Deduplication vs Privacy Tradeoffs in Cloud Storage

Abstract

Users often encrypt files they store on cloud storage services to ensure data privacy. Unfortunately, without additional mechanisms, encrypting files prevents the use of server-side deduplication as two identical files will be different when encrypted. Encrypted deduplication techniques combines file encryption and data deduplication. This combination usually requires some form of direct or indirect coordination between the different clients. In this paper, we address the problem of reconciling the need to encrypt data with the advantages of deduplication. In particular, we study techniques that achieve this objective while avoiding frequency analysis attacks, i.e., attacks that infer the content of an encrypted file based on how frequently the file is stored and/or accessed. We propose a new protocol for assigning encryption keys to files that leverages the use of trusted execution environments to hide the frequencies of chunks from the adversary.