• Title/Summary/Keyword: Client-side Storage

Search Result 20, Processing Time 0.022 seconds

Side-Channel Attack against Secure Data Deduplication over Encrypted Data in Cloud Storage (암호화된 클라우드 데이터의 중복제거 기법에 대한 부채널 공격)

  • Shin, Hyungjune;Koo, Dongyoung;Hur, Junbeom
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.4
    • /
    • pp.971-980
    • /
    • 2017
  • Data deduplication can be utilized to reduce storage space in cloud storage services by storing only a single copy of data rather than all duplicated copies. Users who are concerned the confidentiality of their outsourced data can use secure encryption algorithms, but it makes data deduplication ineffective. In order to reconcile data deduplication with encryption, Liu et al. proposed a new server-side cross-user deduplication scheme by exploiting password authenticated key exchange (PAKE) protocol in 2015. In this paper, we demonstrate that this scheme has side channel which causes insecurity against the confirmation-of-file (CoF), or duplicate identification attack.

Light-weight Preservation of Access Pattern Privacy in Un-trusted Storage

  • Yang, Ka;Zhang, Jinsheng;Zhang, Wensheng;Qiao, Daji
    • IEIE Transactions on Smart Processing and Computing
    • /
    • v.2 no.5
    • /
    • pp.282-296
    • /
    • 2013
  • With the emergence of cloud computing, more and more sensitive user data are outsourced to remote storage servers. The privacy of users' access pattern to the data should be protected to prevent un-trusted storage servers from inferring users' private information or launching stealthy attacks. Meanwhile, the privacy protection schemes should be efficient as cloud users often use thin client devices to access the data. In this paper, we propose a lightweight scheme to protect the privacy of data access pattern. Comparing with existing state-of-the-art solutions, our scheme incurs less communication and computational overhead, requires significantly less storage space at the user side, while consuming similar storage space at the server. Rigorous proofs and extensive evaluations have been conducted to show that the proposed scheme can hide the data access pattern effectively in the long run after a reasonable number of accesses have been made.

  • PDF

Deduplication Technologies over Encrypted Data (암호데이터 중복처리 기술)

  • Kim, Keonwoo;Chang, Ku-Young;Kim, Ik-Kyun
    • Electronics and Telecommunications Trends
    • /
    • v.33 no.1
    • /
    • pp.68-77
    • /
    • 2018
  • Data deduplication is a common used technology in backup systems and cloud storage to reduce storage costs and network traffic. To preserve data privacy from servers or malicious attackers, there has been a growing demand in recent years for individuals and companies to encrypt data and store encrypted data on a server. In this study, we introduce two cryptographic primitives, Convergent Encryption and Message-Locked Encryption, which enable deduplication of encrypted data between clients and a storage server. We analyze the security of these schemes in terms of dictionary and poison attacks. In addition, we introduce deduplication systems that can be implemented in real cloud storage, which is a practical application environment, and describes the proof of ownership on client-side deduplication.

Information Dispersal Algorithm and Proof of Ownership for Data Deduplication in Dispersed Storage Systems (분산 스토리지 시스템에서 데이터 중복제거를 위한 정보분산 알고리즘 및 소유권 증명 기법)

  • Shin, Youngjoo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.1
    • /
    • pp.155-164
    • /
    • 2015
  • Information dispersal algorithm guarantees high availability and confidentiality for data and is one of the useful solutions for faulty and untrusted dispersed storage systems such as cloud storages. As the amount of data stored in storage systems increases, data deduplication which allows to save IT resources is now being considered as the most promising technology. Hence, it is necessary to study on an information dispersal algorithm that supports data deduplication. In this paper, we propose an information dispersal algorithm and proof of ownership for client-side data deduplication in the dispersed storage systems. The proposed solutions allow to save the network bandwidth as well as the storage space while giving robust security guarantee against untrusted storage servers and malicious clients.

A Scheme on High-Performance Caching and High-Capacity File Transmission for Cloud Storage Optimization (클라우드 스토리지 최적화를 위한 고속 캐싱 및 대용량 파일 전송 기법)

  • Kim, Tae-Hun;Kim, Jung-Han;Eom, Young-Ik
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.37 no.8C
    • /
    • pp.670-679
    • /
    • 2012
  • The recent dissemination of cloud computing makes the amount of data storage to be increased and the cost of storing the data grow rapidly. Accordingly, data and service requests from users also increases the load on the cloud storage. There have been many works that tries to provide low-cost and high-performance schemes on distributed file systems. However, most of them have some weaknesses on performing parallel and random data accesses as well as data accesses of frequent small workloads. Recently, improving the performance of distributed file system based on caching technology is getting much attention. In this paper, we propose a CHPC(Cloud storage High-Performance Caching) framework, providing parallel caching, distributed caching, and proxy caching in distributed file systems. This study compares the proposed framework with existing cloud systems in regard to the reduction of the server's disk I/O, prevention of the server-side bottleneck, deduplication of the page caches in each client, and improvement of overall IOPS. As a results, we show some optimization possibilities on the cloud storage systems based on some evaluations and comparisons with other conventional methods.

Conditions on the MP4-based DASH Segments for the Replay of Client-side Concatenated Storage Results (클라이언트 측 연접 저장 결과 재생을 위한 MP4 기반 DASH 세그먼트에 대한 조건)

  • Kim, Yong Han;Park, Minkyu;Rhyu, Sungryeul;Hwang, Seo-Young
    • Proceedings of the Korean Society of Broadcast Engineers Conference
    • /
    • 2011.07a
    • /
    • pp.216-219
    • /
    • 2011
  • DASH(Dynamic Adaptive Streaming over HTTP)는 MPEG(Moving Picture Experts Group)에서 표준화 중인 HTTP를 이용한 적응형 비디오 스트리밍 기술이다. 일반적으로 HTTP를 이용한 적응형 비디오 스트리밍에서 클라이언트가 사용할 수 있는 기능은 파일 전체 또는 그 일부를 다운로드하는 것이다. 따라서 전체 콘텐트를 작은 파일 조각 즉, 세그먼트(segment)로 분할하여 세그먼트들을 순차적으로 다운로드함으로써 마치 스트리밍이 달성되는 것과 같은 효과를 낼 수 있다. 네트워크의 상태에 따라 전송률을 조절하기 위해서는 서버에 서로 다른 비트율로 부호화된 세그먼트들을 함께 보관해 두어 클라이언트로 하여금 선택할 수 있게 한다. DASH에서는 MPEG-2 TS 또는 MPEG-4 파일 포맷(MP4)를 기반으로 하는 두 가지 형태의 서버 콘텐트를 제공할 수 있다. MP4 기반 DASH의 경우, 클라이언트가 수신한 세그먼트들을 순차적으로 이어 붙여 저장한다 하더라도 특별한 조건을 만족하는 경우를 제외하고는 MP4 파일을 재생할 수 있는 기존 미디어 플레이어가 이를 재생하지 못한다. 본 논문에서는 이러한 특별한 조건을 제시하고 이를 검증하였다. 이 조건은 서버에서 제공하는 세그먼트들에 대한 조건이다.

  • PDF

Privacy Preserving source Based Deuplication Method (프라이버시 보존형 소스기반 중복제거 기술 방법 제안)

  • Nam, Seung-Soo;Seo, Chang-Ho;Lee, Joo-Young;Kim, Jong-Hyun;Kim, Ik-Kyun
    • Smart Media Journal
    • /
    • v.4 no.4
    • /
    • pp.33-38
    • /
    • 2015
  • Cloud storage server do not detect duplication of conventionally encrypted data. To solve this problem, Convergent Encryption has been proposed. Recently, various client-side deduplication technology has been proposed. However, this propositions still cannot solve the security problem. In this paper, we suggest a secure source-based deduplication technology, which encrypt data to ensure the confidentiality of sensitive data and apply proofs of ownership protocol to control access to the data, from curious cloud server and malicious user.

Privacy Preserving Source Based Deduplicaton Method (프라이버시 보존형 소스기반 중복제거 방법)

  • Nam, Seung-Soo;Seo, Chang-Ho
    • Journal of Digital Convergence
    • /
    • v.14 no.2
    • /
    • pp.175-181
    • /
    • 2016
  • Cloud storage servers do not detect duplication of conventionally encrypted data. To solve this problem, convergent encryption has been proposed. Recently, various client-side deduplication technology has been proposed. However, this propositions still cannot solve the security problem. In this paper, we suggest a secure source-based deduplication technology, which encrypt data to ensure the confidentiality of sensitive data and apply proofs of ownership protocol to control access to the data, from curious cloud server and malicious user.

The QoS Filtering and Scalable Transmission Scheme of MPEG Data to Adapt Network Bandwidth Variation (통신망 대역폭 변화에 적응하는 MPEG 데이터의 QoS 필터링 기법과 스케일러블 전송 기법)

  • 유우종;김두현;유관종
    • Journal of Korea Multimedia Society
    • /
    • v.3 no.5
    • /
    • pp.479-494
    • /
    • 2000
  • Although the proliferation of real-time multimedia services over the Internet might indicate its successfulness in dealing with heterogeneous environments, it is obvious, on the other hand, that the internet now has to cope with a flood of multimedia data which consumes most of network communication channels due to a great deal of video or audio streams. Therefore, for the purpose of an efficient and appropriate utilization of network resources, it requires to develop and deploy a new scalable transmission technique n consideration of respective network environment and individual clients computing power. Also, we can eliminate the waste effects of storage device and data transmission overhead in that the same video stream duplicated according to QoS. The purpose of this paper is to develop a technology that can adjust the amount of data transmitted as an MPEG video stream according to its given communication bandwidth, and technique that can reflect dynamic bandwidth while playing a video stream. For this purpose, we introduce a media scalable media decomposer working on server side, and a scalable media composer working o n a client side, and then propose a scalable transmission method and a media sender and a media receiver in consideration of dynamic QoS. Those methods proposed her can facilitate an effective use of network resources, and provide multimedia MPEG video services in real-time with respect to individual client computing environment.

  • PDF

A Study of Step-by-step Countermeasures Model through Analysis of SQL Injection Attacks Code (공격코드 사례분석을 기반으로 한 SQL Injection에 대한 단계적 대응모델 연구)

  • Kim, Jeom-Goo;Noh, Si-Choon
    • Convergence Security Journal
    • /
    • v.12 no.1
    • /
    • pp.17-25
    • /
    • 2012
  • SQL Injection techniques disclosed web hacking years passed, but these are classified the most dangerous attac ks. Recent web programming data for efficient storage and retrieval using a DBMS is essential. Mainly PHP, JSP, A SP, and scripting language used to interact with the DBMS. In this web environments application does not validate the client's invalid entry may cause abnormal SQL query. These unusual queries to bypass user authentication or da ta that is stored in the database can be exposed. SQL Injection vulnerability environment, an attacker can pass the web-based authentication using username and password and data stored in the database. Measures against SQL Inj ection on has been announced as a number of methods. But if you rely on any one method of many security hole ca n occur. The proposal of four levels leverage is composed with the source code, operational phases, database, server management side and the user input validation. This is a way to apply the measures in terms of why the accident preventive steps for creating a phased step-by-step response nodel, through the process of management measures, if applied, there is the possibility of SQL Injection attacks can be.