Xiuyuan Chen,Chao Lin,Wei Wu,Debiao He

DOI: https://doi.org/10.1093/comjnl/bxae001

2024-01-27

The Computer Journal

Abstract:Abstract Cloud storage has been widely used in remote data management, although correct storage of the outsourced file is still challenging in practice. Proofs of Retrievability (PoRs), a storage-oriented cryptographic tool, support integrity checking and efficient retrieval of the file. However, due to the lack of a fully credible oversight mechanism or a serious dependence on a trusted third party, most PoRs are incapable of achieving essential and straightforward trust between participants (i.e. the client and server). While blockchain shows promise in solving this trust issue, existing blockchain-based storage systems are scenario-constrained as they require private/permissioned or special-construct blockchains. Consequently, none of these systems provide robust and decentralized trustworthiness. We propose a general Blockchain-based Automatic Audit (BAA) scheme for PoR without limitations based on specific blockchain types. Specifically, we present BAA via stitching together a carefully designed or chosen array of sub-components such as storage proofs and Turing-complete smart contracts. We also integrate BAA with specific PoR models to prove its strong generality and availability. To our best knowledge, our proposal is the first blockchain-based approach that enhances traditional PoR models with both automatic audit and fair payment. The final analysis and implemented prototype on Ethereum demonstrate the utility of BAA.

computer science, information systems, theory & methods, software engineering, hardware & architecture

Chaowen Guan,Kui Ren,Fangguo Zhang,Florian Kerschbaum,Jia Yu

DOI: https://doi.org/10.1007/978-3-319-24174-6_11

2015-01-01

Abstract:Proofs-of-Retrievability enables a client to store his data on a cloud server so that he executes an efficient auditing protocol to check that the server possesses all of his data in the future. During an audit, the server must maintain full knowledge of the client's data to pass, even though only a few blocks of the data need to be accessed. Since the first work by Juels and Kaliski, many PoR schemes have been proposed and some of them can support dynamic updates. However, all the existing works that achieve public verifiability are built upon traditional public-key cryptosystems which imposes a relatively high computational burden on low-power clients (e.g., mobile devices).In this work we explore indistinguishability obfuscation for building a Proof-of-Retrievability scheme that provides public verification while the encryption is based on symmetric key primitives. The resulting scheme offers light-weight storing and proving at the expense of longer verification. This could be useful in apations where outsourcing files is usually done by low-power client and verifications can be done by well equipped machines (e.g., a third party server). We also show that the proposed scheme can support dynamic updates. At last, for better assessing our proposed scheme, we give a performance analysis of our scheme and a comparison with several other existing schemes which demonstrates that our scheme achieves better performance on the data owner side and the server side.

Shan Wang,Ming Yang,Tingjian Ge,Yan Luo,Xinwen Fu

DOI: https://doi.org/10.48550/arXiv.2109.07626

2021-09-16

Abstract:Blockchain has been applied to data sharing to ensure the integrity of data and chain of custody. Sharing big data such as large biomedical data files is a challenge to blockchain systems since the ledger is not designed to maintain big files, access control is an issue, and users may be dishonest. We call big data such as big files stored outside of a ledger that includes the blockchain and world state at a blockchain node as "off-state" and propose an off-state sharing protocol for a blockchain system to share big data between pairs of nodes. In our protocol, only encrypted files are transferred. The cryptographic key is stored in the world state in a secure way and can be accessed only by authorized parties. A receiver has to request the corresponding cryptographic key from the sender to decrypt such encrypted files. All requests are run through transactions to establish reliable chain of custody. We design and implement a prototypical blockchain off-state sharing system, BOSS, with Hyperledger Fabric. Extensive experiments were performed to validate the feasibility and performance of BOSS.

Cryptography and Security

Yang Xu,Ju Ren,Yan Zhang,Cheng Zhang,Bo Shen,Yaoxue Zhang

DOI: https://doi.org/10.1109/tsc.2019.2953033

IF: 11.019

2019-01-01

IEEE Transactions on Services Computing

Abstract:The maturity of network storage technology drives users to outsource local data to remote servers. Since these servers are not reliable enough for keeping users' data, remote data auditing mechanisms are studied for mitigating the threat to data integrity. However, many traditional schemes achieve verifiable data integrity for users only without resolutions to data possession disputes, while others depend on centralized third-party auditors (TPAs) for credible arbitrations. Recently, the emergence of blockchain technology promotes inspiring countermeasures. In this article, we propose a decentralized arbitrable remote data auditing scheme for network storage service based on blockchain techniques. We use a smart contract to notarize integrity metadata of outsourced data recognized by users and servers on the blockchain, and also utilize the blockchain network as the self-recording channel for achieving non-repudiation verification interactions. We also propose a fairly arbitrable data auditing protocol with the support of the commutative hash technique, defending against dishonest provers and verifiers. Additionally, a decentralized adjudication mechanism is implemented by using the smart contract technique for creditably resolving data possession disputes without TPAs. The theoretical analysis and experimental evaluation reveal its effectiveness in undisputable data auditing and the limited requirement of costs.

Han Wang,Xu An Wang,Shuai Xiao,JiaSen Liu

DOI: https://doi.org/10.1007/s12652-020-02432-x

IF: 3.662

2020-08-06

Journal of Ambient Intelligence and Humanized Computing

Abstract:The rapid popularization of cloud computing and ultra-high-speed Internet has promoted the vigorous development of data sharing and collaborative office, especially in Big Data and AI. Aiming at protecting the security of users' data, researchers developed PDP scheme to verify data. However, existing schemes all rely on semi-trusted Third Party Auditor (TPA) or group management to store verification information. In order to solve this problem, we propose a distributed data integrity audit scheme based on blockchain. This scheme provides a brand-new method, which allows customers to store data safely without relying on any specific TPA and protect users' privacy at a lower cost. For the new concept, this paper points out the problems of the existing scheme and puts forward system model and security model. Then, a decentralized data integrity audit scheme using blockchain is designed. The proposed private PDP scheme based on blockchain is provably secure. At the same time, the security analysis and efficiency analysis show that the proposed PDP scheme is safe, efficient and practical.

computer science, information systems,telecommunications, artificial intelligence

Yang Xu,Cheng Zhang,Guojun Wang,Zheng Qin,Quanrun Zeng

DOI: https://doi.org/10.1109/tetc.2020.3005610

2021-07-01

IEEE Transactions on Emerging Topics in Computing

Abstract:Since network storage services achieve widespread adoption, security and performance issues are becoming primary concerns, affecting the scalability of storage systems. Countermeasures like data auditing mechanisms and deduplication techniques are widely studied. However, the existing data auditing mechanism with deduplication cannot solve the problems such as high cost and reliance on trusted third parties in traditional approaches, and it also faces the problem of repeated auditing of data shared by multiple-tenant. This article proposes a blockchain-based deduplicatable data auditing mechanism. We first design a client-side data deduplication scheme based on bilinear-pair techniques to reduce the burden on users and service providers. On this basis, we achieve a trustworthy and efficient data auditing mechanism that helps to check data integrity by using both the blockchain technique and bilinear pairing cryptosystem. The blockchain system is used to record the behaviors of entities in both data outsourcing and auditing processes so that the corresponding immutable records can be used to not only ensure the credibility of audit results but also help to monitor unreliable third-party auditors. Finally, theoretical analysis and experiments reveal the effectiveness and performance of our scheme.

computer science, information systems,telecommunications

Jingting Xue,Chunxiang Xu,Yuan Zhang,Lanhua Bai

DOI: https://doi.org/10.1007/978-3-030-05057-3_30

2018-01-01

Abstract:In this article, we propose a client-side encrypted distributed cloud storage system named DStore, which is constructed in a peer-to-peer networking environment. DStore allows data owners to rent the local idle disks of other peers to store personal data in a distributed manner without relying on centralized control by trusted third parties. For DStore, we propose a challenge-verification solution based on the Merkle hash tree to periodically audit the integrity of outsourced data. DStore employs smart contracts to generate records and achieve consensus regarding lease relationships. Upon completion of an audit, the smart contract verifies the audit result and automatically performs the payment operation. Finally, we conduct a comprehensive evaluation to ensure that DStore is secure and feasible.

S. M. Udhaya Sankar,D. Selvaraj,G.K. Monica,Jeevaa Katiravan

DOI: https://doi.org/10.14445/22315381/IJETT-V71I3P204

2023-04-24

Abstract:With the help of a shared pool of reconfigurable computing resources, clients of the cloud-based model can keep sensitive data remotely and access the apps and services it offers on-demand without having to worry about maintaining and storing it locally. To protect the privacy of the public auditing system that supports the cloud data exchange system. The data's owner has the ability to change it using the private key and publishes it in the cloud. The RSA Technique is used to produce key codes for the cloud services atmosphere's privacy utilizing the system's baseboard number, disc number, and client passcode for validation. The method is based on a cutting-edge User End Generated (UEG) privacy technique that minimizes the involvement of a third party and improves security checks by automatically documenting destructive activities. To strengthen extensibility, various authorization-assigning modalities and block access patterns were established together with current operational design approaches. In order to meet the demands for decentralization, fine-grained auditability, extensibility, flexibility, and privacy protection for multilevel data access in networked environments, the suggested approach makes use of blockchain technology. According to a thorough performance and security assessment, the current proposal is exceptionally safe and effective.

Cryptography and Security

Jingting Xue,Chunxiang Xu,Lanhua Bai

DOI: https://doi.org/10.1016/j.future.2019.04.022

IF: 7.307

2019-01-01

Future Generation Computer Systems

Abstract:In this article, we propose a distributed outsourced data storage and retrieval system named DStore, which is constructed in a peer-to-peer networking environment. Peers (data owners) can rent the local idle disk space and large bandwidth of other peers (lessors) to store personal data and achieve fine-grained data retrieval in a distributed manner without the burden of local storage and maintenance. However, after data outsourcing, data owners no longer have physical possession of the data and face the risk of not being able to efficiently access the data. To solve the above issues, DStore employs smart contracts to audit the integrity of the outsourced data and develop a multikeyword retrieval module to support efficient access by data owners. In DStore, smart contracts can efficiently audit outsourced data without additional communication overhead for data owners; smart contracts and lessors do not compromise the privacy of data owners. Finally, we conduct an extensive security and performance analysis to ensure that DStore is secure and feasible.

Shunrong Jiang,Jianqing Liu,Jingwei Chen,Yiliang Liu,Liangmin Wang,Yong Zhou

DOI: https://doi.org/10.1109/TSC.2022.3199111

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:Cloud outsourcing provides flexible storage and computation services for data users in a low cost, but it brings many security threats as the cloud server may not be fully trusted. Previous secure outsourcing solutions mostly assume that the server is honest-but-curious while the adversary model of a malicious server that may return incorrect results is rarely explored. Moreover, with the increasing popularity of verifiable computations, existing verification schemes are yet not efficient and cannot cater to different scenarios in practice. In this paper, we propose a blockchain-based verifiable search framework for the adversarial cloud outsourcing context. When outsourcing the encrypted data to the cloud or Interplanetary File System (IPFS), we also store the encrypted data index in a decentralized blockchain (i.e., Ethereum in this paper) which is public and cannot be modified. Once a user is authorized, he/she can flexibly obtain the query results and efficiently check the query integrity via the pre-deployed smart contract, without the need of the data owner being online. Moreover, for user's privacy protection, we construct a stealth authorization scheme to deliver the access authorization without any identity disclosure. Finally, theoretical analysis and performance evaluation validate the security and efficiency of our proposed framework.

Yuefeng Du,Huayi Duan,Anxin Zhou,Cong Wang,Man Ho Au,Qian Wang

DOI: https://doi.org/10.48550/arXiv.2005.05531

2020-08-07

Abstract:How to audit outsourced data in centralized storage like cloud is well-studied, but it is largely under-explored for the rising decentralized storage network (DSN) that bodes well for a billion-dollar market. To realize DSN as a usable service in a truly decentralized manner, the blockchain comes in handy -- to record and verify audit trails in forms of proof of storage, and based on that, to handle fair payments with necessary dispute resolution. Leaving the audit trails on the blockchain offers transparency and fairness, yet it 1) sacrifices privacy, as they may leak information about the data under audit, and 2) overwhelms on-chain resources, as they may be practically large in size and expensive to verify. Prior auditing designs in centralized settings are not directly applicable here. A handful of proposals targeting DSN cannot satisfactorily address these issues either. We present an auditing solution that addresses on-chain privacy and efficiency, from a synergy of homomorphic linear authenticators with polynomial commitments for succinct proofs, and the sigma protocol for provable privacy. The solution results in, per audit, 288-byte proof written to the blockchain, and constant verification cost. It can sustain long-term operation and easily scale to thousands of users on Ethereum.

Cryptography and Security

Jiangang Shu,Xing Zou,Xiaohua Jia,Weizhe Zhang,Ruitao Xie

DOI: https://doi.org/10.1109/tcc.2021.3051622

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:Public auditing schemes for cloud storage systems have been extensively explored with the increasing importance of data integrity. A third-party auditor (TPA) is introduced in public auditing schemes to verify the integrity of outsourced data on behalf of users. To resist malicious TPAs, many blockchain-based public verification schemes have been proposed. However, existing auditing schemes rely on a centralized TPA, and they are vulnerable to tempting auditors who may collude with malicious blockchain miners to produce biased auditing results. In this article, we propose a blockchain-based decentralized public auditing (BDPA) scheme by utilizing a decentralized blockchain network to undertake the responsibility of a centralized TPA, and also mitigate the influence of tempting auditors and malicious blockchain miners by taking the concept of decentralized autonomous organization (DAO). A detailed security analysis shows that BDPA can preserve data integrity against tempting auditors and malicious blockchain miners. A comprehensive performance evaluation demonstrates that BDPA is feasible and scalable.

Sabine Bertram,Co-Pierre Georg

DOI: https://doi.org/10.48550/arXiv.1810.11655

2018-10-27

Cryptography and Security

Abstract:Blockchain has the potential to revolutionize the way we store, use, and process data. Information on most blockchains can be viewed by every node hosting the blockchain, which means that most blockchains cannot handle private data. Decentralized databases exist that guarantee privacy by encrypting user data with the user's private key, but this prevents easy data sharing. However, in many real world applications, from student data to medical records, it is desirable that user data is anonymously searchable. In this paper we present a novel system that gives users ownership over their data while at the same time enabling them to make their data searchable within previously agreed upon limits. Our system implements a strong notion of ownership using a self-sovereign identity system and a weak notion of ownership using multiple centralized databases together with a blockchain and a tumbling process. We discuss applications of our methods to university's student records and medical data.

Tian Li,Huaqun Wang,Debiao He,Jia Yu

DOI: https://doi.org/10.1109/tifs.2022.3144869

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:In the digital twin environment, the fusion data onto physical entities in the physical space are mapped to multiple virtual spaces for digital modeling and intelligent simulation in different dimensions. In real intelligent manufacturing scenarios, heterogeneous multi-source fusion data are collected at the same time period. So they are consistent in time state. For the autonomous digital twin system, time states verification and integrity checking are basic security factors. Provable data possession technology can check the integrity of data onto virtual spaces. The blockchain can provide the synchronization interface to make distributed entities to obtain the trusted time state value. Considering the privacy, the blockchain can also provide anonymous services for entities. Therefore, we propose the blockchain-based synchronized provable data possession scheme (named BSPDP) for digital twin. In our scheme, the selection of verifier is flexible. Since virtual spaces may be maliciously framed to pay compensation, we use tag verification to prevent honest virtual spaces from being framed. Under the assumption of RSA, the proposed BSPDP is provably secure. Finally, the performance analysis demonstrates that BSPDP is practical. The experimental results show that BSPDP is effective and attractive for digital twin.

computer science, theory & methods,engineering, electrical & electronic

YiNing Qi,YongFeng Huang

DOI: https://doi.org/10.1007/s11431-017-9258-0

2018-01-01

Science China Technological Sciences

Abstract:Multi-cloud storage is a promising platform to offer resilient solution for clients in financial or confidentiality aspects. The research of provable data possession (PDP) schemes has long been a popular topic in the perspective of enhancing trust between clients and clouds. For multi-cloud, the works almost rely on centralized agent server called organizer to control the clouds and third party auditor (TPA) to realize public verification and reputation system. However, such centralized structure brings in the risk of collusion attack that malicious clouds can collaborate with TPA to deceive the client. This paper tries to explore a new way to construct decentralized integrity and reputation audit (DIRA) scheme, by taking advantage of improved blockchain with two-step transaction validation and removing all the centralized structure from the multi-cloud storage. The analysis shows that the DIRA scheme obtains the resistance to collusion attack.

Yanping Wang,Xiaosong Zhang,Xiaofen Wang,Teng Hu,Peng Lu,Mingyong Yin

DOI: https://doi.org/10.1155/2022/1317626

IF: 1.968

2022-01-01

Security and Communication Networks

Abstract:With the increasingly prominent value of big data, data sharing within enterprises and organizations has become increasingly popular, and many institutions have established data centers to achieve effective data storage and sharing. Meanwhile, cyberspace data security and privacy have become the most critical issue that people are concerned about since shared data often involves commercial secrets and sensitive information. At present, data encryption techniques have been applied to protect the security of the sensitive data stored in and shared by the data centers. However, the challenges of efficient data sharing, secure management of decryption keys, deduplication of the plaintext, and transparency and auditability of the data access arise. These challenges may obstruct the development of data sharing in data-driven systems. To meet these challenges, we propose a secure and trustworthy data sharing scheme and introduce blockchain, proxy re-encryption (PRE), and trusted execution environments (TEEs) into the data-driven systems. Our scheme mainly enables (1) automatic distribution and management of the decryption keys, (2) reduction of the reduplicative data, and (3) trustworthy data sharing and recording. Finally, we implement the proposed scheme and compare it with other existing schemes. It is demonstrated that our scheme reduces the computation and communication overhead.

Hong Lei,Zijian Bao,Qinghao Wang,Yongxin Zhang,Wenbo Shi

DOI: https://doi.org/10.1007/978-981-15-9213-3_21

2020-01-01

Abstract:With the continuous growth of data resources, outsourcing data storage to cloud service providers is becoming the norm. Unfortunately, once data are stored on the cloud platform, they will be out of data owners’ control. Thus, it is critical to guarantee the integrity of the remote data. To solve this problem, researchers have proposed many data auditing schemes, which often employ a trusted role named Third Party Auditor (TPA) to verify the integrity. However, the TPA may not be reliable as expected. For example, it may collude with cloud service providers to hide the fact of data corruption for benefits. Blockchain has the characteristics of decentralization, non-tampering, and traceability, which provides a solution to trace the malicious behaviors of the TPA. Moreover, Intel SGX, as the popular trusted computing technology, can be used to protect the correctness of the auditing operations with a slight performance cost, which excellently serves as the of the blockchain-based solution. In this paper, we propose a secure auditing scheme based on the blockchain and Intel SGX technology, termed SDABS. The scheme follows the properties of storage correctness, data-preserving, accountability, and anti-collusion. The experiment results show that our scheme is efficient.

Ying Miao,Qiong Huang,Meiyan Xiao,Hongbo Li

DOI: https://doi.org/10.1109/ACCESS.2020.3013153

IF: 3.9

2020-01-01

IEEE Access

Abstract:Cloud storage systems provide a flexible, convenient and friendly way for users to outsource data. However, users lose control of their data once outsourcing them to the cloud. Public auditing was introduced to ensure data integrity, in which a third-party auditor (TPA) is delegated to execute auditing tasks. In general, TPA generates and sends challenge information to the cloud server (CS), which proves data possession accordingly. However, the TPA may not perform public auditing protocol honestly or may even collude with CS to deceive users. Some existing public auditing schemes utilize blockchain to resist against the malicious TPA. However, the CS may guess the challenge messages and there is a risk that users' information may be leaked to the TPA during the process of auditing. In this paper, we propose a decentralized and privacy-preserving public auditing scheme based on blockchain (DBPA), in which a blockchain is utilized as an unpredictable source for the generation of (random) challenge information, and the auditor is required to record the audit process onto the blockchain. Due to the characteristics of blockchain, users can check the audit results publicly. Moreover, zero-knowledge proof is used in DBPA to protect user's privacy during the audit process so that the response information returned by the CS does not leak information about user's data. Security analysis and performance evaluation show that DBPA is secure and efficient.

Valentin Zieglmeier,Gabriel Loyola Daiqui,Alexander Pretschner

DOI: https://doi.org/10.1145/3592624

2023-04-21

Abstract:Employee data can be used to facilitate work, but their misusage may pose risks for individuals. Inverse transparency therefore aims to track all usages of personal data, allowing individuals to monitor them to ensure accountability for potential misusage. This necessitates a trusted log to establish an agreed-upon and non-repudiable timeline of events. The unique properties of blockchain facilitate this by providing immutability and availability. For power asymmetric environments such as the workplace, permissionless blockchain is especially beneficial as no trusted third party is required. Yet, two issues remain: (1) In a decentralized environment, no arbiter can facilitate and attest to data exchanges. Simple peer-to-peer sharing of data, conversely, lacks the required non-repudiation. (2) With data governed by privacy legislation such as the GDPR, the core advantage of immutability becomes a liability. After a rightful request, an individual's personal data need to be rectified or deleted, which is impossible in an immutable blockchain. To solve these issues, we present Kovacs, a decentralized data exchange and usage logging system for inverse transparency built on blockchain. Its new-usage protocol ensures non-repudiation, and therefore accountability, for inverse transparency. Its one-time pseudonym generation algorithm guarantees unlinkability and enables proof of ownership, which allows data subjects to exercise their legal rights regarding their personal data. With our implementation, we show the viability of our solution. The decentralized communication impacts performance and scalability, but exchange duration and storage size are still reasonable. More importantly, the provided information security meets high requirements. We conclude that Kovacs realizes decentralized inverse transparency through secure and GDPR-compliant use of permissionless blockchain.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Shunrong Jiang,Jianqing Liu,Liangmin Wang,Seong-Moo Yoo

DOI: https://doi.org/10.1109/icc.2019.8761146

2019-01-01

Abstract:Outsourcing storage and computation to clouds is popular but also raises security concerns. Most existing solutions mainly focus on an honest-but-curious cloud server, while security designs against a malicious server have not drawn enough attention. Although there are a few works addressing the issue of verifiable designs that enable the data owner to verify the integrity of search results. Unfortunately, these verification schemes are not efficient and or applicable from one scenario to another. Motivated by this, in this paper, we propose a publicly verifiable search framework for outsourced encrypted data based on blockchain. In our framework, we store the encrypted index in a decentralized blockchain (Ethereum) while outsourcing the corresponding encrypted data to the cloud or Interplanetary File System (IPFS). Thus, once a user is authorized, he/she can get the query results and check the query integrity efficiently by the designed smart contract anytime without data owner being online. Besides, to guarantee the privacy of the data user in the Ethereum, we construct a stealth authorization scheme to achieve access authorization delivery. The security analysis and performance evaluation show that the proposed scheme is secure and practical for verification of encrypted data.