SimEnc: a High-Performance Similarity Preserving Encryption Approach for Deduplication of Encrypted Docker Images

Publication
Proc. of USENIX ATC 2024

Encrypted Docker images are becoming increasingly popular in Docker registries for privacy. As the Docker registry is tasked with managing an increasing number of images, it becomes essential to implement deduplication to conserve storage space. However, deduplication for encrypted images is difficult because deduplication exploits identical content, while encryption tries to make all contents look random. Existing state-of-the-art works try to decompress images and perform message-locked encryption (MLE) to deduplicate encrypted images. Unfortunately, our measurements uncover two limitations in current works: (i) even minor modifications to the image content can hinder MLE deduplication, (ii) decompressing image layers would increase the size of the storage for duplicate data, and significantly compromise user pull latency and deduplication throughput. In this paper, we propose SimEnc, a high-performance similarity-preserving encryption approach for deduplication of encrypted Docker images. SimEnc is the first work that integrates the semantic hash technique into MLE to extract semantic information among layers for improving the deduplication ratio. SimEnc builds on a fast similarity space selection mechanism for flexibility. Unlike existing works completely decompressing the layer, we explore a new similarity space by Huffman decoding that achieves a better deduplication ratio and performance. Experiments show that SimEnc outperforms both the state-of-the-art encrypted serverless platform and plaintext Docker registry, reducing storage consumption by up to 261.7% and 54.2%, respectively. Meanwhile, SimEnc can surpass them in terms of pull latency.

Borui Li
Borui Li

Borui Li is a lecturer at the College of Computer Science and Engineering, Southeast University.

Jiamei Lv
Jiamei Lv
Researcher

Jiamei Lv is a Specially Appointed Researcher at the College of Software, Zhejiang University

Yi Gao
Yi Gao
Professor

Yi Gao is an Professor at the College of Computer Science, Zhejiang University.

Wei Dong
Wei Dong
Professor

Wei Dong is currently a full Professor at the College of Computer Science, Zhejiang University.