KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Efficient Privacy-Preserving Duplicate Elimination in Edge Computing Environment Based on Trusted Execution Environment

신뢰실행환경기반 엣지컴퓨팅 환경에서의 암호문에 대한 효율적 프라이버시 보존 데이터 중복제거

  • 구동영 (한성대학교 기계전자공학부 정보시스템트랙)
  • Received : 2022.05.10
  • Accepted : 2022.05.24
  • Published : 2022.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

With the flood of digital data owing to the Internet of Things and big data, cloud service providers that process and store vast amount of data from multiple users can apply duplicate data elimination technique for efficient data management. The user experience can be improved as the notion of edge computing paradigm is introduced as an extension of the cloud computing to improve problems such as network congestion to a central cloud server and reduced computational efficiency. However, the addition of a new edge device that is not entirely reliable in the edge computing may cause increase in the computational complexity for additional cryptographic operations to preserve data privacy in duplicate identification and elimination process. In this paper, we propose an efficiency-improved duplicate data elimination protocol while preserving data privacy with an optimized user-edge-cloud communication framework by utilizing a trusted execution environment. Direct sharing of secret information between the user and the central cloud server can minimize the computational complexity in edge devices and enables the use of efficient encryption algorithms at the side of cloud service providers. Users also improve the user experience by offloading data to edge devices, enabling duplicate elimination and independent activity. Through experiments, efficiency of the proposed scheme has been analyzed such as up to 78x improvements in computation during data outsourcing process compared to the previous study which does not exploit trusted execution environment in edge computing architecture.

사물인터넷 및 빅데이터 등 디지털 데이터의 범람으로, 다수 사용자로부터 방대한 데이터를 처리 및 보관하는 클라우드 서비스 제공자는 효율적 데이터 관리를 위한 데이터 중복제거를 적용할 수 있다. 중앙 클라우드 서버로의 네트워크 혼잡 및 연산 효율성 저하 등의 문제를 개선하기 위한 클라우드의 확장으로 엣지 컴퓨팅 개념이 도입되면서 사용자 경험을 개선할 수 있으나, 전적으로 신뢰할 수 없는 새로운 엣지 디바이스의 추가로 인하여 프라이버시 보존 데이터 중복제거를 위한 암호학적 연산 복잡도의 증가를 야기할 수 있다. 제안 기법에서는 신뢰실행환경을 활용함으로써 사용자-엣지-클라우드 간 최적화된 통신 구조에서 프라이버시 보존 데이터 중복제거의 효율성 개선 방안을 제시한다. 사용자와 클라우드 사이에서의 비밀정보 공유를 통하여 엣지 디바이스에서의 연산 복잡도를 최소화하고, 클라우드 서비스 제공자의 효율적 암호화 알고리즘 사용을 가능하게 한다. 또한, 사용자는 엣지 디바이스에 데이터를 오프로딩함으로써 데이터 중복제거와 독립적인 활동을 가능하게 하여 사용자 경험을 개선한다. 실험을 통하여 제안 기법이 데이터 프라이버시 보존 중복제거 과정에서 엣지-클라우드 통신 효율성 향상, 엣지 연산 효율성 향상 등 성능 개선 효과가 있음을 확인한다.

Keywords

Acknowledgement

이 성과는 정부(과학기술정보통신부)의 재원으로 한국연구재단의 지원을 받아 수행된 연구임(No. NRF-2021R1F1A1064256).

References

  1. Statista, "Volume of data/information created, captured, copied, and consumed worldwide from 2010 to 2025," [Internet], https://www.statista.com/statistics/871513/worldwide-data-created/
  2. Memopal, "Technology," [Internet], https://www.memopal.com/technology/
  3. Dropbox, "Dropbox," [Internet], https://www.dropbox.com/
  4. Google Drive, "Google Drive," [Internet], https://drive.google.com/
  5. P. Puzio, R. Molva, M. Onen, and S. Loureiro, "ClouDedup: Secure deduplication with encrypted data for cloud storage," IEEE International Conference on Cloud Computing Technology and Science, pp.363-370, 2013.
  6. M. Bellare, S. Keelveedhi, and T. Ristenpart, "Message-locked encryption and secure deduplication," Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT), pp.296-312, 2013.
  7. M. Wen, K. Lu, J. Lei, F. Li, and J. Li, "DBO-SD: An efficient scheme for big data outsourcing with secure deduplication," IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp.214-219, 2015.
  8. M. Bellare and S. Keelveedhi, "Interactive message-locked encryption and secure deduplication," IACR International Workshop on Public Key Cryptography (PKC), pp.516-538, 2015.
  9. S. Mishra, S. Singh, and S. T. Ali, "RCDSD: RSA based cross domain secure deduplication on cloud storage," International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp.1-7, 2018.
  10. P. Singh, N. Agarwal, and B. Raman, "Secure data deduplication using secret sharing schemes over cloud," Future Generation Computer Systems, Vol.88, No.2018, pp.156-167, 2018. https://doi.org/10.1016/j.future.2018.04.097
  11. Y. Wang, M. Miao, J. Wang, and Xuefeng Zhang, "Secure deduplication with efficient user revocation in cloud storage," Computer Standards & Interfaces, Vol.78, pp.1-8, 2021.
  12. I. Stojmenovic, S. Wen, X. Huang, and H. Luan, "An overview of fog computing and its security issues," Concurrency and Computation: Practice and Experience, Vol.28, No.10, pp.2991-3005, 2015. https://doi.org/10.1002/cpe.3485
  13. J. R. Douceur, A. Adya, W. J. Bolosky, D. Simin, and M. Theimer, "Reclaiming space from duplicate files in a serverless distributed file system," Technical Report MSR-TR-2002-30, Microsoft Research, pp.1-14, 2002.
  14. W. Shi, J. Cao, Q. Zhang, Y. Li, and L. Xu, "Edge computing: Vision and challenges," IEEE Internet of Things Journal, Vol.3, No.5, pp.637-646, 2016. https://doi.org/10.1109/JIOT.2016.2579198
  15. D. Koo, Y. Shin, J. Yun, and J. Hur, "A hybrid deduplication for secure and efficient data outsourcing in fog computing," IEEE International Conference on Cloud Computing Technology and Science(CloudCom), pp.285-293, 2016.
  16. D. Koo and J. Hur, "Privacy-preserving deduplication of encrypted data with dynamic ownership management in fog computing," Future Generation Computer Systems, Vol.78, No.2, pp.739-752, 2018. https://doi.org/10.1016/j.future.2017.01.024
  17. M. Sabt, M. Achemlal, and A. Bouabdallah, "Trusted execution environment: What it is, and what it is not," IEEE Trustcom/BigDataSE/ISPA, pp.57-64, 2015.
  18. ARM, "Learn the architecture: TrustZone for AArch64," [Internet] https://developer.arm.com/documentation/102418/0101/What-is-TrustZone-?lang=en
  19. Intel, "Intel® Software Guard Extensions (Intel® SGX)," [Internet] https://www.intel.sg/content/www/xa/en/architecture-and-technology/software-guard-extensions.html
  20. AMD, "AMD Secure Encrypted Virtualization (SEV)," [Internet] https://developer.amd.com/sev/
  21. V. Costan and S. Devadas, "Intel SGX explained," Cryptology ePrint Archive, pp.1-118, 2016.
  22. Y. Ren, J. Li, P. P. C. Lee, and X. Zhang, "Accelerating encrypted deduplication via SGX," USENIX Annual Technical Conference (USENIX ATC), pp.303-316, 2021.
  23. S. Keelveedhi, M. Bellare, T. Ristenpart, "DupLESS: Server-aided encryption for deduplicated storage," USENIX Security Symposium (USENIX Security), pp.179-194, 2013.
  24. M. Miranda, T. Esteves, B. Portela, and J. Paulo, "S2Dedup: SGX-enabled secure deduplication," ACM International Conference on Systems and Storage(SYSTOR), pp.1-12, 2021.
  25. D. Meister, J. Kaiser, A. Brinkmann, T. Cortes, M. Kuhn, and J. Kunkel, "A study on data deduplication in HPD storage systems," IEEE International Conference on High Performance Computing, Networking, Storage and Analysis (SC), pp.1-11, 2012.
  26. M. Dutch, "Understanding data deduplication ratios," SNIA (Storage Networking Industry Association) - Data Management Forum, [Internet] https://www.snia.org/sites/default/files/Understanding_Data_Deduplication_Ratios-20080718.pdf, pp.1-13, 2008.
  27. V. Tarasov, W. Buik, P. Shilane, G. Kuenning, and E. Zadok, "Generating realistic datasets for deduplication analysis," USENIX Annual Technical Conference (ATC), pp.1-12, 2012.
  28. Advanced Storage Products Group, "Identifying the Hidden Risk of Data Deduplication: How the HYDRAstorTM Solution Proactively Solves the Problem," White paper - NEC, pp.1-9, [Internet] https://silo.tips/downloadFile/identifying-the-hidden-risk-of-data-deduplication-how-the-hydrastor-tm-solution, 2009.
  29. D. T. Meyer and W. J. Bolosky, "A study of practical deduplication," ACM Transactions on Storage, pp.1-20, 2012.