Professional Documents
Culture Documents
Praveen - Secure Deduplicated Cloud Storage With Encrypted Two-Party Interactions in CCPS
Praveen - Secure Deduplicated Cloud Storage With Encrypted Two-Party Interactions in CCPS
INTERACTIONS IN CCPS
ABSTRACT
Cloud envisioned Cyber-Physical Systems (CCPS) is a practical technology that relies on the
interaction among cyber elements like mobile users to transfer data in cloud computing. . In
CCPS, cloud storage applies data deduplication techniques aiming to save data storage and
bandwidth for real-time services. In this infrastructure, data deduplication eliminates duplicate
data to increase the performance of the CCPS application. However, it incurs security threats
and privacy risks. So, we propose a message Lock Encryption with neVer-decrypt
homomorphic EncRyption (LEVER) protocol between the uploading CCPS user and cloud
storage to reconcile the encryption and data deduplication.Interestingly, LEVER is the first
brute-force resilient encrypted deduplication with only cryptographic two-party interactions.
We perform several numerical analysis of LEVER and confirm that it provides high
performance and practicality compared to the literature.
tackle the brute-force attack in cloud paper will explore the significance of
above gaps and refer to the paper’s capacity optimization techniques within
the data previously stored by all the clients. into three phases; the user derives the chunk
In this case it is designated as inter-user key for the chunk to be uploaded in the first
improves users experience by saving into an encrypted form in the second phase,
network bandwidth and reducing backup and then runs the ordinary data deduplication
time when the clients perform the protocol in the third phase.
be extended to the block level. Specifically associated with a given number of clients.
our approach is a two- phase deduplication Clients communicate with the SS via their
that leverages and combines both intra- and associated deduplication proxy. A
❖ Future.
❖ Trigger an action.
❖ Confirm an action.
prototype to demonstrate the practicality.
A comparison among different systems is
8. IMPLEMENTATION
shown in Table I. The python
implementation of LEVER is available in
The contributions of this paper are
[14].
summarized as follows. • An obstacle in
designing encrypted data deduplication is how
the cloud can find that two distinct encrypted We have implemented two storage system
chunks are from the same content. Thus, our prototypes to compare the performance
first contribution is developing a message overhead of our proposition with respect to a
Lock Encryption with neVer-decrypt classic storage system with no data
homomorphic EncRyption (LEVER) by encryption. Specifically, we have developed a
taking advantage of the property of classic storage system with a client and
homomorphic encryption without further storage server software modules, and one
decryption and resiliency against brute-force implementing our proposition with a client, a
by external attackers. deduplication proxy and storage server
software modules. All these software modules
are implemented in python 2.7.6 and access
In LEVER, only the uploader and cloud
the pycrypto library for the cryptographic
participate in the uploading process, in
operations. We use the SHA256 algorithm as
contrast to most current solutions in need
the hash function, RSA1024 for asymmetric
of the third party’s participation in CPS. encryption operations, and AES for the
symmetric encryption operations with keys
LEVER can work transparently with any
that are 256 bits long. The storage servers use
current cloud storage linked with the CPS
the MongoDB3 database to store the meta-
users without the need for cloud storage
data of the stored files as well as files owners.
provider’s engineering work at the
The software modules are executed on three
backend. • We validate LEVER in terms of
different virtual machines (VMs) running on
communication and deduplication costs
Ubuntu 12.04.4 LTS with 1GB of memory
using two datasets, namely Enron [12] and
and an AMD Opteron(TM) octa-core
Oxford [13]. Processor 6220@3GHz. The network
Lastly, in addition to the analysis and topology is as follows: the VM executing the
DP software is located on the network path
numerical simulations, we have a LEVER
between the VM running the different clients
modules and the one executing the different physical system. LEVER applied encrypted
SSs modules. client-side data deduplication with only
9. OUTPUT SCREENS symmetrically cryptographic two-party
interactions to cope with a brute-force
attack in cloud storage. We proved the
security of LEVER via ideal/real
paradigms. We also demonstrate the
significant performance of the LEVER via
the analysis and numerical simulations.
Although client-side data deduplication has
been widely adopted by commercial cloud
storage services to eliminate data
redundancy, it breaches the user privacy.
Exchanging messages between the user and
cloud storage to verify whether a file is
already stored creates a side-channel for the
attacker to gain information about the file
existence status. In the future, we plan to
enhance the LEVER’s privacy to deal with
side-channel attacks in the cloud storage by
creating a probabilistic relation between the
messages exchanged.