R&D: Secure Encrypted De-Dupe for Cloud Storage Vs. Compromised Key Servers

IEEE Xplore has published, in 2019 IEEE Global Communications Conference (GLOBECOM) proceedings, an article written by Yuan Zhang, Chunxiang Xu, University of Electronic Science and Technology of China, Nan Cheng, Xidian University, and Xuemin Shen, University of Waterloo.

Abstract: “Message-locked encryption (MLE) is a special type of symmetric encryption enabling deduplication over ciphertexts. Since an MLE key is extracted from the message itself, it is vulnerable to brute-force attacks. Existing schemes employ an independent key server to help in generating MLE keys, where the MLE key is extracted from the message and a server-side secret to thwart brute-force attacks. Whereas, the security of these schemes depends on the reliability of the key server, which causes the single-point-of- failure problem. In this paper, we propose DECKS, an encrypted data \underline{de}duplication scheme against the \underline{c}ompromised \underline{k}ey \underline{s}erver. DECKS employs multiple key servers to assist users in generating MLE keys using an oblivious and threshold-based protocol, such that compromising any key server would not break the security. To free DECKS from trusting a specific group of key servers during the lifetime of protected data, the key servers are periodically replaced by new ones to renew the security protection. Provable security and high efficiency of DECKS are demonstrated by comprehensive analyses and experimental evaluations.“