Solving the Secure Storage Dilemma: An Efficient Scheme for Secure Deduplication with Privacy-Preserving Public Auditing

Existing cloud storage systems obtain the data in its plaintext form and perform conventional (server-side) deduplication mechanisms. However, disclosing the data to the cloud can potentially threaten the security and privacy of users, which is of utmost importance for a real-world cloud storage. This can be solved by secure deduplication mechanisms which enables the user to encrypt the data on the client-side (or via an encryption-as-a-service module) before uploading it to the cloud storage. Conventional client-side encryption solutions unfortunately make the deduplication more challenging. Privacy-preserving public auditing schemes, on the other hand, is also crucial because the clients outsource their data to the cloud providers and then permanently deletes the data from their local storages. In this paper, we consider the problem of secure deduplication over encrypted data stored in the cloud while supporting a privacy-preserving public auditing mechanism.We show that existing solutions cannot support both goals simultaneously due to the conflict of their security and efficiency requirements. In this respect, we present an efficient and secure deduplication scheme that supports client-side encryption and privacy-preserving public auditing. We finally show that our scheme provides better security and efficiency with respect to the very recently proposed existing schemes

An Efficient ID-Based Message Recoverable Privacy-Preserving Auditing Scheme

One of the most important benefits of public cloud storage is outsourcing of management and maintenance with easy accessibility and retrievability over the internet. However, outsourcing data on the cloud brings new challenges such as integrity verification and privacy of data. More concretely, once the users outsource their data on the cloud they have no longer physical control over the data and this leads to the integrity protection issue. Hence, it is crucial to guarantee proof of data storage and integrity of the outsourced data. Several pairing-based au- diting solutions have been proposed utilizing the Boneh-Lynn-Shacham (BLS) short signatures. They basically provide a desirable and efficient property of non-repudiation protocols. In this work, we propose the first ID-based privacy-preserving public auditing scheme with message recov- erable signatures. Because of message recoverable auditing scheme, the message itself is implicitly included during the verification step that was not possible in previously proposed auditing schemes. Furthermore, we point out that the algorithm suites of existing schemes is either insecure or very inefficient due to the choice of the underlying bilinear map and its baseline parameter selections. We show that our scheme is more ef- ficient than the recently proposed auditing schemes based on BLS like short signatures

RSA Şifreleme Sistemlerinin Kleptografik Arka Kapıları için Güvenlik ve Karmaşıklık Analizi

``Kriptografik bir sistemden, gizli bilgileri farkedilmeden ve sadece algoritmik değişiklerle çalabilme çalışmaları'' olarak özetleyebileceğimiz Kleptografi alt disiplinini incelediğimiz bu çalışmada, RSA şifreleme sistemine karşı kurgulanmış kleptografik atak senaryolarını, ilgili algoritmaları ve bu algoritmaların, atak barındırmayan standart algoritmaların gerçeklenmesi ile oluşan sonuçların karşılaştırmalı analizleri ele alınacaktır. Özellikle bu çalışmalarda, atakların bazıları implemente edilmiş ancak standart algoritma ile oluşacak davranış farkını gösterebilecek yeterli analizler yapılmamıştır. Bu çalışmada atakların ayırt edilebilmesi için yeterli olacak istatistiksel testler yapılmış ve oluşan sonuçlar analiz edilmiştir.</p

k-strong privacy for radio frequency identification authentication protocols based on physically unclonable functions

This paper examines Vaudenay's privacy model, which is one of the first and most complete privacy models that featured the notion of different privacy classes. We enhance this model by introducing two new generic adversary classes, k-strong and k-forward adversaries where the adversary is allowed to corrupt a tag at most k times. Moreover, we introduce an extended privacy definition that also covers all privacy classes of Vaudenay's model. In order to achieve highest privacy level, we study low cost primitives such as physically unclonable functions (PUFs). The common assumption of PUFs is that their physical structure is destroyed once tampered. This is an ideal assumption because the tamper resistance depends on the ability of the attacker and the quality of the PUF circuits. In this paper, we have weakened this assumption by introducing a new definition k-resistant PUFs. k-PUFs are tamper resistant against at most k attacks; that is, their physical structure remains still functional and correct until at most kth physical attack. Furthermore, we prove that strong privacy can be achieved without public-key cryptography using k PUF-based authentication. We finally prove that our extended proposal achieves both reader authentication and k-strong privacy