Paper 2017/1208

Security notions for cloud storage and deduplication

Colin Boyd, Gareth T. Davies, Kristian Gjøsteen, Mohsen Toorani, and Håvard Raddum


Cloud storage is in widespread use by individuals and enterprises but introduces a wide array of attack vectors. A basic step for users is to encrypt their data, but it is not obvious what precise security properties are required for encryption. Furthermore, cloud storage providers often use techniques such as data deduplication for improving efficiency which restricts the application of semantically-secure encryption. Generic security goals and attack models have thus far proved elusive: primitives are considered in isolation and protocols are often proved secure under ad hoc models for restricted classes of adversaries. We provide a generic syntax for storage systems that allows us to formally model natural security notions for cloud storage and deduplication. We define security notions for confidentiality and integrity in encrypted cloud storage and determine relations between these notions. We show how to build cloud storage systems that satisfy our defined security notions using generic cryptographic components.

Available format(s)
Publication info
Published elsewhere. Major revision. ProvSec 2018
Contact author(s)
gareth davies @ ntnu no
2018-08-07: revised
2017-12-18: received
See all versions
Short URL
Creative Commons Attribution


      author = {Colin Boyd and Gareth T.  Davies and Kristian Gjøsteen and Mohsen Toorani and Håvard Raddum},
      title = {Security notions for cloud storage and deduplication},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1208},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.