Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/tnet.2021.3058130

2021-01-01

Abstract:With the widespread application of cloud storage, ensuring the integrity of user outsourced data catches more and more attention. To remotely check the integrity of cloud storage, plenty of protocols have been proposed, implemented by checking the equation constructed by the aggregated blocks, tags, and indices. However, the verifier only has the knowledge of the indices of the audited blocks and tags, which thus requires the cloud to store both data blocks and tags for integrity verification. In this article, we present a compressive secure cloud storage protocol inspired by Goldreich-Goldwasser-Halevi (GGH) cryptosystem. Since the aggregated blocks can be reconstructed from the aggregated tags without the help of data indices, the cloud can only store data tags for providing the verifiable integrity proof. In this way, communication and storage costs can be hugely reduced and user private information can be hidden from the cloud. Furthermore, the proposed protocol only contains a few basic algebraic operations, making it highly efficient. We also provide formal security proof of the proposed protocol regarding forge, replay and replace attacks. In addition, we explore a new technique to support data dynamics. Furthermore, we establish a generic framework of compressive secure cloud storage protocols. Finally, we provide the theoretical analysis and experimental results, which further validate the effectiveness of the proposed protocol.

Jian Zhang,Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/iwqos.2017.7969107

2017-01-01

Abstract:With the development of cloud storage, data owners no longer physically possess their data and thus how to ensure the integrity of their outsourced data becomes a challenging task. Several protocols have been proposed to audit cloud storage, all of which rely mainly on data block tags to check data integrity. However, their block tag constructions employ cryptographic operations, which makes them computationally complex. In this paper, we investigate a secure cloud storage protocol based on the classic discrete logarithm problem. Our protocol generates data block tags with only basic algebraic operations, which brings substantial computation savings compared with previous work. We also strictly prove that the proposed protocol is secure under a definition which captures the real-world uses of cloud storage. In order to fit more application scenarios, we extend the proposed protocol to support data dynamics by employing an index vector and third-party public auditing by using a random masking number, both of which are efficient and provably secure. At last, theoretical analysis and experimental evaluation are provided to validate the superiority of the proposed protocol.

Bin Feng,Xinzhu Ma,Cheng Guo,Hui Shi,Zhangjie Fu,Tie Qiu

DOI: https://doi.org/10.1109/access.2016.2621005

IF: 3.9

2016-01-01

IEEE Access

Abstract:In cloud computing, data owners host their data on cloud servers, and users (data consumers) can access the data from the cloud servers. This new paradigm of data hosting service also introduces new security challenges that require an independent auditing service to check the integrity of the data in the cloud. Some existing methods for checking the integrity of the data cannot handle this problem efficiently and they cannot deal with the error condition. Thus, a secure and efficient dynamic auditing protocol should reject requests that are made with improper authentication. In addition, an excellent remote data authentication method should be able to collect information for statistical analysis, such as validation results. In this paper, first we design an auditing framework for cloud storage systems and propose an efficient and privacy-preserving auditing protocol. Then, we extend our auditing protocol to support dynamic data operations, which is efficient and has been proven to be secure in the random oracle model. We extended our auditing protocol further to support bidirectional authentication and statistical analysis. In addition, we use a better load distribution strategy, which greatly reduces the computational overhead of the client. Last, we provide an error response scheme, and our experiments show that our solution has good error-handling ability and offers lower overhead expenses for computation and communication than other approaches.

Hongyu Liu,Leiting Chen,Zahra Davar,Mohammad Ramezanian Pour

2015-01-01

JUCS - Journal of Universal Computer Science

Abstract:Cloud storage has a long string of merits but at the same time, poses many challenges on data integrity and privacy. A cloud data auditing protocol, which enables a cloud server to prove the integrity of stored files to a verifier, is a powerful tool for secure cloud storage. Wang et al. proposed a privacy-preserving public auditing protocol, however, Worku et al. found the protocol is seriously insecure and proposed an improvement to remedy the weakness. In this paper, unfortunately, we demonstrate that the new protocol due to Worku et al. fails to achieve soundness and obtains merely limited privacy. Specifically, we show even deleting all the files of a data owner, a malicious cloud server is able to generate a response to a challenge without being caught by TPA in their enhanced but unrealistic security model. Worse still, the protocol is insecure even in a correct security model. For privacy, a dishonest verifier can tell which file is stored on the cloud. Solutions to efficient public auditing mechanisms with perfect privacy protection are still worth exploring.

Zhi-guang QIN,Shi-kun WU,hu XIONG

DOI: https://doi.org/10.3969/j.issn.1671-1122.2014.07.001

2014-01-01

Abstract:Cloud storage is an important service provided by cloud computing, which allows data owners to move data from their local computing systems to the cloud. At the same time, owners also can access the data from the cloud server conveniently and efficiently, without the data burden of local storage and maintenance. However, this new paradigm of data hosting service also introduces new security challenges. An important problem is that how to ensure the remote data integrity in the cloud storage. So, owners and cloud servers require an independent, stable and secure auditing service to check the data integrity in the cloud. In the same time, a good auditing scheme is also required to meet the following requirements: it should support the data dynamic operation including insert, delete and modify; it should support batch auditing of multi-user and multi-server in the cloud; it also should ensure the privacy of owner's data and pay attention on efficiency about reducing the computational cost and the communication cost between data owners and cloud server. In order to promoting the storage service widely used and popularized, the focus of this paper is to review the research on cloud data integrity audit protocols, describe the related concepts and features of data integrity verification, and propose the audit model and security requirements of data integrity verification and state the present research on data integrity audit protocolsin the cloud storage. By the schemes comparison, each protocol's advantages and disadvantages are pointed out. Then this paper introduces some classical schemes and also points out the future research orientation in the field.

Xu An Wang,Xiaoshuang Luo,Jindan Zhang,Xiaoyuan Yang

DOI: https://doi.org/10.1007/978-3-319-59463-7_61

2017-01-01

Abstract:Nowadays cloud data storage is a very important storage service for us, but to ensure the datum stored in the remote cloud server remains unmodified, we need a mechanism to check the datum's integrity, cloud data storage auditing protocol is such a mechanism, which has received great attention from researchers. Recently Zhang et al. proposed an efficient ID-based public auditing protocol called IPAD for the outsourced data by combing Waters signature and public auditing for the outsourced data. They claimed IPAD is the first ID-based auditing protocol for data integrity in the standard security model. But in this paper we show their proposal is not secure. Especially, the adversaries can easily generate tags for any file, which obviously break the unforgeability property of the cloud storage auditing protocol.

Haoming Wang,Yuanhang Zhang,Xu An Wang,Xiaoyuan Yang

DOI: https://doi.org/10.1016/j.heliyon.2024.e36273

IF: 3.776

2024-08-20

Heliyon

Abstract:With the rapid development of informatization, a vast amount of data is continuously generated and accumulated, leading to the emergence of cloud storage services. However, data stored in the cloud is beyond the control of users, posing various security risks. Cloud data auditing technology enables the inspection of data integrity in the cloud without the necessity of data downloading. Among these, public auditing schemes have experienced rapid development due to their ability to avoid additional user auditing expenses. However, malicious third-party auditors can compromise data privacy. This paper proposes an improved identity-based cloud auditing scheme that can resist malicious auditors. This scheme is also constructed on an identity-based public auditing scheme using blockchain to prevent malicious auditing. We found the scheme is not secure because a malicious cloud server can forge authentication tags for outsourced data blocks, while our scheme has not these security flaws. Through security proofs and performance analysis, we further demonstrate that our scheme is secure and efficient. Additionally, our scheme has typical application scenarios.

Luo Yuchuan,Fu Shaojing,Xu Ming,Wang Dongsheng

DOI: https://doi.org/10.1109/cc.2014.7004529

2014-01-01

China Communications

Abstract:Cloud storage is one of the main application of the cloud computing. With the data services in the cloud, users is able to outsource their data to the cloud, access and share their outsourced data from the cloud server anywhere and anytime. However, this new paradigm of data outsourcing services also introduces new security challenges, among which is how to ensure the integrity of the outsourced data. Although the cloud storage providers commit a reliable and secure environment to users, the integrity of data can still be damaged owing to the carelessness of humans and failures of hardwares/softwares or the attacks from external adversaries. Therefore, it is of great importance for users to audit the integrity of their data outsourced to the cloud. In this paper, we first design an auditing framework for cloud storage and proposed an algebraic signature based remote data possession checking protocol, which allows a third-party to auditing the integrity of the outsourced data on behalf of the users and supports unlimited number of verifications. Then we extends our auditing Protocol to support data dynamic operations, including data update, data insertion and data deletion. The analysis and experiment results demonstrate that our proposed schemes are secure and efficient.

Wang Huifeng,Li Zhanhuai,Zhang Xiao,Sun Jian,Zhao Xiaonan

DOI: https://doi.org/10.7544/issn1000-1239.2017.20150900

2017-01-01

Journal of Computer Research and Development

Abstract:As an important issue of cloud storage security ,data integrity checking has attracted a lot of attention from academia and industry .In order to verify data integrity in the cloud ,the researchers have proposed many public audit schemes for data integrity .However ,most of the existing schemes are inefficient and waste much computing resource because they adopt fixed parameters for auditing all the files .In other words ,they have not considered the issue of coordinating and auditing the large-scale files .In order to improve the audit efficiency of the system ,we propose a self-adaptive provable data possession (SA-PDP) ,which uses a self-adaptive algorithm to adjust the audit tasks for different files and manage the tasks by the audit queues .By the quantitative analysis of the audit requirements of files ,it can dynamically adjust the audit plans ,which guarantees the dynamic matching between the audit requirements of files and the execution strength of audit plans .In order to enhance the flexibility of updating audit plans ,SA-PDP designs two different update algorithms of audit plans on the basis of different initiators .The active update algorithm ensures that the audit system has high coverage rate while the lazy update algorithm can make the audit system timely meet the audit requirements of files . Experimental results show that SA-PDP can reduce more than 50% of the total audit time than the traditional method .And SA-PDP effectively increases the number of audit files in the audit system . Compared with the traditional audit method ,SA-PDP can improve the standard-reaching rate of audit plans by more than 30% .

Jian Shen,Jun Shen,Xiaofeng Chen,Xinyi Huang,Willy Susilo

DOI: https://doi.org/10.1109/tifs.2017.2705620

IF: 7.231

2017-01-01

IEEE Transactions on Information Forensics and Security

Abstract:With the rapid development of cloud computing, cloud storage has been accepted by an increasing number of organizations and individuals, therein serving as a convenient and on-demand outsourcing application. However, upon losing local control of data, it becomes an urgent need for users to verify whether cloud service providers have stored their data securely. Hence, many researchers have devoted themselves to the design of auditing protocols directed at outsourced data. In this paper, we propose an efficient public auditing protocol with global and sampling blockless verification as well as batch auditing, where data dynamics are substantially more efficiently supported than is the case with the state of the art. Note that, the novel dynamic structure in our protocol consists of a doubly linked info table and a location array. Moreover, with such a structure, computational and communication overheads can be reduced substantially. Security analysis indicates that our protocol can achieve the desired properties. Moreover, numerical analysis and real-world experimental results demonstrate that the proposed protocol achieves a given efficiency in practice.

Chunxiang Xu,Xiaohu He,Daniel Abraha-Weldemariam

DOI: https://doi.org/10.1007/978-3-642-34041-3_59

2012-01-01

Abstract:Cloud Computing as the on-demand and remote provision of computational resources has been eagerly waited for a long time as a computing utility. It helps users to store their data in the cloud and enjoy the high quality service. However, users do not have physical possession on their own data, hence it is indispensable to create mechanisms on how to protect the security of the data stored. Thus, some auditing protocols are introduced to ensure authenticity and integrity of the outsourced data. Wang et al. proposed a public auditing protocol in 2010 and argued that it can resist against various known attacks. However, serious security flaws are found by analyzing their protocol. The above analysis shows that the public auditing protocol proposed by Wang et al. can not resist against existential forgery using a known message attack. Moreover, the protocol is vulnerable to attacks by a malicious cloud server and an outside attacker through four specific attacking schemes. The results show that the protocol can not provide secure data storage for users.

Enguang Zhou,Zhoujun Li

DOI: https://doi.org/10.1007/978-3-319-11194-0_54

2014-01-01

Abstract:In cloud computing, clients put the large data files on the untrusted cloud storage server, how to ensure the integrity of the out-sourced data becomes a big problem. To address this issue, Hao et al. proposed a protocol which supports public verifiability and data dynamics. However, Hao et al.'s protocol suffers from two drawbacks. First, Hao et al.'s protocol is insecure and cannot resist the active adversary. Second, Hao et al.'s protocol only supports fixed-sized blocks as basic unit. As a result, the insertion of short message will cause a considerable waste of storage space. In this paper, we propose an improved remote data integrity checking protocol that can support variable-sized blocks. Besides, the improved protocol can resist the attack of the active adversary, and it is obvious to verify that the improved protocol still preserves the properties of Hao et al.'s protocol such as public verifiability and privacy preserving auditing.

Chunxiang Xu,Yuan Zhang,Yong Yu,Xiaojun Zhang,Junwei Wen

DOI: https://doi.org/10.3837/tiis.2014.11.032

2014-01-01

KSII Transactions on Internet and Information Systems

Abstract:Cloud storage provides an easy, cost-effective and reliable way of data management for users without the burden of local data storage and maintenance. Whereas, this new paradigm poses many challenges on integrity and privacy of users' data, since users losing grip on their data after outsourcing the data to the cloud server. In order to address these problems, recently, Worku et al. have proposed an efficient privacy-preserving public auditing scheme for cloud storage. However, in this paper, we point out the security flaw existing in the scheme. An adversary, who is on-line and active, is capable of modifying the outsourced data arbitrarily and avoiding the detection by exploiting the security flaw. To fix this security flaw, we further propose a secure and efficient privacy-preserving public auditing scheme, which makes up the security flaw of Worku et al.'s scheme while retaining all the features. Finally, we give a formal security proof and the performance analysis, they show the proposed scheme has much more advantages over the Worku et al.'s scheme.

Yang Yang,Yanjiao Chen,Fei Chen,Jing Chen

DOI: https://doi.org/10.1109/jiot.2021.3121678

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Remote data integrity auditing ensures the integrity of cloud storage. In practice, cloud users may not want their sensitive data to be exposed to others. Thus, it is meaningful to investigate how to realize data sharing with sensitive information hiding in cloud storage auditing. Up to now, cloud storage has been proven to achieve the sensitive information hiding property through a third-party sanitizer dedicated to sanitize user data, which leads to high outlays on purchasing and maintaining a special server. To meet this challenge, we design a novel cloud storage auditing protocol to support sensitive information hiding without the need of a third-party sanitizer. In addition, our scheme allows data owners to enable or disable other users to access their sensitive information with the help of the cloud that dose not deviate from the agreement during access control. To be specific, only after receiving the delegations from the data owner, the users can compute the valid warrants that can pass the access verification of the cloud. The proposed protocol is built on identity-based cryptography, thus avoiding the complex certificate management. We validate the advantages of the proposed protocol through massive theoretical analysis and experimental results.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hui Tian,Yuxiang Chen,Hong Jiang,Yongfeng Huang,Fulin Nan,Yonghong Chen

DOI: https://doi.org/10.1109/msec.2018.2875880

IF: 3.105

2019-01-01

IEEE Security & Privacy

Abstract:Cloud storage can provide on-demand outsourcing of data services for organizations and individuals. However, because customers may not fully trust that cloud service providers meet their legal expectations for data security, techniques for auditing the cloud have attracted increasing attention. Here, we present an architecture of public data auditing, review existing methods or mechanisms for various auditing objectives, and discuss trends and possible future developments.

Solomon Guadie Worku,Chunxiang Xu,Jining Zhao,Xiaohu He

DOI: https://doi.org/10.1016/j.compeleceng.2013.10.004

2014-01-01

Abstract:Cloud computing poses many challenges on integrity and privacy of users' data though it brings an easy, cost-effective and reliable way of data management. Hence, secure and efficient methods are needed to ensure integrity and privacy of data stored at the cloud. Wang et al. proposed a privacy-preserving public auditing protocol in 2010 but it is seriously insecure. Their scheme is vulnerable to attacks from malicious cloud server and outside attackers regarding to storage correctness. So they proposed a scheme in 2011 with an improved security guarantee but it is not efficient. Thus, in this paper, we proposed a scheme which is secure and with better efficiency. It is a public auditing scheme with third party auditor (TPA), who performs data auditing on behalf of user(s). With detail security analysis, our scheme is proved secure in the random oracle model and our performance analysis shows the scheme is efficient.

Hemalata A. Gosavi,Manish R. Umale

DOI: https://doi.org/10.14445/22315381/IJETT-V11P235

2014-05-24

Abstract:Cloud computing has been envisioned as the next generation architecture of IT Enterprise. Using Cloud Storage,users can remotely store their data and enjoy the on demand high quality applications and services from a shared pool of configurable computing resources, without the burden local copy data storage and maintenance. It moves the application of software data stored to the centralized large data centers, where the management of the data stored services may not be completely trusted. There are many new security challenges and the problems taken into account for ensuring the integrity of data storage in Cloud Computing. In particular, we consider the task of allowing a third party auditor (TPA) to perform verifies the integrity of the dynamic data stored in the cloud.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Jianhong Zhang,Shuai Liu,Jian Mao

DOI: https://doi.org/10.1109/cisp-bmei.2016.7853038

2016-01-01

Abstract:Cloud-based data storage is a popular cloud services. It can alleviate data management burden of data owner. However, after data file is transferred to the cloud, data owner is not able to physical dominate these outsourced data file. To efficiently ensure these data intact, several ReD-based integrity checking schemes were presented to ensure data integrity. Due to periodical checking, many data integrity checking schemes makes that the verifier takes high computational cost or communication overhead to verify data intactness. This results in a heavy burden for some schemes. Recently, to ensure secure cloud storage, a dynamic-hash-Table based public auditing protocol was put forward to achieve data privacy protection and data dynamics. An outstanding feature of the protocol is to significantly decease computational cost and communication cost in terms of cloud server and the verifier. Very regretfully, in this work, we will point out that their protocol is not secure. Our attack enables a malicious cloud server to arbitrarily delete or alter the outsourced data without being inspected by the verifier. And We analyze the reason to produce such attack and give a advice to fix the problem. Finally, we also point out that their protocol still exist a security threat: malicious auditor attack, and analyze the corresponding reason to produce such threat.

Jin Li,Xiao Tan,Xiaofeng Chen,Duncan S. Wong,Fatos Xhafa

2014-01-01

Abstract:Cloud Computing moves the application software and databases to the centralized large data centers, where the management of the data and services may not be fully trustworthy. In this work, we study the problem of ensuring the integrity of data storage in Cloud Computing. To reduce the computational cost at user side during the integrity verification of their data, the notion of public verifiability has been proposed. However, the challenge is that the computational burden is too huge for the users with resource-constrained devices to compute the public authentication tags of file blocks. To tackle the challenge, we propose OPoR, a new cloud storage scheme involving a cloud storage server and a cloud audit server, where the latter is assumed to be semi-honest. In particular, we consider the task of allowing the cloud audit server, on behalf of the cloud users, to pre-process the data before uploading to the cloud storage server and later verifying the data integrity. OPoR outsources the heavy computation of the tag generation to the cloud audit server and eliminates the involvement of user in the auditing and in the preprocessing phases. Furthermore, we strengthen the Proof of Retrievabiliy (PoR) model to support dynamic data operations, as well as ensure security against reset attacks launched by the cloud storage server in the upload phase.

Cong Wang,Qian Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tc.2011.245

2013-01-01

Abstract:Cloud Computing is the long dreamed vision of computing as a utility, where users can remotely store their data into the cloud so as to enjoy the on-demand high quality applications and services from a shared pool of configurable computing resources. By data outsourcing, users can be relieved from the burden of local data storage and maintenance. However, the fact that users no longer have physical possession of the possibly large size of outsourced data makes the data integrity protection in Cloud Computing a very challenging and potentially formidable task, especially for users with constrained computing resources and capabilities. Thus, enabling public auditability for cloud data storage security is of critical importance so that users can resort to an external audit party to check the integrity of outsourced data when needed. To securely introduce an effective third party auditor (TPA), the following two fundamental requirements have to be met: 1) TPA should be able to efficiently audit the cloud data storage without demanding the local copy of data, and introduce no additional on-line burden to the cloud user; 2) The third party auditing process should bring in no new vulnerabilities towards user data privacy. In this paper, we utilize and uniquely combine the public key based homomorphic authenticator with random masking to achieve the privacy-preserving public cloud data auditing system, which meets all above requirements. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multi-user setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis shows the proposed schemes are provably secure and highly efficient.