KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Improving Efficiency of Encrypted Data Deduplication with SGX

SGX를 활용한 암호화된 데이터 중복제거의 효율성 개선

  • 구동영 (한성대학교 전자정보공학과)
  • Received : 2022.04.15
  • Accepted : 2022.05.03
  • Published : 2022.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

With prosperous usage of cloud services to improve management efficiency due to the explosive increase in data volume, various cryptographic techniques are being applied in order to preserve data privacy. In spite of the vast computing resources of cloud systems, decrease in storage efficiency caused by redundancy of data outsourced from multiple users acts as a factor that significantly reduces service efficiency. Among several approaches on privacy-preserving data deduplication over encrypted data, in this paper, the research results for improving efficiency of encrypted data deduplication using trusted execution environment (TEE) published in the recent USENIX ATC are analysed in terms of security and efficiency of the participating entities. We present a way to improve the stability of a key-managing server by integrating it with individual clients, resulting in secure deduplication without independent key servers. The experimental results show that the communication efficiency of the proposed approach can be improved by about 30% with the effect of a distributed key server while providing robust security guarantees as the same level of the previous research.

데이터 양의 폭발적 증가에 따른 관리 효율성 제고를 위한 클라우드 서비스 활용이 일상으로 자리잡고 있는 현재, 데이터 프라이버시 보존을 위한 다양한 암호화 기법이 적용되고 있다. 클라우드 시스템의 방대한 컴퓨팅 자원에도 불구하고 다수 사용자로부터 아웃소싱된 데이터의 중복으로 인한 저장 효율성의 저하는 서비스 효율을 현저히 감소시키는 요인으로 작용하면서, 프라이버시가 보장된 암호문에 대한 데이터 중복제거에서의 효율성 향상을 위한 다양한 연구가 진행되고 있다. 본 연구에서는 최신 USENIX ATC에 발표된 Ren et al.의 신뢰실행환경을 활용한 암호문에 대한 중복제거의 효율성 개선을 위한 연구결과를 분석하고 서비스에 참여하는 키 관리 서버를 사용자에 통합함으로써 제3의 독립적인 키 관리 서버의 필요성을 제거하면서도 키 관리의 안정성 개선 방법을 제시한다. 실험을 통하여 제안 기법에서 약 30%의 통신 효율 개선 효과를 얻을 수 있음을 확인하였다.

Keywords

Acknowledgement

이 논문은 정부(과학기술정보통신부)의 재원으로 한국연구재단의 지원을 받아 수행된 연구임(No. NRF-2021R1F1A1064256).

References

  1. M. Armbrust, et al., "A View of Cloud Computing," in Communications of the ACM, Vol.53, No.4, pp.50-58, 2010. https://doi.org/10.1145/1721654.1721672
  2. Y. Fan, X. Lin, W. Liang, G. Tan, and P. Nanda, "A secure privacy preserving deduplication scheme for cloud computing," in Future Generation Computer Systems, Vol.101, pp.127-135, 2019. https://doi.org/10.1016/j.future.2019.04.046
  3. Y. Shin, D. Koo, and J. Hur, "A survey of secure data deduplication schemes for cloud storage systems," in ACM Computing Surveys, Vol.49, No.74, pp.1-38, 2017.
  4. M. Sabt, M. Achemlal, and A. Bouabdallah, "Trusted execution environment: What it is, and what it is not," in Proceedings of IEEE Trustcom/BigDataSE/ISPA, pp.57-64, 2015.
  5. M. Miranda, T. Esteves, B. Portela, and J. Paulo, "S2Dedup: SGX-enabled secure deduplication," in Proceedings of ACM International Conference on Systems and Storage (SYSTOR), pp.1-12, 2021.
  6. Y. Ren, J. Li, P. P. C. Lee, and X. Zhang, "Accelerating encrypted deduplication via SGX," in Proceedings of USENIX Annual Technical Conference (USENIX ATC), pp.303-316, 2021.
  7. J. R. Douceur, A. Adya, W. J. Bolosky, D. Simin, and M. Theimer, "Reclaiming space from duplicate files in a serverless distributed file system," Technical Report MSR-TR-2002-30, Microsoft Research, pp.1-14, 2002.
  8. M. Bellare, S. Keelveedhi, and T. Ristenpart, "Message-locked encryption and secure deduplication," in Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT), pp.296-312, 2013.
  9. S. Keelveedhi, M. Bellare, and T. Ristenpart, "DupLESS: Server-Aided Encryption for Deduplicated Storage," in Proceedings of USENIX Security Symposium (USENIX Security), pp.179-194, 2013.
  10. V. Costan and S. Devadas, "Intel SGX explained," Cryptology ePrint Archive, pp.1-118, 2016.
  11. J. Liu, N. Asokan, and B. Pinkas, "Secure deduplication of encrypted data without additional independent servers," in Proceedings of ACM SIGSAC Conference on Computer and Communications Security (ACM CCS), pp.874-885, 2015.
  12. Y. Duan, "Distributed key generation for encrypted deduplication: Achieving the strongest privacy," in Proceedings of ACM Workshop on Cloud Computing Security (CCSW), pp.57-68, 2014.
  13. S. Halevi, D. Harnik, B. Pinkas, and A. Shulman-Peleg, "Proofs of ownership in remote storage systems," in Proceedings of ACM Conference on Computer and Communications Security(CCS), pp.491-500, 2011.
  14. Wikipedia, List of countries by Internet connection speeds, [Internet] https://en.wikipedia.org/wiki/List_of_countries_by_Internet_connection_speeds