Abstract:

With the explosive growth of digital data, data deduplication has been widely used in cloud storage to reduce storage space and network bandwidth. Although the existing solutions use the convergent encryption (CE) to improve data confidentiality, the CE faces two main challenges: 1) the CE is subject to offline bruteforce dictionary attacks because it is deterministic and keyless; 2) the CE has to encrypt all data and calculate the fingerprint based on its ciphertext, thus the computation cost increases as the data deduplication  ratio increases. In order to solve these problems, we propose a twicehash based convergent encryption strategy (TCE). The TCE encrypts data after deduplication via computing the hash twice. And the trusted third party adds secret information to make random convergent keys. The TCE uses the second hash as the fingerprint and eliminates  useless operations for duplicate data encryption. Experimental results show that the TCE can reduce the backup window by 30%~50% in comparison with the CE.

Key words: data de-duplication, convergent encryption, brute force attack, backup window