501 seconds for 15 MB
File)
- MM has to upload/download/delete blocks to/from the Cloud.
 At Proxy
- Delay because of the data transfer time.
- Client to Proxy – (upload -13.2349 seconds for 15 MB File)
- Proxy to MM – (upload - 16.8265 seconds for 15 MB File)
- Transfer of larger HTTPS requests.
- GW and MM process request when entire request body is
received
13

14. Potential Solution : Data
Chunking14

15. Cross platform Application
skeleton15

16. ClouDedup windows shell
Extension16

17. ClouDedup FileSystem Watcher
17

18. Conclusion
 Implementation : ClouDedup prototype from
scratch
 Performance Evaluation of ClouDedup
 Comparison of ClouDedup Performance with
other service providers
 Bottleneck analysis - delay in proxy & MM by
waiting for the entire file to be received
 GUI skeleton for user ease
 ClouDedup Windows Shell Extension
18

19. 19