Anh Le,Athina Markopoulou

DOI: https://doi.org/10.1109/netcod.2012.6261901

2012-06-01

Abstract:Network coding-based storage has recently received a lot of attention in the network coding community. Independently, another body of work has proposed integrity checking schemes for cloud storage, none of which, however, is customized for network coding storage or can efficiently support repair. In this work, we bridge the gap between these currently disconnected bodies of work, and we focus on the (novel) advantage of network coding for integrity checking. We propose NC-Audit - a remote data integrity checking scheme, designed specifically for network coding-based storage cloud. NC-Audit provides a unique combination of desired properties: (i) efficient checking of data integrity (ii) efficient support for repairing failed nodes (iii) full support for modification of outsourced data and (iv) protection against information leakage when checking is performed by a third party. The key ingredient of the design of NC-Audit is a novel combination of SpaceMac, a homomorphic MAC scheme for network coding, and NCrypt, a novel CPA-secure encryption scheme that is compatible with SpaceMac. Our evaluation of a Java implementation of NC-Audit shows that an audit costs the storage node and the auditor only a few milliseconds of computation time, and lower bandwidth than prior work.

Guangjun Liu,Wangmei Guo,Ximeng Liu,Jinbo Xiong

DOI: https://doi.org/10.1155/2021/6652606

IF: 1.968

2021-04-21

Security and Communication Networks

Abstract:Enabling remote data integrity checking with failure recovery becomes exceedingly critical in distributed cloud systems. With the properties of a lower repair bandwidth while preserving fault tolerance, regenerating coding and network coding (NC) have received much attention in the coding-based storage field. Recently, an outstanding outsourced auditing scheme named NC-Audit was proposed for regenerating-coding-based distributed storage. The scheme claimed that it can effectively achieve lightweight privacy-preserving data verification remotely for these networked distributed systems. However, our algebraic analysis shows that NC-Audit can be easily broken due to a potential defect existing in its schematic design. That is, an adversarial cloud server can forge some illegal blocks to cheat the auditor with a high probability when the coding field is large. From the perspective of algebraic security, we propose a remote data integrity checking scheme RNC-Audit by resorting to hiding partial critical information to the server without compromising system performance. Our evaluation shows that the proposed scheme has significantly lower overhead compared to the state-of-the-art schemes for distributed remote data auditing.

computer science, information systems,telecommunications

Fei Chen,Fengming Meng,Tao Xiang,Hua Dai,Jianqiang Li,Jing Qin

DOI: https://doi.org/10.1109/tpds.2020.2998462

IF: 5.3

2020-11-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Cloud storage security has gained considerable research efforts with the wide adoption of cloud computing. As a security mechanism, researchers have been investigating cloud storage auditing schemes that enable a user to verify whether the cloud keeps the user's outsourced data undamaged. However, existing schemes have usability issues in compatibility with existing real world cloud storage applications, error-tolerance, and efficiency. To mitigate this usability gap, this article proposes a new general cloud storage auditing scheme that is more usable. The proposed scheme uses the idea of integrating linear error correcting codes and linear homomorphic authentication schemes together. This integration uses only one additional block to achieve error tolerance and authentication simultaneously. To demonstrate the power of the general construction, we also propose one detailed scheme based on the proposed general construction using the Reed Solomon code and the universal hash based MAC authentication scheme, both of which are implemented over the computation-efficient Galois field $mathrm {GF}{(2^8)}$<math> GF (28)</math>. We also show that the proposed scheme is secure under the standard definition. Moreover, we implemented and open-sourced the proposed scheme. Experimental results show that the proposed scheme is orders of magnitude more efficient than the state-of-the-art scheme.

computer science, theory & methods,engineering, electrical & electronic

K. Mahalakshmi,K. Kousalya,Himanshu Shekhar,Aby K. Thomas,L. Bhagyalakshmi,Sanjay Kumar Suman,S. Chandragandhi,Prashant Bachanna,K. Srihari,Venkatesa Prabhu Sundramurthy

DOI: https://doi.org/10.1155/2021/8533995

2021-12-22

Scientific Programming

Abstract:Cloud storage provides a potential solution replacing physical disk drives in terms of prominent outsourcing services. A threaten from an untrusted server affects the security and integrity of the data. However, the major problem between the data integrity and cost of communication and computation is directly proportional to each other. It is hence necessary to develop a model that provides the trade-off between the data integrity and cost metrics in cloud environment. In this paper, we develop an integrity verification mechanism that enables the utilisation of cryptographic solution with algebraic signature. The model utilises elliptic curve digital signature algorithm (ECDSA) to verify the data outsources. The study further resists the malicious attacks including forgery attacks, replacing attacks and replay attacks. The symmetric encryption guarantees the privacy of the data. The simulation is conducted to test the efficacy of the algorithm in maintaining the data integrity with reduced cost. The performance of the entire model is tested against the existing methods in terms of their communication cost, computation cost, and overhead cost. The results of simulation show that the proposed method obtains reduced computational of 0.25% and communication cost of 0.21% than other public auditing schemes.

computer science, software engineering

Cong Wang,Qian Wang,Kui Ren,Ning Cao,Wenjing Lou

DOI: https://doi.org/10.1109/tsc.2011.24

IF: 11.019

2011-01-01

IEEE Transactions on Services Computing

Abstract:Cloud storage enables users to remotely store their data and enjoy the on-demand high quality cloud applications without the burden of local hardware and software management. Though the benefits are clear, such a service is also relinquishing users' physical possession of their outsourced data, which inevitably poses new security risks toward the correctness of the data in cloud. In order to address this new problem and further achieve a secure and dependable cloud storage service, we propose in this paper a flexible distributed storage integrity auditing mechanism, utilizing the homomorphic token and distributed erasure-coded data. The proposed design allows users to audit the cloud storage with very lightweight communication and computation cost. The auditing result not only ensures strong cloud storage correctness guarantee, but also simultaneously achieves fast data error localization, i.e., the identification of misbehaving server. Considering the cloud data are dynamic in nature, the proposed design further supports secure and efficient dynamic operations on outsourced data, including block modification, deletion, and append. Analysis shows the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks.

Hong Lei,Zijian Bao,Qinghao Wang,Yongxin Zhang,Wenbo Shi

DOI: https://doi.org/10.1007/978-981-15-9213-3_21

2020-01-01

Abstract:With the continuous growth of data resources, outsourcing data storage to cloud service providers is becoming the norm. Unfortunately, once data are stored on the cloud platform, they will be out of data owners’ control. Thus, it is critical to guarantee the integrity of the remote data. To solve this problem, researchers have proposed many data auditing schemes, which often employ a trusted role named Third Party Auditor (TPA) to verify the integrity. However, the TPA may not be reliable as expected. For example, it may collude with cloud service providers to hide the fact of data corruption for benefits. Blockchain has the characteristics of decentralization, non-tampering, and traceability, which provides a solution to trace the malicious behaviors of the TPA. Moreover, Intel SGX, as the popular trusted computing technology, can be used to protect the correctness of the auditing operations with a slight performance cost, which excellently serves as the of the blockchain-based solution. In this paper, we propose a secure auditing scheme based on the blockchain and Intel SGX technology, termed SDABS. The scheme follows the properties of storage correctness, data-preserving, accountability, and anti-collusion. The experiment results show that our scheme is efficient.

Ankit Singh Rawat,O. Ozan Koyluoglu,Natalia Silberstein,Sriram Vishwanath

DOI: https://doi.org/10.1109/TIT.2013.2288784

2013-08-06

Abstract:This paper aims to go beyond resilience into the study of security and local-repairability for distributed storage systems (DSS). Security and local-repairability are both important as features of an efficient storage system, and this paper aims to understand the trade-offs between resilience, security, and local-repairability in these systems. In particular, this paper first investigates security in the presence of colluding eavesdroppers, where eavesdroppers are assumed to work together in decoding stored information. Second, the paper focuses on coding schemes that enable optimal local repairs. It further brings these two concepts together, to develop locally repairable coding schemes for DSS that are secure against eavesdroppers. The main results of this paper include: a. An improved bound on the secrecy capacity for minimum storage regenerating codes, b. secure coding schemes that achieve the bound for some special cases, c. a new bound on minimum distance for locally repairable codes, d. code construction for locally repairable codes that attain the minimum distance bound, and e. repair-bandwidth-efficient locally repairable codes with and without security constraints.

Information Theory

Gang Liu,Yanxiang Lou,Shengli Liu

DOI: https://doi.org/10.4028/www.scientific.net/AMR.548.753

2012-01-01

Advanced Materials Research

Abstract:When clients store large files on a remote network of unreliable distributed servers, they want to verify that their files are properly stored in the servers without any modification. This can be achieved by the techniques of data integrity. In this paper, we consider how to implement data integrity check by a third party auditor (TPA) in a distributed storage network, with the help of BLS signature. We also consider how the distributed storage network restores data when some server fails or some server crushes down. We present a data integrity check and repair (DICR) scheme, which makes use of a random (n, k) linear code for data restoration and BLS signature to implement data integrity check. Our scheme is robust in the way that the storage network can reconstruct the data when a limited number of servers fail. In the mean time, public auditing on the storage network liberates clients from computational overhead. © (2012) Trans Tech Publications, Switzerland.

Qingyang Zhang,Zhiming Zhang,Jie Cui,Hong Zhong,Yang Li,Chengjie Gu,Debiao He

DOI: https://doi.org/10.1109/tpds.2023.3323155

IF: 5.3

2023-12-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:As the disruptor of cloud storage, decentralized storage could lead to a major shift in how organizations store data in the future. To ensure data availability, users generally encrypt the data and distribute it to multiple storage service providers. It is necessary to study data integrity verification in decentralized storage. Although some recent studies have proposed the using blockchain technology to assist auditing work in decentralized storage networks, the on-chain overhead still increases linearly with an increase in audit requests. Blockchain networks will inevitably be overloaded. In this study, we propose an efficient data integrity auditing scheme for multiple copies in decentralized storage. Particularly, using different polynomial commitment schemes, we first propose a basic scheme for verifying multiple copies of a single file, and then we propose an efficient batch auditing scheme for multiple copies of multiple files. Our scheme can significantly reduce the computation overhead of storage service providers while keeping the on-chain storage overhead constant. Security analysis and performance analysis show that our scheme is efficient and practical.

computer science, theory & methods,engineering, electrical & electronic

Xinpeng Zhang,Chunxiang Xu,Xiaojun Zhang

DOI: https://doi.org/10.1155/2015/593759

IF: 1.938

2015-01-01

International Journal of Distributed Sensor Networks

Abstract:With the rapid growth of the distributed sensor networks, the distributed sensor network data security problems begin to attract the attention of people. The previous research of distributed sensor network security has focused on secure information in communication; however the research of secure data storage has been overlooked. As we know, cloud data storage and retrieval have become popular for efficient data management in distributed sensor networks; thus they can enjoy the on-demand high-quality cloud storage service. Meanwhile, it also introduces new security challenges. To tackle with these security challenges, many classic auditing schemes of cloud storage have been proposed. However, these schemes all need very expensive pairing computation, which is not suitable for sensor networks. In this paper, we propose an efficient pairing-free auditing scheme for data storage of distributed sensor networks. We exploit homomorphic message authentication codes (MACs) to reduce the space used to store the verification information. We also employ the random masking technique to make sure the TPA cannot recover the primitive data blocks of the sensor networks data manager. Experimental results show that our auditing scheme is more light-weight than previous auditing schemes and more practical in applied distributed sensor networks environments.

S. M. Udhaya Sankar,D. Selvaraj,G.K. Monica,Jeevaa Katiravan

DOI: https://doi.org/10.14445/22315381/IJETT-V71I3P204

2023-04-24

Abstract:With the help of a shared pool of reconfigurable computing resources, clients of the cloud-based model can keep sensitive data remotely and access the apps and services it offers on-demand without having to worry about maintaining and storing it locally. To protect the privacy of the public auditing system that supports the cloud data exchange system. The data's owner has the ability to change it using the private key and publishes it in the cloud. The RSA Technique is used to produce key codes for the cloud services atmosphere's privacy utilizing the system's baseboard number, disc number, and client passcode for validation. The method is based on a cutting-edge User End Generated (UEG) privacy technique that minimizes the involvement of a third party and improves security checks by automatically documenting destructive activities. To strengthen extensibility, various authorization-assigning modalities and block access patterns were established together with current operational design approaches. In order to meet the demands for decentralization, fine-grained auditability, extensibility, flexibility, and privacy protection for multilevel data access in networked environments, the suggested approach makes use of blockchain technology. According to a thorough performance and security assessment, the current proposal is exceptionally safe and effective.

Cryptography and Security

Yuefeng Du,Huayi Duan,Anxin Zhou,Cong Wang,Man Ho Au,Qian Wang

DOI: https://doi.org/10.48550/arXiv.2005.05531

2020-08-07

Abstract:How to audit outsourced data in centralized storage like cloud is well-studied, but it is largely under-explored for the rising decentralized storage network (DSN) that bodes well for a billion-dollar market. To realize DSN as a usable service in a truly decentralized manner, the blockchain comes in handy -- to record and verify audit trails in forms of proof of storage, and based on that, to handle fair payments with necessary dispute resolution. Leaving the audit trails on the blockchain offers transparency and fairness, yet it 1) sacrifices privacy, as they may leak information about the data under audit, and 2) overwhelms on-chain resources, as they may be practically large in size and expensive to verify. Prior auditing designs in centralized settings are not directly applicable here. A handful of proposals targeting DSN cannot satisfactorily address these issues either. We present an auditing solution that addresses on-chain privacy and efficiency, from a synergy of homomorphic linear authenticators with polynomial commitments for succinct proofs, and the sigma protocol for provable privacy. The solution results in, per audit, 288-byte proof written to the blockchain, and constant verification cost. It can sustain long-term operation and easily scale to thousands of users on Ethereum.

Cryptography and Security

Yang Xu,Ju Ren,Yan Zhang,Cheng Zhang,Bo Shen,Yaoxue Zhang

DOI: https://doi.org/10.1109/tsc.2019.2953033

IF: 11.019

2019-01-01

IEEE Transactions on Services Computing

Abstract:The maturity of network storage technology drives users to outsource local data to remote servers. Since these servers are not reliable enough for keeping users' data, remote data auditing mechanisms are studied for mitigating the threat to data integrity. However, many traditional schemes achieve verifiable data integrity for users only without resolutions to data possession disputes, while others depend on centralized third-party auditors (TPAs) for credible arbitrations. Recently, the emergence of blockchain technology promotes inspiring countermeasures. In this article, we propose a decentralized arbitrable remote data auditing scheme for network storage service based on blockchain techniques. We use a smart contract to notarize integrity metadata of outsourced data recognized by users and servers on the blockchain, and also utilize the blockchain network as the self-recording channel for achieving non-repudiation verification interactions. We also propose a fairly arbitrable data auditing protocol with the support of the commutative hash technique, defending against dishonest provers and verifiers. Additionally, a decentralized adjudication mechanism is implemented by using the smart contract technique for creditably resolving data possession disputes without TPAs. The theoretical analysis and experimental evaluation reveal its effectiveness in undisputable data auditing and the limited requirement of costs.

Xiang Liu,Jie Huang,Guowen Zong

DOI: https://doi.org/10.1109/trustcom/bigdatase.2018.00104

2018-08-01

Abstract:This paper investigates the intrinsic relationship between secure network coding and secure cloud storage. We propose a novel homomorphic signature scheme and then illustrate a method to construct the network coding based secure cloud storage (NCSCS) protocol, wherein the security of the homomorphic signature scheme is the foundation of the NCSCS protocol. By employing network coding and homomorphic signature technique, the proposed NCSCS system can serve as both cloud service provider and router of a communication network at the same time, where the public auditing of the outsourced data is enabled. Finally, we perform the simulation of the proposed protocol and evaluate its performance. The security and efficiency can be validated from the simulation results.

Jian Zhang,Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/iwqos.2017.7969107

2017-01-01

Abstract:With the development of cloud storage, data owners no longer physically possess their data and thus how to ensure the integrity of their outsourced data becomes a challenging task. Several protocols have been proposed to audit cloud storage, all of which rely mainly on data block tags to check data integrity. However, their block tag constructions employ cryptographic operations, which makes them computationally complex. In this paper, we investigate a secure cloud storage protocol based on the classic discrete logarithm problem. Our protocol generates data block tags with only basic algebraic operations, which brings substantial computation savings compared with previous work. We also strictly prove that the proposed protocol is secure under a definition which captures the real-world uses of cloud storage. In order to fit more application scenarios, we extend the proposed protocol to support data dynamics by employing an index vector and third-party public auditing by using a random masking number, both of which are efficient and provably secure. At last, theoretical analysis and experimental evaluation are provided to validate the superiority of the proposed protocol.

Hemalata A. Gosavi,Manish R. Umale

DOI: https://doi.org/10.14445/22315381/IJETT-V11P235

2014-05-24

Abstract:Cloud computing has been envisioned as the next generation architecture of IT Enterprise. Using Cloud Storage,users can remotely store their data and enjoy the on demand high quality applications and services from a shared pool of configurable computing resources, without the burden local copy data storage and maintenance. It moves the application of software data stored to the centralized large data centers, where the management of the data stored services may not be completely trusted. There are many new security challenges and the problems taken into account for ensuring the integrity of data storage in Cloud Computing. In particular, we consider the task of allowing a third party auditor (TPA) to perform verifies the integrity of the dynamic data stored in the cloud.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Yong Yu,Liang Xue,Man Ho Au,Willy Susilo,Jianbing Ni,Yafang Zhang,Athanasios V. Vasilakos,Jian Shen

DOI: https://doi.org/10.1016/j.future.2016.02.003

IF: 7.307

2016-01-01

Future Generation Computer Systems

Abstract:Cloud data auditing is extremely essential for securing cloud storage since it enables cloud users to verify the integrity of their outsourced data efficiently. The computation overheads on both the cloud server and the verifier can be significantly reduced by making use of data auditing because there is no necessity to retrieve the entire file but rather just use a spot checking technique. A number of cloud data auditing schemes have been proposed recently, but a majority of the proposals are based on Public Key Infrastructure (PKI). There are some drawbacks in these protocols: (1) It is mandatory to verify the validity of public key certificates before using any public key, which makes the verifier incur expensive computation cost. (2) Complex certificate management makes the whole protocol inefficient. To address the key management issues in cloud data auditing, in this paper, we propose ID-CDIC, an identity-based cloud data integrity checking protocol which can eliminate the complex certificate management in traditional cloud data integrity checking protocols. The proposed concrete construction from RSA signature can support variable-sized file blocks and public auditing. In addition, we provide a formal security model for ID-CDIC and prove the security of our construction under the RSA assumption with large public exponents in the random oracle model. We demonstrate the performance of our proposal by developing a prototype of the protocol. Implementation results show that the proposed ID-CDIC protocol is very practical and adoptable in real life.

Yongliang Xu,Chunhua Jin,Wenyu Qin,Jie Zhao,Guanhua Chen,Fugeng Zeng

DOI: https://doi.org/10.1016/j.sysarc.2023.103053

IF: 5.836

2023-12-17

Journal of Systems Architecture

Abstract:Public auditing enables data owners to entrust a third-party auditor (TPA) to perform auditing tasks periodically. To resist malicious TPAs, a plethora of blockchain-based public auditing mechanisms have been proposed. However, existing schemes cannot effectively mitigate single point of failure and collusion between TPAs and miners. These schemes are burdened by significant wastage of storage resources due to the presence of redundant data. In this paper, we propose a blockchain-based decentralized auditing scheme supporting ciphertext deduplication (BDACD). BDACD leverages a decentralized blockchain, which takes over the role traditionally played by a centralized TPA. A decentralized autonomous organization is incorporated to enhance resistance against collusion attacks. By integrating advanced ciphertext deduplication techniques, BDACD effectively mitigates storage overhead. Furthermore, we introduce a novel concept, T-Merkle hash tree, along with a corresponding search algorithm. This innovation significantly enhances blockchain storage utilization and enables efficient half-interval searches within a block. To ensure accountability and fairness, a smart contract is employed to establish an arbitration mechanism. This mechanism serves a dual purpose: penalizing any malevolent actions by cloud servers and providing adequate compensation to data owners whose data integrity has been compromised. Detailed security analysis and performance evaluation demonstrate BDACD has desirable security and efficiency.

computer science, software engineering, hardware & architecture

Ke Gu,Wenbin Zhang,Xingqiang Wang,Xiong Li,Weijia Jia

DOI: https://doi.org/10.1109/TNSM.2023.3267235

2023-01-01

IEEE Transactions on Network and Service Management

Abstract:Compared with cloud computing-based data storage, distributed data storage in fog computing is more vulnerable to malicious attacks. So, it is very necessary to provide a secure distributed auditing mechanism with protecting the identity privacy of data owners and controlling the identities of auditors under fog computing-based data storage. In this paper, we propose a dual attribute-based auditing scheme for fog computing-based data dynamic storage. Our auditing scheme can protect the identity privacy of data owners, and provide an attribute-based access control for corresponding audits with a distributed collaborative verification between related fog servers. In our scheme, a data owner can securely upload his divided and blinded file blocks with corresponding block authenticators (related with his attribute set) to related fog servers. To prevent malicious auditors from consuming system resources by abusing audit requests, the data owner can provide an attribute-based access control for corresponding audits, where the data owner specifies the attribute set of corresponding auditors who have the right to check the integrity of related data. Further, a distributed collaborative verification mechanism between related fog servers is constructed to reduce the disadvantages of centralized verification, where the Shamir's secret-sharing method is used to decompose the picked blinding factor as the shared sub-secrets sent to each fog server respectively. Compared with cloud computing-based data storage, our collaborative verification mechanism can implement distributed auditing consent of stored data between multiple fog servers. Our auditing scheme can further audit out specific suspicious fog servers. Additionally, we provide a dynamic data operation mechanism to efficiently support the updating of users' data under fog computing-based data storage. Furthermore, related theoretical analysis and experimental evaluation show our scheme is secure and efficient.

Binanda Sengupta,Sushmita Ruj

DOI: https://doi.org/10.1145/2897845.2897915

2016-05-30

Abstract:Cloud service providers offer storage outsourcing facility to their clients. In a secure cloud storage (SCS) protocol, the integrity of the client&#x27;s data is maintained. In this work, we construct a publicly verifiable secure cloud storage protocol based on a secure network coding (SNC) protocol where the client can update the outsourced data as needed. To the best of our knowledge, our scheme is the first SNC-based SCS protocol for dynamic data that is secure in the standard model and provides privacy-preserving audits in a publicly verifiable setting. Furthermore, we discuss, in details, about the (im)possibility of providing a general construction of an efficient SCS protocol for dynamic data (DSCS protocol) from an arbitrary SNC protocol. In addition, we modify an existing DSCS scheme (DPDP I) in order to support privacy-preserving audits. We also compare our DSCS protocol with other SCS schemes (including the modified DPDP I scheme). Finally, we figure out some limitations of an SCS scheme constructed using an SNC protocol.