Improving the Resistance to Side-Channel Attacks on Cloud Storage Services

Providers of cloud storage services usually apply deduplication across multiple user accounts in order to optimize savings of both upload bandwidth and storage space. However, deduplication can be used as a side channel by an adversary for obtaining sensitive information about other user's data...

Full description

Saved in:
Bibliographic Details
Main Authors: Heen, O., Neumann, C., Montalvo, L., Defrance, S.
Format: Conference Proceeding
Language:English
Subjects:
Bandwidth
Cloud computing
Logic gates
Privacy
Security
Servers
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Providers of cloud storage services usually apply deduplication across multiple user accounts in order to optimize savings of both upload bandwidth and storage space. However, deduplication can be used as a side channel by an adversary for obtaining sensitive information about other user's data. We propose a new gateway-based deduplication model that lets the storage service provider apply efficient deduplication while substantially reducing the risk of information leakage. We suppose that the cloud storage service is provided by a Network Service Provider that also ships advanced gateways to its customers. We discuss why it is much harder for an adversary to infer deduplication from the gateway than from a fully controlled host.
ISSN:2157-4952
DOI:10.1109/NTMS.2012.6208705