Comments on "Privacy Aware Data Deduplication for Side Channel in Cloud Storage"

• Published in: IEEE transactions on cloud computing Vol. 12; no. 2; pp. 814 - 817
• Main Authors: Tang, Xin, Zhu, Yudan, Fu, Mingjun
• Format: Journal Article
• Language: English
• Published: Piscataway IEEE 01.04.2024; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Cloud computing; Data privacy; Data storage; Deduplication; existence privacy; Privacy; random chunk generation attack; Resists; Reviews; side channel attack; Side-channel attacks; Termination of employment
• ISSN: 2168-7161; 2372-0018
• DOI: 10.1109/TCC.2024.3376996

Cross-user deduplication is an emerging technique to eliminate uploading of redundant data in cloud storage. Even though it is able to improve storage and communication efficiency simultaneously, it suffers from the problem of privacy leakage by side channel attack, which is a major obstacle to the practical application of this technique. In order to achieve a secure cross-user deduplication, Yu et al. recently proposed a zero-knowledge response (ZEUS) scheme, together with an advanced countermeasure ZEUS<inline-formula><tex-math notation="LaTeX">^\mathrm{+}</tex-math> <mml:math><mml:msup><mml:mrow/><mml:mo>+</mml:mo></mml:msup></mml:math><inline-graphic xlink:href="tang-ieq1-3376996.gif"/> </inline-formula> by combining ZEUS and the random threshold solution, each of which is claimed to be secure against side channel attack. However, in this paper we show that both ZEUS and ZEUS<inline-formula><tex-math notation="LaTeX">^\mathrm{+}</tex-math> <mml:math><mml:msup><mml:mrow/><mml:mo>+</mml:mo></mml:msup></mml:math><inline-graphic xlink:href="tang-ieq2-3376996.gif"/> </inline-formula> are easily subject to a random chunk generation attack, which in turn undermines the claimed security. Furthermore, we also propose a simple but effective method to improve the existing schemes.