Towards Encrypted In-Network Storage Services with Secure Near-Duplicate Detection

In-network storage is recognized as a vital component of many emerging network architectures, which facilitates high-quality and efficient content-centric services. In this trend, providing content-based near-duplicate detection (NDD) services among in-network storage becomes naturally necessary for network traffic alleviation and resource optimization. However, due to the increasing attacking surfaces, storing data in the networked environment inevitably raises new concerns about user privacy exposure and unauthorized data access. Therefore, we aim to design a secure NDD service in the context of encrypted in-network storage. For efficiency, we first leverage the fingerprint techniques and locality-sensitive hashing to convert the problem of NDD into the keyword search. We then adopt an efficient multi-key searchable encryption scheme, which requires only one encrypted query from the user even the data are from multiple content providers encrypted with different keys. As simply combining the above methods does not appear to directly locate accurate results, we then devise a secure result refining scheme via Yao's garbled circuits to avoid user-side post-processing. Furthermore, we enhance our design to address the potential malicious behavior of in-network servers. Extensive evaluations of real-world image dataset demonstrate that our design can achieve comparable accuracy to the plaintext with modest security overhead.