Beruflich Dokumente
Kultur Dokumente
Project Synopsis
For
Submitted by
1. Introduction:
Data deduplication is one of important data compression techniques for eliminating duplicate
copies of repeating data, and has been widely used in cloud storage to reduce the amount of
storage space and save bandwidth. To protect the confidentiality of sensitive data while
supporting deduplication, the convergent encryption technique has been proposed to encrypt
the data before outsourcing. To better protect data security, this paper makes the first attempt
to formally address the problem of authorized data deduplication. Different from traditional
deduplication systems, the differential privileges of users are further considered in duplicate
check besides the data itself. We also present several new deduplication constructions
supporting authorized duplicate check in a hybrid cloud architecture. Security analysis
demonstrates that our scheme is secure in terms of the definitions specified in the proposed
security model. As a proof of concept, we implement a prototype of our proposed authorized
duplicate check scheme and conduct test-bed experiments using our prototype. We show that
our proposed authorized duplicate check scheme incurs minimal overhead compared to
normal operations.
2. Previous system Problem :
previous deduplication systems cannot support differential authorization duplicate check,
which is important in many applications. In such an authorized deduplication system, each
user is issued a set of privileges during system initialization.
1.
Pay As You Go: User needs to pay charges as per disk space utilized by
him. So, because of duplicate copies of file user need to pay more amounts.
b.
network performance.
c.
2.
b.
Authorized users should get download access to shared files in his access
domain.
3.
Confidentiality:
a.
Cloud service providers are the third party service providers. So, Its not
scheme.
c.
But if stored encrypted files on cloud then, we cant that, the new file
3. Literature Survey:
[1]P. Anderson and L. Zhang. Fast and secure laptop backups with encrypted de-duplication.
In Proc. of USENIX LISA, 2010
Summary :
Many people now store large quantities of personal and corporate data on laptops or home
computers. These often have poor or intermittent connectivity, and are vulnerable to theft or
hardware failure. Conventional backup solutions are not well suited to this environment, and
backup regimes are frequently inadequate. This paper describes an algorithm which takes
advantage of the data which is common between users to increase the speed of backups, and
reduce the storage requirements. This algorithm supports client-end per-user encryption
which is necessary for confidential personal data. It also supports a unique feature which
allows immediate detection of common subtrees, avoiding the need to query the backup
system for every file. We describe a prototype implementation of this algorithm for Apple OS
3
X, and present an analysis of the potential effectiveness, using real data obtained from a set of
typical users. Finally, we discuss the use of this prototype in conjunction with remote cloud
storage, and present an analysis of the typical cost savings.
[2]
different classes of message sources. Our work shows that MLE is a primitive of both
practical and theoretical interest.
[4]
against impersonation under active and concurrent attacks. In CRYPTO, pages 162177,
2002.
[6]
Motivation :
1. Convergent encryption is open to a "confirmation of a file attack" in which an attacker
can effectively confirm whether a target possesses a certain file by encrypting an
unencrypted, or plain-text, version and then simply comparing the output with files
possessed by the target.
2. So to overcome these we can use another encryption technique instead of this like
AES/MAES etc.
3. We are proposing client side deduplication scheme as future scope.
4. Objective
To design the front end where user is able to request to the private cloud to get
the token for the file.
After that user able to upload or download the file.
To develop and design code for generating convergent key and proof of
ownership.
To test the system with the proper tool.
5
5. Methodology:
In this paper, we address the problem of privacy preserving de-duplication in cloud
computing and propose a new de-duplication system supporting for
Differential Authorization. Each authorized user is able to get his/her individual token of
his file to perform duplicate check based on his privileges. Under this assumption, any user
cannot generate a token for duplicate check out of his privileges or without the aid from the
private cloud server.
Authorized Duplicate Check. Authorized user is able to use his/her individual private keys
to generate query for certain file and the privileges he/she owned with the help of private
cloud, while the public cloud performs duplicate check directly and tells the user if there is
any duplicate. The security requirements considered in this paper lie in two folds, including
the security of file token and security of data files. For the security of file token, two aspects
are defined as unforgeability and indistinguishability of file token. The details are given
below.
Unforgeability of file token/duplicate-check token. Unauthorized users without appropriate
privileges or file should be prevented from getting or generating the file tokens for duplicate
check of any file stored at the S-CSP. The users are not allowed to collude with the public
cloud server to break the unforgeability of file tokens. In our system, the S-CSP is honest but
curious and will honestly perform the duplicate check upon receiving the duplicate request
from users. The duplicate check token of users should be issued from the private cloud server
in our scheme.
Indistinguishability of file token/duplicate-check token. It requires that any user without
querying the private cloud server for some file token, he cannot get any useful information
from the token, which includes the file information or the privilege information.
Data Confidentiality. Unauthorized users without appropriate privileges or files, including
the S-CSP and the private cloud server, should be prevented from access to the underlying
plaintext stored at S-CSP. In another word, the goal of the adversary is to retrieve and recover
the files that do not belong to them. In our system, compared to the previous definition of
data confidentiality based on convergent encryption, a higher level confidentiality is defined
6
and achieved.
6. System Design and Architecture:
The diagram of the proposed approach is shown below.
The CSP provides a web interface for the client to store data into a set of cloud servers, which
are running in a cooperated and distributed manner. In addition, the web interface is used by
the users to retrieve, modify and restore data from the cloud, depending on their access rights.
Moreover, the CSP relies on database servers to map client identities to their stored data
identifiers and group identifiers.
Our secure client-side data deduplication scheme is based on an original use of the
convergent encryption.That is, on one hand, when a data owner wants to store a new
enciphered data file in remote storage servers, he has first to generate the enciphering key.
This data encrypting key is derived by applying a one way hash function on data content.
After successfully encrypting the file data, the client has to generate the data identifier of
enciphered data, in order to check its uniqueness in cloud database, before uploading the
claimed file. This data identifier is computed by using a Merkle hash tree, over encrypted
contents. Then, for subsequent data outsourcing, the client is not required to send the same
encrypted data. However, he has to substitute a client-server interactive proof scheme (PoW),
in order to prove his ownership
8. References:
[1]
P. Anderson and L. Zhang. Fast and secure laptop backups with encrypted de-
[3]
against impersonation under active and concurrent attacks. In CRYPTO, pages 162177,
2002.
[6]