SecDedup: Secure data deduplication with dynamic auditing in the cloud

Abstract

In the era of big data, data explosion has brought challenges to cloud storage management. To improve cloud storage efficiency and save network communication bandwidth, cloud data deduplication has emerged as a research hotspot, especially in the field of encrypted cloud data storage. How to enhance the security of encrypted data deduplication by resisting various attacks on deduplication has become an important research issue. However, existing solutions suffer from security flaws and are vulnerable to a series of attacks, e.g., duplicate faking attacks, file ownership spoofing attacks, and file tampering attacks. Besides, dynamic data operation is rarely considered or audited. To solve the above problems, we propose a novel scheme, named SecDedup, to enhance the security of encrypted cloud data deduplication with dynamic auditing. SecDedup applies a homomorphic authenticator and designs a multi-functional data tag with optimized storage to support deduplication and auditing at the same time with security guarantee against various attacks as mentioned above. In particular, We embed multi-set hash functions into data tags to achieve dynamic data auditing. In addition, SecDedup supports batch auditing with optimized computational cost for multiple deduplication auditing tasks. We formally prove the correctness and security of SecDedup, showing that it can successfully achieve our design goals for resisting the above listed attacks. We also analyze and evaluate the performance of SecDedup in terms of computation, communication, and tag storage overheads by comparing them with existing works. The results show its effectiveness and scalability.