research-article

The Overhead of Confidentiality and Client-side Encryption in Cloud Storage Systems

Authors:

Niklas CarlssonAuthors Info & Claims

UCC'19: Proceedings of the 12th IEEE/ACM International Conference on Utility and Cloud Computing

Pages 209 - 217

https://doi.org/10.1145/3344341.3368808

Published: 02 December 2019 Publication History

Abstract

Client-side encryption (CSE) is important to ensure that only the intended users have access to information stored in public cloud services. However, CSE complicates file synchronization methods such as deduplication and delta encoding, important to reduce the large network bandwidth overheads associated with cloud storage services. To investigate the overhead penalty associated with CSE, in this paper, we present a comprehensive overhead analysis that includes empirical experiments using four popular CSE services (CSEs) and four popular non-CSEs. Our results show that existing CSEs are able to implement CSE together with bandwidth saving features such as compression and deduplication with low additional overhead compared to the non-CSEs. The most noticeable differences between CSEs and non-CSEs are instead related to whether they implement delta encoding and how effectively such solutions are implemented. In particular, fewer CSEs than non-CSEs implement delta encoding, and the bandwidth saving differences between the applications that implement delta encoding can be substantial.

References

[1]

Arash Ferdowsi - Dropbox Inc. 2011. Yesterday's Authentication Bug. (2011). https://blogs.dropbox.com/dropbox/2011/06/yesterdays-authentication-bug/

[2]

Y. Bai and Y. Zhang. 2017. StoArranger: Enabling Efficient Usage of Cloud Storage Services on Mobile Devices. In Proc. IEEE ICDCS .

[3]

E. Bocchi, I. Drago, and M. Mellia. 2017. Personal Cloud Storage Benchmarks and Comparison. IEEE Trans. on Cloud Computing, Vol. 5, 4 (2017).

[4]

Cloudwards. 2018. Best Cloud Storage Providers of 2018. (2018). https://www.cloudwards.net/comparison/

[5]

Y. Cui, Z. Lai, and N. Dai. 2016. A First Look At Mobile Cloud Storage Services: Architecture, Experimentation, and Challenges. IEEE Network, Vol. 30, 4 (2016).

[6]

Y. Cui, Z. Lai, X. Wang, and N. Dai. 2017. QuickSync: Improving Synchronization Efficiency for Mobile Cloud Storage Services. IEEE Trans. on Mobile Computing, Vol. 16, 12 (2017).

[7]

Y. Cui, Z. Lai, X. Wang, N. Dai, and C. Miao. 2015. QuickSync: Improving Synchronization Efficiency for Mobile Cloud Storage Services. In Proc. ACM MobiCom .

[8]

I. Drago, E. Bocchi, M. Mellia, H. Slatman, and A. Pras. 2013. Benchmarking Personal Cloud Storage. In Proc. IMC .

[9]

I. Drago, M. Mellia, M. M. Munafò, A. Sperotto, R. Sadre, and A. Pras. 2012. Inside Dropbox: Understanding Personal Cloud Storage Services. In Proc. IMC .

[10]

Dropbox. 2018. Under the hood: Architecture overview. (2018). https://www.dropbox.com/business/trust/security/architecture

[11]

Dropbox Inc. 2019. Dropbox Terms of Service. (2019). https://www.dropbox.com/terms

[12]

Z. Durumeric et almbox. 2014. The Matter of Heartbleed. In Proc. IMC .

Digital Library

[13]

G. Goncalves, I. Drago, A. da Silva, A. B. Vieira, and J. M. Almeida. 2014. Modeling the Dropbox Client Behavior. In Proc. IEEE ICC .

[14]

G. Goncc alves, I. Drago, A. P. C. Da Silva, A. B. Vieira, and J. M. Almeida. 2016. The impact of content sharing on cloud storage bandwidth consumption. IEEE Internet Computing, Vol. 20, 4 (2016), 26--35.

[15]

G. Goncc alves, A. B. Vieira, I. Drago, A. P. C. Da Silva, and J. M. Almeida. 2017. Cost-Benefit Tradeoffs of Content Sharing in Personal Cloud Storage. In Proc. IEEE MASCOTS .

[16]

Google LLC. 2018. Google Terms of Service. (2018). https://www.google.com/intl/en/policies/terms/

[17]

R. Gracia-Tinedo, M. S. Artigas, A. Moreno-Martinez, C. Cotes, and P. G. Lopez. 2013. Actively Measuring Personal Cloud Storage. In Proc. IEEE CLOUD .

[18]

R. Gracia-Tinedo, Y. Tian, J. Sampe, H. Harkous, J. Lenton, P. G. Lopez, M. Sanchez-Artigas, and M. Vukolic. 2015. Dissecting UbuntuOne: Autopsy of a Global-scale Personal Cloud Back-end. In Proc. IMC .

[19]

G. Greenwald, E. MacAskill, L. Poitras, S. Ackerman, and D. Rushe. 2013. Microsoft handed the NSA access to encrypted messages. The Guardian (2013). https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data

[20]

J. Gustafsson, G. Overier, M. Arlitt, and N. Carlsson. 2017. A First Look at the CT Landscape: Certificate Transparency Logs in Practice. In Proc. PAM .

[21]

D. Harnik, B. Pinkas, and A. Shulman-Peleg. 2010. Side Channels in Cloud Services: Deduplication in Cloud Storage. IEEE Security & Privacy, Vol. 8, 6 (2010).

[22]

E. Henziger and N. Carlsson. 2019. Delta Encoding Overhead Analysis of Cloud Storage Systems using Client-side Encryption. In Proc. IEEE CloudCom .

[23]

W. Hu, T. Yang, and J. N. Matthews. 2010. The Good, the Bad and the Ugly of Consumer Cloud Storage . ACM SIGOPS Operating Systems Review, Vol. 44, 3 (2010).

Digital Library

[24]

J. Hur, D. Koo, Y. Shin, and K. Kang. 2016. Secure data deduplication with dynamic ownership management in cloud storage. IEEE Trans. on Knowledge and Data Engineering, Vol. 28 (2016), 3113--3125.

Digital Library

[25]

I. Lam, S. Szebeni, and L. Buttyan. 2012a. Invitation-oriented TGDH: Key management for dynamic groups in an asynchronous communication model. In Proc. IEEE ICPP Workshops .

[26]

I. Lam, S. Szebeni, and L. Buttyan. 2012b. Tresorium: Cryptographic file system for dynamic groups over untrusted cloud storage. In Proc. IEEE ICPP Workshops .

[27]

I. Lam, S. Szebeni, and T. Koczka. 2015. Client-side encryption with DRM . (2015). US Patent 9,129,095.

[28]

B. Laurie, A. Langley, and E. K"asper. 2013. RFC6962: Certificate Transparency. IETF.

[29]

G. Lee, H. Ko, and S. Pack. 2017. An Efficient Delta Synchronization Algorithm for Mobile Cloud Storage Applications. IEEE Trans. on Services Computing, Vol. 10, 3 (2017).

[30]

J. Li, X. Chen, M. Li, J. Li, P. P. Lee, and W. Lou. 2013a. Secure deduplication with efficient and reliable convergent key management. IEEE Trans. on Parallel and Distributed Systems, Vol. 25, 6 (2013), 1615--1625.

Digital Library

[31]

Z. Li, Y. Dai, G. Chen, and Y. Liu. 2014. Towards Network-level Efficiency for Cloud Storage Services. In Proc. IMC .

[32]

Z. Li, X. Wang, N. Huang, M. A. Kaafar, Z. Li, J. Zhou, G. Xie, and P. Steenkiste. 2016. An Empirical Analysis of a Large-scale Mobile Cloud Storage Service. In Proc. IMC .

[33]

Z. Li, C. Wilson, Z. Jiang, Y. Liu, B. Y. Zhao, C. Jin, Z.-L. Zhang, and Y. Dai. 2013b. Efficient Batched Synchronization in Dropbox-like Cloud Storage Services. In Proc. ACM/IFIP/USENIX Middleware .

[34]

P. G. Lopez, M. Sanchez-Artigas, S. Toda, C. Cotes, and J. Lenton. 2014. StackSync: Bringing Elasticity to Dropbox-like File Synchronization. In Proc. ACM Middleware .

[35]

X. Luo, H. Zhou, L. Yu, L. Xue, and Y. Xie. 2016. Characterizing mobile*-box applications. Computer Networks, Vol. 103 (2016).

[36]

T. Mager, E. Biersack, and P. Michiardi. 2012. A Measurement Study of the Wuala On-line Storage Service. In Proc. IEEE P2P .

[37]

Mattt. 2018. Network Link Conditioner. (2018). http://nshipster.com/network-link-conditioner/

[38]

MEGA. 2018a. MEGA - Developers Documentation. (2018). https://mega.nz/doc

[39]

MEGA. 2018b. Mega Limited. (2018). https://github.com/meganz

[40]

D. T. Meyer and W. J. Bolosky. 2012. A Study of Practical Deduplication. ACM Trans. on Storage, Vol. 7, 4 (2012).

Digital Library

[41]

Mitmproxy. 2018. (2018). https://mitmproxy.org/

[42]

B. Möller, T. Duong, and K. Kotowicz. 2014. This POODLE Bites: Exploiting the SSL 3.0 Fallback. Security Advisory (2014).

[43]

C. Nykvist, L. Sjostrom, J. Gustafsson, and N. Carlsson. 2018. Server-side Adoption of Certificate Transparency. Proc. PAM .

[44]

P. Puzio, R. Molva, M. Önen, and S. Loureiro. 2013. ClouDedup: Secure deduplication with encrypted data for cloud storage. In Proc. IEEE CloudCom .

[45]

SpiderOak Inc. 2018. No Knowledge, Secure-by-Default Products. (2018). https://spideroak.com/no-knowledge/

[46]

M. Storer, K. Greenan, D. Long, and E. Miller. 2008. Secure data deduplication. In Proc. ACM Storage Security and Survivability workshop .

[47]

Sync.com Inc. 2015. Privacy White Paper . Technical Report. https://www.sync.com/pdf/sync-privacy.pdf

[48]

A. Tervort. 2017. Disk Space Use During File Backup - SpiderOak Support. (2017). https://support.spideroak.com/hc/en-us/articles/115001891163-Disk-Space-Use-During-File-Backup

[49]

A. Tervort. 2018. ShareRooms and No Knowledge - SpiderOak Support. (2018). https://support.spideroak.com/hc/en-us/articles/115001854223-ShareRooms-and-No-Knowledge

[50]

R. N. Widodo, H. Lim, and M. Atiquzzaman. 2017. A new content-defined chunking algorithm for data deduplication in cloud storage. Future Generation Computer Systems, Vol. 71 (2017).

[51]

D. C. Wilson and G. Ateniese. 2014. "To Share or not to Share" in Client-Side Encrypted Clouds. In Proc. ISC .

Cited By

Rupa CGreeshmanth Shah M(2023)Novel secure data protection scheme using Martino homomorphic encryptionJournal of Cloud Computing10.1186/s13677-023-00425-712:1Online publication date: 27-Mar-2023
https://doi.org/10.1186/s13677-023-00425-7
Pandey NKashyap SSharma ADiwakar M(2023)Contribution of Cloud‐Based Services in Post‐Pandemic Technology Sustainability and ChallengesEvolving Networking Technologies10.1002/9781119836667.ch4(55-74)Online publication date: 24-May-2023
https://doi.org/10.1002/9781119836667.ch4
Henziger ECarlsson N(2019)Delta Encoding Overhead Analysis of Cloud Storage Systems Using Client-Side Encryption2019 IEEE International Conference on Cloud Computing Technology and Science (CloudCom)10.1109/CloudCom.2019.00036(183-190)Online publication date: Dec-2019
https://doi.org/10.1109/CloudCom.2019.00036

Index Terms

The Overhead of Confidentiality and Client-side Encryption in Cloud Storage Systems

Recommendations

Benefits of Encryption at the Storage Client
SYSTOR '23: Proceedings of the 16th ACM International Conference on Systems and Storage

Client side encryption is a setting in which storage I/O is encrypted at the client machine before being sent out to a storage system. This is typically done by adding an encryption layer before the storage client or driver. We identify that in cases ...
Reconciling End-to-End Confidentiality and Data Reduction In Cloud Storage
CCSW '14: Proceedings of the 6th edition of the ACM Workshop on Cloud Computing Security

An increasingly common practice for users of storage systems is to perform end-to-end encryption to ensure the confidentiality of data stored on external storage systems or in the cloud. This practice, however, inhibits the benefits of deduplication and ...
Proofs of ownership in remote storage systems
CCS '11: Proceedings of the 18th ACM conference on Computer and communications security

Cloud storage systems are becoming increasingly popular. A promising technology that keeps their cost down is deduplication, which stores only a single copy of repeating data. Client-side deduplication attempts to identify deduplication opportunities ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

UCC'19: Proceedings of the 12th IEEE/ACM International Conference on Utility and Cloud Computing

December 2019

307 pages

ISBN:9781450368940

DOI:10.1145/3344341

General Chairs:
Kenneth Johnson
Auckland University of Technology, New Zealand
,
Josef Spillner
Zurich University of Applied Sciences, Switzerland
,
Program Chairs:
Dalibor Klusáček
CESNET
,
Ashiq Anjum
University of Derby

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGARCH: ACM Special Interest Group on Computer Architecture
IEEE TCSC: IEEE Technical Committee on Scalable Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 December 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Vetenskapsrådet

Conference

UCC '19

Sponsor:

SIGARCH
IEEE TCSC

UCC '19: IEEE/ACM 12th International Conference on Utility and Cloud Computing

December 2 - 5, 2019

Auckland, New Zealand

Acceptance Rates

Overall Acceptance Rate 38 of 125 submissions, 30%

Upcoming Conference

UCC '24

Sponsor:
sigarch

2024 IEEE/ACM 17th International Conference on Utility and Cloud Computing

December 16 - 19, 2024

Sharjah , United Arab Emirates

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
162
Total Downloads

Downloads (Last 12 months)28
Downloads (Last 6 weeks)0

Reflects downloads up to 22 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Rupa CGreeshmanth Shah M(2023)Novel secure data protection scheme using Martino homomorphic encryptionJournal of Cloud Computing10.1186/s13677-023-00425-712:1Online publication date: 27-Mar-2023
https://doi.org/10.1186/s13677-023-00425-7
Pandey NKashyap SSharma ADiwakar M(2023)Contribution of Cloud‐Based Services in Post‐Pandemic Technology Sustainability and ChallengesEvolving Networking Technologies10.1002/9781119836667.ch4(55-74)Online publication date: 24-May-2023
https://doi.org/10.1002/9781119836667.ch4
Henziger ECarlsson N(2019)Delta Encoding Overhead Analysis of Cloud Storage Systems Using Client-Side Encryption2019 IEEE International Conference on Cloud Computing Technology and Science (CloudCom)10.1109/CloudCom.2019.00036(183-190)Online publication date: Dec-2019
https://doi.org/10.1109/CloudCom.2019.00036

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents