Secure Proof of Ownership Using Merkle Tree for Deduplicated Storage

Abstract

In cloud services, deduplication is a widely used data reduction technique to minimize storage and communication overhead. Nonetheless, deduplication introduces a serious security risk: a malicious client can obtain access to a file on storage by learning just a piece of information about the file. Proof of ownership schemes provides protection against this security risk as it enables the server to check whether the client actually owns a particular file in its entirety. However, a malicious client may misuse proof of ownership procedure to waste resources at the server. For that, she sends a large number of upload requests and tries to keep the server busy in computing challenges and verifying responses. In this paper, we propose a secure proof of ownership scheme using Merkle tree. In this approach, cloud server precomputes the challenges-responses to avoid computational overhead during subsequent upload. Moreover, cloud server does not need to retain resources until the response is received since our approach is a stateless protocol. Security analysis demonstrates that a malicious client without having entire file cannot prove herself as an owner of the file. As a proof of concept, we implement our approach in a realistic environment and demonstrate that it outperforms the existing proof of ownership schemes in terms of challenge generation, communication, and response verification cost.