Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The second considers the deduplication in cloud storage. Cloud providers tend to save storage via cross-user deduplication, while users who care about privacy tend to encrypt their files on client-side. Secure deduplication of encrypted data (SDoE) is an active research topic. In CloSe, we have a paper published in CCS '16 15 [7] that solves this problem. However, it lacks of formal security model and proof to capture the security of multiple runs.


OmniShare. We have proposed, developed, and evaluated OmniShare, the first scheme to combine strong client-side encryption with intuitive key distribution mechanisms to enable access from multiple client devices and sharing between users. OmniShare uses a novel combination of out-of-band channels, including QR codes and ultrasonic communication, as well as the cloud storage service itself, to authenticate new devices. We describe the design and implementation of OmniShare, and explain how we evaluated its security (using formal methods), its performance (benchmarks), and its usability (cognitive walkthrough). OmniShare is open source software and currently available for Android and Windows with other platforms in development. This work has been accepted for publication in IEEE Internet Computing (JuFo 3) [9].

For SDoE, we propose a formal security model for the single-server “secure deduplication of encrypted data”. We claim show that a deduplication scheme proved secure in this model can guarantee that, for a certain file, (1) a compromised client cannot learn whether or not this file has already been uploaded by someone else, and (2) the only there is no way for a compromised server to uniquely determine this file is by doing an break this SDoE faster than doing a online brute-force attack. We  We proposed two new single-server deduplication schemes and prove their security in our model. We showed that their deduplication effectiveness is reasonable via simulations with realistic datasets. This paper has been accepted by CT-RSA '18 [8].


In this setting, the server divides the database into several subsets. Each subset contains elements of the database that start with the same prefix of bits. The server stores each subset into a Bloom filter or Cuckoo filter. The server arranges a matrix and inserts the filters into the matrix. In order to achieve privacy properties, the client encrypts the location of the matrix that he/she is interested in, using additively homomorphic encryption. We used Paillier encryption scheme to implement this protocol. The client sends the encrypted values to the server. The server performs a series of computations for all the elements of the matrix, using the client’s encrypted values and sends the results back to the client. The client decrypts the results, retrieves a filter, and performs the membership test on this filter privately. We implement this protocol based on our motivation scenariomotivating scenarios.

The results show that our proposed protocol has low communication and computation complexity, such that it is feasible in practice. Moreover, this solution does not need any pre-processing procedure. Therefore, updates can be done instantly. This work has been published in NSS ’17 [2].


Achieved Results

We have addressed the use case where one entity owns the trust relationship database and another makes queries to it. The owner of the database calculates the binary matrix that has a 1 in location (i,j) if there is a path from node denoted by i to the node denoted by j in the directed graph and a zero otherwise. The matrix is encrypted and then sent to the cloud.


[6] Sara Ramezanian, Tommi Meskanen, Valtteri Niemi. Privacy Preserving Queries on Directed Graph. submitted to Accepted by NTMS'2018 - Security Track


[8] Jian Liu, Li Duan, Yong Li and N. Asokan. "Secure deduplication of encrypted data: Refined Model and New Constructions." Accepted by CT-RSA 2018.

[9] Andrew Paverd, Sandeep Tamrakar, Hoang Long Nguyen, Praveen Kumar Pendyala, Thien Duc Nguyen, Elizabeth Stobert, Tommi Gröndahl, N. Asokan, Ahmad-Reza Sadeghi, "OmniShare: Securely Accessing Encrypted Cloud Storage from Multiple Authorized Devices", Accepted by IEEE Internet Computing.