Secure Deduplication System with Active Key Update and Its Application in IoT

Abstract

The rich cloud services in the Internet of Things create certain needs for edge computing, in which devices should be able to handle storage tasks securely, reliably, and efficiently. When processing the storage requests from edge devices, each cloud server is supposed to eliminate duplicate copies of repeating data to reduce the amount of storage space and save on bandwidth. To protect data confidentiality while supporting deduplication, some convergent-encryption-based techniques have been proposed to encrypt the data before uploading. However, all these works cannot meet two requirements while preventing brute-force attacks: (i) power-constrained edge nodes should update encryption keys efficiently when an edge node is abandoned; and (ii) the access privacy of edge nodes should be guaranteed. In this article, we propose a novel encryption scheme for secure chunk-level deduplication. Based on this scheme, we present two constructions of the secure deduplication system that support an efficient key update protocol. The key update protocol does not involve any edge node in computational tasks, so that the deduplication system can adopt an active key update strategy. Moreover, one of our constructions, which is called advance construction, can provide access privacy assurances for edge nodes. The security analysis is given in terms of the proposed threat model. The experimental analysis demonstrates that the proposed deduplication system is practical.