HEDup: Secure Deduplication with Homomorphic Encryption

Deduplication on encrypted data is a promising trend for both cloud storage providers and subscribers. Data deduplication allows cloud storage providers (CSP) to save storage space by eliminating the copies of the same data. Data encryption can ensure the confidentiality of customer´s data both in transit and at rest. However, deduplication that works on detecting identical data does not work well with encrypted data provided by conventional encryption. Encryption of the same data using different key (by different subscribers) will result in different ciphertexts that will not allow the CSP to carry out deduplication. In this paper, we propose a scheme to allow deduplication on encrypted data with the aid of a key server deployed at cloud service provider premises, called HEDup (Homomorphic Encryption Deduplication). In this solution, the subscriber encrypts data with data-encryption key obtained from key server via various key-management schemes, one of which uses homomorphic encryption. The main contributions of this project are (1) with a key server deployed at cloud provider premises, it will not only deduplicate data from particular domain but also for the CSP´s entire client base including public and different enterprise users - this results in higher storage savings and (2) data owners still maintain exclusive control of their data and data-encryption keys, i.e. CSP has no access to any of it - strong confidentiality guarantees. The experiments conducted show that data uploads and downloads using HEDup have minor storage and latency overhead. Our implementation also shows significant performance optimization when compared to commercial key management service for cloud object storage.