DedupChain: A Secure Blockchain-Enabled Storage System With Deduplication for Zero-Trust Network

Permissioned blockchain is a promising methodology to build zero-trust storage foundation with trusted data storage and sharing for the zero-trust network. However, the inherent full-backup feature of the permissioned blockchain poses potential data privacy risks and substantial storage costs, hindering its usage as a storage medium. These issues necessitate the usage of secure data deduplication technology to mitigate them. Unfortunately, current secure data deduplication schemes are predominantly designed with centralized cloud servers in mind and are not suitable for distributed blockchain systems. The reason is that the full backup feature of the permissioned blockchain renders a wide attack surface to offline brute-force and frequency analysis attacks. In response, we propose DedupChain, a secure blockchain-enabled storage system with deduplication for zero-trust networks. DedupChain employs a trusted execution environment (i.e., Inter SGX enclave) in conjunction with Oblivious RAM (ORAM) to offer a novel security guarantee named oblivious data deduplication, which empowers DedupChain with the ability to defend offline brute-force and frequency analysis attacks. DedupChain also proposes several novel techniques to address the security and efficiency issues raised by the SGX enclave. We implemented a system prototype of DedupChain and evaluated its performance metrics. Our experimental results show that DedupChain exhibits satisfactory operational delays, throughput, and storage overhead. Security analysis shows that DedupChain is robust enough to withstand several types of attacks. To the best of our knowledge, we are the first to apply secure data deduplication techniques to address data privacy and storage cost issues raised by permissioned blockchain when used as a zero-trust storage medium.