Description

Convergent encryption, also known as content hash keying, is a cryptosystem that produces identical cipher text from identical plaintext files. Data de duplication is a technique for eliminating duplicate copies of data, and has been widely used in cloud storage to reduce storage space and upload bandwidth. Promising as it is, an arising challenge is to perform secure de duplication in cloud storage. Although convergent encryption has been extensively adopted for secure de duplication, a critical issue of making convergent encryption practical is to efficiently and reliably manage a huge number of convergent keys. This paper makes the first attempt to formally address the problem of achieving efficient and reliable key management in secure de duplication. We first introduce a baseline approach in which each user holds an independent master key for encrypting the convergent keys and outsourcing them to the cloud. However, such a baseline key management scheme generates an enormous number of keys with the increasing number of users and requires users to dedicatedly protect the master keys. To this end, we propose De key, a new construction in which users do not need to manage any keys on their own but instead securely distribute the convergent key shares across multiple servers. Security analysis demonstrates that De key is secure in terms of the definitions specified in the proposed security model. As a proof of concept, we implement De key using the Ramp secret sharing scheme and demonstrate that De key incurs limited overhead in realistic environments.