LSDedup: Layered Secure Deduplication for Cloud Storage

To implement encrypted data deduplication in a cloud storage system, users must encrypt files using special encryption algorithms (e.g., convergent encryption (CE)), which cannot provide strong protection. The confidential level of an outsourced file is determined by the user himself/herself subjectively or by the owner number of the file objectively. These files owned by a few users are considered strictly confidential and require strong protection. In this paper, we design, analyze and implement LSDedup, which attains a high storage efficiency while providing strictly confidential files (SCFiles) with strong protection. LSDedup allows cloud users to securely interact with cloud servers to check the confidential level of an outsourced file. Users encrypt the SCFiles using standard symmetric encryption algorithms to achieve a high security level, whereas encrypting the less confidential files (LSFiles) using CE such that cloud servers can perform deduplication. LSDedup is designed to prevent cloud servers reporting fake confidential level and a fake file user claiming the ownership of the file. Formal analysis is provided to justify its security. Besides, we implement an LSDedup prototype using Alibaba Cloud as backend storage. Our evaluations demonstrate that LSDedup can work with existing cloud service providers' APIs and achieves modest performance overhead.