Blockchain-Assisted Secure Deduplication for Large-Scale Cloud Storage Service

• Published in: IEEE transactions on services computing Vol. 17; no. 3; pp. 821 - 835
• Main Authors: Hua, Zhongyun, Yao, Yufei, Song, Mingyang, Zheng, Yifeng, Zhang, Yushu, Wang, Cong
• Format: Journal Article
• Language: English
• Published: Piscataway IEEE 01.05.2024; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Algorithms; Blockchain; Blockchains; Cloud computing; Cloud storage; Cryptography; Cybersecurity; Data storage; Encryption; key servers management; Leakage; Maximum likelihood estimation; Outsourcing; Protocols; Scalability; secure deduplication; server-aided encryption
• ISSN: 1939-1374; 2372-0204
• DOI: 10.1109/TSC.2024.3350086

Secure deduplication over encrypted data can greatly improve cloud storage efficiency and protect data privacy. Recently, there have been some research efforts aiming at designing secure deduplication schemes with the assistance of key servers (KSs). However, prior works are unsatisfactory in that they suffer from some limitations such as security degradation (the leakage at partial KSs will lead to all the ciphertexts being subject to offline brute-force attacks) or lack of scalability for handling the change of KSs. In this article, we propose a new secure deduplication scheme for large-scale cloud storage service, which, to our best knowledge, is the first server-aided scheme that supports both tolerance of partial KSs leakage and dynamic change of KSs. Our scheme divides all the KSs into multiple groups and each KS group keeps a randomly generated secret key using threshold cryptography. We design a file-related KS group selection mechanism for assisting encryption key generation, which guarantees that the identical files of different users can be encrypted using the same keys. Our scheme is designed to update the KS groups regularly for supporting the joining and leaving of the KSs as well as maintaining long-term security. We leverage the blockchain to help divide KSs into groups in a fair way and securely migrate group secret keys during KS group updating. Formal analysis is provided to verify the correctness of our scheme and justify its security, and both theoretical and experimental results demonstrate that it has modest performance overhead.