LSDedup: Layered Secure Deduplication for Cloud Storage

Mingyang Song; Zhongyun Hua; Yifeng Zheng; Hejiao Huang; Xiaohua Jia

doi:10.1109/TC.2023.3331953

LSDedup: Layered Secure Deduplication for Cloud Storage

Mingyang Song, Zhongyun Hua^*, Yifeng Zheng, Hejiao Huang, Xiaohua Jia

^*Corresponding author for this work

Department of Computer Science

Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review

17 Citations (Scopus)

Abstract

To implement encrypted data deduplication in a cloud storage system, users must encrypt files using special encryption algorithms (e.g., convergent encryption (CE)), which cannot provide strong protection. The confidential level of an outsourced file is determined by the user himself/herself subjectively or by the owner number of the file objectively. These files owned by a few users are considered strictly confidential and require strong protection. In this paper, we design, analyze and implement LSDedup, which attains a high storage efficiency while providing strictly confidential files (SCFiles) with strong protection. LSDedup allows cloud users to securely interact with cloud servers to check the confidential level of an outsourced file. Users encrypt the SCFiles using standard symmetric encryption algorithms to achieve a high security level, whereas encrypting the less confidential files (LSFiles) using CE such that cloud servers can perform deduplication. LSDedup is designed to prevent cloud servers reporting fake confidential level and a fake file user claiming the ownership of the file. Formal analysis is provided to justify its security. Besides, we implement an LSDedup prototype using Alibaba Cloud as backend storage. Our evaluations demonstrate that LSDedup can work with existing cloud service providers' APIs and achieves modest performance overhead. © 1968-2012 IEEE.

Original language	English
Pages (from-to)	422-435
Number of pages	14
Journal	IEEE Transactions on Computers
Volume	73
Issue number	2
Online published	13 Nov 2023
DOIs	https://doi.org/10.1109/TC.2023.3331953
Publication status	Published - Feb 2024

Funding

This work was supported in part by the National Natural Science Foundation of China under Grant 62071142, in part by the Guangdong Basic and Applied Basic Research Foundation under Grants 2021A1515110027, 2021A1515011406, and 2023A1515010714, in part by the Shenzhen Science and Technology Program under Grants GXWD20220817124827001, JCYJ20210324132406016, and ZDSYS20210623091809029, and in part by the Guangdong Provincial Key Laboratory of Novel Security Intelligence Technologies under Grant 2022B1212010005.

Research Keywords

Cloud storage
cloud storage security
encrypted data deduplication
layered deduplication
secure deduplication

Access Output

10.1109/TC.2023.3331953

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

@article{1250ff7652d048ebbd6877c42ab65eba,

title = "LSDedup: Layered Secure Deduplication for Cloud Storage",

abstract = "To implement encrypted data deduplication in a cloud storage system, users must encrypt files using special encryption algorithms (e.g., convergent encryption (CE)), which cannot provide strong protection. The confidential level of an outsourced file is determined by the user himself/herself subjectively or by the owner number of the file objectively. These files owned by a few users are considered strictly confidential and require strong protection. In this paper, we design, analyze and implement LSDedup, which attains a high storage efficiency while providing strictly confidential files (SCFiles) with strong protection. LSDedup allows cloud users to securely interact with cloud servers to check the confidential level of an outsourced file. Users encrypt the SCFiles using standard symmetric encryption algorithms to achieve a high security level, whereas encrypting the less confidential files (LSFiles) using CE such that cloud servers can perform deduplication. LSDedup is designed to prevent cloud servers reporting fake confidential level and a fake file user claiming the ownership of the file. Formal analysis is provided to justify its security. Besides, we implement an LSDedup prototype using Alibaba Cloud as backend storage. Our evaluations demonstrate that LSDedup can work with existing cloud service providers' APIs and achieves modest performance overhead. {\textcopyright} 1968-2012 IEEE.",

keywords = "Cloud storage, cloud storage security, encrypted data deduplication, layered deduplication, secure deduplication",

author = "Mingyang Song and Zhongyun Hua and Yifeng Zheng and Hejiao Huang and Xiaohua Jia",

year = "2024",

month = feb,

doi = "10.1109/TC.2023.3331953",

language = "English",

volume = "73",

pages = "422--435",

journal = "IEEE Transactions on Computers",

issn = "0018-9340",

publisher = "IEEE Computer Society",

number = "2",

}

TY - JOUR

T1 - LSDedup

T2 - Layered Secure Deduplication for Cloud Storage

AU - Song, Mingyang

AU - Hua, Zhongyun

AU - Zheng, Yifeng

AU - Huang, Hejiao

AU - Jia, Xiaohua

PY - 2024/2

Y1 - 2024/2

N2 - To implement encrypted data deduplication in a cloud storage system, users must encrypt files using special encryption algorithms (e.g., convergent encryption (CE)), which cannot provide strong protection. The confidential level of an outsourced file is determined by the user himself/herself subjectively or by the owner number of the file objectively. These files owned by a few users are considered strictly confidential and require strong protection. In this paper, we design, analyze and implement LSDedup, which attains a high storage efficiency while providing strictly confidential files (SCFiles) with strong protection. LSDedup allows cloud users to securely interact with cloud servers to check the confidential level of an outsourced file. Users encrypt the SCFiles using standard symmetric encryption algorithms to achieve a high security level, whereas encrypting the less confidential files (LSFiles) using CE such that cloud servers can perform deduplication. LSDedup is designed to prevent cloud servers reporting fake confidential level and a fake file user claiming the ownership of the file. Formal analysis is provided to justify its security. Besides, we implement an LSDedup prototype using Alibaba Cloud as backend storage. Our evaluations demonstrate that LSDedup can work with existing cloud service providers' APIs and achieves modest performance overhead. © 1968-2012 IEEE.

AB - To implement encrypted data deduplication in a cloud storage system, users must encrypt files using special encryption algorithms (e.g., convergent encryption (CE)), which cannot provide strong protection. The confidential level of an outsourced file is determined by the user himself/herself subjectively or by the owner number of the file objectively. These files owned by a few users are considered strictly confidential and require strong protection. In this paper, we design, analyze and implement LSDedup, which attains a high storage efficiency while providing strictly confidential files (SCFiles) with strong protection. LSDedup allows cloud users to securely interact with cloud servers to check the confidential level of an outsourced file. Users encrypt the SCFiles using standard symmetric encryption algorithms to achieve a high security level, whereas encrypting the less confidential files (LSFiles) using CE such that cloud servers can perform deduplication. LSDedup is designed to prevent cloud servers reporting fake confidential level and a fake file user claiming the ownership of the file. Formal analysis is provided to justify its security. Besides, we implement an LSDedup prototype using Alibaba Cloud as backend storage. Our evaluations demonstrate that LSDedup can work with existing cloud service providers' APIs and achieves modest performance overhead. © 1968-2012 IEEE.

KW - Cloud storage

KW - cloud storage security

KW - encrypted data deduplication

KW - layered deduplication

KW - secure deduplication

UR - http://www.scopus.com/inward/record.url?scp=85177028643&partnerID=8YFLogxK

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85177028643&origin=recordpage

U2 - 10.1109/TC.2023.3331953

DO - 10.1109/TC.2023.3331953

M3 - RGC 21 - Publication in refereed journal

SN - 0018-9340

VL - 73

SP - 422

EP - 435

JO - IEEE Transactions on Computers

JF - IEEE Transactions on Computers

IS - 2

ER -

LSDedup: Layered Secure Deduplication for Cloud Storage

Abstract

Funding

Research Keywords

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this