Journal Home > Volume 28 , Issue 1
Tsinghua Science and Technology 2023, 28(1): 1-12 https://doi.org/10.26599/TST.2021.9010071
Open Access | Issue | Published: 21 July 2022

Threat Model and Defense Scheme for Side-Channel Attacks in Client-Side Deduplication

Show Author's Information Guanxiong Ha1,2 Hang Chen1,2 Chunfu Jia1,2( ) Mingyue Li1,2
College of Cyber Science, Nankai University, Tianjin 300350, China
Tianjin Key Laboratory of Network and Data Security Technology, Tianjin 300350, China
Keywords:
privacy, cloud storage, deduplication, side-channel
Cite this article:
Ha G, Chen H, Jia C, et al. Threat Model and Defense Scheme for Side-Channel Attacks in Client-Side Deduplication. Tsinghua Science and Technology, 2023, 28(1): 1-12. https://doi.org/10.26599/TST.2021.9010071
Download citation
EndNote(RIS)
BibTeX

677

Views

87

Downloads

Citations

4

Crossref

3

WoS

7

Scopus

0

CSCD

Abstract Full text About this article

In cloud storage, client-side deduplication is widely used to reduce storage and communication costs. In client-side deduplication, if the cloud server detects that the user’s outsourced data have been stored, then clients will not need to reupload the data. However, the information on whether data need to be uploaded can be used as a side-channel, which can consequently be exploited by adversaries to compromise data privacy. In this paper, we propose a new threat model against side-channel attacks. Different from existing schemes, the adversary could learn the approximate ratio of stored chunks to unstored chunks in outsourced files, and this ratio will affect the probability that the adversary compromises the data privacy through side-channel attacks. Under this threat model, we design two defense schemes to minimize privacy leakage, both of which design interaction protocols between clients and the server during deduplication checks to reduce the probability that the adversary compromises data privacy. We analyze the security of our schemes, and evaluate their performances based on a real-world dataset. Compared with existing schemes, our schemes can better mitigate data privacy leakage and have a slightly lower communication cost.


menu
Abstract
Full text
Outline
About this article

Threat Model and Defense Scheme for Side-Channel Attacks in Client-Side Deduplication

Show Author's information Guanxiong Ha1,2Hang Chen1,2Chunfu Jia1,2( )Mingyue Li1,2
College of Cyber Science, Nankai University, Tianjin 300350, China
Tianjin Key Laboratory of Network and Data Security Technology, Tianjin 300350, China

Abstract

In cloud storage, client-side deduplication is widely used to reduce storage and communication costs. In client-side deduplication, if the cloud server detects that the user’s outsourced data have been stored, then clients will not need to reupload the data. However, the information on whether data need to be uploaded can be used as a side-channel, which can consequently be exploited by adversaries to compromise data privacy. In this paper, we propose a new threat model against side-channel attacks. Different from existing schemes, the adversary could learn the approximate ratio of stored chunks to unstored chunks in outsourced files, and this ratio will affect the probability that the adversary compromises the data privacy through side-channel attacks. Under this threat model, we design two defense schemes to minimize privacy leakage, both of which design interaction protocols between clients and the server during deduplication checks to reduce the probability that the adversary compromises data privacy. We analyze the security of our schemes, and evaluate their performances based on a real-world dataset. Compared with existing schemes, our schemes can better mitigate data privacy leakage and have a slightly lower communication cost.

Keywords: privacy, cloud storage, deduplication, side-channel

References(22)

[1]
W. Xia, H. Jiang, D. Feng, F. Douglis, P. Shilane, Y. Hua, M. Fu, Y. C. Zhang, and Y. K. Zhou, A comprehensive study of the past, present, and future of data deduplication, Proceedings of the IEEE, vol. 104, no. 9, pp. 1681–1710, 2016.
DOI Google Scholar
[2]
Y. Shin, D. Koo, and J. Hur, A Survey of secure data deduplication schemes for cloud storage systems, ACM Computing Surveys, vol. 49, no. 74, pp. 1–38, 2017.
DOI Google Scholar
[3]
D. T. Meyer and W. J. Bolosky, A study of practical deduplication, presented at 9th USENIX Conference on File and Storage Technologies, San Jose, CA, USA, 2011.
Google Scholar
[4]
J. Li, Z. Yang, Y. Ren, P. Lee, and X. Zhang, Balancing storage efficiency and data confidentiality with tunable encrypted deduplication, presented at 15th EuroSys Conference on Computer Systems, Heraklion, Greece, 2020.
DOI Google Scholar
[5]
J. Li, P. P. C. Lee, Y. Ren, and X. Zhang, Metadedup: Deduplicating metadata in encrypted deduplication via indirection, presented at 35th Symposium on Mass Storage Systems and Technologies (MSST), Santa Clara, CA, USA, 2019.
DOI Google Scholar
[6]
M. Mulazzani, S. Schrittwieser, M. Leithner, M. Huber, and E. Weippl, Dark clouds on the horizon: Using cloud storage as attack vector and online slack space, presented at 20th USENIX Security Symposium, San Francisco, CA, USA, 2011.
Google Scholar
[7]
D. Harnik, B. Pinkas, and A. Shulman-Peleg, Side-channels in cloud services: Deduplication in cloud storage, IEEE Security & Privacy, vol. 8, no. 6, pp. 40–47, 2010.
DOI Google Scholar
[8]
Z. Pooranian, K. Chen, C. Yu, and M. Conti, RARE: Defeating side-channels based on data-deduplication in cloud storage, presented at IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Honolulu, HI, USA, 2018.
DOI
[9]
C. Yu, S. P. Gochhayat, M. Conti, and C. Lu, Privacy aware data deduplication for side-channel in cloud storage, IEEE Transactions on Cloud Computing, vol. 8, no. 2, pp. 597–609, 2020.
DOI Google Scholar
[10]
F. Armknecht, J. Bohli, G. O. Karame, and F. Youssef, Transparent data deduplication in the cloud, presented at 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 2015.
DOI Google Scholar
[11]
M. Bellare, S. Keelveedhi, and T. Ristenpart, Messagelocked encryption and secure deduplication, presented at 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, 2013.
DOI Google Scholar
[12]
J. Li, Y. K. Li, X. Chen, P. P. C. Lee, and W. Lou, A hybrid cloud approach for secure authorized deduplication, IEEE Trans. Parallel Distributed Syst., vol. 26, no. 5, pp. 1206–1216, 2015.
DOI Google Scholar
[13]
Y. K. Zhou, D. Feng, W. Xia, M. Fu, F. T. Huang, Y. C. Zhang, and C. G. Li, SecDep: A user-aware efficient finegrained secure deduplication scheme with multilevel key management, presented at 31st IEEE Symposium on Mass Storage Systems and Technologies, Santa Clara, CA, USA, 2015.
DOI Google Scholar
[14]
R. M. Chen, Y. Mu, G. M. Yang, and F. C. Guo, BL-MLE: Blocklevel message-locked encryption for secure large file deduplication, IEEE Trans. Inf. Forensics Secur., vol. 10, no. 12, pp. 2643–2652, 2015.
DOI Google Scholar
[15]
J. W. Li, P. P. C. Lee, C. F. Tan, C. Qin, and X. S. Zhang, Information leakage in encrypted deduplication via frequency analysis: Attacks and defenses, ACM Trans. Storage., vol. 16, no. 1, pp. 1–30, 2020.
DOI Google Scholar
[16]
J. Stanek and L. Kencl, Enhanced secure thresholded data deduplication scheme for cloud storage, IEEE Trans. Dependable Secur. Comput., vol. 15, no. 4, pp. 694–707, 2018.
DOI Google Scholar
[17]
P. F. Zuo, Y. Hua, C. Wang, W. Xia, S. D. Cao, Y. K. Zhou, and Y. Y. Sun, Mitigating traffic-based side-channel attacks in bandwidth-efficient cloud storage, presented at 32nd IEEE International Parallel and Distributed Processing Symposium, Vancouver, Canada, 2018.
DOI Google Scholar
[18]
S. Keelveedhi, M. Bellare, and T. Ristenpart, Dupless: Server-aided encryption for deduplicated storage, presented at 22nd USENIX Security Symposium, Washington, DC, USA, 2013.
Google Scholar
[19]
S. Lee and D. Choi, Privacy-preserving cross-user sourcebased data deduplication in cloud storage, presented at International Conference on Information and Communication Technology Convergence, Jeju Island, Republic of Korea, 2012.
DOI
[20]
F. Armknecht, C. Boyd, G. T. Davies, K. Gjøsteen, and M. Toorani, Side-channels in deduplication: Trade-offs between leakage and efficiency, presented at 12th ACM on Asia Conference on Computer and Communications Security, Abu Dhabi, United Arab Emirates, 2017.
DOI Google Scholar
[21]
O. Heen, C. Neumann, L. Montalvo, and S. Defrance, Improving the resistance to side-channel attacks on cloud storage services, presented at 5th International Conference on New Technologies, Mobility and Security(NTMS), Istanbul, Turkey, 2012.
DOI Google Scholar
[22]
Y. Shin and K. Kim, Differentially private client-side data deduplication protocol for cloud storage services, Secur. Commun. Networks., vol. 8, no. 12, pp. 2114–2123, 2015.
DOI Google Scholar
Publication history
Copyright
Acknowledgements
Rights and permissions

Publication history

Received: 18 September 2021
Accepted: 29 September 2021
Published: 21 July 2022
Issue date: February 2023

Copyright

© The author(s) 2023.

Acknowledgements

This work was supported by the National Key R&D Program of China (No. 2018YFA0704703), National Natural Science Foundation of China (Nos. 61972215, 61972073, and 62172238), and Natural Science Foundation of Tianjin (No. 20JCZDJC00640).

Rights and permissions

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).

Return