Study On Deduplication Supporting Fuzzy Matching For Encrypted Data In Cloud Storage

Cloud storage services have been developed rapidly in recent years.Client-side deduplication technology is widely used in cloud storage services to save storage space and upload bandwidth.The concept of Proofs of Ownership(Po W)is proposed to help the cloud server to verify whether a client really has a complete original file in order to achieve secure client-side deduplication.However,most widely used deduplication technologies are based on file or fixed-size block level,which make the duplicate data can not be matched between two similar files.This results in the decrease of the deduplication ratio.The early Po W schemes like “hash as proof” is not secure enough,because the hash value of the file may be leaked easily and used by an adversary to cheat the cloud server and pass the Po W successfully.In addition,the early Po W schemes only focus on the plaintext,while ignoring the privacy of clients' data is vulnerable to the “honest-but-curious” cloud server.Some researchers have proposed several solutions to solve this problem by encrypting clients' data before outsourcing them to the cloud server and allowing each data owner to share the encryption keys for the same data.However,the costs and the security threats from keys distribution still exist in these schemes.In order to achieve a secure and efficient client-side deduplication,the existing deduplication and Po W schemes are studied and analyzed in this paper,and the main results obtained are as follows:1.A novel deduplication scheme supporting fuzzy matching for encrypted data is proposed.Firstly,it matches the duplicate data blocks between two similar files and achieves the purpose of increasing the rate of deduplication by applying the improved fuzzy hash algorithm to the deduplication technology.Secondly,to protect the privacy of clients' data,it resolves the security issue that the previous convergent encryption(CE)algorithm is vulnerable to the off-line dictionary attack by the cooperation of the client and the security agent to generate the convergent keys.Thirdly,we design a key sharing method by utilizing the Ciphertext-Policy Attribute-Based Encryption(CP-ABE)mechanism,which can reduce the costs of key management and avoid the security threats that exist in the keys distribution process.Finally,the performance analysis and simulation results show that the proposed scheme not only has a higher deduplication ratio compared with the previous schemes,but also has a good performance,especially in terms of reducing the computation and storage stress of clients.2.A novel Po W scheme for encrypted data blocks is proposed.It achieves a secure Po W for encrypted data according to the challenge information of the cloud server and the proof information of the client to complete the Po W process without the disclosure of clients' data to the “honest-but-curious” cloud server,as well as resolving the problem that the “hash as proof” is not secure.After security analysis and performance tests,the proposed scheme is not only securer than the previous schemes,but also effectively reducing the computation costs of clients.