Study on secure and efficient management of outsourced data in cloud storage : searching and deduplication over encrypted data = 클라우드 스토리지의 안전성 및 효율성 향상을 위한 암호화된 데이터 검색 및 중복 제거에 대한 연구searching and deduplication over encrypted data
Cloud computing is a new computing paradigm where not only low-level resources but also high-level IT services are integrated in an abstract form. In cloud storage as an application of cloud computing services, a third party data center known as a cloud service provider (CSP) plays an important role as a data management entity. Since the CSP is the authority that controls the data items stored in the system, the CSP can look into data items stored in cloud storage without the data owners’ permission. Therefore, there is concern about privacy issues of the outsourced data, due to either the CSP’s malfunction or abuse for illicit profit, even if the data owners do not want to reveal any information. Thus, security and privacy issues in terms of this CSP as well as the potential illegal users are receiving an increased amount of attention in the literature. Two approaches are suggested in order to provide encrypted data management in cloud storage in resource-efficient manner.
In case of private information retrieval, an efficient data retrieval scheme for a cloud storage system is proposed. It provides security and privacy with enhanced quality of the service by exploiting attribute-based encryption. The proposed data retrieval mechanism provides richer expressiveness of keyword search policies than previous searchable encryptions. It is verified that the proposed cryptosystem is more suitable for a one-upload-many-download service in terms of flexibility and scalability.
In terms of the explosion of data volume, secure deduplication in a dynamic cloud environment is proposed. While minimizing degradation of the service quality caused by redundancies, dynamic updates of outsourced contents and changes of data-sharing owners are taken into account. Different classes of deduplication granularities are combined to reduce duplicates for small portions of updates in the outsourced data. Sharing context of incremental back-up, only updated portions can be reproduced and deduplicated. By exploiting universal re-encryption, secret keys of data-sharing owners can be securely updated on membership changes of the ownership group. Security analyses show that the proposed scheme is secure under key exposure threats while providing forward- and backward-secrecy. Performance evaluations show that it is also resource-efficient in terms of storage space consumption.