skip to main content
10.1145/3052973.3053019acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
research-article

Side Channels in Deduplication: Trade-offs between Leakage and Efficiency

Published: 02 April 2017 Publication History

Abstract

Deduplication removes redundant copies of files or data blocks stored on the cloud. Client-side deduplication, where the client only uploads the file upon the request of the server, provides major storage and bandwidth savings, but introduces a number of security concerns. Harnik et al. (2010) showed how cross-user client-side deduplication inherently gives the adversary access to a (noisy) side-channel that may divulge whether or not a particular file is stored on the server, leading to leakage of user information. We provide formal definitions for deduplication strategies and their security in terms of adversarial advantage. Using these definitions, we provide a criterion for designing good strategies and then prove a bound characterizing the necessary trade-off between security and efficiency.

References

[1]
M. Abadi, D. Boneh, I. Mironov, A. Raghunathan, and G. Segev. Message-locked encryption for lock-dependent messages. In Advances in Cryptology -- CRYPTO 2013: 33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18--22, 2013. Proceedings, Part I, pages 374--391, Berlin, Heidelberg, 2013. Springer Berlin Heidelberg.
[2]
G. Ács, M. Conti, P. Gasti, C. Ghali, and G. Tsudik. Cache privacy in Named-Data Networking. In IEEE 33rd International Conference on Distributed Computing Systems, ICDCS 2013, pages 41--51. IEEE Computer Society, 2013.
[3]
M. Bellare, S. Keelveedhi, and T. Ristenpart. Message-locked encryption and secure deduplication. In Advances in Cryptology - EUROCRYPT 2013, 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, volume 7881 of Lecture Notes in Computer Science, pages 296--312. Springer, 2013.
[4]
E. Bosman, K. Razavi, H. Bos, and C. Giuffrida. Dedup Est Machina: memory deduplication as an advanced exploitation vector. In 2016 IEEE Symposium on Security and Privacy (SP), pages 987--1004, May 2016.
[5]
J. R. Douceur, A. Adya, W. J. Bolosky, D. Simon, and M. Theimer. Reclaiming space from duplicate files in a serverless distributed file system. In ICDCS, pages 617--624, 2002.
[6]
S. Halevi, D. Harnik, B. Pinkas, and A. Shulman-Peleg. Proofs of ownership in remote storage systems. In Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS '11, pages 491--500, New York, NY, USA, 2011. ACM.
[7]
D. Harnik, B. Pinkas, and A. Shulman-Peleg. Side channels in cloud services: Deduplication in cloud storage. IEEE Security & Privacy, 8(6):40--47, 2010.
[8]
T. Jiang, X. Chen, Q. Wu, J. Ma, W. Susilo, and W. Lou. Towards efficient fully randomized message-locked encryption. In Proceedings of 21st Australasian Conference on Information Security and Privacy (ACISP 2016), Melbourne, Australia, July 4--6, 2016, pages 361--375, Cham, 2016. Springer International Publishing.
[9]
S. Keelveedhi, M. Bellare, and T. Ristenpart. Dupless: Server-aided encryption for deduplicated storage. In Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, August 14--16, 2013, pages 179--194. USENIX Association, 2013.
[10]
S. Lee and D. Choi. Privacy-preserving cross-user source-based data deduplication in cloud storage. In 2012 International Conference on ICT Convergence (ICTC), pages 329--330, Oct 2012.
[11]
J. Liu, N. Asokan, and B. Pinkas. Secure deduplication of encrypted data without additional independent servers. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12--6, 2015, pages 874--885. ACM, 2015.
[12]
D. T. Meyer and W. J. Bolosky. A study of practical deduplication. In G. R. Ganger and J. Wilkes, editors, 9th USENIX Conference on File and Storage Technologies, pages 1--13. USENIX, 2011.
[13]
M. Mulazzani, S. Schrittwieser, M. Leithner, M. Huber, and E. Weippl. Dark clouds on the horizon: Using cloud storage as attack vector and online slack space. In Proceedings of the 20th USENIX Conference on Security, SEC'11, pages 5--5, Berkeley, CA, USA, 2011. USENIX Association.
[14]
V. Rabotka and M. Mannan. An evaluation of recent secure deduplication proposals. Journal of Information Security and Applications, 27--28:3 -- 18, 2016. Special Issues on Security and Privacy in Cloud Computing.
[15]
K. Razavi, B. Gras, E. Bosman, B. Preneel, C. Giuffrida, and H. Bos. Flip feng shui: Hammering a needle in the software stack. In 25th USENIX Security Symposium (USENIX Security 16), pages 1--18, Austin, TX, Aug. 2016. USENIX Association.
[16]
H. Ritzdorf, G. O. Karame, C. Soriente, and S. Capkun. On Information Leakage in Deduplicated Storage Systems. In Proceedings of the 8th Edition of the ACM Workshop on Cloud Computing Security, CCSW '16. ACM, 2016.
[17]
Y. Shin and K. Kim. Differentially private client-side data deduplication protocol for cloud storage services. Security and Communication Networks, 8(12):2114--2123, 2015.
[18]
J. Stanek, A. Sorniotti, E. Androulaki, and L. Kencl. A secure data deduplication scheme for cloud storage. In N. Christin and R. Safavi-Naini, editors, Financial Cryptography and Data Security - 18th International Conference, FC 2014, Christ Church, Barbados, volume 8437 of Lecture Notes in Computer Science, pages 99--118. Springer, 2014.
[19]
B. Wang, W. Lou, and Y. T. Hou. Modeling the side-channel attacks in data deduplication with game theory. In 2015 IEEE Conference on Communications and Network Security (CNS), pages 200--208, Sept 2015.

Cited By

View all
  • (2024)A Secure and Lightweight Client-Side Deduplication Approach for Resisting Side Channel AttacksICC 2024 - IEEE International Conference on Communications10.1109/ICC51166.2024.10622721(1400-1406)Online publication date: 9-Jun-2024
  • (2024)DEDUCT: A Secure Deduplication of Textual Data in Cloud EnvironmentsIEEE Access10.1109/ACCESS.2024.340254412(70743-70758)Online publication date: 2024
  • (2023)InftyDedupProceedings of the 21st USENIX Conference on File and Storage Technologies10.5555/3585938.3585941(33-48)Online publication date: 21-Feb-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security
April 2017
952 pages
ISBN:9781450349444
DOI:10.1145/3052973
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 April 2017

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. cloud storage
  2. deduplication
  3. side-channel analysis

Qualifiers

  • Research-article

Funding Sources

Conference

ASIA CCS '17
Sponsor:

Acceptance Rates

ASIA CCS '17 Paper Acceptance Rate 67 of 359 submissions, 19%;
Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)16
  • Downloads (Last 6 weeks)0
Reflects downloads up to 14 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)A Secure and Lightweight Client-Side Deduplication Approach for Resisting Side Channel AttacksICC 2024 - IEEE International Conference on Communications10.1109/ICC51166.2024.10622721(1400-1406)Online publication date: 9-Jun-2024
  • (2024)DEDUCT: A Secure Deduplication of Textual Data in Cloud EnvironmentsIEEE Access10.1109/ACCESS.2024.340254412(70743-70758)Online publication date: 2024
  • (2023)InftyDedupProceedings of the 21st USENIX Conference on File and Storage Technologies10.5555/3585938.3585941(33-48)Online publication date: 21-Feb-2023
  • (2023)Threat Model and Defense Scheme for Side-Channel Attacks in Client-Side DeduplicationTsinghua Science and Technology10.26599/TST.2021.901007128:1(1-12)Online publication date: Feb-2023
  • (2023)Counteracting Side Channels in Cross-User Client-Side Deduplicated Cloud StorageIEEE Internet of Things Journal10.1109/JIOT.2023.326479310:17(15604-15616)Online publication date: 1-Sep-2023
  • (2022)Tunable Encrypted Deduplication with Attack-resilient Key ManagementACM Transactions on Storage10.1145/351061418:4(1-38)Online publication date: 27-Sep-2022
  • (2021)S2DedupProceedings of the 14th ACM International Conference on Systems and Storage10.1145/3456727.3463773(1-12)Online publication date: 14-Jun-2021
  • (2021)An Integrated Privacy Preserving Attribute-Based Access Control Framework Supporting Secure DeduplicationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2019.294607318:2(706-721)Online publication date: 1-Mar-2021
  • (2021)Request Merging Based Cross‐User Deduplication for Cloud Storage with Resistance Against Appending Chunks AttackChinese Journal of Electronics10.1049/cje.2021.01.00430:2(199-209)Online publication date: Mar-2021
  • (2020)Information Leakage in Encrypted Deduplication via Frequency AnalysisACM Transactions on Storage10.1145/336584016:1(1-30)Online publication date: 29-Mar-2020
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media