Data deduplication is an effective technique for eliminating redundancy in outsourced data, thereby reducing both storage consumption and communication overhead. Existing encrypted deduplication schemes typically support secure cloud storage and sharing with certain privacy guarantees, but they often fall short in large-scale deployments and rarely achieve, at the same time, flexible access control and robustness against duplicate-faking and ownership-faking attacks. In this work, we propose an efficient encrypted deduplication scheme with fine-grained access control. Our design combines symmetric encryption with a novel tag-generation mechanism to ensure data confidentiality and high performance, while allowing data owners to specify individualized authorization policies. Rigorous security analysis shows that the proposed scheme preserves data privacy and integrity and is secure against both duplicate-faking and ownership-faking attacks. Extensive experiments further demonstrate its practicality: compared with Yang et al.’s scheme, our construction achieves up to 327 \(\times \) higher computational efficiency, reduces communication cost by a factor of 2.962, and lowers storage overhead by a factor of 1.002 for 100 KB files.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Efficient Deduplication over Encrypted Data Under Flexible Access Control

  • Xiaofeng Jia,
  • Songnian Zhang

摘要

Data deduplication is an effective technique for eliminating redundancy in outsourced data, thereby reducing both storage consumption and communication overhead. Existing encrypted deduplication schemes typically support secure cloud storage and sharing with certain privacy guarantees, but they often fall short in large-scale deployments and rarely achieve, at the same time, flexible access control and robustness against duplicate-faking and ownership-faking attacks. In this work, we propose an efficient encrypted deduplication scheme with fine-grained access control. Our design combines symmetric encryption with a novel tag-generation mechanism to ensure data confidentiality and high performance, while allowing data owners to specify individualized authorization policies. Rigorous security analysis shows that the proposed scheme preserves data privacy and integrity and is secure against both duplicate-faking and ownership-faking attacks. Extensive experiments further demonstrate its practicality: compared with Yang et al.’s scheme, our construction achieves up to 327 \(\times \) higher computational efficiency, reduces communication cost by a factor of 2.962, and lowers storage overhead by a factor of 1.002 for 100 KB files.