A Hybrid Cloud Approach for Secure Authorized Deduplication

Note: Please Scroll Down to See the Download Link.


ABSTRACT:  Data deduplication is one of important data compression techniques for eliminating duplicate copies of repeating data, and has been widely used in cloud storage to reduce the amount of storage space and save bandwidth. To protect the confidentiality of sensitive data while supporting deduplication, the convergent encryption technique has been proposed to encrypt the data before outsourcing. To better protect data security, this paper makes the first attempt to formally address the problem of authorized data deduplication. Different from traditional deduplication systems, the differential privileges of users are further considered in duplicate check besides the data itself. We also present several new deduplication constructions supporting authorized duplicate check in a hybrid cloud architecture. Security analysis demonstrates that our scheme is secure in terms of the definitions specified in the proposed security model. As a proof of concept, we implement a prototype of our proposed authorized duplicate check scheme and conduct testbed experiments using our prototype. We show that our proposed authorized duplicate check scheme incurs minimal overhead compared to normal operations.



Ø Data deduplication systems, the private cloud is involved as a proxy to allow data owner/users to securely perform duplicate check with differential privileges.

Ø Such architecture is practical and has attracted much attention from researchers.

Ø The data owners only outsource their data storage by utilizing public cloud while the data operation is managed in private cloud.



Ø Traditional encryption, while providing data confidentiality, is incompatible with data deduplication.

Ø Identical data copies of different users will lead to different ciphertexts, making deduplication impossible.



In this paper, we enhance our system in security. Specifically, we present an advanced scheme to support stronger security by encrypting the file with differential privilege keys. In this way, the users without corresponding privileges cannot perform the duplicate check. Furthermore, such unauthorized users cannot decrypt the cipher text even collude with the S-CSP. Security analysis demonstrates that our system is secure in terms of the definitions specified in the proposed security model.


  • The user is only allowed to perform the duplicate check for files marked with the corresponding privileges.
  •  We present an advanced scheme to support stronger security by encrypting the file with differential privilege keys.
  •  Reduce the storage size of the tags for integrity check. To enhance the security of deduplication and protect the data confidentiality,


  •  Cloud Service Provider
  •  Data Users Module
  •  Private Cloud Module
  •  Secure Deduplication System


Cloud Service Provider

  1.  In this module, we develop Cloud Service Provider module. This is an entity that provides a data storage service in public cloud.
  2.  The S-CSP provides the data outsourcing service and stores data on behalf of the users.
  3.  To reduce the storage cost, the S-CSP eliminates the storage of redundant data via deduplication and keeps only unique data.
  4.  In this paper, we assume that S-CSP is always online and has abundant storage capacity and computation power.

Data Users Module

  •  A user is an entity that wants to outsource data storage to the S-CSP and access the data later.
  •  In a storage system supporting deduplication, the user only uploads unique data but does not upload any duplicate data to save the upload bandwidth, which may be owned by the same user or different users.
  •  In the authorized deduplication system, each user is issued a set of privileges in the setup of the system. Each file is protected with the convergent encryption key and privilege keys to realize the authorized deduplication with differential privileges.

Private Cloud Module

  1.  Compared with the traditional deduplication architecture in cloud computing, this is a new entity introduced for facilitating user’s secure usage of cloud service.
  2.  Specifically, since the computing resources at data user/owner side are restricted and the public cloud is not fully trusted in practice, private cloud is able to provide data user/owner with an execution environment and infrastructure working as an interface between user and the public cloud.
  3.  The private keys for the privileges are managed by the private cloud, who answers the file token requests from the users. The interface offered by the private cloud allows user to submit files and queries to be securely stored and computed respectively.

Secure Deduplication System

  •  We consider several types of privacy we need protect, that is, i) unforgeability of duplicate-check token: There are two types of adversaries, that is, external adversary and internal adversary.
  •  As shown below, the external adversary can be viewed as an internal adversary without any privilege.
  •  If a user has privilege p, it requires that the adversary cannot forge and output a valid duplicate token with any other privilege pon any file F, where p does not match p. Furthermore, it also requires that if the adversary does not make a request of token with its own privilege from private cloud server, it cannot forge and output a valid duplicate token with p on any F that has been queried.




Ø System                          :         Pentium IV 2.4 GHz.

Ø Hard Disk                      :         40 GB.

Ø Floppy Drive                 :         1.44 Mb.

Ø Monitor                         :         15 VGA Colour.

Ø Mouse                            :         Logitech.

Ø Ram                               :         512 Mb.



Ø Operating system           :         Windows XP/7.

Ø Coding Language         :         JAVA/J2EE

Ø IDE                                   :         Netbeans 7.4

Ø Database                        :         MYSQL


Jin Li, Yan Kit Li, Xiaofeng Chen, Patrick P. C. Lee, Wenjing Lou,“A Hybrid Cloud Approach for Secure Authorized Deduplication”,IEEE Transactions on Parallel and Distributed Systems, 2014

Click here to download A Hybrid Cloud Approach for Secure Authorized Deduplication source code