Authorized Client-side Deduplication Using Access Policy-based Convergent Encryption

This paper proposes the method to provide efficient use of cloud storage while supporting secure data sharing in the cloud. In order to provide authorized deduplication, we use the convergent encryption scheme and apply an access privilege to generate a convergent key. Because of this, the user without proper privileges will not be able to generate the convergent key and thus cannot access the shared data. To verify the ownership of the file in the client-side deduplication procedure, we also propose a new proofs of ownership protocol based on an existing Merkle Tree-based protocol. Our scheme provides an adequate trade-off between security and storage space efficiency. By executing the deduplication for users with the same privilege, the effect of deduplication can be reduced. However, in view of the data sharing, our approach has as advantage in the sense that only authorized users can access the files encrypted based on privileges allowed to the users. The proposed scheme is very suitable for the hybrid cloud model considering both the data security and the storage efficiency.