Go to OpenReview Public Article ORCID homepageRevisiting SGX-Based Encrypted Deduplication via PoW-Before-Encryption and Eliminating Redundant Computations
Abstract: Encrypted deduplication is attractive for outsourced storage as it provides both data confidentiality and storage savings. Conventional encrypted deduplication schemes protect data confidentiality based on expensive cryptographic primitives, leading to performance degradation. Recently, several SGX-based schemes have been proposed to accelerate encrypted deduplication. However, these schemes have limitations in both security and performance aspects. This paper presents a SGX-based basic scheme to address these limitations, which first performs proof of ownership (PoW), followed by key generation and data encryption, realizing a new paradigm known as PoW-before-encryption (PbE) to solve the security issue in existing schemes. Additionally, the basic scheme implements deduplication-before-encryption (DbE) to reduce redundant computations, thus improving performance. Despite these improvements, the duplicate detection and key generation in the basic scheme still involve redundant computations. Consequently, we propose an epoch-based enhanced scheme that utilizes data locality and computation deduplication, which caches fresh computations in an epoch and reuses them to enhance performance. We provide a security analysis and evaluate the performance of our schemes using both synthetic and real-world workloads. The results demonstrate that our schemes offer stronger security guarantees while outperforming state-of-the-art schemes in terms of performance.
External IDs:doi:10.1109/tdsc.2024.3476288
Loading