Abstract
In cloud services, deduplication is a widely used data reduction technique to minimize storage and communication overhead. Nonetheless, deduplication introduces a serious security risk: a malicious client can obtain access to a file on storage by learning just a piece of information about the file. Proof of ownership schemes provides protection against this security risk as it enables the server to check whether the client actually owns a particular file in its entirety. However, a malicious client may misuse proof of ownership procedure to waste resources at the server. For that, she sends a large number of upload requests and tries to keep the server busy in computing challenges and verifying responses. In this paper, we propose a secure proof of ownership scheme using Merkle tree. In this approach, cloud server precomputes the challenges-responses to avoid computational overhead during subsequent upload. Moreover, cloud server does not need to retain resources until the response is received since our approach is a stateless protocol. Security analysis demonstrates that a malicious client without having entire file cannot prove herself as an owner of the file. As a proof of concept, we implement our approach in a realistic environment and demonstrate that it outperforms the existing proof of ownership schemes in terms of challenge generation, communication, and response verification cost.
Similar content being viewed by others
REFERENCES
Merkle, R.C., A certified digital signature, Conference on the Theory and Application of Cryptology, New York: Springer, 1989, pp. 218–238.
Douceur, J.R., Adya, A., Bolosky, W.J., Simon, P., and Theimer, M., Reclaiming space from duplicate files in a serverless distributed file system, Proceedings 22nd International Conference on Distributed Computing Systems, IEEE, 2002, pp. 617–624.
Di Crescenzo, G., Lipton, R., and Walfish, S., Perfectly secure password protocols in the bounded retrieval model, Theory of Cryptography Conference, Berlin–Heidelberg, 2006, pp. 225–244.
Dziembowski, S., Intrusion-resilience via the bounded-storage model, Theory of Cryptography Conference, Berlin–Heidelberg, 2006, pp. 207–224.
Harnik, D., Pinkas, B., and Shulman-Peleg, A., Side channels in cloud services: Deduplication in cloud storage, IEEE Secur. Privacy, 2010, vol. 8, no. 6, pp. 40–47.
Halevi, S., Harnik, D., Pinkas, B., and Shulman-Peleg, A., Proofs of ownership in remote storage systems, Proceedings of the 18th ACM Conference on Computer and Communications Security, ACM, 2011, pp. 491–500.
Di Pietro, R. and Sorniotti, A., Boosting efficiency and security in proof of ownership for deduplication, Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, ACM, 2012, pp. 81–82.
Bellare, M., Keelveedhi, S., and Ristenpart, T., Message-locked encryption and secure deduplication, Annual International Conference on the Theory and Applications of Cryptographic Techniques, Berlin–Heidelberg, 2013, pp. 296–312.
Blasco, J., Di Pietro, R., Orfila, A., and Sorniotti, A., A tunable proof of ownership scheme for deduplication using bloom filters, 2014 IEEE Conference on Communications and Network Security, IEEE, 2014, pp. 481–489.
Du, R., Deng, L., Chen, J., He, K., and Zheng, M., Proofs of ownership and retrievability in cloud storage, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, IEEE, 2014, pp. 328–335.
González-Manzano, L. and Orfila, A., An efficient confidentiality-preserving proof of ownership for deduplication, J. Network Comput. Appl., 2015, vol. 50, pp. 49–59.
Yang, C., Ren, J., and Ma, J., Provable ownership of files in deduplication cloud storage, Secur. Commun. Networks, 2015, vol. 8, no. 14, pp. 2457–2468.
Di Pietro, R. and Sorniotti, A., Proof of ownership for deduplication systems: A secure, scalable, and efficient solution, Comput. Commun., 2016, vol. 82, pp. 71–82.
Chen, J., Zhang, L., He, K., Chen, M., Du, R., and Wang, L., Message-locked proof of ownership and retrievability with remote repairing in cloud, Secur. Commun. Networks, 2016, vol. 9, no. 16, pp. 3452–3466.
González-Manzano, L., de Fuentes, J.M., and Choo, K.K.R., ase-PoW: A proof of ownership mechanism for cloud deduplication in hierarchical environments, International Conference on Security and Privacy in Communication Systems, Cham, 2016, pp. 412–428.
Dave, J. and Das, M.L., 2016, March. Securing SQL with access control for database as a service model, In Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies, pp. 1–6.
Dave, J., Saharan, S., Faruki, P., Laxmi, V., and Gaur, M.S., 2017, December. Secure random encryption for deduplicated storage, In International Conference on Information Systems Security, Springer, Cham, pp. 164–176.
Xiong, J., Zhang, Y., Lin, L., Shen, J., Li, X., and Lin, M., ms-PoSW: A multi-server aided proof of shared ownership scheme for secure deduplication in cloud, Concurrency Comput: Pract. Exp., 2017, vol. 32, no. 3.
Jiang, S., Jiang, T., and Wang, L., Secure and efficient cloud data deduplication with ownership management, IEEE Trans. Serv. Comput., 2017. https://doi.org/10.1109/TSC.2017.2771280
Dave, J., Faruki, P., Laxmi, V., Bezawada, B., and Gaur, M., Secure and efficient proof of ownership for deduplicated cloud storage, Proceedings of the 10th International Conference on Security of Information and Networks, ACM, 2017, pp. 19–26.
Bini, S.P. and Abirami, S., Proof of retrieval and ownership for secure fuzzy deduplication of multimedia data, in Progress in Computing, Analytics and Networking, Singapore: Springer, 2018, pp. 245–255.
Mishra, S., Singh, S., and Ali, S.T., MPoWS: Merged Proof of Ownership and Storage for Block Level Deduplication in Cloud Storage, 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), IEEE, 2018, pp. 1–7.
Dave, J., Laxmi, V., Faruki, P., Gaur, M., and Shah, B., 2019, January. Bloom Filter Based Privacy Preserving Deduplication System, In International Conference on Security & Privacy, Springer, Singapore, pp. 17–34.
Faruki, P., Zemmari, A., Gaur, M.S., Laxmi, V., and Conti, M., 2016, June. MimeoDroid: large scale dynamic app analysis on cloned devices via machine learning classifiers, In 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W), IEEE, pp. 60–65.
Faruki, P., Bharmal, A., Laxmi, V., Ganmoor, V., Gaur, M.S., Conti, M., and Rajarajan, M., Android security: A survey of issues, malware penetration, and defenses, IEEE Commun. Surv. Tutorials, 2014, vol. 17, no. 2, pp. 998–1022.
Faruki, P., Ganmoor, V., Laxmi, V., Gaur, M.S., and Bharmal, A., AndroSimilar: Robust statistical feature signature for Android malware detection, Proceedings of the 6th International Conference on Security of Information and Networks, 2013, pp. 152–159.
Faruki, P., Laxmi, V., Bharmal, A., Gaur, M.S., and Ganmoor, V., AndroSimilar: Robust signature for detecting variants of Android malware, J. Inf. Secur. Appl., 2015, vol. 22, pp. 66–80.
Faruki, P., Laxmi, V., Gaur, M.S., and Vinod, P., Mining control flow graph as api call-grams to detect portable executable malware, Proceedings of the Fifth International Conference on Security of Information and Networks, 2012, pp. 130–137.
Faruki, P., Kumar, V., Ammar, B., Gaur, M.S., Laxmi, V., and Conti, M., Platform neutral sandbox for analyzing malware and resource hogger apps, International Conference on Security and Privacy in Communication Networks, Cham, 2014, pp. 556–560.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
The authors declare that they have no conflicts of interest.
About this article
Cite this article
Jay Dave, Dutta, A., Faruki, P. et al. Secure Proof of Ownership Using Merkle Tree for Deduplicated Storage. Aut. Control Comp. Sci. 54, 358–370 (2020). https://doi.org/10.3103/S0146411620040033
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411620040033