Achieving Efficient and Privacy-Preserving Multi-Domain Big Data Deduplication in Cloud

Abstract

Secure data deduplication, as it can eliminate redundancies over encrypted data, has been widely developed in cloud storage to reduce storage space and communication overheads. Among them, the convergent encryption has been extensively adopted. However, it is vulnerable to brute-force attacks that can determine which plaintext in a message space corresponds to a given ciphertext. Many existing schemes have to sacrifice efficiency to resist brute-force attacks, especially for cross-domain deduplication, which is inevitably contrary to practical applications. Moreover, few existing schemes consider protecting the message equality information (i.e., whether two different ciphertexts correspond to an identical plaintext). To address the above challenges, in this paper, we propose an efficient and privacy-preserving big data deduplication scheme for a two-level multi-domain architecture. Specifically, by generating a random tag and a constant number of random ciphertexts for each data, our scheme not only ensures data confidentiality under multi-domain deduplication but also resists brute-force attacks. By allowing only the agent and cloud service provider to perform intra-deduplication and inter-deduplication, respectively, our scheme can protect the message equality information from disclosure as much as possible. Detailed security analysis shows that our scheme achieves privacy-preservation for both data content and the message equality information and data integrity while resisting brute-force attacks. Furthermore, extensive simulations demonstrate that our scheme significantly outperforms the existing competing schemes, especially the computational cost and the time complexity of the duplicate search.