A Hybrid Cloud Approach for Secure Authorized Deduplication
01 May 2015-IEEE Transactions on Parallel and Distributed Systems (IEEE)-Vol. 26, Iss: 5, pp 1206-1216
TL;DR: This paper makes the first attempt to formally address the problem of authorized data deduplication, and shows that the proposed authorized duplicate check scheme incurs minimal overhead compared to normal operations.
Abstract: Data deduplication is one of important data compression techniques for eliminating duplicate copies of repeating data, and has been widely used in cloud storage to reduce the amount of storage space and save bandwidth. To protect the confidentiality of sensitive data while supporting deduplication, the convergent encryption technique has been proposed to encrypt the data before outsourcing. To better protect data security, this paper makes the first attempt to formally address the problem of authorized data deduplication. Different from traditional deduplication systems, the differential privileges of users are further considered in duplicate check besides the data itself. We also present several new deduplication constructions supporting authorized duplicate check in a hybrid cloud architecture. Security analysis demonstrates that our scheme is secure in terms of the definitions specified in the proposed security model. As a proof of concept, we implement a prototype of our proposed authorized duplicate check scheme and conduct testbed experiments using our prototype. We show that our proposed authorized duplicate check scheme incurs minimal overhead compared to normal operations.
Citations
More filters
TL;DR: This work presents a basic scheme based on multi-key fully homomorphic encryption (MK-FHE), and proposes a hybrid structure scheme by combining the double decryption mechanism and FHE, and proves that these two multi- key privacy-preserving deep learning schemes over encrypted data are secure.
386 citations
TL;DR: A secure system to devise a novel two-fold access control mechanism, which is self-adaptive for both normal and emergency situations, is formally proved secure, and extensive comparison and simulations demonstrate its efficiency.
267 citations
TL;DR: A new system for Cloud Computing integrated with Internet of Things as a base scenario for Big Data and an architecture relaying on the security of the network are proposed in order to improve their security issues.
198 citations
TL;DR: This work discusses various essential features of SDN that makes it a suitable networking technology for cloud computing, and proposes a novel flow-table sharing approach to protect the SDN-based cloud from flow table overloading DDoS attacks.
Abstract: In recent time, software defined networking (SDN) has evolved into a new and promising networking paradigm. In the SDN-based cloud, the essential features of SDN, including global view of the whole network, software-based traffic analysis, centralized control over the network, etc. can greatly improve the DDoS attack detection and mitigation capabilities of the cloud. However, integration of SDN in the cloud itself introduces new DDoS attack vulnerabilities. Limited flow-table size is a vulnerability that can be exploited by the adversaries to perform DDoS attacks on the SDN-based cloud. In this paper, we first discuss various essential features of SDN that makes it a suitable networking technology for cloud computing. In addition, we represent the flow table-space of a switch by using a queuing theory based mathematical model. Further, we propose a novel flow-table sharing approach to protect the SDN-based cloud from flow table overloading DDoS attacks. This approach utilizes idle flow-table of other OpenFlow switches in the network to protect the switch’s flow-table from overloading. Our approach increases the resistance of the cloud system against DDoS attacks with minimal involvement of the SDN controller. Thus, it has very low communication overhead. Our claims are well supported by the extensive simulation-based experiments.
195 citations
TL;DR: This paper constructs a new ID-based linear homomorphic signature scheme, which avoids the shortcomings of the use of public-key certificates and is proved secure against existential forgery on adaptively chosen message and ID attack under the random oracle model.
Abstract: Identity-based cryptosystems mean that public keys can be directly derived from user identifiers, such as telephone numbers, email addresses, and social insurance number, and so on. So they can simplify key management procedures of certificate-based public key infrastructures and can be used to realize authentication in blockchain. Linearly homomorphic signature schemes allow to perform linear computations on authenticated data. And the correctness of the computation can be publicly verified. Although a series of homomorphic signature schemes have been designed recently, there are few homomorphic signature schemes designed in identity-based cryptography. In this paper, we construct a new ID-based linear homomorphic signature scheme, which avoids the shortcomings of the use of public-key certificates. The scheme is proved secure against existential forgery on adaptively chosen message and ID attack under the random oracle model. The ID-based linearly homomorphic signature schemes can be applied in e-business and cloud computing. Finally, we show how to apply it to realize authentication in blockchain.
175 citations
Cites background from "A Hybrid Cloud Approach for Secure ..."
...INTRODUCTION Nowadays, people have paid attention to the importance of information security [3]–[6], [9], [10]....
[...]
References
More filters
TL;DR: Why RBAC is receiving renewed attention as a method of security administration and review is explained, a framework of four reference models developed to better understandRBAC is described, and the use of RBAC to manage itself is discussed.
Abstract: Security administration of large systems is complex, but it can be simplified by a role-based access control approach. This article explains why RBAC is receiving renewed attention as a method of security administration and review, describes a framework of four reference models developed to better understand RBAC and categorizes different implementations, and discusses the use of RBAC to manage itself.
5,418 citations
"A Hybrid Cloud Approach for Secure ..." refers background in this paper
...We show that the overhead is minimal compared to the normal convergent encryption and file upload operations....
[...]
Proceedings Article•
28 Jan 2002TL;DR: The feasibility of the write-once model for storage is demonstrated using data from over a decade's use of two Plan 9 file systems, resulting in an access time for archival data that is comparable to non-archival data.
Abstract: This paper describes a network storage system, called Venti, intended for archival data In this system, a unique hash of a block's contents acts as the block identifier for read and write operations This approach enforces a write-once policy, preventing accidental or malicious destruction of data In addition, duplicate copies of a block can be coalesced, reducing the consumption of storage and simplifying the implementation of clients Venti is a building block for constructing a variety of storage applications such as logical backup, physical backup, and snapshot file systems
We have built a prototype of the system and present some preliminary performance results The system uses magnetic disks as the storage technology, resulting in an access time for archival data that is comparable to non-archival data The feasibility of the write-once model for storage is demonstrated using data from over a decade's use of two Plan 9 file systems
956 citations
"A Hybrid Cloud Approach for Secure ..." refers background in this paper
...ing, deduplication [17] has been a well-known technique and has attracted more and more attention recently....
[...]
02 Jul 2002
TL;DR: This work presents a mechanism to reclaim space from this incidental duplication to make it available for controlled file replication, and includes convergent encryption, which enables duplicate files to be coalesced into the space of a single file, even if the files are encrypted with different users' keys.
Abstract: The Farsite distributed file system provides availability by replicating each file onto multiple desktop computers. Since this replication consumes significant storage space, it is important to reclaim used space where possible. Measurement of over 500 desktop file systems shows that nearly half of all consumed space is occupied by duplicate files. We present a mechanism to reclaim space from this incidental duplication to make it available for controlled file replication. Our mechanism includes: (1) convergent encryption, which enables duplicate files to be coalesced into the space of a single file, even if the files are encrypted with different users' keys; and (2) SALAD, a Self-Arranging Lossy Associative Database for aggregating file content and location information in a decentralized, scalable, fault-tolerant manner. Large-scale simulation experiments show that the duplicate-file coalescing system is scalable, highly effective, and fault-tolerant.
690 citations
"A Hybrid Cloud Approach for Secure ..." refers background in this paper
...Convergent encryption [8] has been proposed to enforce data confidentiality while making deduplication feasible....
[...]
...Convergent encryption [8] ensures data privacy in deduplication....
[...]
...Convergent encryption [4], [8] provides data confidentiality in deduplication....
[...]
Posted Content•
TL;DR: A type of non-discretionary access contro l - role-based access control (RBAC) that is more central to the secure processing needs ofnon-military systems than DAC is described.
Abstract: While Mandatory Access Controls (MAC) are appropriate for multilevel secure military applications, Discretionary Access Controls (DAC) are often perceived as meeting the security processing needs of industry and civilian government. This paper argues that reliance on DAC as the principal method of access control is unfounded and inappropriate for many commercial and civilian government organizations. The paper describes a type of non-discretionary access control - role-based access control (RBAC) - that is more central to the secure processing needs of non-military systems than DAC.
667 citations
"A Hybrid Cloud Approach for Secure ..." refers background in this paper
...We show that the overhead is minimal compared to the normal convergent encryption and file upload operations....
[...]
Book•
13 Oct 1992
TL;DR: RBAC as discussed by the authors uses RBAC to implement Military Policies and Integrates RBAC with Existing Infrastructure, using role hierarchies and role-based role-role hierarchies to implement military policies.
Abstract: Introduction. Access Control Methods. Overview of RBAC. Role Hierarchies. Using RBAC to implement Military Policies. Standard RBAC. RBAC Administration. Integrating RBAC with Existing Infrastructure. Research Prototypes. Commercial RBAC Products. Migrating to RBAC.
639 citations