Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/tnet.2021.3058130

2021-01-01

Abstract:With the widespread application of cloud storage, ensuring the integrity of user outsourced data catches more and more attention. To remotely check the integrity of cloud storage, plenty of protocols have been proposed, implemented by checking the equation constructed by the aggregated blocks, tags, and indices. However, the verifier only has the knowledge of the indices of the audited blocks and tags, which thus requires the cloud to store both data blocks and tags for integrity verification. In this article, we present a compressive secure cloud storage protocol inspired by Goldreich-Goldwasser-Halevi (GGH) cryptosystem. Since the aggregated blocks can be reconstructed from the aggregated tags without the help of data indices, the cloud can only store data tags for providing the verifiable integrity proof. In this way, communication and storage costs can be hugely reduced and user private information can be hidden from the cloud. Furthermore, the proposed protocol only contains a few basic algebraic operations, making it highly efficient. We also provide formal security proof of the proposed protocol regarding forge, replay and replace attacks. In addition, we explore a new technique to support data dynamics. Furthermore, we establish a generic framework of compressive secure cloud storage protocols. Finally, we provide the theoretical analysis and experimental results, which further validate the effectiveness of the proposed protocol.

Jian Zhang,Yang,Yanjiao Chen,Jing Chen,Qian Zhang

DOI: https://doi.org/10.1016/j.comnet.2017.08.019

IF: 5.493

2017-01-01

Computer Networks

Abstract:With the growing popularity of cloud storage, to guarantee the security of outsourced data becomes more and more important. In this paper, we make the first attempt to explore the intrinsic relationship between secure cloud storage and homomorphic encryption scheme, based on which we present a Generic way to design a Secure Cloud Storage protocol, denoted as G-SCS, using any homomorphic encryption scheme (HES). The proposed G-SCS is secure under a definition that satisfy the security requirement of cloud storage. To address various issues in real application scenarios, we further extend the protocol to support deterministic and randomized auditing, data dynamics (i.e., data insertion, deletion and modification), as well as third-party public auditing, while preserving the efficiency and security of the protocol. By instantiating all abstract semantics in G-SCS, we construct three concrete secure cloud storage protocols using RSA-based, Paillier-based and DGHV-based HESs, which are multiplicatively, additively and fully HESs, respectively. We conduct extensive theoretical analysis and experimental evaluations to validate the practicability of the proposed protocol.

Songrun Yang,Jinyong Chang

DOI: https://doi.org/10.1007/s10586-023-04239-9

2024-02-14

Cluster Computing

Abstract:In recent years, cloud storage services have risen widely, and how to ensure the integrity of outsourced data in cloud setting catches more and more attention. Kinds of integrity auditing protocols, additionally attaching tags on original data file, have been proposed. In order to compress the storage and communication overheads, Yang et al. presented a compressive auditing technique, which is identity-based and quantum computing resistant. Note that Yang et al. also claimed that their protocol is "suitable" for outsourcing auditing process to third party auditor (TPA). However, in this paper, we first pointed out that Yang et al.'s compressive protocol is essentially private auditing since the data owner needs to confidential transmit secret value to TPA. In fact, if TPA shares this value to cloud service provider (CSP), then Yang et al.'s scheme will become completely insecure. Then, we propose a new identity-based protocol, which is based on lattice and thus still secure in future quantum computing. Meanwhile, our proposed protocol belongs to public auditing instead of private auditing. Finally, we analyze the performance of our proposed protocol, which shows that it is competitive in the cloud storage applications.

computer science, information systems, theory & methods

Hongyi Su,Geng Yang,and Dawei Li

2011-01-01

Abstract:Data storage is an important application of cloud computing. With a cloud computing platform, the burden of local data storage can be reduced. However, services and applications in a cloud may come from different providers, and creating an efficient protocol to protect privacy is critical. We propose a verification protocol for cloud database entries that protects against untrusted service providers. Based on identity-based encryption （IBE） for cloud storage, this protocol guards against breaches of privacy in cloud storage. It prevents service providers from easily constructing cloud storage and forging the signature of data owners by secret sharing. Simulation results confirm the availability and efficiency of the proposed protocol.

Jian Zhang,Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/iwqos.2017.7969107

2017-01-01

Abstract:With the development of cloud storage, data owners no longer physically possess their data and thus how to ensure the integrity of their outsourced data becomes a challenging task. Several protocols have been proposed to audit cloud storage, all of which rely mainly on data block tags to check data integrity. However, their block tag constructions employ cryptographic operations, which makes them computationally complex. In this paper, we investigate a secure cloud storage protocol based on the classic discrete logarithm problem. Our protocol generates data block tags with only basic algebraic operations, which brings substantial computation savings compared with previous work. We also strictly prove that the proposed protocol is secure under a definition which captures the real-world uses of cloud storage. In order to fit more application scenarios, we extend the proposed protocol to support data dynamics by employing an index vector and third-party public auditing by using a random masking number, both of which are efficient and provably secure. At last, theoretical analysis and experimental evaluation are provided to validate the superiority of the proposed protocol.

Fei Chen,Fengming Meng,Tao Xiang,Hua Dai,Jianqiang Li,Jing Qin

DOI: https://doi.org/10.1109/tpds.2020.2998462

IF: 5.3

2020-11-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Cloud storage security has gained considerable research efforts with the wide adoption of cloud computing. As a security mechanism, researchers have been investigating cloud storage auditing schemes that enable a user to verify whether the cloud keeps the user's outsourced data undamaged. However, existing schemes have usability issues in compatibility with existing real world cloud storage applications, error-tolerance, and efficiency. To mitigate this usability gap, this article proposes a new general cloud storage auditing scheme that is more usable. The proposed scheme uses the idea of integrating linear error correcting codes and linear homomorphic authentication schemes together. This integration uses only one additional block to achieve error tolerance and authentication simultaneously. To demonstrate the power of the general construction, we also propose one detailed scheme based on the proposed general construction using the Reed Solomon code and the universal hash based MAC authentication scheme, both of which are implemented over the computation-efficient Galois field $mathrm {GF}{(2^8)}$<math> GF (28)</math>. We also show that the proposed scheme is secure under the standard definition. Moreover, we implemented and open-sourced the proposed scheme. Experimental results show that the proposed scheme is orders of magnitude more efficient than the state-of-the-art scheme.

computer science, theory & methods,engineering, electrical & electronic

Yingjie Xia,Fubiao Xia,Xuejiao Liu,Xin Sun,Yuncai Liu,Yi Ge

DOI: https://doi.org/10.3837/tiis.2014.10.019

2014-01-01

Abstract:The increasing demand in promoting cloud computing in either business or other areas requires more security of a cloud storage system. Traditional cloud storage systems fail to protect data integrity information (DII), when the interactive messages between the client and the data storage server are sniffed. To protect DII and support public verifiability, we propose a data integrity verification scheme by deploying a designated confirmer signature DCS as a building block. The DCS scheme strikes the balance between public verifiable signatures and zero-knowledge proofs which can address disputes between the cloud storage server and any user, whoever acting as a malicious player during the two-round verification. In addition, our verification scheme remains blockless and stateless, which is important in conducting a secure and efficient cryptosystem. We perform security analysis and performance evaluation on our scheme, and compared with the existing schemes, the results show that our scheme is more secure and efficient.

Xiufeng Zhao,Xiang Wang,Hao Xu,Yilei Wang

DOI: https://doi.org/10.1504/ijhpcn.2015.070020

2015-01-01

Abstract:Cloud computing is a distributed computing model, which provides services and resources. As a new type of storage services, cloud storage provides a new method for mass data storage management. Nowadays, more and more users upload their data to cloud storage servers and retrieve data when needed. One of the basic tasks of cloud storage is to guarantee the integrity between retrieved and uploaded data. Therefore, data integrity checking of cloud storage becomes a key issue. This paper proposes a privacy-preserving public verifying cloud data integrity checking protocol. To achieve security against quantum computer attacks, we resort to constructing homomorphic linear authenticator based on a lattice-based homomorphic signature algorithm. To eliminate data content exposure to achieve privacy, we use the blind checking technique. Theoretical analysis indicates that our scheme achieves security against malicious cloud server and privacy against third party auditor TPA, and resists the known-proof forgery attack. Compared with other protocols, our protocol does not resort to rank-based authenticated skip list, saving storage and communication overhead. Furthermore, it makes use of matrix-vector multiplication operation, avoiding great amount of module exponential operation, which reduces the computational labour for cloud server and TPA.

Yubo Zhao,Jinyong Chang

DOI: https://doi.org/10.1016/j.comnet.2022.109270

IF: 5.493

2022-10-24

Computer Networks

Abstract:In recent years, cloud storage has become an attractive service for data owners to store their personal data. Since they lose physical control of their data, it is necessary to regularly audit its integrity. The public auditing technique is very popular because it is suitable to outsource the auditing task to any third-party auditor, who has professional knowledge on auditing. However in many practical scenarios, the data owner may expect some designated verifier (instead of any) to audit its data. Thus, the public auditing scheme with designated verifier was proposed. In order to further reduce the cost of managing certificates, and to avoid the dependence on public key infrastructure, identity-based auditing scheme with designated verifier was recently proposed. Nevertheless, the proposed identity-based auditing scheme still suffers from the key escrow attack the risk of privacy leakage. In this paper, for the first time, we propose a certificateless public auditing protocol with designated verifier privacy-preserving property. More concretely, it can not only protect the privacy of the stored data against the designated verifier, but also resolve key escrow problem existed in identity-based technique. Its security is based on the Computational Diffie–Hellman and Weil Diffie–Hellman assumptions. Finally, the performance analysis experimental results of the proposed protocol show that our auditing scheme is efficient feasible to applications in real life.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Yang Yang,Yanjiao Chen,Fei Chen,Jing Chen

DOI: https://doi.org/10.1109/tifs.2022.3159152

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Cloud storage is more and more prevalent in practice, and thus how to check its integrity becomes increasingly essential. A classical solution is identity-based (ID-based) provable data possession (PDP), which supports certificateless cloud storage auditing without entire user data. However, existing ID-PDP protocols always require that cloud users outsource data blocks, authenticators and a small-sized file tag to the cloud, and make use of the heavy elliptic curve cryptography over bilinear pairing. These disadvantages would result in vast storage, communication, and computation costs, which is unexpected, especially for resource-limited cloud users. To improve the performance, this paper proposes a novel cryptographic primitive: ID-based PDP with compressed cloud storage. In this model, cloud storage auditing can be achieved by using only encrypted data blocks in a self-verified way, and original data blocks can be reconstructed from the outsourced data. Thus, data owners no longer need to store original data blocks on the cloud. We also use some basic algebraic operations to realize a concrete ID-based PDP protocol with compressed cloud storage, which is quite efficient due to no heavy cryptographic operations involved. The proposed protocol can easily be extended to support the other practical functions by using the primitive replacement technique. The proposed protocol is strictly proven to have the properties of correctness, privacy, unforgeability and detectability. Finally, we give plenty of theoretical analysis and experimental results to validate the efficiency of the proposed protocol.

computer science, theory & methods,engineering, electrical & electronic

Yang Yang,Yanjiao Chen,Fei Chen,Jing Chen

DOI: https://doi.org/10.1109/jiot.2021.3121678

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Remote data integrity auditing ensures the integrity of cloud storage. In practice, cloud users may not want their sensitive data to be exposed to others. Thus, it is meaningful to investigate how to realize data sharing with sensitive information hiding in cloud storage auditing. Up to now, cloud storage has been proven to achieve the sensitive information hiding property through a third-party sanitizer dedicated to sanitize user data, which leads to high outlays on purchasing and maintaining a special server. To meet this challenge, we design a novel cloud storage auditing protocol to support sensitive information hiding without the need of a third-party sanitizer. In addition, our scheme allows data owners to enable or disable other users to access their sensitive information with the help of the cloud that dose not deviate from the agreement during access control. To be specific, only after receiving the delegations from the data owner, the users can compute the valid warrants that can pass the access verification of the cloud. The proposed protocol is built on identity-based cryptography, thus avoiding the complex certificate management. We validate the advantages of the proposed protocol through massive theoretical analysis and experimental results.

computer science, information systems,telecommunications,engineering, electrical & electronic

Haoming Wang,Yuanhang Zhang,Xu An Wang,Xiaoyuan Yang

DOI: https://doi.org/10.1016/j.heliyon.2024.e36273

IF: 3.776

2024-08-20

Heliyon

Abstract:With the rapid development of informatization, a vast amount of data is continuously generated and accumulated, leading to the emergence of cloud storage services. However, data stored in the cloud is beyond the control of users, posing various security risks. Cloud data auditing technology enables the inspection of data integrity in the cloud without the necessity of data downloading. Among these, public auditing schemes have experienced rapid development due to their ability to avoid additional user auditing expenses. However, malicious third-party auditors can compromise data privacy. This paper proposes an improved identity-based cloud auditing scheme that can resist malicious auditors. This scheme is also constructed on an identity-based public auditing scheme using blockchain to prevent malicious auditing. We found the scheme is not secure because a malicious cloud server can forge authentication tags for outsourced data blocks, while our scheme has not these security flaws. Through security proofs and performance analysis, we further demonstrate that our scheme is secure and efficient. Additionally, our scheme has typical application scenarios.

Xiang Liu,Jie Huang,Guowen Zong

DOI: https://doi.org/10.1109/trustcom/bigdatase.2018.00104

2018-08-01

Abstract:This paper investigates the intrinsic relationship between secure network coding and secure cloud storage. We propose a novel homomorphic signature scheme and then illustrate a method to construct the network coding based secure cloud storage (NCSCS) protocol, wherein the security of the homomorphic signature scheme is the foundation of the NCSCS protocol. By employing network coding and homomorphic signature technique, the proposed NCSCS system can serve as both cloud service provider and router of a communication network at the same time, where the public auditing of the outsourced data is enabled. Finally, we perform the simulation of the proposed protocol and evaluate its performance. The security and efficiency can be validated from the simulation results.

Zhen Xu,Cong Wang,Kui Ren,Lingyu Wang,Bingsheng Zhang

DOI: https://doi.org/10.1109/tifs.2014.2352457

2013-01-01

Abstract:Cloud computing provides a “pay-per-use” utility service which offers the customer the economical access to large amount of computing resources with minimal management overhead. Despite the tremendous benefits, computation outsourcing also eliminates the customer's ultimate control over the data computation process, which makes securing cloud computation an imperative and challenging task, especially in the aspect of integrity verification. To address these challenges, in this paper we propose to research on integrity verification mechanisms for secure outsourced computations in cloud computing. In particular, we focus on outsourcing the widely applicable engineering optimization problem, i.e., convex optimization, and aim to investigate efficient integrity verification mechanisms using application-specific techniques. Our security design does not require the use of heavy cryptographic tools. Instead, we leverage the inherent structure of the optimization problems and the proof-carrying characteristics of the solving algorithms to achieve efficient integrity verification. The proposed design provides substantial computational savings on the customer side and introduce marginal overhead on the cloud side. We further prove its correctness and soundness. The extensive experiments under real cloud environment show our mechanisms ensure strong integrity assurance with high efficiency on both the customer and cloud sides and are readily applicable in practice.

Cong Wang,Qian Wang,Kui Ren,Ning Cao,Wenjing Lou

DOI: https://doi.org/10.1109/tsc.2011.24

IF: 11.019

2011-01-01

IEEE Transactions on Services Computing

Abstract:Cloud storage enables users to remotely store their data and enjoy the on-demand high quality cloud applications without the burden of local hardware and software management. Though the benefits are clear, such a service is also relinquishing users' physical possession of their outsourced data, which inevitably poses new security risks toward the correctness of the data in cloud. In order to address this new problem and further achieve a secure and dependable cloud storage service, we propose in this paper a flexible distributed storage integrity auditing mechanism, utilizing the homomorphic token and distributed erasure-coded data. The proposed design allows users to audit the cloud storage with very lightweight communication and computation cost. The auditing result not only ensures strong cloud storage correctness guarantee, but also simultaneously achieves fast data error localization, i.e., the identification of misbehaving server. Considering the cloud data are dynamic in nature, the proposed design further supports secure and efficient dynamic operations on outsourced data, including block modification, deletion, and append. Analysis shows the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks.

Fanglin An Fanglin An,Jun Ye Fanglin An,Zhen Guo Jun Ye

DOI: https://doi.org/10.53106/160792642023032402007

2023-03-01

網際網路技術學刊

Abstract:The development of cloud storage is indispensable for today’s Internet information technology. The superiority of cloud storage is that the ownership of the storage medium and the ownership of the stored data are divided and held by two parties with respective interests - cloud server providers and data users. However, the transmission, storage and utilization of data constantly caused the violation of users&rsquo; rights and interests. Data integrity as a countermeasure has been paid growing attention to by researchers. Traditional data integrity protection schemes are based on the cloud server-client architecture, which requires high computational overhead and communication. To address this scenario, this paper proposes an improved data integrity verification scheme that enables local users to perform rapid and efficient data integrity verification of data stored on cloud servers, reduces the volume of communication data during the verification process, and effectively prevents the loss or tampering of data stored in the cloud server. &nbsp;

computer science, information systems,telecommunications

K. Mahalakshmi,K. Kousalya,Himanshu Shekhar,Aby K. Thomas,L. Bhagyalakshmi,Sanjay Kumar Suman,S. Chandragandhi,Prashant Bachanna,K. Srihari,Venkatesa Prabhu Sundramurthy

DOI: https://doi.org/10.1155/2021/8533995

2021-12-22

Scientific Programming

Abstract:Cloud storage provides a potential solution replacing physical disk drives in terms of prominent outsourcing services. A threaten from an untrusted server affects the security and integrity of the data. However, the major problem between the data integrity and cost of communication and computation is directly proportional to each other. It is hence necessary to develop a model that provides the trade-off between the data integrity and cost metrics in cloud environment. In this paper, we develop an integrity verification mechanism that enables the utilisation of cryptographic solution with algebraic signature. The model utilises elliptic curve digital signature algorithm (ECDSA) to verify the data outsources. The study further resists the malicious attacks including forgery attacks, replacing attacks and replay attacks. The symmetric encryption guarantees the privacy of the data. The simulation is conducted to test the efficacy of the algorithm in maintaining the data integrity with reduced cost. The performance of the entire model is tested against the existing methods in terms of their communication cost, computation cost, and overhead cost. The results of simulation show that the proposed method obtains reduced computational of 0.25% and communication cost of 0.21% than other public auditing schemes.

computer science, software engineering

Xinpeng Zhang,Chunxiang Xu,Wei Sai,Ying Li,Tao Zhou

DOI: https://doi.org/10.2991/ictcs-14.2014.10

2014-01-01

Abstract:Cloud storage is a kind of cloud computing services that allows users to store their data in a remote cloud. Because of the loss of data control, data owners will concern that their data will be misused or unauthorized access by other users, in addition, they also worry their data may be lost in the clouds. Therefore, verify the authenticity of the data has become a key issue of data stored on the untrusted server.Shacham and Waters [17] give two Data storage audit protocols with full security proofs against arbitrary adversaries in the strongest secure model, but the server needs to give back a linear combination of the blocks that will leak audit data to the auditor. In order to improve the agreement of Shaham and waters, we use a hash function and blind technique to construct a public's privacy audit protocol.

Zhangyun Liu,Xiaowei Yang,Kun Zhao,Yongjian Liao,Yichuan He

DOI: https://doi.org/10.1109/bigcom.2017.29

2017-08-01

Abstract:In cloud storage, remote data integrity checking is considered as a crucial technique about data owners who upload enormous data to cloud server provider. A majority of the existing remote data integrity checking protocols rely on the expensive public key infrastructure. In addition, the verification of certificates needs heavy computation and communication cost. Meanwhile, the existing some protocols are not secure under the quantum computer attacks. However, lattice-based constructed cryptography can resist quantum computer attacks and is fairly effective, involving matrix-matrix or matrix-vector multiplications. So, we propose an identity-based remote data integrity checking protocol from lattices, which can eliminate the certificate management process and resist quantum computer attacks. Our protocol is completeness and provably secure based on the hardness small integer solution assumption. The presented scheme is secure against cloud service provider attacks, and leaks no any blocks of the stored file to the third party auditor during verification stage, namely the data privacy against the curiosity third party auditor attacks. The cloud service provider attack includes lost attack and tamper attack. Furthermore, the performance analysis of some protocols demonstrate that our protocol of remote data integrity checking is useful and efficient.

Qian Wang,Cong Wang,Kui Ren,Wenjing Lou,Jin Li

DOI: https://doi.org/10.1109/tpds.2010.183

IF: 5.3

2010-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Cloud Computing has been envisioned as the next-generation architecture of IT Enterprise. It moves the application software and databases to the centralized large data centers, where the management of the data and services may not be fully trustworthy. This unique paradigm brings about many new security challenges, which have not been well understood. This work studies the problem of ensuring the integrity of data storage in Cloud Computing. In particular, we consider the task of allowing a third party auditor (TPA), on behalf of the cloud client, to verify the integrity of the dynamic data stored in the cloud. The introduction of TPA eliminates the involvement of the client through the auditing of whether his data stored in the cloud are indeed intact, which can be important in achieving economies of scale for Cloud Computing. The support for data dynamics via the most general forms of data operation, such as block modification, insertion, and deletion, is also a significant step toward practicality, since services in Cloud Computing are not limited to archive or backup data only. While prior works on ensuring remote data integrity often lacks the support of either public auditability or dynamic data operations, this paper achieves both. We first identify the difficulties and potential security problems of direct extensions with fully dynamic data updates from prior works and then show how to construct an elegant verification scheme for the seamless integration of these two salient features in our protocol design. In particular, to achieve efficient data dynamics, we improve the existing proof of storage models by manipulating the classic Merkle Hash Tree construction for block tag authentication. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multiuser setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis show that the proposed schemes are highly efficient and provably secure.