Proofs of Ownership in Remote Storage Systems
Source: Bar-Ilan University
Cloud storage systems are increasingly popular nowadays, and a promising technology to keep their cost down is deduplication, namely removing unnecessary copies of repeating data. Moreover, client-side deduplication attempts to identify deduplication opportunities already at the client and save the bandwidth in uploading another copy of an existing file to the server. In this paper, the authors identify attacks that exploit client-side deduplication, allowing an attacker to gain access to potentially huge files of other users based on a very small amount of side information. For example, an attacker who knows the hash signature of a file can convince the storage service that it owns that file, hence the server later lets the attacker download the entire file.