Chang Liu,Rajiv Ranjan,Chi Yang,Xuyun Zhang,Lizhe Wang,Jinjun Chen

DOI: https://doi.org/10.1109/tc.2014.2375190

IF: 3.183

2015-09-01

IEEE Transactions on Computers

Abstract:Cloud computing that provides elastic computing and storage resource on demand has become increasingly important due to the emergence of “big data”. Cloud computing resources are a natural fit for processing big data streams as they allow big data application to run at a scale which is required for handling its complexities (data volume, variety and velocity). With the data no longer under users' direct control, data security in cloud computing is becoming one of the most concerns in the adoption of cloud computing resources. In order to improve data reliability and availability, storing multiple replicas along with original datasets is a common strategy for cloud service providers. Public data auditing schemes allow users to verify their outsourced data storage without having to retrieve the whole dataset. However, existing data auditing techniques suffers from efficiency and security problems. First, for dynamic datasets with multiple replicas, the communication overhead for update verifications is very large, because each update requires updating of all replicas, where verification for each update requires O(log n ) communication complexity. Second, existing schemes cannot provide public auditing and authentication of block indices at the same time. Without authentication of block indices, the server can build a valid proof based on data blocks other than the blocks client requested to verify. In order to address these problems, in this paper, we present a novel public auditing scheme named MuR-DPA. The new scheme incorporated a novel authenticated data structure (ADS) based on the Merkle hash tree (MHT), which we call MR-MHT. To support full dynamic data updates and authentication of block indices, we included rank and level values in computation of MHT nodes. In contrast to existing schemes, level values of nodes in MR-MHT are assigned in a top-down order, and all replica blocks for each data block are organized into a same replica sub-tree. Such a configuration allows efficient verification of updates for multiple replicas. Compared to existing integrity verification and public auditing schemes, theoretical analysis and experimental results show that the proposed MuR-DPA scheme can not only incur much less communication overhead for both update verification and integrity verification of cloud datasets with multiple replicas, but also provide enhanced security against dishonest cloud service providers.

engineering, electrical & electronic,computer science, hardware & architecture

Yue Zhang,Jia Yu,Rong Hao,Cong Wang,Kui Ren

DOI: https://doi.org/10.1109/tdsc.2018.2829880

2018-01-01

Abstract:Cloud storage auditing schemes for shared data refer to checking the integrity of cloud data shared by a group of users. User revocation is commonly supported in such schemes, as users may be subject to group membership changes for various reasons. Previously, the computational overhead for user revocation in such schemes is linear with the total number of file blocks possessed by a revoked user. The overhead, however, may become a heavy burden because of the sheer amount of the shared cloud data. Thus, how to reduce the computational overhead caused by user revocations becomes a key research challenge for achieving practical cloud data auditing. In this paper, we propose a novel storage auditing scheme that achieves highly-efficient user revocation independent of the total number of file blocks possessed by the revoked user in the cloud. This is achieved by exploring a novel strategy for key generation and a new private key update technique. Using this strategy and the technique, we realize user revocation by just updating the non-revoked group users' private keys rather than authenticators of the revoked user. The integrity auditing of the revoked user's data can still be correctly performed when the authenticators are not updated. Meanwhile, the proposed scheme is based on identity-base cryptography, which eliminates the complicated certificate management in traditional Public Key Infrastructure (PKI) systems. The security and efficiency of the proposed scheme are validated via both analysis and experimental results.

Xinpeng Zhang,Chunxiang Xu,Xiaojun Zhang,Taizong Gu,Zhi Geng,Guoping Liu

DOI: https://doi.org/10.3390/info7020031

2016-01-01

Information

Abstract:With the advent of the big data era, cloud data storage and retrieval have become popular for efficient data management in large companies and organizations, thus they can enjoy the on-demand high-quality cloud storage service. Meanwhile, for security reasons, those companies and organizations would like to verify the integrity of their data once storing it in the cloud. To address this issue, they need a proper cloud storage auditing scheme which matches their actual demands. Current research often focuses on the situation where the data manager owns the data; however, the data belongs to the company, rather than the data managers in the real situation which has been overlooked. For example, the current data manager is no longer suitable to manage the data stored in the cloud after a period and will be replaced by another one. The successor needs to verify the integrity of the former managed data; this problem is obviously inevitable in reality. In this paper, we fill this gap by giving a practical efficient revocable privacy-preserving public auditing scheme for cloud storage meeting the auditing requirement of large companies and organization’s data transfer. The scheme is conceptually simple and is proven to be secure even when the cloud service provider conspires with revoked users.

Lei Zhou,Anmin Fu,Yi Mu,Huaqun Wang,Shui Yu,Yinxia Sun

DOI: https://doi.org/10.1016/j.ins.2020.08.031

IF: 8.1

2021-02-01

Information Sciences

Abstract:<p>In the era of big data, there are several insuperable research challenges in establishing Electronic Medical Record (EMR) for updating massive data with traditional methods. It is an attractive option to create the cloud-based EMR system, since cloud provides elastic and affordable data storage and management services. However, once the medical records are uploaded into the cloud, the owner will lose the control over the data, and sensitive contents might be accessed or modified by unauthorized entities. To address this issue, we propose a multicopy provable data possession for cloud-based EMR systems, which ensures the integrity and privacy of EMR data. In particular, to achieve data updates, we design a novel dynamic structure that improves the Merkle Hash Tree for multicopy storage, which achieves full dynamics efficiently and safely. Moreover, a random masking technique is employed in our proposal to generate distinguishable replica blocks of one block. Our construction prevents a verifier from obtaining medical records from challenge responses, but also eliminates exposing the content to unauthorized entities. Our security analysis shows that our scheme is provably secure. Evaluation experiments demonstrate that the proposal has lower communication and computation costs in comparison with the existing schemes.</p>

computer science, information systems

Chenxu Wang,Yifan Sun,Boyang Liu,Lei Xue,Xiaohong Guan

DOI: https://doi.org/10.1109/tnse.2024.3393978

IF: 6.6

2024-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Cloud storage plays an important role in the era of big data and Web 3.0. More and more data owners (DOs) store their data on Cloud for convenience and affordability. However, security and integrity completely depend on cloud storage service providers (CSPs) after data outsourcing. Once CSPs commit dishonest actions that lead to data tampering or loss, it will cause huge losses to DOs. Therefore, DOs need to audit the integrity of their data regularly. Traditional auditing schemes rely on trusted third parties (TPAs), which are not always trustworthy. This paper utilizes Blockchain instead of a trusted third-party auditor for data integrity auditing to address the trust crisis between data owners and cloud storage providers. Existing Rank-based Merkle Hash Tree (RMHT)-based auditing approaches suffer from high communication cost, limiting its applications to Blockchain scenarios. To address these issues, we enhance the auditing algorithm through extending the Rank-based Merkle Hash Tree (RMHT) for dynamic update of stored data and using a non-leaf node sampling strategy. These modifications significantly reduce the communication overhead during auditing and update phases. Such optimizations enable the algorithm to be well-suited for the Blockchain environment because proofs are stored on the Blockchain with gas fees. We implement a prototype and perform a security analysis of the proposed system. Experimental results demonstrate the security and effectiveness of the proposed approach.

Su Peng,Fucai Zhou,Jin Li,Qiang Wang,Zifeng Xu

DOI: https://doi.org/10.1016/j.jnca.2019.02.014

IF: 7.574

2019-05-01

Journal of Network and Computer Applications

Abstract:Nowadays, cloud storage plays an increasingly important role in our daily life. However, the cloud users do not have the physical possession of their own data anymore. To confirm whether the outsourced files are maintained intact without downloading them entirely, a mechanism namely Remote Data Integrity Checking (RDIC) is invented. Currently, some RDIC schemes allow the data owners with limited computation or communication power to delegate the checking task to a third-party verifier. However, most of these schemes rely on the complicated and resource consuming public key infrastructure (PKI). In this paper, we propose a novel identity-based RDIC scheme, namely Efficient, Dynamic and Identity-based Multiple Replication Provable Data Possession (EDID-MRPDP) without the burden of PKI. We introduce a new construction of Homomorphic Verifiable Tag (HVT) and a novel data structure namely Compressed Authentication Array (CAA), which allow EDID-MRPDP to perform batch verification for multiple data owners and cloud servers simultaneously and efficiently, both from computation and communication aspects. To the best of our knowledge, EDID-MRPDP is the first ID-based RDIC scheme with full dynamic updates and multi-replica batch checking. We provide comprehensive correctness and soundness proofs of EDID-MRPDP. Meanwhile, the detailed performance analyses and simulations show that EDID-MRPDP is practical for large-scale cloud applications.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Qian Wang,Cong Wang,Kui Ren,Wenjing Lou,Jin Li

DOI: https://doi.org/10.1109/tpds.2010.183

IF: 5.3

2010-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Cloud Computing has been envisioned as the next-generation architecture of IT Enterprise. It moves the application software and databases to the centralized large data centers, where the management of the data and services may not be fully trustworthy. This unique paradigm brings about many new security challenges, which have not been well understood. This work studies the problem of ensuring the integrity of data storage in Cloud Computing. In particular, we consider the task of allowing a third party auditor (TPA), on behalf of the cloud client, to verify the integrity of the dynamic data stored in the cloud. The introduction of TPA eliminates the involvement of the client through the auditing of whether his data stored in the cloud are indeed intact, which can be important in achieving economies of scale for Cloud Computing. The support for data dynamics via the most general forms of data operation, such as block modification, insertion, and deletion, is also a significant step toward practicality, since services in Cloud Computing are not limited to archive or backup data only. While prior works on ensuring remote data integrity often lacks the support of either public auditability or dynamic data operations, this paper achieves both. We first identify the difficulties and potential security problems of direct extensions with fully dynamic data updates from prior works and then show how to construct an elegant verification scheme for the seamless integration of these two salient features in our protocol design. In particular, to achieve efficient data dynamics, we improve the existing proof of storage models by manipulating the classic Merkle Hash Tree construction for block tag authentication. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multiuser setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis show that the proposed schemes are highly efficient and provably secure.

Zheng Tu,Xu An Wang,Weidong Du,Zexi Wang,Ming Lv

DOI: https://doi.org/10.1016/j.jksuci.2023.01.021

IF: 9.006

2023-02-08

Journal of King Saud University - Computer and Information Sciences

Abstract:The security of the data in the cloud server suffers great challenges, and how to ensure the integrity of the outsourced data in the cloud servers is a problem that should be solved. Cloud data auditing technique is such a solution , which allows to check data integrity without retrieving them from the cloud. In case single-copy data may be violated by malicious attackers, Zhang et al. proposed a multi-copy cloud data auditing scheme MCAM in 2020. However, in their scheme, an attacker can forge the evidence for integrity verification only by exploiting public information and the cloud server can compromise the integrity verification even it does not store any data. In this paper, we identify these security flaws in MCAM and design a new evidence verification algorithm to fix them. Then, we propose a multi-copy cloud data auditing scheme based on our evidence verification algorithm and MCAM. In security analysis, we prove that our multi-copy cloud data auditing scheme can fix the security flaws of MCAM. Thus, our scheme is more secure than MCAM. In performance analysis, we show that our scheme is more communication efficient than MCAM. Finally, we point out one potential application of our scheme.

computer science, information systems

Kun He,Jing Chen,Quan Yuan,Shouling Ji,Debiao He,Ruiying Du

DOI: https://doi.org/10.1109/tdsc.2019.2925800

2021-01-01

Abstract:As an important security property of cloud storage, data integrity has not been sufficiently studied under the multi-writer model, where a group of users work on shared files collaboratively and any group member can update the data by modification, insertion, and deletion operations. Existing works under such multi-writer model would bring large storage cost to the third-party verifiers. Furthermore, to the best of our knowledge, none of the existing works for shared files supports fully dynamic operations, which implies that users cannot freely perform the update operations. In this paper, we propose the first public auditing scheme for shared data that supports fully dynamic operations and achieves constant storage cost for the verifiers. Our scheme, named PRAYS, is boosted by a new paradigm for remote data integrity checking. To implement the new paradigm, we proposed a specially designed authenticated structure, called blockless Merkle tree, and a novel cryptographic primitive, called permission-based signature. Extensive evaluation demonstrates that PRAYS is as efficient as the existing less-functional solutions. We believe that PRAYS is an important step towards designing practical multi-writer cloud storage systems.

Haoming Wang,Yuanhang Zhang,Xu An Wang,Xiaoyuan Yang

DOI: https://doi.org/10.1016/j.heliyon.2024.e36273

IF: 3.776

2024-08-20

Heliyon

Abstract:With the rapid development of informatization, a vast amount of data is continuously generated and accumulated, leading to the emergence of cloud storage services. However, data stored in the cloud is beyond the control of users, posing various security risks. Cloud data auditing technology enables the inspection of data integrity in the cloud without the necessity of data downloading. Among these, public auditing schemes have experienced rapid development due to their ability to avoid additional user auditing expenses. However, malicious third-party auditors can compromise data privacy. This paper proposes an improved identity-based cloud auditing scheme that can resist malicious auditors. This scheme is also constructed on an identity-based public auditing scheme using blockchain to prevent malicious auditing. We found the scheme is not secure because a malicious cloud server can forge authentication tags for outsourced data blocks, while our scheme has not these security flaws. Through security proofs and performance analysis, we further demonstrate that our scheme is secure and efficient. Additionally, our scheme has typical application scenarios.

Ying Miao,Yapeng Miao,Xuexue Miao

DOI: https://doi.org/10.1007/s10619-024-07446-4

IF: 0.974

2024-11-09

Distributed and Parallel Databases

Abstract:To improve the data security and integrity of the outsourced data, storing multiple copies of data on multiple cloud servers is a good way. Many public Provable Data Possession (PDP) schemes in multiple cloud servers have been proposed in recent years. However, in some scenarios, the Data Owner (DO) may not want anyone (e.g. a stranger) to check the integrity of their data. Nevertheless, few schemes consider the fault's location function when the data auditing fails. Another problem is that anyone can make a challenge for the Cloud Server (CS) in the PDP schemes. Some access control strategies are necessary to reduce the waste of computation power resources of the CS. To solve these problems, we propose a certificateless and designed-verifier auditing scheme in multi-cloud storage environments. In our scheme, we utilize certificateless signature combined with a delegation key to achieve designed-verifier auditing. We design a secret Merkle Hash Tree (MHT) to locate the faults of CSs and data blocks. We utilize Zero-Knowledge Proof (ZKP) to achieve access control. Theoretical and experimental evaluation show that the proposed scheme is efficient and practical.

computer science, information systems, theory & methods

Qingyang Zhang,Zhiming Zhang,Jie Cui,Hong Zhong,Yang Li,Chengjie Gu,Debiao He

DOI: https://doi.org/10.1109/tpds.2023.3323155

IF: 5.3

2023-12-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:As the disruptor of cloud storage, decentralized storage could lead to a major shift in how organizations store data in the future. To ensure data availability, users generally encrypt the data and distribute it to multiple storage service providers. It is necessary to study data integrity verification in decentralized storage. Although some recent studies have proposed the using blockchain technology to assist auditing work in decentralized storage networks, the on-chain overhead still increases linearly with an increase in audit requests. Blockchain networks will inevitably be overloaded. In this study, we propose an efficient data integrity auditing scheme for multiple copies in decentralized storage. Particularly, using different polynomial commitment schemes, we first propose a basic scheme for verifying multiple copies of a single file, and then we propose an efficient batch auditing scheme for multiple copies of multiple files. Our scheme can significantly reduce the computation overhead of storage service providers while keeping the on-chain storage overhead constant. Security analysis and performance analysis show that our scheme is efficient and practical.

computer science, theory & methods,engineering, electrical & electronic

Yilin Yuan,Fan Yang,Xiao Wang,Yimin Tian,Zichen Li

DOI: https://doi.org/10.7717/peerj-cs.1790

2024-01-17

PeerJ Computer Science

Abstract:Nowadays, more people are choosing to use cloud storage services to save space and reduce costs. To enhance the durability and persistence, users opt to store important data in the form of multiple copies on cloud servers. However, outsourcing data in the cloud means that it is not directly under the control of users, raising concerns about security and integrity. Recent research has found that most existing multicopy integrity verification schemes can correctly perform integrity verification even when multiple copies are stored on the same Cloud Service Provider (CSP), which clearly deviates from the initial intention of users wanting to store files on multiple CSPs. With these considerations in mind, this paper proposes a scheme for synchronizing the integrity verification of copies, specifically focusing on strongly privacy Internet of Things (IoT) electronic health record (EHR) data. First, the paper addresses the issues present in existing multicopy integrity verification schemes. The scheme incorporates the entity Cloud Service Manager (CSM) to assist in the model construction, and each replica file is accompanied with its corresponding homomorphic verification tag. To handle scenarios where replica files stored on multiple CSPs cannot provide audit proof on time due to objective reasons, the paper introduces a novel approach called probability audit. By incorporating a probability audit, the scheme ensures that replica files are indeed stored on different CSPs and guarantees the normal execution of the public auditing phase. The scheme utilizes identity-based encryption (IBE) for the detailed design, avoiding the additional overhead caused by dealing with complex certificate issues. The proposed scheme can withstand forgery attack, replace attack, and replay attack, demonstrating strong security. The performance analysis demonstrates the feasibility and effectiveness of the scheme.

computer science, information systems, artificial intelligence, theory & methods

Jian Zhang,Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/iwqos.2017.7969107

2017-01-01

Abstract:With the development of cloud storage, data owners no longer physically possess their data and thus how to ensure the integrity of their outsourced data becomes a challenging task. Several protocols have been proposed to audit cloud storage, all of which rely mainly on data block tags to check data integrity. However, their block tag constructions employ cryptographic operations, which makes them computationally complex. In this paper, we investigate a secure cloud storage protocol based on the classic discrete logarithm problem. Our protocol generates data block tags with only basic algebraic operations, which brings substantial computation savings compared with previous work. We also strictly prove that the proposed protocol is secure under a definition which captures the real-world uses of cloud storage. In order to fit more application scenarios, we extend the proposed protocol to support data dynamics by employing an index vector and third-party public auditing by using a random masking number, both of which are efficient and provably secure. At last, theoretical analysis and experimental evaluation are provided to validate the superiority of the proposed protocol.

Yun Xue Yan,Lei Wu,Wen Yu Xu,Hao Wang,Zhao Man Liu

DOI: https://doi.org/10.1155/2019/1354346

IF: 1.968

2019-03-06

Security and Communication Networks

Abstract:More and more users are uploading their data to the cloud without storing any copies locally. Under the premise that cloud users cannot fully trust cloud service providers, how to ensure the integrity of users’ shared data in the cloud storage environment is one of the current research hotspots. In this paper, we propose a secure and effective data sharing scheme for dynamic user groups. ( 1 ) In order to realize the user identity tracking and the addition and deletion of dynamic group users, we add a new role called Rights Distribution Center (RDC) in our scheme. ( 2 ) To protect the privacy of user identity, when performing third party audit to verify data integrity, it is not possible to determine which user is a specific user. Therefore, the fairness of the audit can be promoted. ( 3 ) Define a new integrity audit model for shared cloud data. In this scheme, the user sends the encrypted data to the cloud and the data tag to the Rights Distribution Center (RDC) by using data blindness technology. Finally, we prove the security of the scheme through provable security theory. In addition, the experimental data shows that our proposed scheme is more efficient and scalable than the state-of-the-art solution.

computer science, information systems,telecommunications

Qi Yining,Tang Xin,Huang Yongfeng

DOI: https://doi.org/10.1049/cje.2018.02.007

IF: 1.019

2019-01-01

Chinese Journal of Electronics

Abstract:Existing dynamic data possession verification schemes not only suffer from low efficiency of rebalancing its Merkle Hash tree (MHT) when executing data updating, but also lack effective mechanism to verify multi-version files. Aiming at these problems, this paper propose a new data structure called Rank-based multi-version Merkle AVL tree (RBMV-MAT) to achieve efficient batch updating verification for multi-version data. RBMV-MAT uses a special lock and relaxed balance to decrease the frequency of rebalacing operations. The experimental results show that our efficient scheme has better efficiency than those of existing methods.

Jaya Rao Gudeme,Syamkumar Pasupuleti,Ramesh Kandukuri

DOI: https://doi.org/10.1016/j.jpdc.2021.06.001

IF: 4.542

2021-10-01

Journal of Parallel and Distributed Computing

Abstract:With the increasing popularity of data sharing among users of a group in clouds, shared data auditing has become an important issue in the cloud auditing field. To address this issue, many shared data auditing schemes have been proposed in the literature based on either public key infrastructure (PKI) or identity-based cryptography (IBC). However, these schemes suffer from issues of complex certificate management or key escrow problem. To address these problems, recently, a certificateless shared auditing scheme was put forward. However, it cannot support data dynamics and does not protect data privacy against a verifier, i.e., the verifier can derive data content when verifying the data integrity, which affects the scheme's security. This paper proposes certificateless privacy preserving public auditing scheme for dynamic shared data with group user revocation in cloud storage (CLPPPA). CLPPPA protects the privacy of data from the verifier by leveraging a random masking technique. Further, CLPPPA also supports shared data dynamics and group user revocation. We formally prove the security of CLPPPA under computational Diffie-Hellman (CDH) and discrete logarithm (DL) assumptions in the Random Oracle Model (ROM). The performance of CLPPPA is evaluated by theoretical analysis, experimental results, and compared with the state-of-the-art ones. The results demonstrate that CLPPPA achieves desirable efficiency.

computer science, theory & methods

Jiguo Li,Hao Yan,Yichen Zhang

DOI: https://doi.org/10.1109/jsyst.2020.2978146

IF: 4.802

2021-03-01

IEEE Systems Journal

Abstract:Although cloud storage service enables people easily maintain and manage amounts of data with lower cost, it cannot ensure the integrity of people's data. In order to audit the correctness of the data without downloading them, many remote data integrity checking (RDIC) schemes have been presented. Most existing schemes ignore the important issue of data privacy preserving and suffer from complicated certificate management derived from public key infrastructure. To overcome these shortcomings, this article proposes a new Identity-based RDIC scheme that makes use of homomorphic verifiable tag to decrease the system complexity. The original data in proof are masked by random integer addition, which protects the verifier from obtaining any knowledge about the data during the integrity checking process. Our scheme is proved secure under the assumption of computational Diffie–Hellman problem. Experiment result exhibits that our scheme is very efficient and feasible for real-life applications.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science