RESIST: Randomized Encryption for Deduplicated Cloud Storage System

Cloud computing offers scalable and ubiquitous storage services in a pay-as-you-go fashion. Data deduplication is one of the important technologies of cloud storage services. It reduces storage and communication costs by skipping uploading and storing redundant data copies. In order to protect data confidentiality, users generally encrypt data before uploading it to the cloud. Existing state-of-the-art deduplication security schemes either depend upon deterministic encryption mechanisms, that are exposed to online-offline dictionary attacks, or equip additional key server(s), which is not an economically efficient approach. In this paper, we propose a novel approach RESIST, randomized encryption for deduplicated cloud systems. RESIST encrypts the data using a random key to protect against online-offline dictionary attacks. In addition, the random key is encrypted using Merkle hash tree of data to limit its access to only data owners. Moreover, the previous data uploaders do not need to be online to share the key with subsequent uploaders. We analyze the security of RESIST using cryptographic proofs. We implement RESIST in real cloud environments and compare its performance with the recent state-of-the-art schemes.