research-article

Enabling Ciphertext Deduplication for Secure Cloud Storage and Access Control

Authors:

Kui RenAuthors Info & Claims

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

Pages 59 - 70

https://doi.org/10.1145/2897845.2897846

Published: 30 May 2016 Publication History

Abstract

To secure cloud storage and enforce access control, data encryption has become essential, given the ever increasing cyber threat everywhere. Attribute-based Encryption (ABE) crypto systems are widely considered as a promising solution under such a context for its security strength, scalability and control flexibility. One major challenge, however, for applying ABE-based techniques in real world applications is its high overhead in various aspects. In this research, we are particularly concerned with the storage size expansion in existing ABE schemes. This combined with the vast-size nature of the cloud data poses an enormous challenge to the effective usage of the cloud data storage space and affects the utility of data deduplication. Normally, data deduplication is carried out based on identifying similar and even identical contents both within and between data files, however, these patterns will be destroyed after performing data encryption using any semantically secure encryption scheme including ABE. In this research, we focus on ciphertexts deduplication under ABE, which to our best knowledge is the first of such an effort. Our fundamental observation stems from the structure of ABE ciphertexts and the possible similarities among different access structures. We show how to design a secure ciphertext deduplication scheme based on a classical CP-ABE scheme by innovatively modifying the construction with a recursive algorithm, eliminating the duplicated secrets and adding additional randomness to some certain ciphertext. We then give a detailed analysis on the proposed scheme with respect to both efficiency and security. To thoroughly assess the performance of the proposed scheme, we also implement a prototype system and conduct comprehensive experiments, which shows that our ciphertext reduplication scheme could reduce up to 80% computation and storage cost in the best case.

References

[1]

Crypto++ 5.0. http://www.cryptopp.com/.

[2]

Enabling ciphertext deduplication for secure cloud storage and access control(full version). https://www.dropbox.com/sh/o5apxgnrli49hr0/AAAIwKMJXWnfXNLW2yIBTuz3a.

[3]

Openssh: 2.1.1p4. http://www.openssh.com/.

[4]

J. A. Akinyele, C. Garman, I. Miers, M. W. Pagano, M. Rushanan, M. Green, and A. D. Rubin. Charm: a framework for rapidly prototyping cryptosystems. Journal of Cryptographic Engineering, 3(2):111--128, 2013.

[5]

J. A. Akinyele, C. U. Lehmann, M. D. Green, M. W. Pagano, Z. N. Peterson, and A. D. Rubin. Self-protecting electronic medical records using attribute-based encryption. 2010.

[6]

R. Baden, A. Bender, N. Spring, B. Bhattacharjee, and D. Starin. Persona: an online social network with user-defined privacy. In ACM SIGCOMM Computer Communication Review, volume 39, pages 135--146. ACM, 2009.

Digital Library

[7]

A. Beimel. Secure schemes for secret sharing and key distribution. PhD thesis, Technion-Israel Institute of technology, Faculty of computer science, 1996.

[8]

M. Bellare, S. Keelveedhi, and T. Ristenpart. Dupless: Server-aided encryption for deduplicated storage. In Proceedings of the 22nd USENIX conference on security, pages 179--194. USENIX Association, 2013.

Digital Library

[9]

J. Benaloh and J. Leichter. Generalized secret sharing and monotone functions. In Proceedings on Advances in cryptology, pages 27--35. Springer-Verlag New York, Inc., 1990.

Digital Library

[10]

J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-policy attribute-based encryption. In Security and Privacy, 2007. SP'07. IEEE Symposium on, pages 321--334. IEEE, 2007.

Digital Library

[11]

J. R. Douceur, A. Adya, W. J. Bolosky, D. Simon, and M. Theimer. Reclaiming space from duplicate files in a serverless distributed file system. In Distributed Computing Systems, 2002. Proceedings. 22nd International Conference on, pages 617--624. IEEE, 2002.

Digital Library

[12]

V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM conference on Computer and communications security, pages 89--98. Acm, 2006.

Digital Library

[13]

M. Green, S. Hohenberger, and B. Waters. Outsourcing the decryption of abe ciphertexts. In USENIX Security Symposium, volume 2011, 2011.

Digital Library

[14]

S. Hohenberger and B. Waters. Online/offline attribute-based encryption. In Public-Key Cryptography--PKC 2014, pages 293--310. Springer, 2014.

Digital Library

[15]

J. Lai, R. H. Deng, C. Guan, and J. Weng. Attribute-based encryption with verifiable outsourced decryption. Information Forensics and Security, IEEE Transactions on, 8(8):1343--1354, 2013.

Digital Library

[16]

M. Li, S. Yu, Y. Zheng, K. Ren, and W. Lou. Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. Parallel and Distributed Systems, IEEE Transactions on, 24(1):131--143, 2013.

Digital Library

[17]

B. Lynn. On the implementation of pairing-based cryptosystems. PhD thesis, Stanford University, 2007.

[18]

D. Meister and A. Brinkmann. Multi-level comparison of data deduplication in a backup scenario. In Proceedings of SYSTOR 2009: The Israeli Experimental Systems Conference, page 8. ACM, 2009.

Digital Library

[19]

R. C. Merkle. A digital signature based on a conventional encryption function. In Advances in Cryptology-CRYPTO'87, pages 369--378. Springer, 1988.

Digital Library

[20]

A. Muthitacharoen, B. Chen, and D. Mazieres. A low-bandwidth network file system. In ACM SIGOPS Operating Systems Review, volume 35, pages 174--187. ACM, 2001.

Digital Library

[21]

R. Ostrovsky, A. Sahai, and B. Waters. Attribute-based encryption with non-monotonic access structures. In Proceedings of the 14th ACM conference on Computer and communications security, pages 195--203. ACM, 2007.

Digital Library

[22]

M. Pirretti, P. Traynor, P. McDaniel, and B. Waters. Secure attribute-based systems. In Proceedings of the 13th ACM conference on Computer and communications security, pages 99--112. ACM, 2006.

Digital Library

[23]

Y. Rouselakis and B. Waters. Practical constructions and new proof methods for large universe attribute-based encryption. In Proceedings of the 2013 ACM SIGSAC conference on Computer and communications security, pages 463--474. ACM, 2013.

Digital Library

[24]

M. W. Storer, K. Greenan, D. D. Long, and E. L. Miller. Secure data deduplication. In Proceedings of the 4th ACM international workshop on Storage security and survivability, pages 1--10. ACM, 2008.

Digital Library

[25]

D. Teodosiu, N. Bjorner, Y. Gurevich, M. Manasse, and J. Porkka. Optimizing file replication over limited bandwidth networks using remote differential compression. Microsoft Research TR-2006--157, 2006.

[26]

P. Traynor, K. R. Butler, W. Enck, and P. McDaniel. Realizing massive-scale conditional access systems through attribute-based cryptosystems. In NDSS, 2008.

[27]

B. Waters. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In Public Key Cryptography--PKC 2011, pages 53--70. Springer, 2011.

Digital Library

[28]

Y. Wu, Z. Wei, and R. H. Deng. Attribute-based access to scalable media in cloud-assisted content sharing networks. Multimedia, IEEE Transactions on, 15(4):778--788, 2013.

Digital Library

Cited By

Ha GJia CHuang YChen HLi RJia Q(2024)Scalable and Popularity-Based Secure Deduplication Schemes With Fully Random TagsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.328517321:3(1484-1500)Online publication date: May-2024
https://doi.org/10.1109/TDSC.2023.3285173
Tang XGuo CChoo KJiang XLiu Y(2024)A Secure and Lightweight Cloud Data Deduplication Scheme with Efficient Access Control and Key ManagementComputer Communications10.1016/j.comcom.2024.05.003Online publication date: May-2024
https://doi.org/10.1016/j.comcom.2024.05.003
Kwon HLee SKim MHahn CHur J(2023)Certificate Transparency With Enhanced PrivacyIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.321423520:5(3860-3872)Online publication date: 1-Sep-2023
https://doi.org/10.1109/TDSC.2022.3214235
Show More Cited By

Index Terms

Enabling Ciphertext Deduplication for Secure Cloud Storage and Access Control
1. Information systems
  1. Data management systems
    1. Information integration
      1. Deduplication
  2. Information storage systems
    1. Storage architectures
      1. Cloud based storage
2. Security and privacy
  1. Cryptography
    1. Public key (asymmetric) techniques
      1. Public key encryption
  2. Security services
    1. Access control

Recommendations

Secure, efficient and revocable multi-authority access control system in cloud storage

A multi-authority attribute-based access control system for cloud storage is proposed.An adaptively secure multi-authority CP-ABE (MA-CP-ABE) scheme in the standard model.A decryption outsourcing method for the proposed MA-CP-ABE scheme.An attribute-...
New efficient chosen ciphertext secure Elgamal encryption schemes for secure Cloud storage service

Nowadays Cloud computation has become a commonplace information service paradigm for all actors in ICT field, from individuals to big corporates. In particular, Cloud platforms and data centres are being used each time more for outsourcing data. However,...
Provably secure ciphertext policy ABE
CCS '07: Proceedings of the 14th ACM conference on Computer and communications security

In ciphertext policy attribute-based encryption (CP-ABE), every secret key is associated with a set of attributes, and every ciphertext is associated with an access structure on attributes. Decryption is enabled if and only if the user's attribute set ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

May 2016

958 pages

ISBN:9781450342339

DOI:10.1145/2897845

General Chair:
Xiaofeng Chen
Xidian University, China
,
Program Chairs:
XiaoFeng Wang
Indiana University at Bloomington, USA
,
Xinyi Huang
Fujian Normal University, China

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 May 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

US National Science Foundation
National Natural Science Foundation of China

Conference

ASIA CCS '16

Sponsor:

SIGSAC

ASIA CCS '16: ACM Asia Conference on Computer and Communications Security

May 30 - June 3, 2016

Xi'an, China

Acceptance Rates

ASIA CCS '16 Paper Acceptance Rate 73 of 350 submissions, 21%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
753
Total Downloads

Downloads (Last 12 months)23
Downloads (Last 6 weeks)7

Reflects downloads up to 19 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ha GJia CHuang YChen HLi RJia Q(2024)Scalable and Popularity-Based Secure Deduplication Schemes With Fully Random TagsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.328517321:3(1484-1500)Online publication date: May-2024
https://doi.org/10.1109/TDSC.2023.3285173
Tang XGuo CChoo KJiang XLiu Y(2024)A Secure and Lightweight Cloud Data Deduplication Scheme with Efficient Access Control and Key ManagementComputer Communications10.1016/j.comcom.2024.05.003Online publication date: May-2024
https://doi.org/10.1016/j.comcom.2024.05.003
Kwon HLee SKim MHahn CHur J(2023)Certificate Transparency With Enhanced PrivacyIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.321423520:5(3860-3872)Online publication date: 1-Sep-2023
https://doi.org/10.1109/TDSC.2022.3214235
Xu RJoshi JKrishnamurthy P(2021)An Integrated Privacy Preserving Attribute-Based Access Control Framework Supporting Secure DeduplicationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2019.294607318:2(706-721)Online publication date: 1-Mar-2021
https://doi.org/10.1109/TDSC.2019.2946073
Zheng XZheng FLiu XWang DWang JMeng B(2021)A Secure and Policy-Controlled Signature Scheme With Strong Expressiveness and Privacy-Preserving PolicyIEEE Access10.1109/ACCESS.2021.30524639(14945-14957)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3052463
Xu LHao RYu JVijayakumar P(2021)Secure deduplication for big data with efficient dynamic ownership updatesComputers and Electrical Engineering10.1016/j.compeleceng.2021.10753196:PAOnline publication date: 1-Dec-2021
https://dl.acm.org/doi/10.1016/j.compeleceng.2021.107531
Gladence LReddy PShetty ABrumancia ESrinivasulu S(2020)A Novel Approach for Encrypted Data-Deduplication in CloudsJournal of Computational and Theoretical Nanoscience10.1166/jctn.2020.924317:8(3631-3635)Online publication date: 1-Aug-2020
https://doi.org/10.1166/jctn.2020.9243
Yang XLu RShao JTang XGhorbani A(2020)Achieving Efficient Secure Deduplication with User-Defined Access Control in CloudIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.2987793(1-1)Online publication date: 2020
https://doi.org/10.1109/TDSC.2020.2987793
Shin YKoo DYun JHur J(2019)Decentralized Server-aided Encryption for Secure Deduplication in Cloud StorageIEEE Transactions on Services Computing10.1109/TSC.2017.2748594(1-1)Online publication date: 2019
https://doi.org/10.1109/TSC.2017.2748594
Xiong JZhang YTang SLiu XYao Z(2019)Secure Encrypted Data With Authorized Deduplication in CloudIEEE Access10.1109/ACCESS.2019.29209987(75090-75104)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2019.2920998
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents