A secure and lightweight cloud data deduplication scheme with efficient access control and key management

Abstract

Data deduplication technology is extensively employed to enhance the storage efficiency of cloud servers by eliminating redundant files. Cloud users commonly encrypt their data prior to uploading it to the server. Conventional encryption algorithms, however, lead to the encryption of duplicated data from different users into distinct ciphertexts. Consequently, these ciphertexts must be stored in the cloud since the cloud server cannot identify such duplicated data. In this paper, we introduce a hybrid cloud-based secure deduplication scheme tailored for implementation on large-scale data systems. Specifically, our approach leverages ciphertext-policy attribute-based encryption (CP-ABE), which enables us to establish access control and key management via a private cloud server. Simultaneously, we leverage a public cloud server to cater to enterprises and groups seeking secure data storage. Notably, our approach ensures mutual zero-interaction verification between both public and private cloud servers through ElGamal encryption, thereby guaranteeing data unforgeability. The security assessment illustrates that our proposed approach ensures both data privacy and integrity. We also show that the approach resists brute-force attacks on the dictionary, prevents malicious users from deceiving cloud servers to return incorrect ciphertext, and achieves secure and efficient access control and key management. Furthermore, functional and performance evaluation underscores the superiority of our method over five other classical data deduplication schemes. Under the premise of having more comprehensive security settings, the performance of the scheme still maintains a good level at every stage.