FCDedup: A Two-Level Deduplication System for Encrypted Data in Fog Computing

Distributed fog computing has received increasing attention recently and fog-assisted cloud storage can provide a real-time service to collect and manage large-scale data for the applications of Internet of Things. Encrypted data deduplication over cloud storage can significantly save storage space of the cloud server while protecting the confidentiality of the outsourced data. Previous encrypted data deduplication schemes are mostly designed for traditional cloud storage with a two-layer architecture and cannot be applied to the emerging fog-assisted cloud storage that has a more complex three-layer architecture (i.e., cloud server, fog node and endpoint device). In this paper, we design, analyze and implement FCDedup, a new encrypted data deduplication scheme for fog-assisted cloud storage. FCDedup is a two-level deduplication system that enables each fog node to detect duplicated encrypted data uploaded by different endpoint devices, as well as enables cloud server to detect duplicated encrypted data from different fog nodes. By doing so, FCDedup can achieve both intra-deduplication within a single data owner and inter-deduplication across different data owners. FCDedup is also designed to prevent cloud server and fog nodes launching the brute-force attacks, and to guarantee the reliability of files downloaded from the cloud. Formal analysis is provided to justify its deduplication correctness and security. Besides, we implement a prototype of FCDedup using Alibaba Cloud as backend storage. Our evaluations demonstrate that FCDedup is completely compatible with existing cloud storage systems and achieves modest performance overhead.