| Cloud storage service is gaining popularity in recent years. Client-side deduplication is widely adopted by cloud storage services to save bandwidth and storage. Proofs-ofownership(Po W) is an important cryptographic primitive that helps the cloud storage to verify a client holds the whole file rather than part or short message of it in order to secure client side data deduplication. The previous Po W schemes worked well when the file is in plaintext. However, the privacy of clients’ data may be vulnerable to ’honest-but curious’ attacks, the data confidentiality receives more and more attentions and clients tend to encrypt files before outsourcing them to the cloud. So that the previous Po W schemes cannot be applied to the encrypted files any more.In this paper, we propose a secure zero knowledge based client side deduplication scheme over encrypted files. At first, our scheme utilizes zero knowledge proof to enable encrypted files deduplication under the circumstances that the server stores only the encrypted files and the client tends to make no data leakage during the deduplication process. The extensive security analysis shows that the proposed scheme is proved to be sound, complete and zero knowledge and could achieve a high detection probability of the clients’ misbehavior. Secondly, our scheme deploys proxy re-encryption protocol to do key distribution. It enables the clients who have gained the ownership of the same file to share the same file encryption key even without establishing secure channels among them. The core idea behind is that the server only acts as proxy to help distribute the file encryption key while knowing nothing about the key. It is proved that the clients’ private key cannot be recovered by server and other collusive clients through the key distribution phase. At last, we implement and test the proposed scheme and the result of performance evaluation shows that the time cost of our scheme is one hundred times lower than the previous schemes.It can be concluded that the proposed zero knowledge based client side deduplication scheme could enable data deduplication over encrypted files which would save storage and bandwidth for clients and storage servers. And in the theory of provable security, the proposed scheme can obtain complete zero knowledge property, which could avoid leakage of users’ private data. Combining the performance evaluation results, the proposed scheme is more efficient and secure than the previous client-side data deduplication scheme. |
PDF Full Text Request