Paper 2018/748

Definitions for Plaintext-Existence Hiding in Cloud Storage

Colin Boyd and Gareth T. Davies and Kristian Gjøsteen and Håvard Raddum and Mohsen Toorani

Abstract

Cloud storage services use deduplication for saving bandwidth and storage. An adversary can exploit side-channel information in several attack scenarios when deduplication takes place at the client side, leaking information on whether a specific plaintext exists in the cloud storage. Generalising existing security definitions, we introduce formal security games for a number of possible adversaries in this domain, and show that games representing all natural adversarial behaviors are in fact equivalent. These results allow users and practitioners alike to accurately assess the vulnerability of deployed systems to this real-world concern.