{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T07:39:51Z","timestamp":1767339591119,"version":"3.41.0"},"reference-count":69,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2017,2,25]],"date-time":"2017-02-25T00:00:00Z","timestamp":1487980800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["61602092"],"award-info":[{"award-number":["61602092"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"name":"HKRGC","award":["GRF CUHK413813 and CRF C7036-15G"],"award-info":[{"award-number":["GRF CUHK413813 and CRF C7036-15G"]}]},{"name":"Cisco University Research Program Fund","award":["CG#6593822"],"award-info":[{"award-number":["CG#6593822"]}]},{"name":"Silicon Valley Community Foundation, Fundamental Research Funds for the Central Universities","award":["ZYGX2016KYQD115"],"award-info":[{"award-number":["ZYGX2016KYQD115"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Storage"],"published-print":{"date-parts":[[2017,2,28]]},"abstract":"Rekeying refers to an operation of replacing an existing key with a new key for encryption. It renews security protection to protect against key compromise and enable dynamic access control in cryptographic storage. However, it is non-trivial to realize efficient rekeying in encrypted deduplication storage systems, which use deterministic content-derived encryption keys to allow deduplication on ciphertexts. We design and implement a rekeying-aware encrypted deduplication (REED) storage system. REED builds on a deterministic version of all-or-nothing transform, such that it enables secure and lightweight rekeying, while preserving the deduplication capability. We propose two REED encryption schemes that trade between performance and security and extend REED for dynamic access control. We implement a REED prototype with various performance optimization techniques and demonstrate how we can exploit similarity to mitigate key generation overhead. Our trace-driven testbed evaluation shows that our REED prototype maintains high performance and storage efficiency.<\/jats:p>","DOI":"10.1145\/3032966","type":"journal-article","created":{"date-parts":[[2017,2,27]],"date-time":"2017-02-27T13:06:52Z","timestamp":1488200812000},"page":"1-30","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":47,"title":["The Design and Implementation of a Rekeying-Aware Encrypted Deduplication Storage System"],"prefix":"10.1145","volume":"13","author":[{"given":"Chuan","family":"Qin","sequence":"first","affiliation":[{"name":"The Chinese University of Hong Kong, New Territories, Hong Kong"}]},{"given":"Jingwei","family":"Li","sequence":"additional","affiliation":[{"name":"Center for Cyber Security, University of Electronic Science and Technology of China, Sichuan, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4501-4364","authenticated-orcid":false,"given":"Patrick P. C.","family":"Lee","sequence":"additional","affiliation":[{"name":"The Chinese University of Hong Kong, New Territories, Hong Kong"}]}],"member":"320","published-online":{"date-parts":[[2017,2,25]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"crossref","unstructured":"Mart\u00edn Abadi Dan Boneh Ilya Mironov Ananth Raghunathan and Gil Segev. 2013. Message-locked encryption for lock-dependent messages. In Advances in Cryptology (CRYPTO\u201913). 374--391. Mart\u00edn Abadi Dan Boneh Ilya Mironov Ananth Raghunathan and Gil Segev. 2013. Message-locked encryption for lock-dependent messages. In Advances in Cryptology (CRYPTO\u201913). 374--391.","DOI":"10.1007\/978-3-642-40041-4_21"},{"key":"e_1_2_1_2_1","doi-asserted-by":"crossref","unstructured":"Michel Abdalla and Mihir Bellare. 2000. Increasing the lifetime of a key: A comparative analysis of the security of re-keying techniques. In Advances in Cryptology (ASIACRYPT\u201900). 546--559. Michel Abdalla and Mihir Bellare. 2000. Increasing the lifetime of a key: A comparative analysis of the security of re-keying techniques. In Advances in Cryptology (ASIACRYPT\u201900). 546--559.","DOI":"10.1007\/3-540-44448-3_42"},{"volume-title":"Proceedings of the 5th Symposium on Operating Systems Design and Implementation (OSDI\u201902)","author":"Adya Atul","key":"e_1_2_1_3_1"},{"key":"e_1_2_1_4_1","unstructured":"Amazon. 2014. Architecting for Genomic Data Security and Compliance in AWS. Retrieved from https:\/\/d0.awsstatic.com\/whitepapers\/compliance\/Genomics_on_AWS_Best_Practices.pdf. Amazon. 2014. Architecting for Genomic Data Security and Compliance in AWS. Retrieved from https:\/\/d0.awsstatic.com\/whitepapers\/compliance\/Genomics_on_AWS_Best_Practices.pdf."},{"volume-title":"Proceedings of the 24th International Conference on Large Installation System Administration (LISA\u201910)","year":"2010","author":"Anderson Paul","key":"e_1_2_1_5_1"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813630"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315318"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1127345.1127346"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/11863908_21"},{"key":"e_1_2_1_11_1","doi-asserted-by":"crossref","unstructured":"Mihir Bellare and Sriram Keelveedhi. 2015. Interactive message-locked encryption and secure deduplication. in Public-Key Cryptography (PKC\u201915). 516--538. Mihir Bellare and Sriram Keelveedhi. 2015. Interactive message-locked encryption and secure deduplication. in Public-Key Cryptography (PKC\u201915). 516--538.","DOI":"10.1007\/978-3-662-46447-2_23"},{"volume-title":"Proceeding of the 22nd USENIX Security Symposium (USENIX Security\u201913)","year":"2013","author":"Bellare Mihir","key":"e_1_2_1_12_1"},{"key":"e_1_2_1_13_1","doi-asserted-by":"crossref","unstructured":"Mihir Bellare Sriram Keelveedhi and Thomas Ristenpart. 2013b. Message-locked encryption and secure deduplication. In Advances in Cryptology (EUROCRYPT\u201913). 296--312. Mihir Bellare Sriram Keelveedhi and Thomas Ristenpart. 2013b. Message-locked encryption and secure deduplication. In Advances in Cryptology (EUROCRYPT\u201913). 296--312.","DOI":"10.1007\/978-3-642-38348-9_18"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.11"},{"key":"e_1_2_1_15_1","unstructured":"John Bethencourt Amit Sahai and Brent Waters. 2011. CP-ABE Toolkit. Retrieved from http:\/\/acsc.cs.utexas.edu\/cpabe\/. John Bethencourt Amit Sahai and Brent Waters. 2011. CP-ABE Toolkit. Retrieved from http:\/\/acsc.cs.utexas.edu\/cpabe\/."},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/MASCOT.2009.5366623"},{"volume-title":"Proceeding of USENIX Annual Technical Conference (USENIX ATC\u201906)","year":"2006","author":"Black John","key":"e_1_2_1_17_1"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/11535218_16"},{"volume-title":"Proceeding of the 6th USENIX Security Symposium (USENIX Security\u201996)","year":"1996","author":"Boneh Dan","key":"e_1_2_1_19_1"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.5555\/647097.717005"},{"key":"e_1_2_1_21_1","unstructured":"Andrei Z. Broder. 1997. On the resemblance and containment of documents. In Proceeding of the Compression and Complexity of Sequences (SEQUENCES\u201997). 21--29. Andrei Z. Broder. 1997. On the resemblance and containment of documents. In Proceeding of the Compression and Complexity of Sequences (SEQUENCES\u201997). 21--29."},{"volume-title":"Proceedings of the 5th Symposium on Operating Systems Design and Implementation (OSDI\u201902)","author":"Cox Landon P.","key":"e_1_2_1_22_1"},{"key":"e_1_2_1_23_1","unstructured":"Dick Csaplar. 2011. Building Business Resillience through Active Archiving. Retrieved from http:\/\/www.dataspan.com\/uploads\/pdf\/aberdeen-report-business-resilience-with-active-archive.pdf. Dick Csaplar. 2011. Building Business Resillience through Active Archiving. Retrieved from http:\/\/www.dataspan.com\/uploads\/pdf\/aberdeen-report-business-resilience-with-active-archive.pdf."},{"volume-title":"DSA-1571-1 openssl -- Predictable Random Number Generator. Retrieved","year":"2008","author":"Advisory Debian Security","key":"e_1_2_1_24_1"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1824795.1824797"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.5555\/1960475.1960477"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.5555\/850928.851884"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664168.2664169"},{"key":"e_1_2_1_29_1","unstructured":"File systems and Storage Lab. 2014. FSL Traces and Snapshots Public Archive. Retrieved from http:\/\/tracer.filesystems.org\/. File systems and Storage Lab. 2014. FSL Traces and Snapshots Public Archive. Retrieved from http:\/\/tracer.filesystems.org\/."},{"volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS\u201906)","year":"2006","author":"Fu Kevin","key":"e_1_2_1_30_1"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.5555\/2442626.2442649"},{"volume-title":"Lecture Notes on Cryptography. Retrieved","year":"2008","author":"Goldwasser Shafi","key":"e_1_2_1_32_1"},{"key":"e_1_2_1_33_1","unstructured":"Google. 2016. Google Genomics. Retrieved from https:\/\/cloud.google.com\/genomics\/. Google. 2016. Google Genomics. Retrieved from https:\/\/cloud.google.com\/genomics\/."},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180418"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046765"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2010.187"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/1534530.1534540"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315317"},{"volume-title":"Proceedings of USENIX Conference on File and Stroage Technologies (FAST\u201903)","year":"2003","author":"Kallahall Mahesh","key":"e_1_2_1_39_1"},{"volume-title":"These Are Not The Certs You\u2019re Looking For. Retrieved","year":"2011","author":"Kaminsky Dan","key":"e_1_2_1_40_1"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.5555\/1855511.1855529"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2016.62"},{"volume-title":"Proceeding of USENIX Annual Technical Conference (USENIX ATC\u201915)","author":"Li Mingqiang","key":"e_1_2_1_43_1"},{"volume-title":"Proceeding of USENIX Conference on File and Storage Technologies (FAST\u201909)","year":"2009","author":"Lillibridge Mark","key":"e_1_2_1_44_1"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813623"},{"volume-title":"Cloud Encryption: Control Your Own Keys in a Separate Storage Vault.","year":"2013","author":"Musthaler Linda","key":"e_1_2_1_46_1"},{"key":"e_1_2_1_47_1","unstructured":"National Institutes of Health. 2015. NIH Security Best Practices for Controlled-Access Data Subject to the NIH Genomic Data Sharing Policy. Retrieved from https:\/\/www.ncbi.nlm.nih.gov\/projects\/gap\/pdf\/dbgap_2b_security_procedures.pdf. National Institutes of Health. 2015. NIH Security Best Practices for Controlled-Access Data Subject to the NIH Genomic Data Sharing Policy. Retrieved from https:\/\/www.ncbi.nlm.nih.gov\/projects\/gap\/pdf\/dbgap_2b_security_procedures.pdf."},{"key":"e_1_2_1_48_1","unstructured":"NetApp. 2008. NetApp Deduplication Helps Duke Institute for Genome Sciences and Policy Reduce Storage Requirements for Genomic Information by 83 Percent. Retrieved from http:\/\/www.netapp.com\/us\/company\/news\/press-releases\/news-rel-20081008.aspx. NetApp. 2008. NetApp Deduplication Helps Duke Institute for Genome Sciences and Policy Reduce Storage Requirements for Genomic Information by 83 Percent. Retrieved from http:\/\/www.netapp.com\/us\/company\/news\/press-releases\/news-rel-20081008.aspx."},{"key":"e_1_2_1_49_1","unstructured":"OpenSSL. 2015. OpenSSL: Cryptography and SSL\/TLS Toolkit. Retrieved from https:\/\/www.openssl.org. OpenSSL. 2015. OpenSSL: Cryptography and SSL\/TLS Toolkit. Retrieved from https:\/\/www.openssl.org."},{"volume-title":"Proceedings of the 4th USENIX Conference on File and Storage Technologies (FAST\u201905)","author":"Peterson Zachary N. J.","key":"e_1_2_1_50_1"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/2038916.2038926"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICPPW.2011.17"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.28"},{"volume-title":"Proceedings of the 9th USENIX Conference on File and Stroage Technologies (FAST\u201911)","author":"Jason","key":"e_1_2_1_55_1"},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.5555\/647932.740733"},{"volume-title":"Proceedings of USENIX Conference on Usenix Annual Technical Conference (USENIX ATC\u201915)","year":"2015","author":"Shah Peter","key":"e_1_2_1_57_1"},{"key":"e_1_2_1_58_1","doi-asserted-by":"crossref","unstructured":"Victor Shoup. 2000. Practical threshold signatures. In Advances in Cryptology (EUROCRYPT\u201900). 207--220. Victor Shoup. 2000. Practical threshold signatures. In Advances in Cryptology (EUROCRYPT\u201900). 207--220.","DOI":"10.1007\/3-540-45539-6_15"},{"volume-title":"Dag Arne Osvik, and Benne de Weger","year":"2008","author":"Sotirov Alexander","key":"e_1_2_1_59_1"},{"volume-title":"The case for cloud computing in genome informatics. Genome Biology","year":"2010","author":"Stein Lincoln D.","key":"e_1_2_1_60_1"},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/1456469.1456471"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSST.2016.7897080"},{"volume-title":"Retrieved","year":"2014","author":"Computer Emergency Readiness Team U. S.","key":"e_1_2_1_63_1"},{"key":"e_1_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.5555\/2208461.2208465"},{"key":"e_1_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/CloudCom.2013.72"},{"key":"e_1_2_1_66_1","doi-asserted-by":"crossref","unstructured":"A. F. Webster and S. E. Tavares. 1985. On the design of s-boxes. In Advances in Cryptology (CRYPTO\u201985). 523--534. A. F. Webster and S. E. Tavares. 1985. On the design of s-boxes. In Advances in Cryptology (CRYPTO\u201985). 523--534.","DOI":"10.1007\/3-540-39799-X_41"},{"key":"e_1_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/1456469.1456474"},{"volume-title":"Proceeding of USENIX Annual Technical Conference (USENIX ATC\u201911)","year":"2011","author":"Xia Wen","key":"e_1_2_1_68_1"},{"key":"e_1_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/2714576.2714628"},{"key":"e_1_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSST.2015.7208297"},{"key":"e_1_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.5555\/1364813.1364831"}],"container-title":["ACM Transactions on Storage"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3032966","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3032966","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:24:13Z","timestamp":1750220653000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3032966"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,2,25]]},"references-count":69,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2017,2,28]]}},"alternative-id":["10.1145\/3032966"],"URL":"https:\/\/doi.org\/10.1145\/3032966","relation":{},"ISSN":["1553-3077","1553-3093"],"issn-type":[{"type":"print","value":"1553-3077"},{"type":"electronic","value":"1553-3093"}],"subject":[],"published":{"date-parts":[[2017,2,25]]},"assertion":[{"value":"2016-08-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2016-12-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-02-25","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}