1

CLOUDEDUP: SECURE DEDUPLICATION WITH ENCRYPTED DATA FOR CLOUD STORAGE

sagar UDAY KUMARkeerthi kumar KEMPAIAH HONNAPPA

Date(month/year): 06/2014Organizations: Eurecom and SecludIT

Mr. Pasquale PuzioPh.D., studentSecludIT and EURECOM

Mr. Sergio Loureiro Ph.D.,CEO and Co-Founder,SecludIT

Prof. Refik Molva Ph.D.,Head of Department,Communications & Computer Security, EURECOM

Prof. Melek Önen Ph.D.,Research Engineer,Communications & Computer Security, EURECOM

Supervisors:

2

Deduplication

3

Encryption

CIPHER TEXT

1

CIPHER TEXT

2

4

Convergent Encryption

CIPHER TEXT

CIPHER TEXT

Hash(Plain Text)

Hash(Plain Text)

5

Drawback & Solution

Suffer from weakness: Confirmation Of A File Attack Learn-The-Remaining-Information Attack

Solution ClouDedup - by Eurecom & SecludIT: Cross user – Block Level Deduplication Additional Encryption by Server

Symmetric (AES 256) & key known only by server MetaDataManager

management of keys Deduplication

6

High level view of ClouDedup

7

Detailed Architecture of ClouDedup

A B C D E

B

(B)H(B|(H(A)) ((H(B)))Store first key locally =H(A)

Signature of Block Encrypted Block Encrypted key

Client

((B))(H(B|(H(A))) (((H(B))))

User Id

File Id

Gateway

k

kg

MetadataManager (MM)

F:FileId {user: userId, name : File1}

FB:FileId [BlockId(A), BlockId(B), BlockId(C)..]

B:BlockId(B) {Storage container, count: 1}

L:FileId: BlockId(A): BlockId(B):

{(((H(B))))}

S:FileId:BlockId(B) [(H(B|(H(A)))]

((B))

= private key of = H(B)

Upload Phase - Instance

9 ClientGateway

MM

Cloud Storage Provider

Request (fileId,UserId) forward

request (fileId,UserId)

User Authorization and Download requests for{Block1Id,Block2Id....}Return Data Blocks {Block1,Block2....}

{Block1,Block2....}, signatures, keys

After Signature verification -Decrypted ({Block1,Block2....}, signatures, keys)

Download Request

Decryption, Re-Build file

Download Phase - Instance

10

Performance Evaluation - Setup

Client and GW @ VM – Eurecom

S3server and MM @ VM – Amazon EC2

Upload/Download/Delete – Data sets

Same experiment is repeated for 10 times

Save Log files

11

ClouDedup: Time consumption at Client

uplo

ad -

split

uplo

ad -

Encr

yptio

n

uplo

ad -

Comm

unicat

ion

Downl

oad

- Com

mun

icat

ion

Downl

oad

- Dec

rypt

ion

Downl

oad

- Re

Build

File

Delet

e - C

omm

unicat

ion

0.297751.836974

63.9095 68.5815

1.395450.21357

32.47381

Activitywise Time consumption in seconds (15 MB file)

Total time : upload(66.044), download(70.19), delete (32.473)

12

Performance of ClouDedup with Other Service providers – Upload

13

Bottleneck

Detailed analysis revealed us the delay was mainly at two areas.

At MetaDataManager (MM) – (upload -33.3501 seconds for 15 MB File)

- MM has to upload/download/delete blocks to/from the Cloud.

At Proxy

- Delay because of the data transfer time.

- Client to Proxy – (upload -13.2349 seconds for 15 MB File)

- Proxy to MM – (upload - 16.8265 seconds for 15 MB File)

- Transfer of larger HTTPS requests.

- GW and MM process request when entire request body is received

14

Potential Solution : Data Chunking

15

Cross platform Application skeleton

16

ClouDedup windows shell Extension

17

ClouDedup FileSystem Watcher

18

Conclusion

Implementation : ClouDedup prototype from scratch

Performance Evaluation of ClouDedup Comparison of ClouDedup Performance

with other service providers Bottleneck analysis - delay in proxy & MM

by waiting for the entire file to be received GUI skeleton for user ease ClouDedup Windows Shell Extension

19

Thank you