(IJACSA) International Journal of Advanced Computer Science and Applications,

Vol. 12, No. 12, 2021

Secure and Efficient Proof of Ownership Scheme for

Client-Side Deduplication in Cloud Environments

Amer Al-Amer1 , Osama Ouda∗1,2

Department of Computer Science, College of Computer and Information Sciences, Jouf University, Saudi Arabia1
Department of Information Technology, Faculty of Computers and Information, Mansoura University, Egypt2

Abstract—Data deduplication is an effective mechanism that avoiding storing several copies of the same data. There are
reduces the required storage space of cloud storage servers by two main types of deduplication [9, 10] namely, server-side
avoiding storing several copies of the same data. In contrast with deduplication and client-side deduplication. The server-side
server-side deduplication, client-side deduplication can not only deduplication schemes [11, 12] remove duplicated copies of
save storage space but also reduce network bandwidth. Client- the same files after uploading them to the server. On the
side deduplication schemes, however, might suffer from serious
other hand, In client-side deduplication [10, 13], duplicated
security threats. For instance, an adversary can spoof the server
and gain access to a file he/she does not possess by claiming that copies are identified on the client side and not uploaded to
she/he owns it. In order to thwart such a threat, the concept of the server. Hence, in contrary to server-side deduplication,
proof-of-ownership (PoW) has been introduced. The security of client-side deduplication can not only save storage space and
the existing PoW scheme cannot be assured without affecting uploading time but also reduce network bandwidth.
the computational complexity of the client-side deduplication.
This paper proposes a secure and efficient PoW scheme for However, client-side deduplication schemes might suffer
client-side deduplication in cloud environments with minimal from serious security threats [13, 14, 15]. For instance, an
computational overhead. The proposed scheme utilizes convergent adversary can spoof the server and gain access to a file
encryption to encrypt a sufficiently large block specified by the that he/she does not possess by claiming that he/she owns
server to challenge the client that claims possession of the file it. To thwart such a threat, Halevi et al. [16] proposed a
requested to be uploaded. To ensure that the client owns the cryptographic primitive, referred to as ”proof of ownership”
entire file contents, and hence resist collusion attacks, the server (PoW), to allow the server to verify whether a client owns
challenges the client by requesting him to split the file he asks to a file. They pointed out that a robust PoW scheme should
upload into fixed-sized blocks and then encrypting a randomly
alleviate potential security threats without introducing I/O and
chosen block using a key formed from extracting one bit at a
specified location in all other blocks. This ensures a significant computational overhead at both client and server sides. Since
reduction in the communication overhead between the server the introduction of the proof-of-ownership concept, several
and client. Computational complexity analysis and experimental PoW schemes have been proposed in the past few years
results demonstrate that the proposed PoW scheme outperforms [14, 16, 17, 18, 19, 20, 21, 22]. However, the security of such
state-of-the-art PoW techniques. schemes cannot be assured without affecting the computational
complexity of client-side deduplication.
Keywords—Client-side deduplication; proof of ownership; con-
vergent encryption; could storage services An efficient PoW scheme should satisfy several require-
ments. First, the chances that an adversary successfully passes
I. I NTRODUCTION a PoW run should be negligible if the adversary does not
possess the file in its entirety. Second, a small fixed amount
Cloud computing is the provision of on-demand access to of information should be loaded on the server-side regardless
different computing services and resources, such as storage of the file size. Third, the amount of processed information
space, servers, networks, databases, and software, over the on both the client and server sides should be minimal. In
internet [1]. The different models of cloud computing can addition, the amount of transmitted data between the client and
provide a wide range of capabilities, adapted with different the server should be reduced to minimize the bandwidth. Un-
business goals, to diverse clients and/or consumers [2, 3]. The fortunately, the PoW schemes discussed above do not fulfill all
rapid development and integration of cloud computing have led of these requirements. Thus, new techniques that can resolve
organizations, institutions, and individuals to increasingly turn the security-efficiency trade-off and reduce communication and
to utilize services provided over the cloud [4]. Consequently, storage overhead should be proposed.
an increasing number of individuals and organizations tend
to move their data on cloud storage services (e.g., Dropbox, This paper proposes a secure and efficient proof-of-
SkyDrive, Google Drive, iCloud, Amazon S3). This resulted ownership scheme for client-side deduplication in cloud envi-
in rapid growth in the volume of data that is stored on the ronments that fulfills the requirements mentioned above. The
cloud storage servers [5, 6, 7]. proposed technique utilizes convergent encryption to encrypt
a sufficiently large block specified by the server to challenge
To increase efficiency as well as reduce the storage space the client that claims possession of the file requested to
required on storage servers, cloud storage providers tend to be uploaded. To ensure that the client owns the entire file
avoid downloading and uploading duplicated data [5, 8]. Data contents, and hence resists collusion attacks [23, 24], The
deduplication is an effective mechanism that aims at reducing server challenges the client by requesting him to split the file
the required storage space of the cloud storage servers by he/she asks to upload into fixed-sized blocks and then encrypts
www.ijacsa.thesai.org 916 | P a g e
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 12, No. 12, 2021

a randomly chosen block using a key formed from extracting

one bit at a specified location in all other blocks. This ensures
a significant reduction in the communication overhead between
the server and client. Moreover, the proposed scheme resists
attacks of honest-but-curious servers [25, 26, 27].
The rest of the paper is structured as follows. Section II
provides a brief background on the concepts of data deduplica-
tion, convergent encryption, and proof-of-ownership. Section
III describes the proposed PoW scheme in detail. Section IV
presents a computational complexity analysis of the proposed
scheme and provides a comparison with the state-of-the-art
schemes. Section V describes the experimental results and
discussion. Finally, Section VI concludes the paper.

II. BACKGROUND
A. Data Deduplication Fig. 2. Convergent Encryption Concept.
Data deduplication, also called single-instance storage,
techniques aim to eliminate duplicate copies of the same data
to improve storage utilization and reduce the unnecessary cost ensures security in the cloud by achieving confidentiality and
of storage capacity needs [13]. A prominent example of the data privacy. The main idea behind CE is to create similar
usefulness of data deduplication is redundant file attachments ciphertexts from similar plaintexts (see Fig. 2). Unlike tradi-
in email systems. Consider a typical email system containing tional cryptography, in which data encryption and decryption
50 copies of the same 20 megabyte (MB) file attachment. are carried out using cryptographic keys that are independent
Saving or archiving this email platform requires 1000 MB of of the data being encrypted, and hence different ciphertexts are
storage space. The storage demand can drop to only 20 MB if obtained from the same plaintexts, CE ensures that the same
data deduplication is employed. The example shown in Fig. 1 key is used for the same plaintexts. In CE, the data digest or
demonstrates the main concept of data deduplication. There are hash is used as a key to encrypt the data. Encrypting data in CE
two main types of data deduplication in cloud environments: undergoes the following three steps: 1) the digest (hash value)
server-side deduplication and client-side deduplication. Server- of the plaintext in question is computed, 2) the plaintext is then
side deduplication techniques identify repeated data after up- encrypted using its digest as a key, and 3) finally, the hash is
loading them to the server, whereas client-side deduplication encrypted with a key chosen by the user and stored along with
techniques identify duplicate copies of data before they are the obtained ciphertext. These steps ensure that identical data
uploaded to the server. Therefore, client-side deduplication copies will generate the same key and the same ciphertext.
techniques can reduce network data transfers in addition to
storage capacity.
C. Proof of Ownership (PoW)
In client-side deduplication techniques, the hash value of
the file requested to be uploaded by the client is firstly
computed and sent to the server. If this hash value exists in
the list of previously uploaded files to the server, the server
will request the client not to upload the file again to avoid
storing redundant data. However, in order to append the client
to the list of owners of that file, the server has to verify that the
client owns the entire file and not try to spoof it. Traditional
proof of ownership protocols, Such as the one proposed by
Halevy et al. [5] oud storage provider (CSP) has access to the
original file. In other words, such protocols depend on trust
between the cloud storage provider and the client. However,
this trust might generate many potential security risks since
cloud storage providers (CSPs) should not be fully trusted.
The process of adapting PoW protocols so that they can work
properly on encrypted data is an open problem so far [13].
Fig. 1. Data Deduplication Technology.
Several PoW schemes have been proposed over the past
few years. Gonzalez-Manzano et al. [14] proposed an attribute-
B. Convergent Encryption based symmetric encryption proof of ownership scheme, re-
ferred to as ase-PoW, for hierarchical environments. The main
Data deduplication techniques can benefit from convergent goals of this scheme are to resist honest-but-curious servers
encryption (CE) to achieve security smoothly and more easily and to provide flexible access control to ensure that users have
[10, 15]. Convergent encryption is a cryptographic concept that access to sensitive files with the right and real privileges. The
www.ijacsa.thesai.org 917 | P a g e
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 12, No. 12, 2021

idea behind this scheme is based on recursively encrypting Du et al. [22] proposed a proof of ownership and re-
parts of the file being uploaded to the server to assure its trievability framework (PoOR) in which the cloud client can
possession by the user. The ase-PoW scheme has the advantage prove ownership of files to the server without uploading or
of its ability to resist guessing attacks on the content and reduce downloading the files. The proposed framework consists of
the cloud workload. However, it does not take into account the the pre-processing two phase, proof of ownership phase, and
issues of user revocation and key updating. retrievability phase. The proof of ownership phase depends
on the Merkle Tree protocol and comprises three steps:
Dave et al. [17] proposed a secure proof of ownership prove, challenge, and verify. Cui et al. [28] proposed a new
scheme based on utilizing Merkle trees. The idea is based attribute-based storage system that supports secure and effi-
on calculating the responses of challenges in advance at the cient deduplication. The proposed system runs on a hybrid
server-side to avoid computational overhead while uploading cloud environment where the private cloud is responsible for
the file. The cloud server does not need to hold over the detecting identical copies for storage management. Ma et al.
resources until the response is received, which is preferable to [29] demonstrated how attribute-based encryption can be used
the utilization of stateless protocols. The user on the client- to minimize storage space and share data efficiently. In this
side is requested to encrypt the file to be uploaded to the technique, if the attributes of certain user is matched, then the
server using its digest as a key (a.k.a. convergent encryption user is given the right to decipher the encrypted data.
(CE)). Afterward, the user computes a file tag (usually a
cipher-text hash) to check the file’s existence on the server. Blasco et al. [30] proposed a PoW scheme, called bf-
The file uploading process consists of four stages (metadata PoW, that utilizes the Bloom filters to mitigate the server-side
generation, challenge generation, response generation, and overhead. The main drawback of the bf-PoW scheme is that
response verification). If the file tag does not exist in the it does not consider data privacy. Di Pietro and Sorniotti [9]
FileList kept by the server, the client will be requested to introduced another scheme, referred to as s-PoW in which the
upload the file with the tag. In the case of subsequent uploads, server requests clients to send bit-values of randomly selected
the server sends an unused precomputed PoW challenge to bit positions of files requested to be uploaded by those clients.
the client. If the client owns the entire file, then the client will Although this scheme is computationally efficient at the client-
correctly respond to the server. side, it is not efficient on the server-side. Manzano and Orfila
[31] proposed a PoW scheme, called ce-PoW, employing the
Islam et al. [18] proposed a secure and reliable storage concept of convergent encryption to encrypt file chunks before
scheme for cloud environments with client-side deduplication uploading them to the server. This scheme reduces issues
(SecReS). The authors combined convergent encryption and related to key management. However, since the encryption is
secret sharing techniques to achieve data confidentiality. They applied at the chunk level, the number of encryption keys in-
used the Reed-Solomon erasure code to achieve fault tolerance creases linearly with the number of requested chunks. This can
through distributing data to multiple storage servers. Moreover, put a significant burden on both storage space and bandwidth
Merkle trees are utilized to verify the ownership of data as the security parameters increase.
and to perform secure data deduplication. Mishra et al. [19]
proposed a merged PoW scheme (MPoWS) for block-level Huang et al. [32] proposed a bidirectional and malleable
deduplication in cloud storage. By employing a random test proof-of-ownership scheme for large files in cloud storage
approach, MPoWS meets the requirements of client-side and (BM-PoW). The proposed BM-PoW protocol allows the server
server-side mutual verification. In MPoWS, large files are and user to interact to ensure ownership of the file to be
uploaded to the servers, and then their duplication is checked uploaded even if the file is updated. Thus, secure and efficient
using various blocking flags. The authors used a random test deduplication for large files in static and dynamic archives is
approach to increase security and make it difficult to predict guaranteed. Miao et al. [33] proposed a novel PoW protocol
which block will be validated. that benefits from the distinguishable properties of chameleon
hashing. Although this protocol is more efficient than existing
Fan et al. [20] proposed a secure deduplication scheme PoWs based on Merkle hash tree, it is vulnerable to brute-force
based on a trusted execution environment (TEE), which pro- attack (BFA) due to its limited keyspace [34].
vides secure key management by using convergent encryption
with cloud users’ privileges. Trusted execution environments Although some solutions have been proposed to improve
improve cryptographic systems’ capability to resist chosen- the efficiency at the server-side, other solutions tend to enhance
plaintext and chosen-ciphertext attacks. The authors proposed the computational cost at the client-side. Besides, most of the
assigning a set of privileges to every cloud user. Therefore, existing schemes cannot satisfy all the security requirements
data deduplication can be performed if and only if the user in terms of resisting honest-but-curious servers and collusion
of the cloud has the right and valid privileges. In [21], attacks without affecting the efficiency and/or communication
Ouda proposed a secure and effective proof of ownership bandwidth requirements. Therefore, it is promising to study
scheme for client-side deduplication in the cloud. This scheme how to develop PoW schemes that can balance the trade-off
verifies if the client owns the entire file for which he/she between the security and efficiency requirements.
claims possession. In other words, the proposed scheme does
not allow an adversary to engage in a successful proof of III. P ROPOSED P OW S CHEME
ownership without fully owning the file’s content. This can
be achieved by requesting the client to encrypt the entire file As we previously mentioned, the main goal of our proposed
using the file hash as the key before uploading the file to the PoW scheme is to provide an efficient means to prove the
server. This prevents the curious server from disclosing the file ownership of files in client-side deduplication environments
content. securely. Precisely, we aim at minimizing the exchanged
www.ijacsa.thesai.org 918 | P a g e
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 12, No. 12, 2021

Fig. 3. Proposed PoW Scheme.

information between the client and server, reducing the data TABLE I. D EFINITION OF A BBREVIATIONS AND S YMBOLS
uploaded in memory during a PoW session, and decreasing the
likelihood that a malicious client can successfully respond to Abbreviation Definition
the challenge sent to him/her by the server via increasing the
amount of exchanged information between a malicious client f File to be uploaded to the server
and a legitimate owner of the file. Definition of abbreviations fe Encrypted file
and symbols are given in Table I.
H(f ) Hash of the file f
blk A block of f
As illustrated in Fig. 3, the proposed PoW scheme consists
j Block number
of three phases: the client initialization phase, server initial-
ization phase, and challenge phase. In the client initialization n Number of non-overlapping blocks
phase (see Algorithm 1), the client initiates a file (f ) upload κ Encryption key
request to the server by simply sending general attributes of
m Bit position
the file, such as its name and size. The server responds to
the client by sending a message specifying a robust hashing L List of uploaded files
algorithm H (e.g., MD5, SHA1, etc.) as well as a private C The client
key encryption scheme E (e.g., DES, AES, etc.). The client
uses the specified hashing algorithm to compute the file digest, S The server
hf = H(f ), which is then used as a key to encrypt the file
using the encryption algorithm specified by the server to obtain
an encrypted file fe = E(f, hf ). The encrypted file fe is then Assuming that the server stores the digest of each previ-
hashed using H to obtain its digest hfe = H(fe ). Finally, the ously uploaded encrypted file, the server can decide whether
client sends hfe to the server so that it can decide whether the f has been uploaded before by searching for hfe in the list
file has been uploaded before by a different user. (L) of the stored digests. It is worth noting that our scheme
www.ijacsa.thesai.org 919 | P a g e
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 12, No. 12, 2021

Algorithm 1 Client Initialization Phase

Input: File f
Output: H(fe ), fe
1: Client C sends a request to server S to upload the file f
2: S sends to C the name of the hashing algorithm H and
encryption algorithm E
3: C computes the digest H(f ) of f using H
4: fe ← E(f, H(f ))
5: C computes hfe = H(fe ) and sends it to S
6: S searches for hfe in the list (L) of uploaded files
7: if H(fe ) is found in L then
8: Go to the Challenge Phase
9: else
10: Allow C to upload fe to S
11: Go to the Server Initialization Phase
12: end if
Fig. 4. An Example that Illustrates the Key Generation Process.

Algorithm 2 Server Initialization Phase

Input: File fe
Output: The entry L[hfe ] encryption algorithm to obtain E(blkj , κ). Finally, the digest
1: Divide fe into n blocks of size 64MB each
of the encrypted block H(E(blkj , κ)) is obtained and stored
2: for i ← 1 to c do /* c = No. of challenges */
along with m and j as one challenge for fe . The previous
3: Choose two integers m and j < n challenge creation process is then repeated using different
4: Extract the m-th bit of each block in fe values of m and j to encrypt different blocks of fe in order
5: Generate a cryptographic key κ by concatenating the to generate as many challenges as needed.
n extracted bits The challenge phase is initiated when an entry is found
6: Encrypt the j-th block in fe using κ to obtain for fe in the list of uploaded files kept by the server. In
E(blkj , κ) this case, the server chooses one of the available challenges
7: Compute the digest of E(blkj , κ) in L[hfe ] to verify that the client possesses the file he/she
8: Challange[i] =< m, j, H(E(blkj , κ)) > requests to upload. The server challenges the client by sending
9: end for m and j corresponding to the chosen challenge. Note that
10: Create a new entry for fe consisting of all the generated with just these two values, the amount of information sent
challenges and append it to L from the server to the client is minimized. This satisfies an
important design objective of the proposed PoW scheme. The
client responds to the challenge by dividing the file, after
assumes that files are encrypted before uploading them to the encrypting it using the same procedure described in the client
server to prevent honest-but-curious servers from disclosing initialization phase, into n blocks, generating κ by extracting
the contents of the uploaded files. If hfe is not found in the bits at position m of all blocks, encrypting the block blkj
list of the stored digests, the server sends a message to the specified by the server using κ, and finally calculating the
client to start uploading fe ; otherwise, the server initiates the digest of the encrypted block H(E(blkj , κ)) and sends it to
challenge phase. the server as a response to the received challenge. The server
matches the received block digest with the corresponding
After the file fe is uploaded, the server initialization phase digest stored in L. The PoW run succeeds if both digests are
(see Algorithm 2) starts by creating a new entry for fe . This identical and fails otherwise.
entry consists of hfe and a pointer to a set of pre-computed
challenges that will be used to prove the ownership of fe by It is important to note that all design goals of the proposed
other clients who might request to upload the same file in the PoW scheme are satisfied. The data exchanged between the
future. A challenge is created by dividing the file into n non- client and server are minimized. In the challenge phase, the
overlapping blocks sufficiently large to resist collusion attacks. server sends two small pieces of information; namely, the
It is assumed that sharing data ≥ 64MB among colluders bit position index m used to generate the key κ and the
would discourage them launch collusion attacks [30]. Thus, index of the block to be encrypted. Similarly, the client is
we recommend setting the block size at such levels. Then, the required to respond to the challenge received from the server
encryption key (κ) is composed by concatenating all bits at a by just sending the specified block digest. From the security
specific position (m) across all blocks. For instance, if m = 3 perspective, the block size is set to 64MB because a PoW
and n = 128, then the third bit in each block is extracted, and scheme is considered secure if the amount of exchanged
the set of the 128 extracted bits are concatenated to create information between a legitimate owner of f and a malicious
a 128-bit cryptographic key κ. An example that illustrates client required to pass a PoW run is not smaller than 64MB
the key generation process, where m = 3 and the file and [30]. Moreover, since one bit per block is used to generate the
block sizes are 8 GB and 64 MB, respectively, is shown in key (κ), a large number of challenges can be generated for each
Fig. 4. The generated key is then used to encrypt a randomly uploaded file. Precisely, more than 229 different challenges can
chosen block (blkj ) of the encrypted file fe using the AES be generated if the block size is set to 64MB.
www.ijacsa.thesai.org 920 | P a g e
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 12, No. 12, 2021

TABLE II. C OMPARISON B ETWEEN THE P ROPOSED S CHEME AND F IVE R ELATED P OW S CHEMES C ONCERNING S PACE AND C OMPUTATIONAL
C OMPLEXITY. κ: S ECURITY PARAMETER , n: N UMBER OF P RE - COMPUTED C HALLENGES , l: T OKEN L ENGTH , F : F ILE S IZE , B: B LOCK S IZE AND pf :
FALSE P OSITIVE R ATE ( BF -P OW S CHEME )

ase-PoW ouda-PoW ce-PoW bf-PoW s-PoW Proposed

Client computation O(B).Sym.nr .hash O(F ).CE.hash O(B).CE.hash.hash O(F ).hash O(F ).hash O(B).CE.hash

Server init computation O(B).hash O(F ).hash O(B).hash.hash O(F ).hash O(F ) O(B).hash

Server init I/O O(F ) O(F ) O(F ) O(F ) O(F ) O(F )

Server regular I/O O(0) O(0) O(0) O(0) O(n.k) O(0)

log(l/pf )
Server memory usage I/O O(n.l.k) O(n.l) O(n.l.k) O( l ) O(n.k) O(n.k)

Bandwidth O(l.k) O(l.k) O(l.k) O( l.k

pf ) O(k) O(k)

Algorithm 3 Challenge Phase V. E XPERIMENTAL R ESULTS

Input: m and j of an unused challenge
Output: PoW response This section describes the experiments conducted to evalu-
ate the performance of the proposed PoW scheme. All experi-
1: S sends m and j to C
ments were conducted on a personal computer with Intel Core
2: C divides fe into n non-overlapping blocks of size 64MB
i7-4770 CPU (2.4 GHz) and 8 GiB RAM. The performance
each of the proposed scheme was compared with the performance
3: C extract the m the bit of each block in fe
of the ce-PoW scheme proposed by Gonzalez-Manzano et al.
4: C generate a cryptographic key κ by concatenating the n
[14], ase-PoW scheme proposed by Manzano and Orfila [31],
extracted bits Ouda-PoW scheme proposed by Ouda [21], bf-PoW scheme
5: C encrypt the j the block in fe using κ to obtain E(blkj , k)
proposed by Blasco et al. [30], and s-PoW scheme proposed
6: C send to the S the challenge H(E(blk, k))
by Di Pietro and Sorniotti [9]. In all experiments, the schemes
7: S reciving the challenge H(E(blk, k))
were evaluated using randomly generated test files of sizes
8: if Clinet H(E(blk, k)) = Server H(E(blk, k)) then
ranging from 4MB to 2GB, doubling the size at each step. We
9: PoW success used the C++ programming language for the implementation
10: else
and utilized the OpenSSL cryptographic library [35] for the
11: Fail to PoW encryption and hashing operations, namely, AES (in counter
12: end if
mode) and SHA-256.
The clock cycles spent by the client to upload a file for
IV. C OMPLEXITY A NALYSIS the first time and to respond to the server challenge have been
measured and compared with the corresponding clock cycles
This section demonstrates how the proposed PoW scheme spent by the other tested PoW schemes. Fig. 5 shows the com-
fulfills bandwidth and space efficiency requirements by com- putational cost (clock cycles) spent in the client initialization
paring it to five well-known PoW schemes from the literature, phase for the four tested schemes. It can be noticed from the
as shown in Table II. Specifically, we compare the complexity figures that the proposed PoW scheme outperforms all the
of our proposed scheme by focusing on bandwidth, server other schemes. This is mainly because the s-PoW dealing with
memory usage, client/server computation, and I/O. It can be file level and the server requests from the clients to send bit-
noticed from Table II that the complexity of the proposed values of randomly selected bit positions of files requested
scheme is similar to the complexity of the other schemes to be uploaded. whereas in bf-PoW the clients compute a
with respect to server initialization I/O as it primarily relies token for each segment index using the hash function, which in
on the file size. For the regular server I/O, the complexity of turn increments the executed operations. The ce-PoW scheme
the proposed scheme is also similar to the complexity of the requires implementing multiple hashing and encryption op-
other schemes except for s-PoW. Moreover, the complexity of erations separately for each file chunk. In ase-PoW, on the
the proposed scheme outperforms the complexity of the other other hand, the client has to encrypt each part of the file
schemes with respect to client computation and server ini- chunks provided by the Attribute Certificate Service (ACS)
tialization computation, mainly because the proposed scheme symmetrically, whereas in the Ouda-PoW scheme, the entire
only encrypts a randomly chosen block in the file rather than file should be hashed twice and encrypted once. However, we
encrypting the whole file. It is worth noting that this does not can also notice that the performance of both the Ouda-PoW
affect the security of the proposed scheme since the employed and ase-PoW schemes is close to the performance obtained by
cryptographic key is extracted from all blocks of the file. our proposed scheme with respect to the complexity of client
www.ijacsa.thesai.org 921 | P a g e
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 12, No. 12, 2021

VI. C ONCLUSION
In this paper, we have proposed a secure and efficient
proof-of-ownership scheme to thwart potential collusion at-
tacks against client-side deduplication in cloud environments.
The proposed PoW scheme’s main idea is to divide the file
to be uploaded into a number of fixed-sized blocks and then
encrypt a randomly chosen block using a key formed by
extracting one bit at a specified location in all other blocks.
Unlike existing PoW schemes, the proposed scheme minimizes
the exchanged information between the client and server and
reduces the amount of data uploaded in memory during a
PoW session. Moreover, it decreases the likelihood that a
malicious client can successfully respond to the challenge sent
to her by the server by increasing the amount of exchanged
information between a malicious client and a legitimate file
Fig. 5. Clock Cycles Required for the Client Initialization Phase. owner. The computational complexity of the proposed scheme
was compared to five different PoW schemes, and experimental
results showed that the proposed scheme outperforms the state-
of-the-art PoW schemes concerning the time spent (clock
cycles) for client initialization and response to the challenge
received from the server.

ACKNOWLEDGMENT
The authors would like to thank the Deanship of Graduate
Studies at Jouf University for funding and supporting this
research through the initiative of DGS, Graduate Students
Research Support (GSR) at Jouf University, Saudi Arabia.

R EFERENCES
[1] Ali Sunyaev. Cloud computing. In Internet computing, pages 195–236.
Springer, 2020. doi:10.1007/978-3-030-34957-8 7.
[2] Chris Dotson. Practical Cloud Security: A Guide for Secure Design
and Deployment. O’Reilly Media, 2019. URL https://www.oreilly.com/
library/view/practical-cloud-security/9781492037507/.
Fig. 6. Client Response Creation Clock Cycles. [3] Srijita Basu, Arjun Bardhan, Koyal Gupta, Payel Saha, Mahasweta
Pal, Manjima Bose, Kaushik Basu, Saunak Chaudhury, and Pritika
Sarkar. Cloud computing security challenges & solutions-a sur-
vey. In 2018 IEEE 8th Annual Computing and Communication
initialization. Workshop and Conference (CCWC), pages 347–356. IEEE, 2018.
doi:10.1109/CCWC.2018.8301700.
Fig. 6 shows the results obtained from comparing the [4] Omer K Jasim Mohammad. Recent trends of cloud computing ap-
plications and services in medical, educational, financial, library and
proposed scheme with the other evaluated schemes regarding agricultural disciplines. In Proceedings of the 4th International Confer-
the time spent by the client responding to the server challenge. ence on Frontiers of Educational Technologies, pages 132–141, 2018.
It is clear from the figure that the proposed scheme outperforms doi:10.1145/3233347.3233388.
the other three schemes. This result is expected because the [5] Wen Xia, Hong Jiang, Dan Feng, Fred Douglis, Philip Shilane, Yu Hua,
server in s-PoW uses a pseudorandom number generator to Min Fu, Yucheng Zhang, and Yukun Zhou. A comprehensive study of
the past, present, and future of data deduplication. Proceedings of the
precompute the challenges that contain random file bits. In IEEE, 104(9):1681–1710, 2016. doi:10.1109/JPROC.2016.2571298.
bf-PoW, the server initializes the bloom filter and divides the [6] Taek-Young Youn, Ku-Young Chang, Kyung-Hyune Rhee, and Sang Uk
input files into chunks of fixed size, then creates the token Shin. Efficient client-side deduplication of encrypted data with pub-
chunks of each and inserts the function of each token into lic auditing in cloud storage. IEEE Access, 6:26578–26587, 2018.
doi:10.1109/ACCESS.2018.2836328.
the bloom filters. In ce-PoW, the client encrypts all chunks [7] Shunrong Jiang, Tao Jiang, and Liangmin Wang. Secure and efficient
specified by the server and then computes the hash over each cloud data deduplication with ownership management. IEEE Transac-
encrypted chunk, increasing the computation time. The client tions on Services Computing, 2017. doi:10.1109/TSC.2017.2771280.
in the ase-PoW scheme, on the other hand, performs several [8] Won-Bin Kim and Im-Yeong Lee. Survey on data deduplication in cloud
frequent encryptions of the designated chunks. In ouda-PoW, storage environments. Journal of Information Processing Systems, 17(3):
658–673, 2021. doi:https://doi.org/10.3745/JIPS.03.0160.
the client generates a random string of the same file size using [9] Roberto Di Pietro and Alessandro Sorniotti. Boosting efficiency and
the random seed received from the server, performs an XOR security in proof of ownership for deduplication. In Proceedings of the
operation on the generated string with the CE file, and finally 7th ACM Symposium on Information, Computer and Communications Se-
computes the hash of the resulting string. By contrast, in the curity, pages 81–82, 2012. doi:https://doi.org/10.1145/2414456.2414504.
[10] Weijing You, Lei Lei, Bo Chen, and Limin Liu. What if
proposed scheme, the client extracts the key from all blocks keys are leaked? towards practical and secure re-encryption in
in the file and then encrypts only the block specified by the deduplication-based cloud storage. Information, 12(4):142, 2021.
server. doi:https://doi.org/10.3390/info12040142.

www.ijacsa.thesai.org 922 | P a g e
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 12, No. 12, 2021

[11] Dutch T Meyer and William J Bolosky. A study of practical dedu- [24] VS Lakshmi, S Deepthi, and PP Deepthi. Collusion resistant secret
plication. ACM Transactions on Storage (ToS), 7(4):1–20, 2012. sharing scheme for secure data storage and processing over cloud.
doi:https://doi.org/10.1145/2078861.2078864. Journal of Information Security and Applications, 60:102869, 2021.
[12] Jian Liu, Nadarajah Asokan, and Benny Pinkas. Secure deduplication of doi:10.1016/j.jisa.2021.102869.
encrypted data without additional independent servers. In Proceedings of [25] Shanshan Li, Chunxiang Xu, and Yuan Zhang. Csed: Client-side
the 22nd ACM SIGSAC Conference on Computer and Communications encrypted deduplication scheme based on proofs of ownership for cloud
Security, pages 874–885, 2015. doi:10.1145/2810103.2813623. storage. Journal of Information Security and Applications, 46:250–258,
[13] Youngjoo Shin, Dongyoung Koo, and Junbeom Hur. A survey of secure 2019. doi:http://dx.doi.org/10.1016/j.jisa.2019.03.015.
data deduplication schemes for cloud storage systems. ACM computing [26] Jinbo Xiong, Fenghua Li, Jianfeng Ma, Ximeng Liu, Zhiqiang Yao, and
surveys (CSUR), 49(4):1–38, 2017. doi:10.1145/3017428. Patrick S Chen. A full lifecycle privacy protection scheme for sensitive
[14] Lorena González-Manzano, Jose Maria de Fuentes, and Kim- data in cloud computing. Peer-to-peer Networking and Applications, 8
Kwang Raymond Choo. ase-pow: A proof of ownership mechanism (6):1025–1037, 2015. doi:10.1007/s12083-014-0295-x.
for cloud deduplication in hierarchical environments. pages 412–428, [27] Kangle Wang, Xiaolei Dong, Jiachen Shen, and Zhenfu Cao. An
2016. doi:10.1007/978-3-319-59608-2 24. effective verifiable symmetric searchable encryption scheme in cloud
[15] Taek-Young Youn, Nam-Su Jho, Keonwoo Kim, Ku-Young Chang, and computing. In Proceedings of the 2019 7th International Conference
Ki-Woong Park. Locked deduplication of encrypted data to counter on Information Technology: IoT and Smart City, pages 98–102, 2019.
identification attacks in cloud storage platforms. Energies, 13(11):2742, doi:10.1145/3377170.3377251.
2020. doi:https://doi.org/10.3390/en13112742. [28] Hui Cui, Robert H Deng, Yingjiu Li, and Guowei Wu. Attribute-
[16] Shai Halevi, Danny Harnik, Benny Pinkas, and Alexandra Shulman- based storage supporting secure deduplication of encrypted data
Peleg. Proofs of ownership in remote storage systems. pages 491–500, in cloud. IEEE Transactions on Big Data, 5(3):330–342, 2017.
2011. doi:https://doi.org/10.1145/2046707.2046765. doi:10.1109/TBDATA.2017.2656120.
[17] Jay Dave, Avijit Dutta, Parvez Faruki, Vijay Laxmi, and Manoj Singh [29] Hua Ma, Ying Xie, Jianfeng Wang, Guohua Tian, and Zhenhua Liu.
Gaur. Secure proof of ownership using merkle tree for deduplicated Revocable attribute-based encryption scheme with efficient dedupli-
storage. Automatic Control and Computer Sciences, 54(4):358–370, cation for ehealth systems. IEEE Access, 7:89205–89217, 2019.
2020. doi:https://doi.org/10.3103/S0146411620040033. doi:10.1109/ACCESS.2019.2926627.
[18] Tariqul Islam, Hassan Mistareehi, and D Manivannan. Secres: A secure [30] Jorge Blasco, Roberto Pietro, Agustin Orfila, and Alessandro Sorniotti. A
and reliable storage scheme for cloud with client-side data deduplication. tunable proof of ownership scheme for deduplication using bloom filters.
pages 1–6, 2019. doi:10.1109/GLOBECOM38437.2019.9013469. 2014 IEEE Conference on Communications and Network Security, CNS
[19] Shivansh Mishra, Surjit Singh, and Syed Taqi Ali. Mpows: Merged 2014, pages 481–489, 12 2014. doi:10.1109/CNS.2014.6997518.
proof of ownership and storage for block level deduplication in cloud [31] Lorena González-Manzano and Agustı́n Orfila. An efficient
storage. In 2018 9th international conference on computing, communi- confidentiality-preserving proof of ownership for deduplication. J. Netw.
cation and networking technologies (ICCCNT), pages 1–7. IEEE, 2018. Comput. Appl., 50:49–59, 2015. doi:10.1016/j.jnca.2014.12.004.
doi:10.1109/ICCCNT.2018.8493976. [32] Ke Huang, Xiao-song Zhang, Yi Mu, Fatemeh Rezaeibagha, and Xi-
[20] Yongkai Fan, Xiaodong Lin, Wei Liang, Gang Tan, and Priyadarsi aojiang Du. Bidirectional and malleable proof-of-ownership for large
Nanda. A secure privacy preserving deduplication scheme for cloud file in cloud storage. IEEE Transactions on Cloud Computing, 2021.
computing. Future Generation Computer Systems, 101:127–135, 2019. doi:10.1109/TCC.2021.3054751.
doi:https://doi.org/10.1016/j.future.2019.04.046. [33] Meixia Miao, Guohua Tian, and Willy Susilo. New proofs of ownership
[21] Osama Ouda. A secure proof of ownership scheme for efficient for efficient data deduplication in the adversarial conspiracy model.
client-side deduplication in cloud. Journal of Convergence Information International Journal of Intelligent Systems, 36(6):2753–2766, 2021.
Technology, 11:82–92, 2016. URL https://bit.ly/3sjSkxj. doi:10.1002/int.22400.
[22] Ruiying Du, Lan Deng, Jing Chen, Kun He, and Minghui Zheng. Proofs [34] Angtai Li, Guohua Tian, Meixia Miao, and Jianpeng Gong. Blockchain-
of ownership and retrievability in cloud storage. pages 328–335, 2014. based cross-user data shared auditing. Connection Science, pages 1–21,
doi:10.1109/TrustCom.2014.44. 2021. doi:10.1080/09540091.2021.1956879.
[23] Di Zhang, Junqing Le, Nankun Mu, Jiahui Wu, and Xiaofeng Liao. Se- [35] John Viega, Matt Messier, and Pravir Chandra. Network security with
cure and efficient data deduplication in jointcloud storage. IEEE Trans- OpenSSL: cryptography for secure communications. ” O’Reilly Media,
actions on Cloud Computing, 2021. doi:10.1109/TCC.2021.3081702. Inc.”, 2002. URL https://dl.acm.org/doi/10.5555/2167247.

www.ijacsa.thesai.org 923 | P a g e
 © 2021. This work is licensed under
https://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding
the ProQuest Terms and Conditions, you may use this content in accordance
with the terms of the License.