CECPABE: A Novel Approach for Secure Data Deduplication in Cloud

Abstract

 Secure deduplication is important in cloud repository to enforce privacy. Removal of duplicate data cannot be done with the traditional techniques as there is more than one key for generating the ciphertext for the same data. Convergent Encryption (CE) technique meets the need of secure deduplication, but faces three major issues, namely deterministic key generation, revoked user data access and possible offline brute force attack.  Another approach for secure deduplication is the Ciphertext Policy Attribute-Based Encryption (CPABE) algorithm which facilitates the fine-grained access control in a cross-user context but involves high computation cost and it is also very difficult for resource-constrained client-side secure deduplication. The proposed system called CECPABE (CE based CPABE) overcomes the above-mentioned CE and CPABE drawbacks by doing CE at client-side and CPABE at server-side deduplication. The proposed system requires two CSP, Data Management CSP (DM_CSP) and Key Management CSP(KM_CSP). DM_CSP: Cloud Service Provider (CSP) virtualizes a high-end server which handles secure deduplication and re-encryption (SDR) process before storing data at the cloud repository space. SDR server has a list called Current Owners List (COL) to handle user revocation problem. Virtualized instance of CSP will reduce computation cost at client-side and workload at CSP-side. KM_CSP: For secure key management, the proposed system uses Merkle Hash Tree (MHT) root value for encrypting CE_Keys as Cipher Keys (CKs). The proposed system enhances the performance of the secure deduplication to reduce the computational complexity at the client-side and CSP-side.