Skip to main content
SpringerLink
Log in

Secure and Efficient Traffic Obfuscation Scheme for Deduplicated Cloud Storage

  • Published:
Automatic Control and Computer Sciences Aims and scope Submit manuscript

Abstract

Due to the explosive growth of data on cloud storage, deduplication, a data reduction technique, has been extensively accepted by cloud service providers. Deduplication significantly reduces storage and communication costs by eliminating the upload and storage of duplicate data. However, an adversary can exploit deduplication as a side channel to check the existence of a targeted file on the cloud. The existing state-of-the-art solutions hide the file-existence information by delaying the deduplication process. However, it causes communication overhead since users need to upload the file even if it is already available on the cloud. In this paper, we propose a secure and efficient traffic obfuscation scheme. In our scheme, we consider a short hash value of file as a deduplication identity. When a user sends a short hash value as an upload request, the server replies with metadata of all files linked to the short hash value. As a result, only such subsequent uploader who knows the file completely can compute the bloom filter from the file and learn the encryption key from metadata using the bloom filter. Moreover, a random key based encryption is used to preserve security against chosen plaintext attacks. The random encryption key is encoded using the bloom filter generated from the file. We evaluate the security of our approach against leakage of file existence information and chosen plaintext attacks. We evaluate the performance of our approach in a real cloud scenario and show that the proposed scheme causes lower communication overhead compared to existing solutions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.

REFERENCES

  1. Cisco Global Cloud Index. Forecast and methodology, 2016–2021 white paper, 2018.

  2. Choudhury, N., Matam, R., Mukherjee, M., and Lloret, J., LBS: A beacon synchronization scheme with higher schedulability for IEEE 802.15.4 cluster-tree-based IoT applications, IEEE Internet Things J., 2019, vol. 6, no. 5, pp. 8883–8896. https://doi.org/10.1109/jiot.2019.2924317

    Article  Google Scholar 

  3. Choudhury, N., Matam, R., Mukherjee, M., and Lloret, J., DADC: A novel duty-cycling scheme for IEEE 802.15.4 cluster-tree-based IoT applications, ACM Trans. Internet Technol., 2021, vol. 22, no. 2, pp. 1–26. https://doi.org/10.1145/3409487

    Article  Google Scholar 

  4. Mukherjee, M., Matam, R., Shu, L., Maglaras, L., Ferrag, M.A., Choudhury, N., and Kumar, V., Security and privacy in fog computing: Challenges, IEEE Access, 2017, vol. 5, pp. 19293–19304. https://doi.org/10.1109/access.2017.2749422

    Article  Google Scholar 

  5. Meyer, D.T. and Bolosky, W.J., A study of practical deduplication, ACM Trans. Storage, 2012, vol. 7, no. 4, pp. 1–20. https://doi.org/10.1145/2078861.2078864

    Article  Google Scholar 

  6. Harnik, D., Pinkas, B., and Shulman-Peleg, A., Side channels in cloud services: Deduplication in cloud storage, IEEE Secur. Privacy, 2010, vol. 8, no. 6, pp. 40–47. https://doi.org/10.1109/MSP.2010.187

    Article  Google Scholar 

  7. Dave, J., Laxmi, V., Faruki, P., Gaur, M., and Shah, B., Bloom filter based privacy preserving deduplication system, Security and Privacy, Nandi, S., Jinwala, D., Singh, V., Laxmi, V., Gaur, M., and Faruki, P., Eds., Communications in Computer and Information Science, vol. 939, Singapore: Springer, 2019, pp. 17–34. https://doi.org/10.1007/978-981-13-7561-3_2

  8. Heen, O., Neumann, C., Montalvo, L., and Defrance, S., Improving the resistance to side-channel attacks on cloud storage services, 2012 5th Int. Conf. on New Technologies, Mobility and Security (NTMS), Istanbul, 2012, IEEE, 2012, pp. 1–5. https://doi.org/10.1109/ntms.2012.6208705

  9. Lee, S. and Choi, D., Privacy-preserving cross-user source-based data deduplication in cloud storage, 2012 Int. Conf. on ICT Convergence (ICTC), Jeju, Korea (South), 2012, IEEE, 2012, pp. 329–330. https://doi.org/10.1109/ictc.2012.6386851

  10. Meye, P., Raipin, P., Tronel, F., and Anceaume, E., A secure two-phase data deduplication scheme, 2014 IEEE Int. Conf. on High Performance Computing and Communications, 2014 IEEE 6th Int. Symp. on Cyberspace Safety and Security, 2014 IEEE 11th Int. Conf. on Embedded Software and Syst. (HPCC,CSS,ICESS), Paris, 2014, IEEE, 2014, pp. 802–809. https://doi.org/10.1109/hpcc.2014.134

  11. Pulls, T., (More) side channels in cloud storage, Privacy and Identity Management for Life. Privacy and Identity 2011, Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., and Russello, G., Eds., IFIP Advances in Information and Communication Technology, vol. 7, Berlin: Springer, 2011, pp. 102–115. https://doi.org/10.1007/978-3-642-31668-5_8

  12. Puzio, P., Molva, R., Önen, M., and Loureiro, S., PerfectDedup: Secure data deduplication, Data Privacy Management, and Security Assurance. DPM QASA 2015, Garcia-Alfaro, J., Navarro-Arribas, G., Aldini, A., Martinelli, F., and Suri, N., Eds., Lecture Notes in Computer Science, vol. 9481, Cham: Springer, 2015, pp. 150–166. https://doi.org/10.1007/978-3-319-29883-2_10

    Book  Google Scholar 

  13. Shin, Yo. and Kim, K., Differentially private client-side data deduplication protocol for cloud storage services, Secur. Commun. Networks, 2015, vol. 8, no. 12, pp. 2114–2123. https://doi.org/10.1002/sec.1159

    Article  Google Scholar 

  14. Stanek, J., Sorniotti, A., Androulaki, E., and Kencl, L., A secure data deduplication scheme for cloud storage, Financial Cryptography and Data Security, Christin, N. and Safavi-Naini, R., Eds., Lecture Notes in Computer Science, vol. 8437, Berlin: Springer, 2014, pp. 99–118. https://doi.org/10.1007/978-3-662-45472-5_8

  15. Bloom, B.H., Space/time trade-offs in hash coding with allowable errors, Commun. ACM, 1970, vol. 13, no. 7, pp. 422–426. https://doi.org/10.1145/362686.362692

    Article  Google Scholar 

  16. Bazm, M.-M., Lacoste, M., Sudholt, M., and Menaud, J.-M., Side-channels beyond the cloud edge: New isolation threats and solutions, 2017 1st Cyber Security in Networking Conference (CSNet), Rio de Janeiro, 2017, IEEE, 2017. https://doi.org/10.1109/csnet.2017.8241986

  17. Lindemann, J. and Fischer, M., On the detection of applications in co-resident virtual machines via a memory deduplication side-channel, ACM SIGAPP Appl. Comput. Rev., 2019, vol. 18, no. 4, pp. 31–46. https://doi.org/10.1145/3307624.3307628

    Article  Google Scholar 

  18. Hovhannisyan, H., Lu, K., Yang, R., Qi, W., Wang, J., and Wen, M., A novel deduplication-based covert channel in cloud storage service, 2015 IEEE Global Communications Conference (GLOBECOM), San Diego, Calif., 2015, IEEE, 2015, pp. 1–6. https://doi.org/10.1109/glocom.2015.7417228

  19. Shin, Yo., Koo, D., and Hur, J., A survey of secure data deduplication schemes for cloud storage systems, ACM Comput. Surv., 2017, vol. 49, no. 4, pp. 1–38. https://doi.org/10.1145/3017428

    Article  Google Scholar 

  20. Stanek, J. and Kencl, L., Enhanced secure thresholded data deduplication scheme for cloud storage, IEEE Trans. Dependable Secure Comput., 2016, vol. 15, no. 4, pp. 694–707. https://doi.org/10.1109/tdsc.2016.2603501

    Article  Google Scholar 

  21. Bellare, M., Keelveedhi, S., and Ristenpart, T., Message-locked encryption and secure deduplication, Advances in Cryptology–EUROCRYPT 2013, Johansson, T. and Nguyen, P.Q., Eds., Lecture Notes in Computer Science, vol. 7881, Berlin: Springer, 2013, pp. 296–312. https://doi.org/10.1007/978-3-642-38348-9_18

    Book  Google Scholar 

  22. Pooranian, Z., Chen, K.-Ch., Yu, Ch.-M., and Conti, M., RARE: Defeating side channels based on data-deduplication in cloud storage, IEEE INFOCOM 2018-IEEE Conf. on Computer Communications Workshops (INFOCOM WKSHPS), Honolulu, Hawaii, 2018, IEEE, 2018, pp. 444–449. https://doi.org/10.1109/infcomw.2018.8406888

  23. Yu, Ch.-M., Gochhayat, S.P., Conti, M., and Lu, C., Privacy aware data deduplication for side channel in cloud storage, IEEE Trans. Cloud Comput., 2018, vol. 8, no. 2, pp. 597–609. https://doi.org/10.1109/tcc.2018.2794542

    Article  Google Scholar 

  24. Saric, K., Ramachandran, G.S., Pal, S., Jurdak, R., and Nepal, S., A universal deduplication architecture for secure and efficient cloud storage, 2022 IEEE 4th Int. Conf. on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA), Atlanta, 2022, IEEE, 2022, pp. 10–19. https://doi.org/10.1109/tps-isa56441.2022.00012

  25. Tang, X., Liu, Z., Shao, Ya., and Di, H., Side channel attack resistant cross-user generalized deduplication for cloud storage, ICC 2022–IEEE Int. Conf. on Communications, Seoul, Republic of Korea, 2022, IEEE, 2022, pp. 998–1003. https://doi.org/10.1109/icc45855.2022.9838727

  26. Koo, D. and Hur, J., Privacy-preserving deduplication of encrypted data with dynamic ownership management in fog computing, Future Gener. Comput. Syst., 2018, vol. 78, pp. 739–752. https://doi.org/10.1016/j.future.2017.01.024

    Article  Google Scholar 

  27. Huang, D., Zhou, J., Mi, B., Kuang, F., and Liu, Ya., Key-based data deduplication via homomorphic NTRU for internet of vehicles, IEEE Trans. Veh. Technol., 2022, vol. 72, no. 1, pp. 239–252. https://doi.org/10.1109/tvt.2022.3205627

    Article  Google Scholar 

  28. Dave, J., Dutta, A., Faruki, P., Laxmi, V., and Gaur, M.S., Secure proof of ownership using merkle tree for deduplicated storage, Autom. Control Comput. Sci., 2020, vol. 54, no. 4, pp. 358–370. https://doi.org/10.3103/S0146411620040033

    Article  Google Scholar 

  29. Dave, J., Faruki, P., Laxmi, V., Bezawada, B., and Gaur, M., Secure and efficient proof of ownership for deduplicated cloud storage, Proc. 10th Int. Conf. on Security of Information and Networks, Jaipur, India, 2017, New York: Association for Computing Machinery, 2017, pp. 19–26. https://doi.org/10.1145/3136825.3136889

  30. Dave, J., Faruki, P., Laxmi, V., Zemmari, A., Gaur, M., and Conti, M., SPARK: Secure pseudorandom key-based encryption for deduplicated storage, Comput. Commun., 2020, vol. 154, pp. 148–159. https://doi.org/10.1016/j.comcom.2020.02.037

    Article  Google Scholar 

  31. Dave, J., Saharan, S., Faruki, P., Laxmi, V., and Gaur, M.S., Secure random encryption for deduplicated storage, Information Systems Security, Shyamasundar, R., Singh, V., and Vaidya, J., Eds., Lecture Notes in Computer Science, vol. 10717, Cham: Springer, 2017, pp. 164–176. https://doi.org/10.1007/978-3-319-72598-7_10

    Book  Google Scholar 

  32. Taranin, S.M., Deduplication in the backup system with information storage in a database, Autom. Control Comput. Sci., 2018, vol. 52, no. 7, pp. 608–614. https://doi.org/10.3103/s0146411618070246

    Article  Google Scholar 

  33. Alguliyev, R.M., Imamverdiyev, Y.N., and Abdullayeva, F.J., PSO-based load balancing method in cloud computing, Autom. Control Comput. Sci., 2019, vol. 53, no. 1, pp. 45–55. https://doi.org/10.3103/s0146411619010024

    Article  Google Scholar 

  34. Xue, S. and Ren, C., Security protection of system sharing data with improved CP-ABE encryption algorithm under cloud computing environment, Autom. Control Comput. Sci., 2019, vol. 53, no. 4, pp. 342–350. https://doi.org/10.3103/S0146411619040114

    Article  Google Scholar 

  35. Kumar, P., Gupta, G.P., and Tripathi, R., Design of anomaly-based intrusion detection system using fog computing for IoT network, Autom. Control Comput. Sci., 2021, vol. 55, no. 2, pp. 137–147. https://doi.org/10.3103/S0146411621020085

    Article  Google Scholar 

Download references

ACKNOWLEDGMENTS

We thank Ms. Riddhi for her invaluable support in designing the figures for this publication. We also thank the anonymous reviewers for carefully reading our manuscript and their insightful comments and suggestions.

Funding

This work was supported by ongoing institutional funding. No additional grants to carry out or direct this particular research were obtained.

Author information

Authors and Affiliations

  1. Department of Computer Science & Information Systems, Birla Institute of Technology and Science, Pilani-Hyderabad Campus, India

    Jay Dave &  Nikumani Choudhury

Authors
  1. Jay Dave
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nikumani Choudhury
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jay Dave.

Ethics declarations

The authors of this work declare that they have no conflicts of interest.

Additional information

Publisher’s Note.

Allerton Press remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Jay Dave, Nikumani Choudhury Secure and Efficient Traffic Obfuscation Scheme for Deduplicated Cloud Storage. Aut. Control Comp. Sci. 58, 153–165 (2024). https://doi.org/10.3103/S0146411624700056

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.3103/S0146411624700056

Keywords:

Search

Navigation