Block-level De-duplication with Encrypted Data

Deduplication is a storage saving technique which has been adopted by many cloud storage providers such as Dropbox. The simple principle of deduplication is that duplicate data uploaded by different users are stored only once. Unfortunately, deduplication is not compatible with encryption. As a scheme that allows deduplication of encrypted data segments, we propose ClouDedup, a secure and efficient storage service which guarantees blocklevel deduplication and data confidentiality at the same time. ClouDedup strengthens convergent encryption by employing a component that implements an additional encryption operation and an access control mechanism. We also propose to introduce an additional component which is in charge of providing a key management system for data blocks together with the actual deduplication operation. We show that the overhead introduced by these new components is minimal and does not impact the overall storage and computational costs

Fast and secure laptop backups with encrypted de-duplication

Many people now store large quantities of personal and corporate data on laptops or home computers. These often have poor or intermittent connectivity, and are vulnerable to theft or hardware failure. Conventional backup solutions are not well suited to this environment, and backup regimes are frequently inadequate. This paper describes an algorithm which takes advantage of the data which is common between users to increase the speed of backups, and reduce the storage requirements. This algorithm supports client-end per-user encryption which is necessary for confidential personal data. It also supports a unique feature which allows immediate detection of common subtrees, avoiding the need to query the backup system for every file. We describe a prototype implementation of this algorithm for Apple OS X, and present an analysis of the potential effectiveness, using real data obtained from a set of typical users. Finally, we discuss the use of this prototype in conjunction with remote cloud storage, and present an analysis of the typical cost savings.

Flexible Yet Secure De-Duplication Service for Enterprise Data on Cloud Storage

The cloud storage services bring forth infinite storage capacity and flexible access capability to store and share large-scale content. The convenience brought forth has attracted both individual and enterprise users to outsource data service to a cloud provider. As the survey shows 56% of the usages of cloud storage applications are for data back up and up to 68% of data backup are user assets. Enterprise tenants would need to protect their data privacy before uploading them to the cloud and expect a reasonable performance while they try to reduce the operation cost in terms of cloud storage, capacity and I/Os matter as well as systems’ performance, bandwidth and data protection. Thus, enterprise tenants demand secure and economic data storage yet flexible access on their cloud data. In this paper, we propose a secure de-duplication solution for enterprise tenants to leverage the benefits of cloud storage while reducing operation cost and protecting privacy. First, the solution uses a proxy to do flexible group access control which supports secure de-duplication within a group; Second, the solution supports scalable clustering of proxies to support large-scale data access; Third, the solution can be integrated with cloud storage seamlessly. We implemented and tested our solution by integrating it with Dropbox. Secure de-duplication in a group is performed at low data transfer latency and small storage overhead as compared to de-duplication on plaintext

A Study of Key Management for Encrypted Storage in Storage Area Network

As secure storage becomes more pervasive throughout the enterprise, the focus quickly moves from implementing encrypting storage devices to establishing effective and secure key management policies. Without the proper key generation, distribution, storage, and recovery, valuable data will be eventually compromised [9]. Although a considerable amount of research has been dedicated to encryption algorithms in the past decades, key management becomes an issue due to the quantity of data. For example, with millions of data you will need million set of keys. To manage and keep track of these keys, complexity and operational inefficiency becomes an issue. How to manage keys becomes a challenging task. Adequate understanding of these new challenges is essential to effectively devise new key management policies and mechanisms to guard against them. We discuss many of these methods in this new context to fill this gap.Storage Security, Key Management, Storage Area Network

Detecting time-fragmented cache attacks against AES using Performance Monitoring Counters

Cache timing attacks use shared caches in multi-core processors as side channels to extract information from victim processes. These attacks are particularly dangerous in cloud infrastructures, in which the deployed countermeasures cause collateral effects in terms of performance loss and increase in energy consumption. We propose to monitor the victim process using an independent monitoring (detector) process, that continuously measures selected Performance Monitoring Counters (PMC) to detect the presence of an attack. Ad-hoc countermeasures can be applied only when such a risky situation arises. In our case, the victim process is the AES encryption algorithm and the attack is performed by means of random encryption requests. We demonstrate that PMCs are a feasible tool to detect the attack and that sampling PMCs at high frequencies is worse than sampling at lower frequencies in terms of detection capabilities, particularly when the attack is fragmented in time to try to be hidden from detection

An Enhanced Multi-layered Cryptosystem Based Secure and Authorized De-duplicaton Model in Cloud Storage System

Data de-duplication is one of the essential data compression techniques for eliminating duplicate copies of repeating data, and it has been widely used in cloud storage to reduce the amount of storage space and save bandwidth. To protect the privacy of sensitive data while supporting de-duplication, the salt encryption technique has been proposed to encrypt the data before its outsourcing. To protect the data security in a better way, this paper makes the first attempt to formally address the problem of authorized data de-duplication. Different from traditional de-duplication systems, the derivative privileges of users are further considered in duplicate check besides the data itself. We also present various new de-duplication constructions which supports the authorized duplicate check in hybrid cloud architecture. Security analysis demonstrates that the scheme which we used is secure in terms of the definitions specified in the proposed security model. We enhance our system in security. Specially, we present a forward-looking scheme to support a stronger security by encrypting file with differential privilege keys. We show that our proposed authorized duplicate check scheme incurs minimal overhead compared to normal operations

Random Linear Network Coding for 5G Mobile Video Delivery

An exponential increase in mobile video delivery will continue with the demand for higher resolution, multi-view and large-scale multicast video services. Novel fifth generation (5G) 3GPP New Radio (NR) standard will bring a number of new opportunities for optimizing video delivery across both 5G core and radio access networks. One of the promising approaches for video quality adaptation, throughput enhancement and erasure protection is the use of packet-level random linear network coding (RLNC). In this review paper, we discuss the integration of RLNC into the 5G NR standard, building upon the ideas and opportunities identified in 4G LTE. We explicitly identify and discuss in detail novel 5G NR features that provide support for RLNC-based video delivery in 5G, thus pointing out to the promising avenues for future research.Comment: Invited paper for Special Issue "Network and Rateless Coding for Video Streaming" - MDPI Informatio

Roadmap on optical security

Postprint (author's final draft