A Secure Client-Side Deduplication Scheme Based on Updatable Server-Aided Encryption

The server-aided encryption is widely used in encrypted deduplication systems to protect against brute-force attacks. However, it is non-trivial to update the master key managed by the key server in existing schemes. Once the master key is leaked, all user data are vulnerable to offline brute-force attacks. In this article, we extend the server-aided encryption with the updatable encryption (UE) and a dynamic proof of ownership (PoW) protocol to make it support efficient key updates and can be used in the client-side deduplication. Specifically, we design an updatable server-aided encryption scheme based on UE, which achieves efficient encryption and the user-transparent key update for a system-level master key. Besides, to further enable our updatable server-aided encryption to be applicable to the client-side deduplication, we propose a dynamic PoW protocol based on the Merkle tree. Compared to the state-of-the-art PoW scheme, our PoW protects data privacy and allows multi-time leakages for the target file. Finally, we analyze the security of our scheme and present the performance evaluation. The results show that our scheme provides comprehensive security protection for user data and achieves efficient encryption, PoW, and key update.