Secure data access on untrusted storage
In advent of modern IT infrastructures, cloud storage services are gaining popularity due to its numerous benefits such as low cost, convenience, scalability and collaboration. People are increasingly using cloud storage services made available by companies such as Google, Dropbox, and Amazon to sto...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
2015
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/62792 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | In advent of modern IT infrastructures, cloud storage services are gaining popularity due to its numerous benefits such as low cost, convenience, scalability and collaboration. People are increasingly using cloud storage services made available by companies such as Google, Dropbox, and Amazon to store their data on these service provider’s data centers. In the face of its benefits, there are still some issues that need to be considered prior using the service such as storage space efficiency, data privacy and security. Deduplication on encrypted data is a promising trend for both cloud storage providers and subscribers. Data deduplication allows cloud storage providers save storage space by eliminates the copies of redundant data, and encrypted data can ensure the confidentiality of customer’s data both in transit and at rest. However, deduplication that works on detecting identical data does not work well with encrypted data provided by conventional encryption. Encryption of the same data using different key (by different subscribers) will result in different ciphertext and cause cloud storage providers unable to carry out deduplication. In this project, a scheme to allow deduplication on encrypted data with the aid of a key server deployed at cloud service provider premises is implemented. Subscriber encrypts data with data-encryption key obtained from key server via various key-management schemes, one of which uses homomorphic-xor operation. The main contributions of this project are (1) With a key server deployed at cloud service provider premises, it will not only deduplicate data from particular domain but also for its entire client base including public and different enterprise users - higher storage savings, (2) Data owners still maintain exclusive control of their data and data-encryption key, i.e. cloud service provider has no access to any of it - strong confidentiality guarantees. The experiment conducted shows that clients experience minor storage overhead and latency by using our scheme for encrypted data compare using the storage service for plaintext data. |
|---|