Venue | Category |
---|---|
DSN'16 | Secure Deduplication |
Rekeying for Encrypted Deduplication Storage1. SummaryMotivation of this paperREEDImplementation and Evaluation2. Strength (Contributions of the paper)3. Weakness (Limitations of the paper)4. Future Works
Replacing an existing key with a new key for encryption
it can renews security protection, so as to protect against key compromise and enable dynamic access control in cryptogrephic storage.
This paper implements a rekeying-aware encrypted deduplication storage system.
to realize efficient rekeying trade between performance and security, achieve dynamic access control
Why realizing efficient rekeying in encrypted deduplication storage is challenging?
- if it renews the key by renewing the derivation function any newly stored message encrypted by the new key can no longer be deduplicated with the existing identical message.
- if it re-encrypts all existing messages with the new key , then there will be tremendous performance overheads.
Key Question: how to enable secure and lightweight rekeying, while preserving the deduplication capability?
preserve content similarity. sacrificing a slight degradation of storage efficiency.
Augments CAONT to enable rekeying
- generate a CAONT package with the MLE key as an input
- encrypt a small part of the package with the file key stab
- Since the stab is very samll, the rekeying overhead can be mitigated.
for key generation resisting brute-force attack
can compromise the cloud (any hosted server and the storage backend): all stored chunks and keys can collude with a subset of unauthorized or revoked clients can monitor the activities of the clients, identify the result returned by the key manager.
an adversary cannot compromise or gain access to the key manager.
- Modify the cryptographic hash key in CANOT by the corresponding MLE key generated by the key manager.
- append a publicly known, fixed-size canary to for CANOT, so that the integrity of can be checked.
Need an additional encryption step.
ciphertext policy attribute-based encryption (CP-ABE): can be used to control the access privileges. key regression
mitigate computational and I/O overhead
four of the five servers manages the key store
Datasets:
Synthetic data: 2GB file of the synthetic data, load the synthetic data into memory to avoid generating any disk I/O overhead Real-world data: FSL trace: 2013
fix the batch size as 256 per-chunk key generation requests. Around MB/s MLE key generation performance: start from sending the blinded fingerprints to the key manager
observe that the encryption speed is not the performance bottleneck in REED (network speed Gb/s)
the main bottleneck is the MLE key generation speed. eight clients: MB/s
the enhanced scheme is resilient against key leakage through a more expensive encryption.