Authorized convergent encryption for client-side deduplication

Taek-Young Youn1, Ku-Young Chang1, Kyung Hyune Rhee2, and Sang Uk Shin2+
 

1Electronics and Telecommunications Research Institute (ETRI),

Daejeon, Republic of Korea

{taekyoung, jang1090}@etri.re.kr

 

2Electronics Dept. of IT Convergence and Application Engineering,

Pukyong National University, Busan, Republic of Korea

{khrhee, shinsu}@pknu.ac.kr

 

Abstract

This paper proposes the method to provide efficient use of cloud storage while supporting secure data sharing in the cloud. In order to provide deduplication, we use the convergent encryption scheme and apply an access privilege to generate a convergent key. Because of this, the user without proper privileges will not able to generate a convergent key and thus can’t access the shared data. The proposed method provides an adequate trade-off between security and storage space efficiency. By executing the deduplication for users with the same privilege, the effect of deduplication can be reduced, but in view of the data sharing, there is the advantage that only authorized users can access by uploading the encrypted file with the privilege information. The proposed scheme seems to be very suitable for the hybrid cloud model considering both the data security and the storage efficiency.

Keywords: Convergent Encryption, Client-side Deduplication, Cloud Computing, Access Privilege.

 

+: Corresponding author: Sang Uk Shin
Dept. of IT Convergence and Application Engineering, Pukyong National University, 45, Yongsoro,

Nam-Gu. Busan, Republic of Korea, Tel: +82-51-629-6249

IT Convergence Practice (INPRA), Vol. 4, No. 2, pp. 9-17, June 2016 [pdf]