Marking based Obfuscation Strategy to resist Side Channel Attack in Cross-User Deduplication for Cloud Storage

Abstract

Cross-user deduplication is an effective technique means to eliminate redundant uploading in using cloud storage by returning a specific response to indicate existence of the data in request. However, the deterministic response actually provides a side channel to attackers, which could be utilized to steal existence privacy of the target data in cloud storage. Because of the difficulty to achieve complete obfuscation in response for chunk level deduplication, such kind of attack still cannot be well resisted, let alone random chunks generation attack, a more sophisticated form to assist statistical attacks. Even though dirty chunks processing is able to resist such attacks under normal circumstances, a lot of communication overhead is introduced inevitably. To deal with these challenges, we propose a marking based obfuscation strategy in cross-user deduplication for cloud storage, which takes the lead to well improve security in cross-user deduplication under side channel attack as well as random chunks generation attack. Specifically, we first calculate the number of chunks to be marked to cover at least one duplicate chunk with great probability. Then perform marking strategy to the certain number of randomly chosen chunks, to consider them as inexistent before generating a response regardless of their real existence. To achieve light weight dirty chunks processing with security guaranteed, as long as at least a dirty chunk is found to be involved in the request, once more marking is introduced to achieve another obfuscation. The experimental results show that, the proposed scheme is lightweight in achieving security comparing with the state-of-the art.