research-article

Reconciling End-to-End Confidentiality and Data Reduction In Cloud Storage

Authors:

Nathalie Baracaldo,

Elli Androulaki,

Alessandro SorniottiAuthors Info & Claims

CCSW '14: Proceedings of the 6th edition of the ACM Workshop on Cloud Computing Security

Pages 21 - 32

https://doi.org/10.1145/2664168.2664176

Published: 07 November 2014 Publication History

Abstract

An increasingly common practice for users of storage systems is to perform end-to-end encryption to ensure the confidentiality of data stored on external storage systems or in the cloud. This practice, however, inhibits the benefits of deduplication and compression performed downstream from where data is encrypted; as a consequence, the required storage capacity increases, and so does the overall cost of the service. In this paper, we address this problem by proposing a framework that reconciles end-to-end encryption with downstream compression and deduplication. The proposed framework guarantees the confidentiality of data in transit and at rest, even after clients cancel a cloud storage subscription, without affecting the ability of storage systems to perform data reduction functions. The framework requires only minor modifications in storage applications that encrypt data, and no changes in a client's business applications. Additionally, we propose several secure data reduction algorithms to compress and deduplicate data without compromising its confidentiality, even if the data is originally encrypted with different keys. We present a comprehensive security analysis that shows that the framework is secure against malicious cloud administrators, other tenants and law enforcement agencies. Our prototype shows that, for a reasonable extra overhead in the time required to store data, the framework enables a considerable amount of storage capacity savings.

References

[1]

R. Kissel, M. Scholl, S. Skolochenko, and X. Li, "Guidelines for media sanitization, recommendations of the national institute of standards and technology," tech. rep., NIST, 2012.

[2]

Network block device (nbd). nbd.sourceforge.net.

[3]

R. Boivie. Secureblue++: Cpu support for secure execution. IBM Research Report, 2012.

[4]

C. Cachin, K. Haralambiev, H.-C. Hsiao, and A. Sorniotti. Policy-based secure deletion. In Proc. 20th ACM conf. on Computer and Communications Security, 2013.

Digital Library

[5]

CBMC. Bounded model checking for ansi-c. http://www.cprover.org/cbmc/, 2013.

[6]

X. Chen, T. Garfinkel, E. C. Lewis, P. Subrahmanyam, C. A. Waldspurger, D. Boneh, J. Dwoskin, and D. R. Ports. Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. SIGARCH Comput. Archit. News, 2008.

Digital Library

[7]

C. Constantinescu, J. Glider, and D. Chambliss. Mixing deduplication and compression on active data sets. In Data Compression conf., pages 393--402, 2011.

Digital Library

[8]

R. Di Pietro and A. Sorniotti. Proof of ownership for deduplication systems: a secure, scalable, and efficient solution. Technical report, Research Report IBM RZ 3854., 2013.

[9]

EMC. Emc vnx deduplication and compression. http://www.emc.com/collateral/hardware/white-papers/h8198-vnx-deduplicationcompression-wp.pdf, 2013.

[10]

C. Gentry. A fully homomorphic encryption scheme. PhD thesis, Stanford University, 2009.

Digital Library

[11]

S. Halevi, D. Harnik, B. Pinkas, and A. Shulman-Peleg. Proofs of ownership in remote storage systems. In Proc. of the 18th ACM conf. on Computer and communications security, 2011.

Digital Library

[12]

D. Harnik, B. Pinkas, and A. Shulman-Peleg. Side channels in cloud services: Deduplication in cloud storage. IEEE Security & Privacy, pages 40--47, 2010.

Digital Library

[13]

U. D. of Health and H. Services, "The health insurance portability and accountability act (hipaa)," 1996.

[14]

IBM. Ibm key lifecycle manager. http://www-03.ibm.com/software/products/en/key-lifecycle-manager, 2013.

[15]

IBM. Ibm v7000. www-03.ibm.com/systems/storage/storwize, 2013.

[16]

Intel. Intel aes-ni performance testing on linux/java stack. http://software.intel.com/en-us/articles/intel-aes-niperformance-testing-on-linuxjava-stack#executivesummary, 2013.

[17]

Intel. Intel platform for large-scale communications infrastructure. http://www.intel.com/content/www/us/en/intelligent-systems/crystalforest-server/intel-platform-for-largescale-communications-infrastructuresystems. html, 2013.

[18]

Gigaom. iCloud breach highlights some hard truths about the consumer. http://gigaom.com/2012/08/05/icloud-breach-highlightssome-hard-truths-about-the-consumer-cloud, 2012.

[19]

PCWorld. Microsoft cloud data breach heralds things to come. http://www.pcworld.com/article/214775/microsoft_cloud_data_breach_sign_of_future.html, 2010.

[20]

Intel. Intel secure hash algorithm (intel sha) extensions. http://software.intel.com/en-us/intelisa-extensions, 2013.

[21]

M. Johnson, P. Ishwar, V. Prabhakaran, D. Schonberg, and K. Ramchandran. On compressing encrypted data. Signal Proc., IEEE Trans. on, 2004.

Digital Library

[22]

IBM General Parallel File System, Version 4 Release 1, Advanced Administration Guide. Chapter 15, 2014.

[23]

N. Joukov, H. Papaxenopoulos, and E. Zadok. Secure deletion myths, issues, and solutions. In Proc. of the 2nd ACM workshop on Storage security and survivability, 2006.

Digital Library

[24]

J. Kelley and R. Tamassia. Secure Compression: Theory & Practice. Cryptology ePrint Archive, Report 2014/113., 2014.

[25]

J. Kelley. Compression and Information Leakage of Plaintext. Revised Papers from the 9th International Workshop on Fast Software Encryption, 2002.

Digital Library

[26]

D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz. Architectural support for copy and tamper resistant software. SIGPLAN Not., 2000.

Digital Library

[27]

J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. Trustvisor: Efficient tcb reduction and attestation. In Proc. of IEEE Symposium on Security and Privacy, 2010.

Digital Library

[28]

Microsoft. Microsoft cluster shared volumes. http://technet.microsoft.com/enus/library/dn383585.aspx, 2013.

[29]

S. K. Mihir Bellare and T. Ristenpart. Message-locked encryption and secure deduplication. Technical report, Cryptology ePrint Archive, Report 2012/631, 2012.

[30]

B. Parno. Bootstrapping trust in a "trusted" platform. In Proc. of the 3rd conf. on Hot topics in security, pages 9:1--9:6. USENIX Association, 2008.

Digital Library

[31]

P. S. S. Council, "PCI SSC data security standards overview," 2013.

[32]

S. Quinlan and S. Dorward. Venti: A new approach to archival data storage. In Proc. of the 1st USENIX conf. on File and Storage Technologies, 2002.

Digital Library

[33]

F. Rashid, A. Miri, and I. Woungang. A secure data deduplication framework for cloud environments. In Privacy, Security and Trust, 10th Annual Inter. conf. on, pages 81--87, 2012.

Digital Library

[34]

J. Rizzo, and T. Duong. The CRIME Attack http://netifera.com/research/, 2012.

[35]

D. Russell. Data deduplication will be even bigger in 2010. Gartner, 2010.

[36]

J. Stanek, A. Sorniotti, E. Androulaki, and L. Kencl. A secure data deduplication scheme for cloud storage. Research Report IBM RZ 3852., 2013.

[37]

M. Storer, K. Greenan, D. Long, and E. Miller. Secure data deduplication. In Proc. of the 4th Int. Workshop on Storage Security and Survivability, 2008.

Digital Library

[38]

G. E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas. Aegis: architecture for tamper-evident and tamper-resistant processing. In Proc. of the 17th annual Int. conf. on Supercomputing, 2003.

Digital Library

[39]

A. Vasudevan, B. Parno, N. Qu, V. D. Gligor, and A. Perrig. Lockdown: towards a safe and practical architecture for security applications on commodity platforms. In Proc. of the 5th Int. conf. on Trust and Trustworthy Computing, pages 34--54, 2012.

Digital Library

[40]

M. Wei, L. M. Grupp, F. E. Spada, and S. Swanson. Reliably erasing data from flash-based solid state drives. In Proc. of the 9th USENIX conf. on File and stroage technologies, 2011.

Digital Library

[41]

P. Williams and R. Boivie. Cpu support for secure executables. In Proc. of the 4th Int. conf. on Trust and trustworthy computing, pages 172--187, 2011.

Digital Library

[42]

J. Xu, E.-C. Chang, and J. Zhou. Leakage-resilient client-side deduplication of encrypted data in cloud storage. Cryptology ePrint Archive, Report 2011/538, 2011.

Cited By

P RB A SK SA A(2023)Record Suppression with Personalized Security System2023 9th International Conference on Advanced Computing and Communication Systems (ICACCS)10.1109/ICACCS57279.2023.10112974(1794-1797)Online publication date: 17-Mar-2023
https://doi.org/10.1109/ICACCS57279.2023.10112974
Banaeian Far SAsaar MHaghbin A(2023)Distributed auditing protocol for untraceable transactionsJournal of Information Security and Applications10.1016/j.jisa.2023.10342973(103429)Online publication date: Mar-2023
https://doi.org/10.1016/j.jisa.2023.103429
Mahajan Mayur Pradeep Bhujbal Siddhesh Vasant Abhishek Ganpat Wadhai Patil Sanyukta Madan (2022)A Secure Data Deduplication in Cloud Using Hashing and AES AlgorithmInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJARSCT-3935(349-352)Online publication date: 21-May-2022
https://doi.org/10.48175/IJARSCT-3935
Show More Cited By

Index Terms

Reconciling End-to-End Confidentiality and Data Reduction In Cloud Storage
1. Human-centered computing
  1. Collaborative and social computing
    1. Collaborative and social computing systems and tools
2. Information systems
  1. World Wide Web

Recommendations

Secure searches in the cloud

Cloud security is a huge concern when users and enterprises consider to deploy cloud computing services. This article mainly presented an important aspect of cloud security which is called searchable encryption. Searchable encryption is a scheme that ...
Dynamic Data Deduplication in Cloud Storage
SOSE '14: Proceedings of the 2014 IEEE 8th International Symposium on Service Oriented System Engineering

Cloud computing plays a major role in the business domain today as computing resources are delivered as a utility on demand to customers over the Internet. Cloud storage is one of the services provided in cloud computing which has been increasing in ...
The Design and Implementation of a Rekeying-Aware Encrypted Deduplication Storage System
Special Issue on USENIX FAST 2016 and Regular Papers

Rekeying refers to an operation of replacing an existing key with a new key for encryption. It renews security protection to protect against key compromise and enable dynamic access control in cryptographic storage. However, it is non-trivial to realize ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCSW '14: Proceedings of the 6th edition of the ACM Workshop on Cloud Computing Security

November 2014

160 pages

ISBN:9781450332392

DOI:10.1145/2664168

General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Alina Oprea
RSA Laboratories, USA
,
Reihaneh Safavi-Naini
University of Calgary, Canada

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'14

Sponsor:

SIGSAC

CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security

November 7, 2014

Arizona, Scottsdale, USA

Acceptance Rates

CCSW '14 Paper Acceptance Rate 12 of 36 submissions, 33%;

Overall Acceptance Rate 37 of 108 submissions, 34%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
568
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

P RB A SK SA A(2023)Record Suppression with Personalized Security System2023 9th International Conference on Advanced Computing and Communication Systems (ICACCS)10.1109/ICACCS57279.2023.10112974(1794-1797)Online publication date: 17-Mar-2023
https://doi.org/10.1109/ICACCS57279.2023.10112974
Banaeian Far SAsaar MHaghbin A(2023)Distributed auditing protocol for untraceable transactionsJournal of Information Security and Applications10.1016/j.jisa.2023.10342973(103429)Online publication date: Mar-2023
https://doi.org/10.1016/j.jisa.2023.103429
Mahajan Mayur Pradeep Bhujbal Siddhesh Vasant Abhishek Ganpat Wadhai Patil Sanyukta Madan (2022)A Secure Data Deduplication in Cloud Using Hashing and AES AlgorithmInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJARSCT-3935(349-352)Online publication date: 21-May-2022
https://doi.org/10.48175/IJARSCT-3935
Singhal SGupta PSingh SAgarwal PKumar K(2021)Data Duplication Removal Technology Using AWS Services2021 5th International Conference on Information Systems and Computer Networks (ISCON)10.1109/ISCON52037.2021.9702380(1-4)Online publication date: 22-Oct-2021
https://doi.org/10.1109/ISCON52037.2021.9702380
V GB I(2020)Secure Data Duplication Checking with Backup Recovery in Big Data EnvironmentsInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology10.32628/CSEIT2064113(561-566)Online publication date: 25-Aug-2020
https://doi.org/10.32628/CSEIT2064113
Bai JYu JGao X(2020)Secure auditing and deduplication for encrypted cloud data supporting ownership modificationSoft Computing10.1007/s00500-019-04661-5Online publication date: 9-Jan-2020
https://doi.org/10.1007/s00500-019-04661-5
Kang WLiu N(2019)Compressing Encrypted DataIEEE Transactions on Information Theory10.1109/TIT.2016.261532262:12(7153-7163)Online publication date: 3-Jan-2019
https://dl.acm.org/doi/10.1109/TIT.2016.2615322
Esteves TMacedo RFaria APortela BPaulo JPereira JHarnik D(2019)TrustFS: An SGX-Enabled Stackable File System Framework2019 38th International Symposium on Reliable Distributed Systems Workshops (SRDSW)10.1109/SRDSW49218.2019.00012(25-30)Online publication date: Oct-2019
https://doi.org/10.1109/SRDSW49218.2019.00012
Hosseinzadeh SSequeiros BInácio PLeppänen V(2019)Recent trends in applying TPM to cloud computingSECURITY AND PRIVACY10.1002/spy2.933:1Online publication date: 28-Nov-2019
https://doi.org/10.1002/spy2.93
Baracaldo NGlider J(2019)Confidentiality of Data in the CloudSecurity, Privacy, and Digital Forensics in the Cloud10.1002/9781119053385.ch3(51-80)Online publication date: 8-Feb-2019
https://doi.org/10.1002/9781119053385.ch3
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten