High-Performance Encrypted Data Deduplication System Based On Trusted Execution Environment

Cloud providers keep low maintenance costs via deduplication,which stores only a single copy of redundant data from the same or different clients.Encrypted deduplication builds on cryptographic primitives to augment deduplication with data confidentiality,which preserves the deduplication effectiveness on encrypted data and is attractive for outsourced storage.However,existing encrypted deduplication approaches build on expensive cryptographic primitives that incur substantial performance slowdown.Meanwhile,existing encrypted deduplication has a security problem,as it cannot fully address a malicious client,which enumerates data contents to launch the learning-content attack.To address the performance overhead in encrypted deduplication.This thesis presents TEEDedup,which leverages the trusted execution environment（TEE）to speed up encrypted deduplication based on server-aided message-locked encryption（MLE）while preserving security.In addition,it also uses TEE to boost proof-of-ownership（PoW）in source-based deduplication.TEEDedup implements a suite of secure interfaces to execute MLE key generation and PoW operations in enclaves.It also proposes assorted designs to support secure and efficient enclave operations.Evaluation on synthetic and real-world workloads shows that TEEDedup achieves significant speedups and maintains high bandwidth and storage savings.To address the security limitation,this thesis presents FeatureSpy,which augments encrypted deduplication by proactively performing attack detection.It builds on the insight that a malicious client enumerates many similar data for the attack,and reports the learning-content attack by detecting similarities among the processing contents.Also,it proposes a new primitive to preserve similarity after encryption and performs similarity detection based on the encrypted contents,such that the malicious client cannot bypass the detection procedure.Evaluation on synthetic and real-world workloads shows that FeatureSpy not only detects the learning-content attack with high probabilities and low misjudgments but also incurs limited performance overhead when being deployed in TEEDedup.