Blending Convergent Encryption and Access Control Scheme for Achieving A Secure and Storage Efficient Cloud

Abstract

Conventional encryption schemes are being used over the years for securing outsourced data to cloud. However, this impedes deduplication- the ability to identify and remove duplicate data from storage server. The idea of Convergent Encryption was introduced to overcome this problem which ensures that identical plaintext files will always produce identical ciphertexts and thus enabling deduplication. Nonetheless, this scheme is vulnerable to a side-channel attack called “confirmation-of-a-file” and its variant “learn-the-remaining-information” attack which breach user privacy by observing the deduplication operation. To resolve the above two seemingly contrasting issues, we propose a scheme which blends convergent encryption with a traditional access control scheme for simultaneously achieving confidentiality and deduplication. Both theoretical security analysis and experimental results show that our scheme is semantically secure and resilient against attacks. It incurs minor storage and latency overhead while performing file and block level deduplication. Furthermore, it ensures secure and fine-grained access control of outsourced data by efficiently handling key-management process.