A key-sharing based secure deduplication scheme in cloud storage

Abstract

The data deduplication technique can efficiently eliminate redundant data by keeping only one copy of the duplicate data. Convergent encryption (CE) has been widely used in secure deduplication to save storage space and reduce data upload bandwidth, but it still faces two problems. One is that CE is not semantically secure, and suffers from an offline brute-force attack when the data is selected from a predictable set. Another is the convergent key (CK) management problem. CE requires each user holds an independent master key to encrypt its CK then stores them in the cloud, thus different users would store the same key for the duplicate copies. As the scale of users and data expand, the number of CK increase linearly. Therefore, so many keys stored repeatedly is a type of redundancy and brings about a key management issue. To enhance the security of CE, current schemes usually interact with a third party to generate a CK, but this brings an additional burden to the system. Recently, several schemes have been proposed for efficient CK management, but these schemes are confronted with a heavy computation and communication overhead and cannot resist the collusion attack. To deal with the above two problems, we propose a key-sharing method based on proof of ownership for secure deduplication. In the new scheme, only the initial uploader of the data owner encrypts the data with a randomly-chosen CK and then distributes the CK in the cloud, and only the users possessing the claimed data can retrieve the CK. The CK only needs to store once for a single duplicate data. Furthermore, our scheme adopts a deduplication check on the plaintexts and the consistency policy, and only a few owners need to encrypt the duplicate data. Analysis shows that our scheme is more efficient and remains secure in the proposed security model.