In cloud storage, client-side deduplication is widely used to reduce storage and communication costs. In client-side deduplication, if the cloud server detects that the user’s outsourced data have been stored, then clients will not need to reupload the data. However, the information on whether data need to be uploaded can be used as a side-channel, which can consequently be exploited by adversaries to compromise data privacy. In this paper, we propose a new threat model against side-channel attacks. Different from existing schemes, the adversary could learn the approximate ratio of stored chunks to unstored chunks in outsourced files, and this ratio will affect the probability that the adversary compromises the data privacy through side-channel attacks. Under this threat model, we design two defense schemes to minimize privacy leakage, both of which design interaction protocols between clients and the server during deduplication checks to reduce the probability that the adversary compromises data privacy. We analyze the security of our schemes, and evaluate their performances based on a real-world dataset. Compared with existing schemes, our schemes can better mitigate data privacy leakage and have a slightly lower communication cost.
- Article type
- Year
- Co-author
The leakage of sensitive data occurs on a large scale and with increasingly serious impact. It may cause privacy disclosure or even property damage. Password leakage is one of the fundamental reasons for information leakage, and its importance is must be emphasized because users are likely to use the same passwords for different Web application accounts. Existing approaches use a password manager and encrypted Web application to protect passwords and other sensitive data; however, they may be compromised or lack accessibility. The paper presents SecureWeb, which is a secure, practical, and user-controllable framework for mitigating the leakage of sensitive data. SecureWeb protects users’ passwords and aims to provide a unified protection solution to diverse sensitive data. The efficiency of the developed schemes is demonstrated and the results indicate that it has a low overhead and are of practical use.