Venue | Category |
---|---|
USENIX Security'13 | Secure Deduplication |
DupLESS: Server-Aided Encryption for Deduplicated Storage1. SummaryMotivation of this paper: DupLESS (Duplicateless Encryption for Simple Storage)Implementation and Evaluation2. Strength (Contributions of the paper)3. Weakness (Limitations of the paper)4. Future Works
In cloud deduplication, Message-locked encryption (MLE) is inherently subject to brute-force attacks that can recover files falling into a know set. This paper proposes an key-server based architecture that can provides secure deduplicated storage resisting brute-force attacks.
The weakness of convergent encryption (CE): deterministic and keyless, security only is possible when the target message is too large to exhaust. (unpredictable)
Goal: make DupLESS work transparently with existing Storage Service system. (Site as a layer on top of existing simple storage service interfaces)
OPRF: server learns nothing, client learns on
limit clients to send queries per epoch.
Encrypt and decrypt files Handle file names and paths Run Transparently: low overhead, still can run when KS is down, no client-side state
- Bandwidth overhead: DupLESS bandwidth overhead compared to plain Dropbox
- Retrieval latency: vary file size, compare with plain Dropbox and Covergent Encryption.
- Storage Overhead: DupLESS storage overhead compared to dedup over plaintexts