skip to main content
10.1145/2664168.2664176acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

Reconciling End-to-End Confidentiality and Data Reduction In Cloud Storage

Published: 07 November 2014 Publication History

Abstract

An increasingly common practice for users of storage systems is to perform end-to-end encryption to ensure the confidentiality of data stored on external storage systems or in the cloud. This practice, however, inhibits the benefits of deduplication and compression performed downstream from where data is encrypted; as a consequence, the required storage capacity increases, and so does the overall cost of the service. In this paper, we address this problem by proposing a framework that reconciles end-to-end encryption with downstream compression and deduplication. The proposed framework guarantees the confidentiality of data in transit and at rest, even after clients cancel a cloud storage subscription, without affecting the ability of storage systems to perform data reduction functions. The framework requires only minor modifications in storage applications that encrypt data, and no changes in a client's business applications. Additionally, we propose several secure data reduction algorithms to compress and deduplicate data without compromising its confidentiality, even if the data is originally encrypted with different keys. We present a comprehensive security analysis that shows that the framework is secure against malicious cloud administrators, other tenants and law enforcement agencies. Our prototype shows that, for a reasonable extra overhead in the time required to store data, the framework enables a considerable amount of storage capacity savings.

References

[1]
R. Kissel, M. Scholl, S. Skolochenko, and X. Li, "Guidelines for media sanitization, recommendations of the national institute of standards and technology," tech. rep., NIST, 2012.
[2]
Network block device (nbd). nbd.sourceforge.net.
[3]
R. Boivie. Secureblue++: Cpu support for secure execution. IBM Research Report, 2012.
[4]
C. Cachin, K. Haralambiev, H.-C. Hsiao, and A. Sorniotti. Policy-based secure deletion. In Proc. 20th ACM conf. on Computer and Communications Security, 2013.
[5]
CBMC. Bounded model checking for ansi-c. http://www.cprover.org/cbmc/, 2013.
[6]
X. Chen, T. Garfinkel, E. C. Lewis, P. Subrahmanyam, C. A. Waldspurger, D. Boneh, J. Dwoskin, and D. R. Ports. Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. SIGARCH Comput. Archit. News, 2008.
[7]
C. Constantinescu, J. Glider, and D. Chambliss. Mixing deduplication and compression on active data sets. In Data Compression conf., pages 393--402, 2011.
[8]
R. Di Pietro and A. Sorniotti. Proof of ownership for deduplication systems: a secure, scalable, and efficient solution. Technical report, Research Report IBM RZ 3854., 2013.
[9]
EMC. Emc vnx deduplication and compression. http://www.emc.com/collateral/hardware/white-papers/h8198-vnx-deduplicationcompression-wp.pdf, 2013.
[10]
C. Gentry. A fully homomorphic encryption scheme. PhD thesis, Stanford University, 2009.
[11]
S. Halevi, D. Harnik, B. Pinkas, and A. Shulman-Peleg. Proofs of ownership in remote storage systems. In Proc. of the 18th ACM conf. on Computer and communications security, 2011.
[12]
D. Harnik, B. Pinkas, and A. Shulman-Peleg. Side channels in cloud services: Deduplication in cloud storage. IEEE Security & Privacy, pages 40--47, 2010.
[13]
U. D. of Health and H. Services, "The health insurance portability and accountability act (hipaa)," 1996.
[14]
IBM. Ibm key lifecycle manager. http://www-03.ibm.com/software/products/en/key-lifecycle-manager, 2013.
[15]
IBM. Ibm v7000. www-03.ibm.com/systems/storage/storwize, 2013.
[16]
Intel. Intel aes-ni performance testing on linux/java stack. http://software.intel.com/en-us/articles/intel-aes-niperformance-testing-on-linuxjava-stack#executivesummary, 2013.
[17]
Intel. Intel platform for large-scale communications infrastructure. http://www.intel.com/content/www/us/en/intelligent-systems/crystalforest-server/intel-platform-for-largescale-communications-infrastructuresystems. html, 2013.
[18]
Gigaom. iCloud breach highlights some hard truths about the consumer. http://gigaom.com/2012/08/05/icloud-breach-highlightssome-hard-truths-about-the-consumer-cloud, 2012.
[19]
PCWorld. Microsoft cloud data breach heralds things to come. http://www.pcworld.com/article/214775/microsoft_cloud_data_breach_sign_of_future.html, 2010.
[20]
Intel. Intel secure hash algorithm (intel sha) extensions. http://software.intel.com/en-us/intelisa-extensions, 2013.
[21]
M. Johnson, P. Ishwar, V. Prabhakaran, D. Schonberg, and K. Ramchandran. On compressing encrypted data. Signal Proc., IEEE Trans. on, 2004.
[22]
IBM General Parallel File System, Version 4 Release 1, Advanced Administration Guide. Chapter 15, 2014.
[23]
N. Joukov, H. Papaxenopoulos, and E. Zadok. Secure deletion myths, issues, and solutions. In Proc. of the 2nd ACM workshop on Storage security and survivability, 2006.
[24]
J. Kelley and R. Tamassia. Secure Compression: Theory & Practice. Cryptology ePrint Archive, Report 2014/113., 2014.
[25]
J. Kelley. Compression and Information Leakage of Plaintext. Revised Papers from the 9th International Workshop on Fast Software Encryption, 2002.
[26]
D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz. Architectural support for copy and tamper resistant software. SIGPLAN Not., 2000.
[27]
J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. Trustvisor: Efficient tcb reduction and attestation. In Proc. of IEEE Symposium on Security and Privacy, 2010.
[28]
Microsoft. Microsoft cluster shared volumes. http://technet.microsoft.com/enus/library/dn383585.aspx, 2013.
[29]
S. K. Mihir Bellare and T. Ristenpart. Message-locked encryption and secure deduplication. Technical report, Cryptology ePrint Archive, Report 2012/631, 2012.
[30]
B. Parno. Bootstrapping trust in a "trusted" platform. In Proc. of the 3rd conf. on Hot topics in security, pages 9:1--9:6. USENIX Association, 2008.
[31]
P. S. S. Council, "PCI SSC data security standards overview," 2013.
[32]
S. Quinlan and S. Dorward. Venti: A new approach to archival data storage. In Proc. of the 1st USENIX conf. on File and Storage Technologies, 2002.
[33]
F. Rashid, A. Miri, and I. Woungang. A secure data deduplication framework for cloud environments. In Privacy, Security and Trust, 10th Annual Inter. conf. on, pages 81--87, 2012.
[34]
J. Rizzo, and T. Duong. The CRIME Attack http://netifera.com/research/, 2012.
[35]
D. Russell. Data deduplication will be even bigger in 2010. Gartner, 2010.
[36]
J. Stanek, A. Sorniotti, E. Androulaki, and L. Kencl. A secure data deduplication scheme for cloud storage. Research Report IBM RZ 3852., 2013.
[37]
M. Storer, K. Greenan, D. Long, and E. Miller. Secure data deduplication. In Proc. of the 4th Int. Workshop on Storage Security and Survivability, 2008.
[38]
G. E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas. Aegis: architecture for tamper-evident and tamper-resistant processing. In Proc. of the 17th annual Int. conf. on Supercomputing, 2003.
[39]
A. Vasudevan, B. Parno, N. Qu, V. D. Gligor, and A. Perrig. Lockdown: towards a safe and practical architecture for security applications on commodity platforms. In Proc. of the 5th Int. conf. on Trust and Trustworthy Computing, pages 34--54, 2012.
[40]
M. Wei, L. M. Grupp, F. E. Spada, and S. Swanson. Reliably erasing data from flash-based solid state drives. In Proc. of the 9th USENIX conf. on File and stroage technologies, 2011.
[41]
P. Williams and R. Boivie. Cpu support for secure executables. In Proc. of the 4th Int. conf. on Trust and trustworthy computing, pages 172--187, 2011.
[42]
J. Xu, E.-C. Chang, and J. Zhou. Leakage-resilient client-side deduplication of encrypted data in cloud storage. Cryptology ePrint Archive, Report 2011/538, 2011.

Cited By

View all
  • (2023)Record Suppression with Personalized Security System2023 9th International Conference on Advanced Computing and Communication Systems (ICACCS)10.1109/ICACCS57279.2023.10112974(1794-1797)Online publication date: 17-Mar-2023
  • (2023)Distributed auditing protocol for untraceable transactionsJournal of Information Security and Applications10.1016/j.jisa.2023.10342973(103429)Online publication date: Mar-2023
  • (2022)A Secure Data Deduplication in Cloud Using Hashing and AES AlgorithmInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJARSCT-3935(349-352)Online publication date: 21-May-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CCSW '14: Proceedings of the 6th edition of the ACM Workshop on Cloud Computing Security
November 2014
160 pages
ISBN:9781450332392
DOI:10.1145/2664168
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2014

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. cloud security
  2. cloud storage
  3. compression
  4. data-at-rest confidentiality
  5. deduplication
  6. encryption.

Qualifiers

  • Research-article

Conference

CCS'14
Sponsor:

Acceptance Rates

CCSW '14 Paper Acceptance Rate 12 of 36 submissions, 33%;
Overall Acceptance Rate 37 of 108 submissions, 34%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)13
  • Downloads (Last 6 weeks)0
Reflects downloads up to 28 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Record Suppression with Personalized Security System2023 9th International Conference on Advanced Computing and Communication Systems (ICACCS)10.1109/ICACCS57279.2023.10112974(1794-1797)Online publication date: 17-Mar-2023
  • (2023)Distributed auditing protocol for untraceable transactionsJournal of Information Security and Applications10.1016/j.jisa.2023.10342973(103429)Online publication date: Mar-2023
  • (2022)A Secure Data Deduplication in Cloud Using Hashing and AES AlgorithmInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJARSCT-3935(349-352)Online publication date: 21-May-2022
  • (2021)Data Duplication Removal Technology Using AWS Services2021 5th International Conference on Information Systems and Computer Networks (ISCON)10.1109/ISCON52037.2021.9702380(1-4)Online publication date: 22-Oct-2021
  • (2020)Secure Data Duplication Checking with Backup Recovery in Big Data EnvironmentsInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology10.32628/CSEIT2064113(561-566)Online publication date: 25-Aug-2020
  • (2020)Secure auditing and deduplication for encrypted cloud data supporting ownership modificationSoft Computing10.1007/s00500-019-04661-5Online publication date: 9-Jan-2020
  • (2019)Compressing Encrypted DataIEEE Transactions on Information Theory10.1109/TIT.2016.261532262:12(7153-7163)Online publication date: 3-Jan-2019
  • (2019)TrustFS: An SGX-Enabled Stackable File System Framework2019 38th International Symposium on Reliable Distributed Systems Workshops (SRDSW)10.1109/SRDSW49218.2019.00012(25-30)Online publication date: Oct-2019
  • (2019)Recent trends in applying TPM to cloud computingSECURITY AND PRIVACY10.1002/spy2.933:1Online publication date: 28-Nov-2019
  • (2019)Confidentiality of Data in the CloudSecurity, Privacy, and Digital Forensics in the Cloud10.1002/9781119053385.ch3(51-80)Online publication date: 8-Feb-2019
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media