کد مقاله | کد نشریه | سال انتشار | مقاله انگلیسی | نسخه تمام متن |
---|---|---|---|---|
458968 | 696213 | 2016 | 16 صفحه PDF | دانلود رایگان |
Deduplication is widely used by cloud storage providers to cut costs, by storing and uploading a single instance of identical files shared across multiple user accounts. However, cross-account deduplication introduces several new side-channel attacks on user privacy; see e.g., Harnik et al. (IEEE Security and Privacy Magazine, 2010), Mulazzani et al. (USENIX Security, 2011). As a response, several solutions have been proposed to mitigate different deduplication privacy concerns. In this paper, we summarize notable attacks on deduplication, and analyze recently proposed privacy-preserving secure deduplication solutions in terms of privacy-gain, deployment and bandwidth costs, and security limitations (if any). In particular, we identify weaknesses in a secure deduplication proposal based on the use of a home gateway device (Heen et al., New Technologies, Mobility and Security, 2012); we also explore how these weaknesses may lead to three separate attacks. Overall, our analysis may help storage providers to evaluate competing solutions, and the research community to better design privacy-preserving deduplication solutions by addressing limitations of current proposals.
Journal: Journal of Information Security and Applications - Volumes 27–28, April–May 2016, Pages 3–18