Unifying Security and Deduplication in Cloud Storag

Deduplication is widely used nowadays in cloud storage systems to eliminate duplicate data to reduce storage cost. Since security and privacy are among the top concerns of the public clouds, users always want to guarantee the confidentiality of their data. This thesis aims to explore the opportunities to improve the security of deduplication in cloud storage systems.;We start by looking into the integration of secret sharing scheme and multi-cloud deduplication storage. We design and implement CDStore, which disperses users' backup data across multiple clouds and provides a unified multi-cloud storage solution with reliability, security, and cost-efficiency guarantees. CDStore builds on an augmented secret sharing scheme called convergent dispersal, which supports deduplication by using deterministic content-derived hashes as inputs to secret sharing. We present the design of CDStore, and in particular, describe how it combines convergent dispersal with two-stage deduplication to achieve both bandwidth and storage savings and be robust against side-channel attacks. We evaluate the performance of our CDStore prototype using real-world workloads on LAN and commercial cloud testbeds. Our cost analysis also demonstrates that CDStore achieves a significant monetary cost saving over a baseline cloud storage solution using state-of-the-art secret sharing.;Another approach is to enable rekeying in encrypted deduplication storage systems. Rekeying refers to an operation of replacing an existing key with a new key for encryption. It renews security protection, so as to protect against key compromise and enable dynamic access control in cryptographic storage. However, it is non-trivial to realize efficient rekeying in encrypted deduplication storage systems, which use deterministic content-derived encryption keys to allow deduplication on ciphertexts. We design and implement REED, a rekeying-aware encrypted deduplication storage system. REED builds on a deterministic version of all-or-nothing transform (AONT), such that it enables secure and lightweight rekeying, while preserving the deduplication capability. We propose two REED encryption schemes that trade between performance and security, and extend REED for dynamic access control. We implement a REED prototype with various performance optimization techniques. Our trace-driven testbed evaluation shows that our REED prototype maintains high performance and storage efficiency.;In this thesis, we explore new approaches to solve the major security problems in deduplication cloud storage. Our extensive evaluations based on different datasets show that the proposed systems unify security and deduplication with limited performance and storage overheads.