Zhe Wang,Jin Zeng,Tao Lv,Bin Shi,Bo Li

DOI: https://doi.org/10.1109/CSCloud.2016.40

2016-01-01

Abstract:Recent years witness the successful adoption of Cloud computing. However, security remains the top concern for cloud users. The fundamental issue is that cloud providers cannot convince cloud users the trustworthiness of cloud platforms. In this paper, we propose a cloud auditing framework, named CloudAuditor, to examine the behaviors of cloud platforms. By leveraging nested virtualization technology, CloudAuditor could identify the stealthy memory and disk access from cloud platforms to users' virtual machines and can support the mainstream IaaS platforms such as VMware, Xen and KVM. We evaluate the effectiveness and efficiency of CloudAuditor through comprehensive experiments. The results show that CloudAuditor can identify the suspicious behaviors of cloud platforms with acceptable performance overhead.

Xin Jin,Xingshu Chen,Cheng Zhao,Dandan Zhao

DOI: https://doi.org/10.23919/tst.2017.8030536

2017-01-01

Tsinghua Science & Technology

Abstract:Trusted attestation is the main obstruction preventing large-scale promotion of cloud computing.How to extend a trusted relationship from a single physical node to an Infrastructure-as-a-Service（IaaS） platform is a problem that must be solved.The IaaS platform provides the Virtual Machine（VM）,and the Trusted VM,equipped with a virtual Trusted Platform Module（vTPM）,is the foundation of the trusted IaaS platform.We propose a multi-dimensional trusted attestation architecture that can collect and verify trusted attestation information from the computing nodes,and manage the information centrally on a cloud management platform.The architecture verifies the IaaS’s trusted attestation by apprising the VM,Hypervisor,and host Operating System’s（OS） trusted status.The theory and the technology roadmap were introduced,and the key technologies were analyzed.The key technologies include dynamic measurement of the Hypervisor at the process level,the protection of vTPM instances,the reinforcement of Hypervisor security,and the verification of the IaaS trusted attestation.A prototype was deployed to verify the feasibility of the system.The advantages of the prototype system were compared with the Open CIT（Intel Cloud attestation solution）.A performance analysis experiment was performed on computing nodes and the results show that the performance loss is within an acceptable range.

Yilun Wu,Xinye Lin,Xicheng Lu,Jinshu Su,Peixin Chen

DOI: https://doi.org/10.1587/transinf.2016EDL8079

2016-01-01

IEICE Transactions on Information and Systems

Abstract:Public auditing is a new technique to protect the integrity of outsourced data in the remote cloud. Users delegate the ability of auditing to a third party auditor (TPA), and assume that each result from the TPA is correct. However, the TPA is not always trustworthy in reality. In this paper, we consider a scenario in which the TPA may lower the reputation of the cloud server by cheating users, and propose a novel public auditing scheme to address this security issue. The analyses and the evaluation prove that our scheme is both secure and efficient.

Chunwen Li,Xu Wu,Chuanyi Liu,Xiaqing Xie

DOI: https://doi.org/10.1007/978-3-642-35795-4_25

2013-01-01

Abstract:The hosting service model of cloud computing brings trustworthinessissue of cloud providers, which is a serious obstacle for wider adoption of cloud-based services. Based on open source components of TCG (Trusted Computing Group)and IBM's IMA (Integrity Measurement Architecture), this paper designed and implementeda remote attestation architecture and protocol to verify the trustworthiness of users' virtual machineinIaaS cloud. Meanwhile, as theverification agent, Trusted Third Partyminimized cloud configuration information disclosure, ensured the privacy of cloud.The experiments demonstratedthat this architecture brought little extra cost while provided trustworthiness guarantee. © Springer-Verlag Berlin Heidelberg 2013.

LIU Chuan-yi,PAN He-zhong,LIANG Lu-lu,WANG Guo-feng,FANG Bin-xing

DOI: https://doi.org/10.11959/j.issn.2096-109x.2016.00102

2016-01-01

Abstract:A ＂big clouds audited by a small cloud＂ scheme was proposed,by introducing an independent trusted third party (TTP) dealing with run-time data collection,verification,audit and evaluation remotely,in a continuous and data-driven model,compared with traditionally certification based audit.The TTP mainly adopts data flow visualization,data monitoring and encryption to protect the rights of users.It provides the basis for users to choose a trusted cloud platform and for cloud platform to prove own trusted credentials.In-depth study,the following key technologies were broken through:1) the introduction of an independent trusted third party as an intermediate layer between cloud platform and users as well as administrators; 2) continuous,real-time remote data collection and data analysis; 3) strong non-intrusive evidence gathering.

songzhu mei,haihe ba,fang tu,jiangchun ren,zhiying wang

DOI: https://doi.org/10.1007/978-81-322-1695-7_34

2014-01-01

Abstract:Cloud computing offers an appealing business model, and it is tempting for companies to delegate their IT services, as well as data, to the cloud. But in cloud environment, lack of practical auditing party always put the users' data in danger. Users may suffer a serious data loss without any compensation for they have lost all their control on their data. We present in this paper a novel way to implement a trusted third party for auditing in cloud environment (TTP-ACE), a trusted and easy-to-use auditor for cloud environment. TTP-ACE enables the cloud service providers' accountability and protects the cloud users' benefits.

Wang Huifeng,Li Zhanhuai,Zhang Xiao,Sun Jian,Zhao Xiaonan

DOI: https://doi.org/10.7544/issn1000-1239.2017.20150900

2017-01-01

Journal of Computer Research and Development

Abstract:As an important issue of cloud storage security ,data integrity checking has attracted a lot of attention from academia and industry .In order to verify data integrity in the cloud ,the researchers have proposed many public audit schemes for data integrity .However ,most of the existing schemes are inefficient and waste much computing resource because they adopt fixed parameters for auditing all the files .In other words ,they have not considered the issue of coordinating and auditing the large-scale files .In order to improve the audit efficiency of the system ,we propose a self-adaptive provable data possession (SA-PDP) ,which uses a self-adaptive algorithm to adjust the audit tasks for different files and manage the tasks by the audit queues .By the quantitative analysis of the audit requirements of files ,it can dynamically adjust the audit plans ,which guarantees the dynamic matching between the audit requirements of files and the execution strength of audit plans .In order to enhance the flexibility of updating audit plans ,SA-PDP designs two different update algorithms of audit plans on the basis of different initiators .The active update algorithm ensures that the audit system has high coverage rate while the lazy update algorithm can make the audit system timely meet the audit requirements of files . Experimental results show that SA-PDP can reduce more than 50% of the total audit time than the traditional method .And SA-PDP effectively increases the number of audit files in the audit system . Compared with the traditional audit method ,SA-PDP can improve the standard-reaching rate of audit plans by more than 30% .

Hui Tian,Yuxiang Chen,Hong Jiang,Yongfeng Huang,Fulin Nan,Yonghong Chen

DOI: https://doi.org/10.1109/msec.2018.2875880

IF: 3.105

2019-01-01

IEEE Security & Privacy

Abstract:Cloud storage can provide on-demand outsourcing of data services for organizations and individuals. However, because customers may not fully trust that cloud service providers meet their legal expectations for data security, techniques for auditing the cloud have attracted increasing attention. Here, we present an architecture of public data auditing, review existing methods or mechanisms for various auditing objectives, and discuss trends and possible future developments.

Fei Chen,Fengming Meng,Zhipeng Li,Li Li,Tao Xiang

DOI: https://doi.org/10.1016/j.jpdc.2024.104870

IF: 4.542

2024-07-01

Journal of Parallel and Distributed Computing

Abstract:Cloud storage auditing is a technique that enables a user to remotely check the integrity of the outsourced data in the cloud storage. Although researchers have proposed various protocols for cloud storage auditing, the proposed schemes are theoretical in nature, which are not fit for existing mainstream cloud storage service practices. To bridge this gap, this paper proposes a cloud storage auditing system that works for current mainstream cloud object storage services. We design the proposed system over existing proof of data possession (PDP) schemes and make them practical as well as usable in the real world. Specifically, we propose an architecture that separates the compute and storage functionalities of a storage auditing scheme. Because cloud object storage only provides read and write interfaces, we leverage a cloud virtual machine to implement the user-defined computations that are needed in a PDP scheme. We store the authentication tags of the outsourced data as an independent object to allow existing popular cloud storage applications, e.g., file online previewing. We also present a cost model to analyze the economic cost of a cloud storage auditing scheme. The cost model allows a user to balance security, efficiency, and economic cost by tuning various system parameters. We implemented, open-sourced the proposed system over a mainstream cloud object storage service. Experimental analysis shows that the proposed system is pretty efficient and promising for a production environment usage. Specifically, for a 40 GB sized data, the proposed system only incurs 1.66% additional storage cost, 3796 bytes communication cost, 2.9 seconds maximum auditing time cost, and 0.9 CNY per auditing monetary cost.

computer science, theory & methods

Jin Li,Xiao Tan,Xiaofeng Chen,Duncan S. Wong,Fatos Xhafa

2014-01-01

Abstract:Cloud Computing moves the application software and databases to the centralized large data centers, where the management of the data and services may not be fully trustworthy. In this work, we study the problem of ensuring the integrity of data storage in Cloud Computing. To reduce the computational cost at user side during the integrity verification of their data, the notion of public verifiability has been proposed. However, the challenge is that the computational burden is too huge for the users with resource-constrained devices to compute the public authentication tags of file blocks. To tackle the challenge, we propose OPoR, a new cloud storage scheme involving a cloud storage server and a cloud audit server, where the latter is assumed to be semi-honest. In particular, we consider the task of allowing the cloud audit server, on behalf of the cloud users, to pre-process the data before uploading to the cloud storage server and later verifying the data integrity. OPoR outsources the heavy computation of the tag generation to the cloud audit server and eliminates the involvement of user in the auditing and in the preprocessing phases. Furthermore, we strengthen the Proof of Retrievabiliy (PoR) model to support dynamic data operations, as well as ensure security against reset attacks launched by the cloud storage server in the upload phase.

Fei Chen,Jianquan Cai,Tao Xiang,Xiaofeng Liao

DOI: https://doi.org/10.1007/s11432-022-3597-3

2024-01-01

Abstract:Cloud storage auditing research is dedicated to solving the data integrity problem of outsourced storage on the cloud. In recent years, researchers have proposed various cloud storage auditing schemes using different techniques. While these studies are elegant in theory, they assume an ideal cloud storage model; that is, they assume that the cloud provides the storage and compute interfaces as required by the proposed schemes. However, this does not hold for mainstream cloud storage systems because these systems only provide read and write interfaces but not the compute interface. To bridge this gap, this work proposes a serverless computing-based cloud storage auditing system for existing mainstream cloud object storage. The proposed system leverages existing cloud storage auditing schemes as a basic building block and makes two adaptations. One is that we use the read interface of cloud object storage to support block data requests in a traditional cloud storage auditing scheme. Another is that we employ the serverless computing paradigm to support block data computation as traditionally required. Leveraging the characteristics of serverless computing, the proposed system realizes economical, pay-as-you-go cloud storage auditing. The proposed system also supports mainstream cloud storage upper layer applications (e.g., file preview) by not modifying the data formats when embedding authentication tags for later auditing. We prototyped and open-sourced the proposed system to a mainstream cloud service, i.e., Tencent Cloud. Experimental results show that the proposed system is efficient and promising for practical use. For 40 GB of data, auditing takes approximately 98 s using serverless computation. The economic cost is 120.48 CNY per year, of which serverless computing only accounts for 46%. In contrast, no existing studies reported cloud storage auditing results for real-world cloud services.

Qiang Huang,Lin Ye,Xinran Liu,Xiaojiang Du

DOI: https://doi.org/10.1109/services.2013.39

2013-01-01

Abstract:Cloud computing services offer elastic computing and storage to end-users over the Internet in a pay-as-you-go way. Many businesses have started using cloud computing. A Service Level Agreement (SLA) between a cloud service provider (CSP) and a user is a contract that specifies the resources and performances that the cloud should provide. However, a CSP has the incentive to cheat on SLA, e.g., providing users with less CPU and memory resources than that specified in the SLA, which allows the CSP to support more users and make more profits. Unfortunately, there are no tools to allow users to verify the SLA. We study the important issue of verifying SLA in a semi-trusted (or untrusted) cloud. In this paper, we focus on the verification of CPU speed, which is an important metric in cloud SLA. We propose a lightweight stealthy test algorithm that can check if a CSP provides the CPU speed as specified in the SLA. Using real experiments, we show that the algorithm can detect cloud cheating on CPU speed (i.e., SLA violations) in a stealthy way.

Cong Wang,Qian Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tc.2011.245

2013-01-01

Abstract:Cloud Computing is the long dreamed vision of computing as a utility, where users can remotely store their data into the cloud so as to enjoy the on-demand high quality applications and services from a shared pool of configurable computing resources. By data outsourcing, users can be relieved from the burden of local data storage and maintenance. However, the fact that users no longer have physical possession of the possibly large size of outsourced data makes the data integrity protection in Cloud Computing a very challenging and potentially formidable task, especially for users with constrained computing resources and capabilities. Thus, enabling public auditability for cloud data storage security is of critical importance so that users can resort to an external audit party to check the integrity of outsourced data when needed. To securely introduce an effective third party auditor (TPA), the following two fundamental requirements have to be met: 1) TPA should be able to efficiently audit the cloud data storage without demanding the local copy of data, and introduce no additional on-line burden to the cloud user; 2) The third party auditing process should bring in no new vulnerabilities towards user data privacy. In this paper, we utilize and uniquely combine the public key based homomorphic authenticator with random masking to achieve the privacy-preserving public cloud data auditing system, which meets all above requirements. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multi-user setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis shows the proposed schemes are provably secure and highly efficient.

Faen Zhang,Xinyu Fan,Pengcheng Zhou,Wenfeng Zhou

DOI: https://doi.org/10.48550/arXiv.1912.02089

2019-12-01

Cryptography and Security

Abstract:Data security and privacy is an important but challenging problem in cloud computing. One of the security concerns from cloud users is how to efficiently verify the integrity of their data stored on the cloud server. Third Party Auditing (TPA) is a new technique proposed in recent years to achieve this goal. In a recent paper (IEEE Transactions on Computers 62(2): 362-375 (2013)), Wang et al. proposed a highly efficient and scalable TPA protocol and also a Zero Knowledge Public Auditing protocol which can prevent offline guessing attacks. However, in this paper, we point out several security weaknesses in Wang et al's protocols: first, we show that an attacker can arbitrarily modify the cloud data without being detected by the auditor in the integrity checking process, and the attacker can achieve this goal even without knowing the content of the cloud data or any verification metadata maintained by the cloud server; secondly, we show that the Zero Knowledge Public Auditing protocol cannot achieve its design goal, that is to prevent offline guessing attacks.

Xu Wu,Xiaqing Xie,Chuanyi Liu,Chunwen Li

DOI: https://doi.org/10.1007/978-3-642-35795-4_28

2013-01-01

Abstract:By improving resource utilization, cloud computing can greatly save costs and get users considerable profit. However, security issues have emerged as one of the most significant barrier to faster and more widespread adoption of cloud computing. Therefore, this paper focused on the trustworthiness of infrastructure as a service (IaaS) and designed a role-based authentication trustworthiness mechanism to ensure that the different roles in IaaS architecture are trusted. What's more, this paper also considered the interactions between different roles in cloud environment and designed relevant validation protocols. At last, we also designed some benchmarks to evaluate the performance overhead of this mechanism and the results showed the costs can be very little to be neglected. © Springer-Verlag Berlin Heidelberg 2013.

Meng Liu,Xuan Wang,Chi Yang,Zoe Lin Jiang,Ye Li

DOI: https://doi.org/10.1177/1550147716686579

IF: 1.938

2017-01-01

International Journal of Distributed Sensor Networks

Abstract:Nowadays, an increasing number of cloud users including both individuals and enterprises store their Internet of things data in cloud for benefits like cost saving. However, the cloud storage service is often regarded to be untrusted due to their loss of direct control over the data. Hence, it is necessary to verify the integrity of their data on cloud storage servers via a third party. In real cloud systems, it is very important to improve the performance of the auditing protocol. Hence, the well-designed and cost-effective auditing protocol is expected to meet with the performance requirement while the data size is very large in real cloud systems. In this article, we also propose an auditing protocol based on pairing-based cryptography, which can reduce the computation cost compared to the state-of-the-art third-party auditing protocol. Moreover, we also study how to determine the number of sectors to achieve the optimal performance of our auditing protocol in a case of the same challenged data. And an equation for computing the optimal number of sectors is proposed to further improve the performance of our auditing protocol. Both the mathematical analysis method and experiment results show that our solution is more efficient.

Cong Wang,Kui Ren,Wenjing Lou,Jin Li

DOI: https://doi.org/10.1109/mnet.2010.5510914

IF: 10.294

2010-01-01

IEEE Network

Abstract:Cloud computing is the long dreamed vision of computing as a utility, where data owners can remotely store their data in the cloud to enjoy on-demand high-quality applications and services from a shared pool of configurable computing resources. While data outsourcing relieves the owners of the burden of local data storage and maintenance, it also eliminates their physical control of storage dependability and security, which traditionally has been expected by both enterprises and individuals with high service-level requirements. In order to facilitate rapid deployment of cloud data storage service and regain security assurances with outsourced data dependability, efficient methods that enable on-demand data correctness verification on behalf of cloud data owners have to be designed. In this article we propose that publicly auditable cloud data storage is able to help this nascent cloud economy become fully established. With public auditability, a trusted entity with expertise and capabilities data owners do not possess can be delegated as an external audit party to assess the risk of outsourced data when needed. Such an auditing service not only helps save data owners' computation resources but also provides a transparent yet cost-effective method for data owners to gain trust in the cloud. We describe approaches and system requirements that should be brought into consideration, and outline challenges that need to be resolved for such a publicly auditable secure cloud storage service to become a reality.

Tao Xiang,Xiaoguo Li,Fei Chen,Yuanyuan Yang,Shengyu Zhang

DOI: https://doi.org/10.1016/j.jpdc.2017.10.004

IF: 4.542

2018-01-01

Journal of Parallel and Distributed Computing

Abstract:With the help of cloud computing, users can outsource their data to a cloud service provider (CSP) and enjoy the high-quality on-demand services from the cloud. On the other hand, once owners no longer have physical possession of the outsourced data, the protection of data integrity in cloud computing becomes a critical and challenging task. In this paper, we propose a novel and verifiable auditing scheme for outsourced database without a third party auditor (TPA). It can simultaneously authenticate the correctness and completeness of query results, preventing the dishonest CSP from returning fake or incomplete results to the users. Our scheme also supports partial attribute retrieval and flexible data dynamics. The security proof and the performance analysis show that our proposed scheme is secure and efficient for practical deployment.

Hongli Zhang,Lin Ye,Jiantao Shi,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.1002/sec.740

IF: 1.968

2013-01-01

Security and Communication Networks

Abstract:ABSTRACTIn this paper, we study the important issue of verifying service‐level agreement (SLA) with an untrusted cloud and present an SLA verification framework that utilizes a third‐party auditor (TPA). A cloud provides users with elastic computing and storage resources in a pay‐as‐you‐go way. An SLA between the cloud and a user is a contract that specifies the computing resources and performances that the cloud should provide to the user. A cloud service provider (CSP) has incentives to cheat on the SLA, for example, providing a user with less central processing unit and memory resources than specified in the SLA, which allows the CSP to support more users and make more profits. A malicious CSP can easily disrupt the existing SLA monitoring/verification techniques by interfering with the monitoring/measurement process. A TPA resolves the trust dilemma between a CSP and its users. Under the TPA framework and the untrusted‐cloud threat model, we design two effective testing algorithms that can detect an SLA violation of the virtual machine memory size. Using real experiments, we demonstrate that our algorithms can detect cloud cheating on a virtual machine's memory size (i.e., SLA violations). Furthermore, we show that our testing algorithms can defend various attacks from a malicious CSP, which tries to hide an SLA violation. Copyright © 2013 John Wiley & Sons, Ltd.

Jian Chen,WenRong Jiang,Jihong Yan

DOI: https://doi.org/10.1109/itcs.2010.149

2010-01-01

Abstract:Cloud computing is a rapid developing technology which spreads the computer power in to different computers locates different physical position. This outcome can lead to the enormous performance of dealing with large computing requirements, includes nuclear simulation, image processing or data analyzing. But, since cloud computing largely depend on the network performance, it is possible to consider the security issues in several areas. This paper addresses the potential threats and provides the areas which need to be carefully audited.