Abstract
Due to the explosive growth of data on cloud storage, deduplication, a data reduction technique, has been extensively accepted by cloud service providers. Deduplication significantly reduces storage and communication costs by eliminating the upload and storage of duplicate data. However, an adversary can exploit deduplication as a side channel to check the existence of a targeted file on the cloud. The existing state-of-the-art solutions hide the file-existence information by delaying the deduplication process. However, it causes communication overhead since users need to upload the file even if it is already available on the cloud. In this paper, we propose a secure and efficient traffic obfuscation scheme. In our scheme, we consider a short hash value of file as a deduplication identity. When a user sends a short hash value as an upload request, the server replies with metadata of all files linked to the short hash value. As a result, only such subsequent uploader who knows the file completely can compute the bloom filter from the file and learn the encryption key from metadata using the bloom filter. Moreover, a random key based encryption is used to preserve security against chosen plaintext attacks. The random encryption key is encoded using the bloom filter generated from the file. We evaluate the security of our approach against leakage of file existence information and chosen plaintext attacks. We evaluate the performance of our approach in a real cloud scenario and show that the proposed scheme causes lower communication overhead compared to existing solutions.
REFERENCES
Cisco Global Cloud Index. Forecast and methodology, 2016–2021 white paper, 2018.
Choudhury, N., Matam, R., Mukherjee, M., and Lloret, J., LBS: A beacon synchronization scheme with higher schedulability for IEEE 802.15.4 cluster-tree-based IoT applications, IEEE Internet Things J., 2019, vol. 6, no. 5, pp. 8883–8896. https://doi.org/10.1109/jiot.2019.2924317
Choudhury, N., Matam, R., Mukherjee, M., and Lloret, J., DADC: A novel duty-cycling scheme for IEEE 802.15.4 cluster-tree-based IoT applications, ACM Trans. Internet Technol., 2021, vol. 22, no. 2, pp. 1–26. https://doi.org/10.1145/3409487
Mukherjee, M., Matam, R., Shu, L., Maglaras, L., Ferrag, M.A., Choudhury, N., and Kumar, V., Security and privacy in fog computing: Challenges, IEEE Access, 2017, vol. 5, pp. 19293–19304. https://doi.org/10.1109/access.2017.2749422
Meyer, D.T. and Bolosky, W.J., A study of practical deduplication, ACM Trans. Storage, 2012, vol. 7, no. 4, pp. 1–20. https://doi.org/10.1145/2078861.2078864
Harnik, D., Pinkas, B., and Shulman-Peleg, A., Side channels in cloud services: Deduplication in cloud storage, IEEE Secur. Privacy, 2010, vol. 8, no. 6, pp. 40–47. https://doi.org/10.1109/MSP.2010.187
Dave, J., Laxmi, V., Faruki, P., Gaur, M., and Shah, B., Bloom filter based privacy preserving deduplication system, Security and Privacy, Nandi, S., Jinwala, D., Singh, V., Laxmi, V., Gaur, M., and Faruki, P., Eds., Communications in Computer and Information Science, vol. 939, Singapore: Springer, 2019, pp. 17–34. https://doi.org/10.1007/978-981-13-7561-3_2
Heen, O., Neumann, C., Montalvo, L., and Defrance, S., Improving the resistance to side-channel attacks on cloud storage services, 2012 5th Int. Conf. on New Technologies, Mobility and Security (NTMS), Istanbul, 2012, IEEE, 2012, pp. 1–5. https://doi.org/10.1109/ntms.2012.6208705
Lee, S. and Choi, D., Privacy-preserving cross-user source-based data deduplication in cloud storage, 2012 Int. Conf. on ICT Convergence (ICTC), Jeju, Korea (South), 2012, IEEE, 2012, pp. 329–330. https://doi.org/10.1109/ictc.2012.6386851
Meye, P., Raipin, P., Tronel, F., and Anceaume, E., A secure two-phase data deduplication scheme, 2014 IEEE Int. Conf. on High Performance Computing and Communications, 2014 IEEE 6th Int. Symp. on Cyberspace Safety and Security, 2014 IEEE 11th Int. Conf. on Embedded Software and Syst. (HPCC,CSS,ICESS), Paris, 2014, IEEE, 2014, pp. 802–809. https://doi.org/10.1109/hpcc.2014.134
Pulls, T., (More) side channels in cloud storage, Privacy and Identity Management for Life. Privacy and Identity 2011, Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., and Russello, G., Eds., IFIP Advances in Information and Communication Technology, vol. 7, Berlin: Springer, 2011, pp. 102–115. https://doi.org/10.1007/978-3-642-31668-5_8
Puzio, P., Molva, R., Önen, M., and Loureiro, S., PerfectDedup: Secure data deduplication, Data Privacy Management, and Security Assurance. DPM QASA 2015, Garcia-Alfaro, J., Navarro-Arribas, G., Aldini, A., Martinelli, F., and Suri, N., Eds., Lecture Notes in Computer Science, vol. 9481, Cham: Springer, 2015, pp. 150–166. https://doi.org/10.1007/978-3-319-29883-2_10
Shin, Yo. and Kim, K., Differentially private client-side data deduplication protocol for cloud storage services, Secur. Commun. Networks, 2015, vol. 8, no. 12, pp. 2114–2123. https://doi.org/10.1002/sec.1159
Stanek, J., Sorniotti, A., Androulaki, E., and Kencl, L., A secure data deduplication scheme for cloud storage, Financial Cryptography and Data Security, Christin, N. and Safavi-Naini, R., Eds., Lecture Notes in Computer Science, vol. 8437, Berlin: Springer, 2014, pp. 99–118. https://doi.org/10.1007/978-3-662-45472-5_8
Bloom, B.H., Space/time trade-offs in hash coding with allowable errors, Commun. ACM, 1970, vol. 13, no. 7, pp. 422–426. https://doi.org/10.1145/362686.362692
Bazm, M.-M., Lacoste, M., Sudholt, M., and Menaud, J.-M., Side-channels beyond the cloud edge: New isolation threats and solutions, 2017 1st Cyber Security in Networking Conference (CSNet), Rio de Janeiro, 2017, IEEE, 2017. https://doi.org/10.1109/csnet.2017.8241986
Lindemann, J. and Fischer, M., On the detection of applications in co-resident virtual machines via a memory deduplication side-channel, ACM SIGAPP Appl. Comput. Rev., 2019, vol. 18, no. 4, pp. 31–46. https://doi.org/10.1145/3307624.3307628
Hovhannisyan, H., Lu, K., Yang, R., Qi, W., Wang, J., and Wen, M., A novel deduplication-based covert channel in cloud storage service, 2015 IEEE Global Communications Conference (GLOBECOM), San Diego, Calif., 2015, IEEE, 2015, pp. 1–6. https://doi.org/10.1109/glocom.2015.7417228
Shin, Yo., Koo, D., and Hur, J., A survey of secure data deduplication schemes for cloud storage systems, ACM Comput. Surv., 2017, vol. 49, no. 4, pp. 1–38. https://doi.org/10.1145/3017428
Stanek, J. and Kencl, L., Enhanced secure thresholded data deduplication scheme for cloud storage, IEEE Trans. Dependable Secure Comput., 2016, vol. 15, no. 4, pp. 694–707. https://doi.org/10.1109/tdsc.2016.2603501
Bellare, M., Keelveedhi, S., and Ristenpart, T., Message-locked encryption and secure deduplication, Advances in Cryptology–EUROCRYPT 2013, Johansson, T. and Nguyen, P.Q., Eds., Lecture Notes in Computer Science, vol. 7881, Berlin: Springer, 2013, pp. 296–312. https://doi.org/10.1007/978-3-642-38348-9_18
Pooranian, Z., Chen, K.-Ch., Yu, Ch.-M., and Conti, M., RARE: Defeating side channels based on data-deduplication in cloud storage, IEEE INFOCOM 2018-IEEE Conf. on Computer Communications Workshops (INFOCOM WKSHPS), Honolulu, Hawaii, 2018, IEEE, 2018, pp. 444–449. https://doi.org/10.1109/infcomw.2018.8406888
Yu, Ch.-M., Gochhayat, S.P., Conti, M., and Lu, C., Privacy aware data deduplication for side channel in cloud storage, IEEE Trans. Cloud Comput., 2018, vol. 8, no. 2, pp. 597–609. https://doi.org/10.1109/tcc.2018.2794542
Saric, K., Ramachandran, G.S., Pal, S., Jurdak, R., and Nepal, S., A universal deduplication architecture for secure and efficient cloud storage, 2022 IEEE 4th Int. Conf. on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA), Atlanta, 2022, IEEE, 2022, pp. 10–19. https://doi.org/10.1109/tps-isa56441.2022.00012
Tang, X., Liu, Z., Shao, Ya., and Di, H., Side channel attack resistant cross-user generalized deduplication for cloud storage, ICC 2022–IEEE Int. Conf. on Communications, Seoul, Republic of Korea, 2022, IEEE, 2022, pp. 998–1003. https://doi.org/10.1109/icc45855.2022.9838727
Koo, D. and Hur, J., Privacy-preserving deduplication of encrypted data with dynamic ownership management in fog computing, Future Gener. Comput. Syst., 2018, vol. 78, pp. 739–752. https://doi.org/10.1016/j.future.2017.01.024
Huang, D., Zhou, J., Mi, B., Kuang, F., and Liu, Ya., Key-based data deduplication via homomorphic NTRU for internet of vehicles, IEEE Trans. Veh. Technol., 2022, vol. 72, no. 1, pp. 239–252. https://doi.org/10.1109/tvt.2022.3205627
Dave, J., Dutta, A., Faruki, P., Laxmi, V., and Gaur, M.S., Secure proof of ownership using merkle tree for deduplicated storage, Autom. Control Comput. Sci., 2020, vol. 54, no. 4, pp. 358–370. https://doi.org/10.3103/S0146411620040033
Dave, J., Faruki, P., Laxmi, V., Bezawada, B., and Gaur, M., Secure and efficient proof of ownership for deduplicated cloud storage, Proc. 10th Int. Conf. on Security of Information and Networks, Jaipur, India, 2017, New York: Association for Computing Machinery, 2017, pp. 19–26. https://doi.org/10.1145/3136825.3136889
Dave, J., Faruki, P., Laxmi, V., Zemmari, A., Gaur, M., and Conti, M., SPARK: Secure pseudorandom key-based encryption for deduplicated storage, Comput. Commun., 2020, vol. 154, pp. 148–159. https://doi.org/10.1016/j.comcom.2020.02.037
Dave, J., Saharan, S., Faruki, P., Laxmi, V., and Gaur, M.S., Secure random encryption for deduplicated storage, Information Systems Security, Shyamasundar, R., Singh, V., and Vaidya, J., Eds., Lecture Notes in Computer Science, vol. 10717, Cham: Springer, 2017, pp. 164–176. https://doi.org/10.1007/978-3-319-72598-7_10
Taranin, S.M., Deduplication in the backup system with information storage in a database, Autom. Control Comput. Sci., 2018, vol. 52, no. 7, pp. 608–614. https://doi.org/10.3103/s0146411618070246
Alguliyev, R.M., Imamverdiyev, Y.N., and Abdullayeva, F.J., PSO-based load balancing method in cloud computing, Autom. Control Comput. Sci., 2019, vol. 53, no. 1, pp. 45–55. https://doi.org/10.3103/s0146411619010024
Xue, S. and Ren, C., Security protection of system sharing data with improved CP-ABE encryption algorithm under cloud computing environment, Autom. Control Comput. Sci., 2019, vol. 53, no. 4, pp. 342–350. https://doi.org/10.3103/S0146411619040114
Kumar, P., Gupta, G.P., and Tripathi, R., Design of anomaly-based intrusion detection system using fog computing for IoT network, Autom. Control Comput. Sci., 2021, vol. 55, no. 2, pp. 137–147. https://doi.org/10.3103/S0146411621020085
ACKNOWLEDGMENTS
We thank Ms. Riddhi for her invaluable support in designing the figures for this publication. We also thank the anonymous reviewers for carefully reading our manuscript and their insightful comments and suggestions.
Funding
This work was supported by ongoing institutional funding. No additional grants to carry out or direct this particular research were obtained.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
The authors of this work declare that they have no conflicts of interest.
Additional information
Publisher’s Note.
Allerton Press remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
About this article
Cite this article
Jay Dave, Nikumani Choudhury Secure and Efficient Traffic Obfuscation Scheme for Deduplicated Cloud Storage. Aut. Control Comp. Sci. 58, 153–165 (2024). https://doi.org/10.3103/S0146411624700056
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411624700056