cloudedup - secure de-duplication with encrypted data for cloud storage
DESCRIPTION
This presentation is on Prototype Implementation and Evaluation for research paper titled "Secure De-duplication with encrypted data for cloud storage" by Eurecom and SecludIT. http://www.eurecom.fr/en/publication/4110/detail/cloudedup-secure-deduplication-with-encrypted-data-for-cloud-storageTRANSCRIPT
1
CLOUDEDUP: SECURE DEDUPLICATION WITH ENCRYPTED DATA FOR CLOUD STORAGE
sagar UDAY KUMARkeerthi kumar KEMPAIAH HONNAPPA
Date(month/year): 06/2014Organizations: Eurecom and SecludIT
Mr. Pasquale PuzioPh.D., studentSecludIT and EURECOM
Mr. Sergio Loureiro Ph.D.,CEO and Co-Founder,SecludIT
Prof. Refik Molva Ph.D.,Head of Department,Communications & Computer Security, EURECOM
Prof. Melek Önen Ph.D.,Research Engineer,Communications & Computer Security, EURECOM
Supervisors:
2
Deduplication
3
Encryption
CIPHER TEXT
1
CIPHER TEXT
2
4
Convergent Encryption
CIPHER TEXT
CIPHER TEXT
Hash(Plain Text)
Hash(Plain Text)
5
Drawback & Solution
Suffer from weakness: Confirmation Of A File Attack Learn-The-Remaining-Information Attack
Solution ClouDedup - by Eurecom & SecludIT: Cross user – Block Level Deduplication Additional Encryption by Server
Symmetric (AES 256) & key known only by server MetaDataManager
management of keys Deduplication
6
High level view of ClouDedup
7
Detailed Architecture of ClouDedup
A B C D E
B
(B)H(B|(H(A)) ((H(B)))Store first key locally =H(A)
Signature of Block Encrypted Block Encrypted key
Client
((B))(H(B|(H(A))) (((H(B))))
User Id
File Id
Gateway
k
kg
MetadataManager (MM)
F:FileId {user: userId, name : File1}
FB:FileId [BlockId(A), BlockId(B), BlockId(C)..]
B:BlockId(B) {Storage container, count: 1}
L:FileId: BlockId(A): BlockId(B):
{(((H(B))))}
S:FileId:BlockId(B) [(H(B|(H(A)))]
((B))
= private key of = H(B)
Upload Phase - Instance
9 ClientGateway
MM
Cloud Storage Provider
Request (fileId,UserId) forward
request (fileId,UserId)
User Authorization and Download requests for{Block1Id,Block2Id....}Return Data Blocks {Block1,Block2....}
{Block1,Block2....}, signatures, keys
After Signature verification -Decrypted ({Block1,Block2....}, signatures, keys)
Download Request
Decryption, Re-Build file
Download Phase - Instance
10
Performance Evaluation - Setup
Client and GW @ VM – Eurecom
S3server and MM @ VM – Amazon EC2
Upload/Download/Delete – Data sets
Same experiment is repeated for 10 times
Save Log files
11
ClouDedup: Time consumption at Client
uplo
ad -
split
uplo
ad -
Encr
yptio
n
uplo
ad -
Comm
unicat
ion
Downl
oad
- Com
mun
icat
ion
Downl
oad
- Dec
rypt
ion
Downl
oad
- Re
Build
File
Delet
e - C
omm
unicat
ion
0.297751.836974
63.9095 68.5815
1.395450.21357
32.47381
Activitywise Time consumption in seconds (15 MB file)
Total time : upload(66.044), download(70.19), delete (32.473)
12
Performance of ClouDedup with Other Service providers – Upload
13
Bottleneck
Detailed analysis revealed us the delay was mainly at two areas.
At MetaDataManager (MM) – (upload -33.3501 seconds for 15 MB File)
- MM has to upload/download/delete blocks to/from the Cloud.
At Proxy
- Delay because of the data transfer time.
- Client to Proxy – (upload -13.2349 seconds for 15 MB File)
- Proxy to MM – (upload - 16.8265 seconds for 15 MB File)
- Transfer of larger HTTPS requests.
- GW and MM process request when entire request body is received
14
Potential Solution : Data Chunking
15
Cross platform Application skeleton
16
ClouDedup windows shell Extension
17
ClouDedup FileSystem Watcher
18
Conclusion
Implementation : ClouDedup prototype from scratch
Performance Evaluation of ClouDedup Comparison of ClouDedup Performance
with other service providers Bottleneck analysis - delay in proxy & MM
by waiting for the entire file to be received GUI skeleton for user ease ClouDedup Windows Shell Extension
19
Thank you