Secure Deduplication with Efficient and Reliable Convergent Key Management

• Published in: IEEE transactions on parallel and distributed systems Vol. 25; no. 6; pp. 1615 - 1625
• Main Authors: Jin Li, Xiaofeng Chen, Mingqiang Li, Jingwei Li, Lee, Patrick P. C., Wenjing Lou
• Format: Journal Article
• Language: English
• Published: New York IEEE 01.06.2014; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Cloud computing; convergent encryption; Data deduplication; Data storage; Deduplication; Encryption; key management; Locks & keys; Management; proof of ownership; Ramps; Reliability; Reproduction; Security; Security management; Servers; Transaction processing
• ISSN: 1045-9219; 1558-2183
• DOI: 10.1109/TPDS.2013.284

Data deduplication is a technique for eliminating duplicate copies of data, and has been widely used in cloud storage to reduce storage space and upload bandwidth. Promising as it is, an arising challenge is to perform secure deduplication in cloud storage. Although convergent encryption has been extensively adopted for secure deduplication, a critical issue of making convergent encryption practical is to efficiently and reliably manage a huge number of convergent keys. This paper makes the first attempt to formally address the problem of achieving efficient and reliable key management in secure deduplication. We first introduce a baseline approach in which each user holds an independent master key for encrypting the convergent keys and outsourcing them to the cloud. However, such a baseline key management scheme generates an enormous number of keys with the increasing number of users and requires users to dedicatedly protect the master keys. To this end, we propose Dekey , a new construction in which users do not need to manage any keys on their own but instead securely distribute the convergent key shares across multiple servers. Security analysis demonstrates that Dekey is secure in terms of the definitions specified in the proposed security model. As a proof of concept, we implement Dekey using the Ramp secret sharing scheme and demonstrate that Dekey incurs limited overhead in realistic environments.