Abstract
To efficiently provide cloud storage services, most providers implement data deduplication schemes so as to reduce storage and network bandwidth consumption. Due to its broad application, many security issues about data deduplication have been investigated, such as data security, user privacy, etc. Nevertheless, we note that the threat of establishing covert channel over cloud storage has not been fully investigated. In particular, existing studies only demonstrate the potential of a single-bit channel, in which a sender can upload one of the two predefined files for a receiver to infer the information of “0” and “1”. In this paper, we design a more powerful deduplication-based covert channel that can be used to transmit a complete message. Specifically, the key features of our design include: (1) a synchronization scheme that can establish a covert channel between a sender and a receiver, and (2) a novel coding scheme that allows each file to represent multiple bits in the message. To evaluate the proposed design, we implement the covert channel and conduct extensive experiments in different cloud storage systems. Our work highlights a more severe security threat in cloud storage services.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Juniper Research: Cloud Services To Be Adopted By 3.6bn Consumers Globally By 2018. www.juniperresearch.com/press-release/cloud-computing-pr1 (2014)
Leesakul W, Townend P, Jie X (2014) Dynamic data deduplication in cloud storage. In: Proceedings of IEEE service oriented system engineering (SOSE). Oxford, pp 320–325
Paulo J, Pereira J (2014) A survey and classification of storage deduplication systems. ACM Comput Surv (CSUR) 47(1):11
Dutch M, Freeman L (2009) Understanding data de-duplication ratios. SNIA
Heen O, Neumann C, Montalvo L, Defrance S (2012) Improving the resistance to side-channel attacks on cloud storage services. In: Proceedings of 5th international conference on new technologies, mobility and security (NTMS). Istanbul, pp 1–5
Lee S, Choi D (2012) Privacy-preserving cross-user source-based data deduplication in cloud storage. In: Proceedings of ICT convergence (ICTC). Jeju, pp 329–330
Dahshan M, Elkassass S (2014) Data security in cloud storage services. In: The 5th international conference on cloud computing, GRIDs and virtualization. Venice, pp 1–5
Van Der Laan W (2011) Dropship- dropbox api utilities. https://github.com/driverdan/dropship
Ju S, Song X (2004) On the formal characterization of covert channel. Content computing. Lecture Notes in Computer Science, vol 3309, pp 155–160
Harnik D, Pinkas B, Shulman-Peleg A (2010) Side channels in cloud services: deduplication in cloud storage. IEEE Secur Priv 8(6):40–47
Mulazzani M, Schrittwieser S, Leithner M, Huber M, Weippl E (2011) Dark clouds on the horizon: using cloud storage as attack vector and online slack space. In: Proceedings of the 20th USENIX conference on security. San Francisco, pp 65–76
Halevi S, Harnik D, Pinkas B, Shulman-Peleg A (2011) Proofs of ownership in remote storage systems. In: Proceedings of 18th ACM conference on computer and communications security (CCS). Chicago, pp 491–500
Zheng Q, Xu S (2012) Secure and efficient proof of storage with deduplication. In: Proceedings of 2nd ACM conference on data and application security and privacy (CODASPY). San Antonio, pp 1–12
Di Pietro R, Sorniotti A (2012) Boosting efficiency and security in proof of ownership for deduplication. Seoul, pp 81–82
Pulls T (2012) (More) Side channels in cloud storage. Privacy and Identity Management for Life 375:102–115
Russell D (2010) Data deduplication will be even bigger in 2010. Gartner
Neelaveni P, Vijayalakshmi M (2014) A survey on deduplication in cloud storage. Asian J Inf Technol 13 (6):320–330
Acknowledgments
The work is supported in part by a General Research Fund from Hong Kong Research Grant Council under project 122913 and project 61272462 from NSFC China, and by the Shanghai Oriental Scholar Program.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Hovhannisyan, H., Qi, W., Lu, K. et al. Whispers in the cloud storage: A novel cross-user deduplication-based covert channel design. Peer-to-Peer Netw. Appl. 11, 277–286 (2018). https://doi.org/10.1007/s12083-016-0483-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-016-0483-y