More Web Proxy on the site http://driver.im/

research-article

S2Dedup: SGX-enabled secure deduplication

Authors:

Mariana Miranda,

Tânia Esteves,

Bernardo Portela,

João PauloAuthors Info & Claims

SYSTOR '21: Proceedings of the 14th ACM International Conference on Systems and Storage

Article No.: 14, Pages 1 - 12

https://doi.org/10.1145/3456727.3463773

Published: 14 June 2021 Publication History

Abstract

Secure deduplication allows removing duplicate content at third-party storage services while preserving the privacy of users' data. However, current solutions are built with strict designs that cannot be adapted to storage service and applications with different security and performance requirements.

We present S2Dedup, a trusted hardware-based privacy-preserving deduplication system designed to support multiple security schemes that enable different levels of performance, security guarantees and space savings. An in-depth evaluation shows these trade-offs for the distinct Intel SGX-based secure schemes supported by our prototype.

Moreover, we propose a novel Epoch and Exact Frequency scheme that prevents frequency analysis leakage attacks present in current deterministic approaches for secure deduplication while maintaining similar performance and space savings to state-of-the-art approaches.

References

[1]

2017. A More Protected Cloud Environment: IBM Announces Cloud Data Guard Featuring Intel SGX. https://itpeernetwork.intel.com/ibm-cloud-data-guard-intel-sgx/#gs.oejhq1.

[2]

2018. Azure confidential computing. https://azure.microsoft.com/en-us/blog/azure-confidential-computing.

[3]

2020. DEDISbench. https://github.com/jtpaulo/dedisbench.

[4]

2020. Libiscsi. https://github.com/sahlberg/libiscsi.git.

[5]

Accessed: 2019-09-19. Intel Software Guard Extensions (Intel SGX). https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html.

[6]

Accessed: 2019-11-26. Glib. https://github.com/GNOME/glib.git.

[7]

Accessed: 2020-03-16. LevelDB. https://github.com/google/leveldb.git.

[8]

Accessed: 2020-05-15. Spdk github. https://github.com/spdk/spdk.

[9]

Accessed: 2020-05-15. Storage performance development kit. https://spdk.io/.

[10]

Accessed: 2020-08-27. FIU IODedup. http://iotta.snia.org/traces/391.

[11]

K Akhila, Amal Ganesh, and C Sunitha. 2016. A study on deduplication techniques over encrypted data. Procedia Computer Science 87 (2016), 38--43.

[12]

Tiago Alves. 2004. Trustzone: Integrated hardware and software security. White paper (2004).

[13]

Frederik Armknecht, Colin Boyd, Gareth T Davies, Kristian Gjøsteen, and Mohsen Toorani. 2017. Side channels in deduplication: trade-offs between leakage and efficiency. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. ACM, 266--274.

Digital Library

[14]

Raad Bahmani, Manuel Barbosa, Ferdinand Brasser, Bernardo Portela, Ahmad-Reza Sadeghi, Guillaume Scerri, and Bogdan Warinschi. 2017. Secure multiparty computation from SGX. In International Conference on Financial Cryptography and Data Security. Springer, 477--497.

[15]

Mihir Bellare and Sriram Keelveedhi. 2015. Interactive message-locked encryption and secure deduplication. In IACR International Workshop on Public Key Cryptography. Springer, 516--538.

[16]

Mihir Bellare, Sriram Keelveedhi, and Thomas Ristenpart. 2013. Message-locked encryption and secure deduplication. In Annual international conference on the theory and applications of cryptographic techniques. Springer, 296--312.

[17]

Rongmao Chen, Yi Mu, Guomin Yang, and Fuchun Guo. 2015. BL-MLE: Block-Level Message-Locked Encryption for Secure Large File Deduplication. Information Forensics and Security, IEEE Transactions on 10 (12 2015), 2643--2652.

Digital Library

[18]

Victor Costan and Srinivas Devadas. 2016. Intel SGX Explained. IACR Cryptology ePrint Archive 2016, 086 (2016), 1--118.

[19]

Helei Cui, Huayi Duan, Zhan Qin, Cong Wang, and Yajin Zhou. 2019. Speed: Accelerating enclave applications via secure deduplication. In 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS). IEEE, 1072--1082.

[20]

Hung Dang and Ee-Chien Chang. 2017. Privacy-preserving data deduplication on trusted processors. In 2017 IEEE 10th International Conference on Cloud Computing (CLOUD). IEEE, 66--73.

[21]

John (JD) Douceur, Atul Adya, Bill Bolosky, Daniel R. Simon, and Marvin Theimer. 2002. Reclaiming Space from Duplicate Files in a Serverless Distributed File System. Technical Report MSR-TR-2002-30. 14 pages. https://www.microsoft.com/en-us/research/publication/reclaiming-space-from-duplicate-files-in-a-serverless-distri\buted-file-system/

[22]

Morris J Dworkin. 2010. Recommendation for block cipher modes of operation: The XTS-AES mode for confidentiality on storage devices. Technical Report.

[23]

Benny Fuhry, Lina Hirschoff, Samuel Koesnadi, and Florian Kerschbaum. 2020. SeGShare: Secure Group File Sharing in the Cloud using Enclaves. In 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 476--488.

[24]

Danny Harnik, Eliad Tsfadia, Doron Chen, and Ronen Kat. 2018. Securing the storage data path with SGX enclaves. arXiv preprint arXiv:1806.10883 (2018).

[25]

Wenjin Hu, Tao Yang, and Jeanna N Matthews. 2010. The good, the bad and the ugly of consumer cloud storage. ACM SIGOPS Operating Systems Review 44, 3 (2010), 110--115.

Digital Library

[26]

Tyler Hunt, Zhiting Zhu, Yuanzhong Xu, Simon Peter, and Emmett Witchel. 2018. Ryoan: A distributed sandbox for untrusted computation on secret data. ACM Transactions on Computer Systems (TOCS) 35, 4 (2018), 13.

Digital Library

[27]

Sriram Keelveedhi, Mihir Bellare, and Thomas Ristenpart. 2013. Dup-LESS: server-aided encryption for deduplicated storage. In Presented as part of the 22nd {USENIX} Security Symposium ({USENIX} Security 13). 179--194.

[28]

Georgios Kellaris, George Kollios, Kobbi Nissim, and Adam O'neill. 2016. Generic attacks on secure outsourced databases. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 1329--1340.

Digital Library

[29]

Seongmin Kim, Youjung Shin, Jaehyung Ha, Taesoo Kim, and Dongsu Han. 2015. A first step towards leveraging commodity trusted execution environments for network applications. In Proceedings of the 14th ACM Workshop on Hot Topics in Networks. ACM, 7.

Digital Library

[30]

Ricardo Koller and Raju Rangaswami. 2010. I/O deduplication: Utilizing content similarity to improve I/O performance. ACM Transactions on Storage (TOS) 6, 3 (2010), 1--26.

Digital Library

[31]

Jingwei Li, Chuan Qin, Patrick PC Lee, and Xiaosong Zhang. 2017. Information leakage in encrypted deduplication via frequency analysis. In 2017 47th Annual IEEE/IFIP international conference on dependable systems and networks (DSN). IEEE, 1--12.

[32]

Jingwei Li, Zuoru Yang, Yanjing Ren, Patrick PC Lee, and Xiaosong Zhang. 2020. Balancing storage efficiency and data confidentiality with tunable encrypted deduplication. In Proceedings of the Fifteenth European Conference on Computer Systems. 1--15.

Digital Library

[33]

Takanori Machida, Dai Yamamoto, Ikuya Morikawa, Hirotaka Kokubo, and Hisashi Kojima. [n.d.]. Poster: A Novel Framework for User-Key Provisioning to Secure Enclaves on Intel SGX. ([n. d.]).

[34]

Dutch T Meyer and William J Bolosky. 2012. A study of practical deduplication. ACM Transactions on Storage (ToS) 7, 4 (2012), 1--20.

Digital Library

[35]

João Paulo and José Pereira. 2014. A survey and classification of storage deduplication systems. ACM Computing Surveys (CSUR) 47, 1 (2014), 11.

Digital Library

[36]

João Paulo and José Pereira. 2016. Efficient deduplication in a distributed primary storage infrastructure. ACM Transactions on Storage (TOS) 12, 4 (2016), 1--35.

Digital Library

[37]

Joao Paulo, Pedro Reis, Jose Pereira, and Antonio Sousa. 2012. DEDIS-bench: A benchmark for deduplicated storage systems. In OTM Confederated International Conferences" On the Move to Meaningful Internet Systems". Springer, 584--601.

[38]

Zahra Pooranian, Kang-Cheng Chen, Chia-Mu Yu, and Mauro Conti. 2018. RARE: Defeating side channels based on data-deduplication in cloud storage. In IEEE INFOCOM 2018-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). IEEE, 444--449.

[39]

Joydeep Rakshit and Kartik Mohanram. 2018. LEO: Low overhead encryption ORAM for non-volatile memories. IEEE Computer Architecture Letters 17, 2 (2018), 100--104.

Digital Library

[40]

Felix Schuster, Manuel Costa, Cédric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. 2015. VC3: Trustworthy data analytics in the cloud using SGX. In 2015 IEEE Symposium on Security and Privacy. IEEE, 38--54.

Digital Library

[41]

Emil Stefanov, Marten Van Dijk, Elaine Shi, T-H Hubert Chan, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. 2018. Path oram: An extremely simple oblivious ram protocol. Journal of the ACM (JACM) 65, 4 (2018), 1--26.

Digital Library

[42]

Bruno Vavala, Nuno Neves, and Peter Steenkiste. 2017. Secure tera-scale data crunching with a small TCB. In 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 169--180.

[43]

Ofir Weisse, Valeria Bertacco, and Todd Austin. 2017. Regaining lost cycles with HotCalls: A fast interface for SGX secure enclaves. ACM SIGARCH Computer Architecture News 45, 2 (2017), 81--93.

Digital Library

[44]

Dag Wieers. [n.d.]. Dstat: Versatile resource statistics tool. http://dag.wiee.rs/home-made/dstat ([n.d.]).

[45]

Wen Xia, Hong Jiang, Dan Feng, Fred Douglis, Philip Shilane, Yu Hua, Min Fu, Yucheng Zhang, and Yukun Zhou. 2016. A comprehensive study of the past, present, and future of data deduplication. Proc. IEEE 104, 9 (2016), 1681--1710.

[46]

Qirui Yang, Runyu Jin, and Ming Zhao. 2019. SmartDedup: Optimizing Deduplication for Resource-constrained Devices. In 2019 USENIX Annual Technical Conference (USENIX ATC 19). USENIX Association, Renton, WA, 633--646. https://www.usenix.org/conference/atc19/presentation/yang-qirui

[47]

H. Yu, X. Zhang, W. Huang, and W. Zheng. 2017. PDFS: Partially Dedupped File System for Primary Workloads. IEEE Transactions on Parallel and Distributed Systems 28, 3 (2017), 863--876.

Digital Library

[48]

Xian Zhang, Guangyu Sun, Chao Zhang, Weiqi Zhang, Yun Liang, Tao Wang, Yiran Chen, and Jia Di. 2015. Fork path: improving efficiency of oram by removing redundant memory accesses. In 2015 48th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). IEEE, 102--114.

Digital Library

[49]

Wenting Zheng, Ankur Dave, Jethro G Beekman, Raluca Ada Popa, Joseph E Gonzalez, and Ion Stoica. 2017. Opaque: An oblivious and encrypted distributed analytics platform. In 14th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 17). 283--298.

[50]

Lidong Zhou, Fred B Schneider, and Robbert Van Renesse. 2005. APSS: Proactive secret sharing in asynchronous systems. ACM transactions on information and system security (TISSEC) 8, 3 (2005), 259--286.

Digital Library

[51]

Y. Zhou, Y. Deng, L. T. Yang, R. Yang, and L. Si. 2018. LDFS: A Low Latency In-Line Data Deduplication File System. IEEE Access 6 (2018), 15743--15753.

Cited By

Zhao JYang ZLi JLee P(2024)Encrypted Data Reduction: Removing Redundancy from Encrypted Data in Outsourced StorageACM Transactions on Storage10.1145/368527820:4(1-30)Online publication date: 29-Jul-2024
https://dl.acm.org/doi/10.1145/3685278
Dave JHegde PDesai HKanodia ASrivastava RSingh K(2024)RESIST: Randomized Encryption for Deduplicated Cloud Storage SystemArabian Journal for Science and Engineering10.1007/s13369-024-09658-3Online publication date: 25-Oct-2024
https://doi.org/10.1007/s13369-024-09658-3
Paju AJaved MNurmi JSavimäki JMcGillion BBrumley B(2023)SoK: A Systematic Review of TEE Usage for Developing Trusted ApplicationsProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600169(1-15)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3600169
Show More Cited By

Index Terms

S2Dedup: SGX-enabled secure deduplication
1. Information systems
  1. Data management systems
    1. Information integration
      1. Deduplication
  2. Information storage systems
    1. Storage architectures
      1. Cloud based storage
2. Security and privacy
  1. Security in hardware
    1. Hardware security implementation
      1. Hardware-based security protocols
  2. Systems security
    1. File system security

Recommendations

WOJ: Enabling Write-Once Full-data Journaling in SSDs by Using Weak-Hashing-based Deduplication

Journaling is a commonly used technique to ensure data consistency in file systems, such as ext3 and ext4. With journaling technique, file system updates are first recorded in a journal (in the commit phase) and later applied to their home locations in ...
Storage Deduplication by Virtual Large-Scale Disks
NBIS '12: Proceedings of the 2012 15th International Conference on Network-Based Information Systems

Recently, the demand of low cost large scale storages increases. We developed VLSD (Virtual Large Scale Disks) toolkit for constructing virtual disk based distributed storages, which aggregate free spaces of individual disks. VLSD realizes low-cost ...
PerfectDedup: Secure Data Deduplication
Revised Selected Papers of the 10th International Workshop on Data Privacy Management, and Security Assurance - Volume 9481

With the continuous increase of cloud storage adopters, data deduplication has become a necessity for cloud providers. By storing a unique copy of duplicate data, cloud providers greatly reduce their storage and data transfer costs. Unfortunately, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SYSTOR '21: Proceedings of the 14th ACM International Conference on Systems and Storage

June 2021

226 pages

ISBN:9781450383981

DOI:10.1145/3456727

General Chairs:
Bruno Wassermann
IBM Research - Haifa, Israel
,
Michal Malka
IBM Research - Haifa, Israel
,
Program Chairs:
Vijay Chidambaram
University of Texas at Austin/VMWare Research
,
Danny Raz
Technion - Israel Institute of Technology, Israel

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems

In-Cooperation

Technion: Israel Institute of Technology
USENIX Assoc: USENIX Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 June 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Honorable Mention

Author Tags

Qualifiers

Research-article

Conference

SYSTOR '21

Sponsor:

SIGOPS

SYSTOR '21: The 14th ACM International Systems and Storage Conference

June 14 - 16, 2021

Haifa, Israel

Acceptance Rates

SYSTOR '21 Paper Acceptance Rate 18 of 63 submissions, 29%;

Overall Acceptance Rate 108 of 323 submissions, 33%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
213
Total Downloads

Downloads (Last 12 months)36
Downloads (Last 6 weeks)2

Reflects downloads up to 11 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhao JYang ZLi JLee P(2024)Encrypted Data Reduction: Removing Redundancy from Encrypted Data in Outsourced StorageACM Transactions on Storage10.1145/368527820:4(1-30)Online publication date: 29-Jul-2024
https://dl.acm.org/doi/10.1145/3685278
Dave JHegde PDesai HKanodia ASrivastava RSingh K(2024)RESIST: Randomized Encryption for Deduplicated Cloud Storage SystemArabian Journal for Science and Engineering10.1007/s13369-024-09658-3Online publication date: 25-Oct-2024
https://doi.org/10.1007/s13369-024-09658-3
Paju AJaved MNurmi JSavimäki JMcGillion BBrumley B(2023)SoK: A Systematic Review of TEE Usage for Developing Trusted ApplicationsProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600169(1-15)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3600169
Will NMaziero C(2023)Intel Software Guard Extensions Applications: A SurveyACM Computing Surveys10.1145/359302155:14s(1-38)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1145/3593021
Li JRen YLee PWang YChen TZhang X(2023)FeatureSpy: Detecting Learning-Content Attacks via Feature Inspection in Secure Deduplicated StorageIEEE INFOCOM 2023 - IEEE Conference on Computer Communications10.1109/INFOCOM53939.2023.10228971(1-10)Online publication date: 17-May-2023
https://doi.org/10.1109/INFOCOM53939.2023.10228971
Li LQin GLiu PHu CGuo S(2023)Secure and Efficient Cloud Ciphertext Deduplication Based on SGX2022 IEEE 28th International Conference on Parallel and Distributed Systems (ICPADS)10.1109/ICPADS56603.2022.00096(696-703)Online publication date: Jan-2023
https://doi.org/10.1109/ICPADS56603.2022.00096

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents