With client-side encryption (CSE), a users data is encrypted before being transferred to a cloud provider. This ensures that only the intended user has access to the information, but complicates effective file synchronization (between different devices and the cloud). Motivated by prior findings that empirically show that the largest performance differences between popular CSE services (CSEs) and non-CSEs typically are related to the implementation of delta encoding solutions to reduce bandwidth usage, in this paper, we evaluate and provide insights into the practical CSE-related delta encoding overheads. First, we use targeted experiments to demonstrate the delta encoding problem associated with CSE and to compare the practical overhead differences associated with three example services implementing delta encoding. Second, we develop an analytic cost model and use it to show that a simple threshold-based CSE policy can reduce the bandwidth and storage usage seen by the best CSE considered here, that such a policy has a provable worst-case overhead within a factor two of the best non-CSE, and typically performs much better. The results are highly encouraging, and show that it is possible to provide CSE at limited additional overhead compared to non-CSE services.
Funding Agencies|Swedish Research Council (VR)Swedish Research Council