Yongjun Ren,Jian Shen,Jin Wang,Jin Han,Sungyoung Lee

DOI: https://doi.org/10.6138/jit.2015.16.2.20140918

2015-01-01

Abstract:Cloud storage is now a hot research topic in information technology. In cloud storage, date security properties such as data confidentiality, integrity and availability become more and more important in many commercial applications. Recently, many provable data possession (PDP) schemes are proposed to protect data integrity. In some cases, it has to delegate the remote data possession checking task to some proxy. However, these PDP schemes are not secure since the proxy stores some state information in cloud storage servers. Hence, in this paper, we propose an efficient mutual verifiable provable data possession scheme, which utilizes Diffie-Hellman shared key to construct the homomorphic authenticator. In particular, the verifier in our scheme is stateless and independent of the cloud storage service. It is worth noting that the presented scheme is very efficient compared with the previous PDP schemes, since the bilinear operation is not required.

Hongyi Su,Geng Yang,and Dawei Li

2011-01-01

Abstract:Data storage is an important application of cloud computing. With a cloud computing platform, the burden of local data storage can be reduced. However, services and applications in a cloud may come from different providers, and creating an efficient protocol to protect privacy is critical. We propose a verification protocol for cloud database entries that protects against untrusted service providers. Based on identity-based encryption （IBE） for cloud storage, this protocol guards against breaches of privacy in cloud storage. It prevents service providers from easily constructing cloud storage and forging the signature of data owners by secret sharing. Simulation results confirm the availability and efficiency of the proposed protocol.

Yongjun Ren,Jin Han,Jin Wang,Liming Fang

DOI: https://doi.org/10.1109/CCST.2015.7389694

2015-01-01

Abstract:Cloud storage is an important development trend in information technology. To ensure the integrity of data storage in cloud storing, researchers have present some proof of storage (POS) schemes. In some cases, the ability to check data possession is delegated by data owners. Hence, the delegable provable data possession and proxy provable data possession are proposed. However the existing schemes are not secure since the proxy or designated verifier stores some delegation information in cloud storage servers. In this paper, we propose a new POS scheme, which can preserve clients' privacy and only members in the data shared group to verify the integrity of the outsourced data. In particular, we utilize group signatures and group key exchange to construct homomorphic authenticators, so that only the members in the group is able to check the integrity of shared data for users without retrieving the entire data, and cannot reveal the identities of signers on all blocks in shared data.

Yingjie Xia,Fubiao Xia,Xuejiao Liu,Xin Sun,Yuncai Liu,Yi Ge

DOI: https://doi.org/10.3837/tiis.2014.10.019

2014-01-01

Abstract:The increasing demand in promoting cloud computing in either business or other areas requires more security of a cloud storage system. Traditional cloud storage systems fail to protect data integrity information (DII), when the interactive messages between the client and the data storage server are sniffed. To protect DII and support public verifiability, we propose a data integrity verification scheme by deploying a designated confirmer signature DCS as a building block. The DCS scheme strikes the balance between public verifiable signatures and zero-knowledge proofs which can address disputes between the cloud storage server and any user, whoever acting as a malicious player during the two-round verification. In addition, our verification scheme remains blockless and stateless, which is important in conducting a secure and efficient cryptosystem. We perform security analysis and performance evaluation on our scheme, and compared with the existing schemes, the results show that our scheme is more secure and efficient.

Boyang Wang,Hui Li,Xuefeng Liu,Xiaoqing Li,Fenghua Li

DOI: https://doi.org/10.1002/sec.922

IF: 1.968

2013-01-01

Security and Communication Networks

Abstract:ABSTRACTThe low prices on cloud data storage and sharing services incentive users to outsource their data to the cloud. Because data stored in the cloud may be lost or corrupted, users are suggested to verify data integrity before the utilization of cloud data. A series of schemes have been proposed to enable a public verifier to efficiently check the correctness of cloud data without downloading the whole data from the cloud server. Unfortunately, few of them have considered about public verification on multi‐owner cloud data while still preserving identity privacy of owners from public verifiers, where each block in these cloud data should be signed by multiple owners. In this paper, we design a novel public verification scheme to audit the integrity of multi‐owner data stored in the cloud. With our scheme, a public verifier is able to efficiently check the integrity of multi‐owner data with a very small communication cost compared with the size of the entire data. Meanwhile, the private identities of these owners are protected and not revealed to any public verifier. In addition, our scheme can also efficiently support group dynamics for multiple owners and enable batch verification. Security analyses and experimental results indicate our scheme is correct, secure and efficient. Copyright © 2013 John Wiley & Sons, Ltd.

Solomon Guadie Worku,Chunxiang Xu,Jining Zhao

DOI: https://doi.org/10.1007/s11704-013-3138-7

IF: 2.6688

2014-01-01

Frontiers of Computer Science

Abstract:An auditing scheme is a good way to prove owner’s data outsourced to the cloud are kept intact, and a scheme capable of giving public verifiability service is a good option that some researchers have managed to build for the last few years. However, in a public auditing scheme everybody does verification of data and a possibility of leaking some secrete information to the public verifiers is an issue that data owners are unhappywith this scenario. For example, the data owner does not want anybody else to know he has the data stored in the cloud server. Motivated by the issue of privacy associated with public auditing system, we proposed a designated verifier auditing (DVA) scheme based on Steinfeld et al.’s universal designated verifier (DV) signature scheme. Our DVA scheme authorizes a third party auditor with private verification capability. It provides private verification because the scheme involves private key of the verifier. Moreover, we present the batch auditing scheme to improve auditing efficiency. Through rigorous security analysis we showed that our scheme is provably secure in the random oraclemodel assuming that the computational Diffie-Hellman (CDH) problem is hard over the group of bilinear maps.

Runze Ji,Nankun Mu,Xiaofeng Liao

DOI: https://doi.org/10.1109/icist.2018.8426114

2018-01-01

Abstract:Recently, cloud storage is widely concerned due to the properties of low cost, advanced technology and efficient business model, and has been made a rapid development. However, as a new storage model, there are known security and privacy issues in migrating data to the cloud. Therefore, how to ensure the integrity and correctness of data storage is the main research direction and development of cloud storage technology. Moreover, the main purpose of the data integrity verification mechanism is to verify that the data is completely stored in the cloud server and is not modified maliciously or deleted. Sometimes the user can't perform data integrity verification for some reason, and the verification right need to be delegate to a third party auditor. In this paper, we proposed: (1) a new data integrity verification by partial delegation(PDIPD) is proposed, which delegates the remote data possession checking to a third party auditor. Compared with the existing data integrity verification scheme, the new scheme has less computational overhead and the flexibility at the same security level. (2) Extensive security analyses show this scheme is provable secure in random oracle. Estimating the cost of basic cryptographic and analyzing the experiment show, the proposed schemes are highly efficient and practical.

Zuojie Deng,Jingli Zhou

DOI: https://doi.org/10.3233/jifs-169035

2016-01-01

Journal of Intelligent & Fuzzy Systems

Abstract:Nowadays, cloud storage has become an attractive storage scheme for a user to store his files. When a user stores his files on a remote cloud storage system, he cannot make sure whether his files are intact, so he must use some protocol to check the integrity of his files in the cloud storage. To guarantee high availability, some cloud storage servers provide a kind of highly-available service, which stores multiple copies of user files in the cloud storage, and the file owner cannot make sure whether all these copies are intact as well. Some cloud storage servers allow his users to operate their files online. As the file owner cannot always be online, he must entrust a trusted public data auditor to check his files in the cloud storage. In this work, we investigate the above issues about provable data possession with multi-copy and data dynamics supporting public verification in a cloud storage. We design a kind of authenticated 2-3 tree with ordered leaves and use this kind of tree to organize file block tags. We design a privacy preserving provable data possession scheme with multi-copy and data dynamics which supports public verification, and use a kind of RSA tag to construct this scheme. We apply our scheme to a cloud file backup system. Our theoretical proofs and experiments show that our scheme is feasible and reasonable.

Yubo Zhao,Jinyong Chang

DOI: https://doi.org/10.1016/j.comnet.2022.109270

IF: 5.493

2022-10-24

Computer Networks

Abstract:In recent years, cloud storage has become an attractive service for data owners to store their personal data. Since they lose physical control of their data, it is necessary to regularly audit its integrity. The public auditing technique is very popular because it is suitable to outsource the auditing task to any third-party auditor, who has professional knowledge on auditing. However in many practical scenarios, the data owner may expect some designated verifier (instead of any) to audit its data. Thus, the public auditing scheme with designated verifier was proposed. In order to further reduce the cost of managing certificates, and to avoid the dependence on public key infrastructure, identity-based auditing scheme with designated verifier was recently proposed. Nevertheless, the proposed identity-based auditing scheme still suffers from the key escrow attack the risk of privacy leakage. In this paper, for the first time, we propose a certificateless public auditing protocol with designated verifier privacy-preserving property. More concretely, it can not only protect the privacy of the stored data against the designated verifier, but also resolve key escrow problem existed in identity-based technique. Its security is based on the Computational Diffie–Hellman and Weil Diffie–Hellman assumptions. Finally, the performance analysis experimental results of the proposed protocol show that our auditing scheme is efficient feasible to applications in real life.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Ruifeng Li,Xu An Wang,Haibin Yang,Ke Niu,Dianhua Tang,Xiaoyuan Yang

DOI: https://doi.org/10.1016/j.jksuci.2022.07.020

IF: 9.006

2022-01-01

Journal of King Saud University - Computer and Information Sciences

Abstract:In the cloud storage environment, scholars have proposed data integrity auditing schemes to ensure the integrity of data in the cloud. In some scenarios, users may need to designate an auditor to perform auditing tasks, however, most existing cloud auditing schemes are not applicable. A small number of cloud auditing schemes with designated verifiers use PKI cryptography and identity-based cryptography, which has complex certificate management and key escrow problems. Therefore, based on the certificateless signature algorithm of the specified verifier, we construct an efficient certificateless provable data possession mechanism in the cloud with a designated verifier called CL-DV-PDP. Based on of meeting the above user’s requirement, our scheme can also perform a batch audit of multi-user data at the same time. We use a dynamic hash table to dynamically update the cloud data and the scheme also supports privacy protection. We define the security model of the scheme in detail, and the security of the scheme is proved based on the CDH assumption under the random oracle model. In the efficiency analysis section, we compare the functions and computational costs of our scheme with the relevant references, the result shows that the functions of the scheme are comprehensive and our scheme is efficient.

Yuan Zhang,Chunxiang Xu,Xiaohui Liang,Hongwei Li,Yi Mu,Xiaojun Zhang

DOI: https://doi.org/10.1109/mcc.2016.94

2016-01-01

IEEE Cloud Computing

Abstract:Cloud storage services allow users to outsource their data to cloud servers to save local data storage costs. However, unlike using local storage devices, users do not physically manage the data stored on cloud servers; therefore, the data integrity of the outsourced data has become an issue. Many public verification schemes have been proposed to enable a third-party auditor to verify the data integrity for users. These schemes make an impractical assumption—the auditors have enough computation capability to bear expensive verification costs. In this paper, we propose a novel public verification scheme for the cloud storage using indistinguishability obfuscation, which requires a lightweight computation on the auditor and the delegate most computation to the cloud. We further extend our scheme to support batch verification and data dynamic operations, where multiple verification tasks from different users can be performed efficiently by the auditor and the cloud-stored data can be updated dynamically. Compared with other existing works, our scheme significantly reduces the auditor’s computation overhead. Moreover, the batch verification overhead on the auditor side in our scheme is independent of the number of verification tasks. Our scheme could be practical in a scenario, where the data integrity verifications are executed frequently, and the number of verification tasks (i.e., the number of users) is numerous; even if the auditor is equipped with a low-power device, it can verify the data integrity efficiently. We prove the security of our scheme under the strongest security model proposed by Shi et al. (ACM CCS 2013). Finally, we conduct a performance analysis to demonstrate that our scheme is more efficient than other existing works in terms of the auditor’s communication and computation efficiency.

Xiaoyuan Yang,Shuaishuai Zhu,Xiaozhong Pan

DOI: https://doi.org/10.1007/s11859-011-0769-0

2011-01-01

Abstract:In Cloud computing, data and service requests are responded by remote processes calls on huge data server clusters that are not totally trusted. The new computing pattern may cause many potential security threats. This paper explores how to ensure the integrity and correctness of data storage in cloud computing with user’s key pair. In this paper, we aim mainly at constructing of a quick data chunk verifying scheme to maintain data in data center by implementing a balance strategy of cloud computing costs, removing the heavy computing load of clients, and applying an automatic data integrity maintenance method. In our scheme, third party auditor (TPA) is kept in the scheme, for the sake of the client, to periodically check the integrity of data blocks stored in data center. Our scheme supports quick public data integrity verification and chunk redundancy strategy. Compared with the existing scheme, it takes the advantage of ocean data support and high performance.

Jin Li,Xiao Tan,Xiaofeng Chen,Duncan S. Wong,Fatos Xhafa

2014-01-01

Abstract:Cloud Computing moves the application software and databases to the centralized large data centers, where the management of the data and services may not be fully trustworthy. In this work, we study the problem of ensuring the integrity of data storage in Cloud Computing. To reduce the computational cost at user side during the integrity verification of their data, the notion of public verifiability has been proposed. However, the challenge is that the computational burden is too huge for the users with resource-constrained devices to compute the public authentication tags of file blocks. To tackle the challenge, we propose OPoR, a new cloud storage scheme involving a cloud storage server and a cloud audit server, where the latter is assumed to be semi-honest. In particular, we consider the task of allowing the cloud audit server, on behalf of the cloud users, to pre-process the data before uploading to the cloud storage server and later verifying the data integrity. OPoR outsources the heavy computation of the tag generation to the cloud audit server and eliminates the involvement of user in the auditing and in the preprocessing phases. Furthermore, we strengthen the Proof of Retrievabiliy (PoR) model to support dynamic data operations, as well as ensure security against reset attacks launched by the cloud storage server in the upload phase.

Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/tnet.2021.3058130

2021-01-01

Abstract:With the widespread application of cloud storage, ensuring the integrity of user outsourced data catches more and more attention. To remotely check the integrity of cloud storage, plenty of protocols have been proposed, implemented by checking the equation constructed by the aggregated blocks, tags, and indices. However, the verifier only has the knowledge of the indices of the audited blocks and tags, which thus requires the cloud to store both data blocks and tags for integrity verification. In this article, we present a compressive secure cloud storage protocol inspired by Goldreich-Goldwasser-Halevi (GGH) cryptosystem. Since the aggregated blocks can be reconstructed from the aggregated tags without the help of data indices, the cloud can only store data tags for providing the verifiable integrity proof. In this way, communication and storage costs can be hugely reduced and user private information can be hidden from the cloud. Furthermore, the proposed protocol only contains a few basic algebraic operations, making it highly efficient. We also provide formal security proof of the proposed protocol regarding forge, replay and replace attacks. In addition, we explore a new technique to support data dynamics. Furthermore, we establish a generic framework of compressive secure cloud storage protocols. Finally, we provide the theoretical analysis and experimental results, which further validate the effectiveness of the proposed protocol.

En-guang ZHOU,Zhou-jun LI,Hua GUO,Yang-li JIA

DOI: https://doi.org/10.3969/j.issn.0372-2112.2014.01.024

2014-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:In cloud computing, clients put the large data files on the untrusted cloud storage server. As clients no longer physically possess the storage of their data, how to efficiently verify the correctness of outsourced cloud data becomes a big challenge for data storage security in cloud computing. In order to solve the problem of data integrity checking, many schemes are proposed. We first propose the notion of the known-proofs forgery attack, i. e., the adversary who has a certain number of proofs can forge a new legal proof. We point out that some known schemes cannot resist the known-proofs forgery attack. After that we propose an improved data integrity checking protocol with full data dynamics and public verifiability for cloud storage by manipulating rank-based authenticated skip list.

Wenyong Yuan,Li,Zhengge Yi,Xiaoyuan Yang

DOI: https://doi.org/10.1117/12.2668300

2023-01-01

Abstract:Integrity verification can effectively protect cloud data. Currently, users entrust third-party auditors to verify the integrity of their outsourced data. Unfortunately, multiple auditors participate in the integrity verification, which increases the risk of data privacy disclosure. Therefore, more users expect a specific verifier to check the files in cloud storage. We proposed a scheme with a designated verifier, which can effectively protect data privacy when auditing. In the process oey generate tags. In the evidence generation, bilinear results of data blocks and tags are directly calculated to realize privacyf tags generation, we utilize the designated auditor public k protection. Based on the computational Diffie– Hellman assumption in the Bilinear Maps, we prove the security for our scheme.

Jining Zhao,Chunxiang Xu,Fagen Li,Wenzheng Zhang

DOI: https://doi.org/10.1587/transfun.E96.A.2709

2013-01-01

Abstract:In the Cloud computing era, users could have their data outsourced to cloud service provider (CSP) to enjoy on-demand high quality service. On the behalf of the user, a third party auditor (TPA) which could verify the real data possession on CSP is critically important. The central challenge is to build efficient and provably secure data verification scheme while ensuring that no users' privacy is leaked to any unauthorized party, including TPA. In this paper, we propose the first identity-based public verification scheme, based on the identity-based aggregate signature (IBAS). In particular, by minimizing information that verification messages carry and TPA obtains or stores, we could simplify key management and greatly reduce the overheads of communication and computation. Unlike the existing works based on certificates, in our scheme, only a private key generator (PKG) has a traditional public key while the user just keeps its identity without binding with certificate. Meanwhile, we utilize privacy-preserving technology to keep users' private data off TPA. We also extend our scheme with the support of batch verification task to enable TPA to perform public audits among different users simultaneously. Our scheme is provably secure in the random oracle model under the hardness of computational Diffie-Hellman assumption over pairing-friendly groups and Discrete Logarithm assumption.

Lihong ZHANG,Jing CHEN,Ruiying DU,Kun HE,Jiong CHEN

DOI: https://doi.org/10.3969/j.issn.1000-3428.2017.01.006

2017-01-01

Abstract:For the secure issues of outsourced data in cloud storage,a new method of data integrity verification is proposed,which can support secure deduplication and public verification.The method combines the advantages of Proofs of Ownership(POW) and Proofs of Retrievability (POR),and achieves client-side secure deduplication and data integrity verification simultaneously,in which data block,random sampling and dynamic coefficient are used.By introducing bilinear pairings and erasure codes,users can infinitely verify whether the data is intact in cloud storage.If the data is damaged,users can repair it with erasure codes.To achieve privacy preserving,the technology of random masking is introduced,which can hide the information of users' data effectively.Analysis results show that the proposed method not only can assure the security and integrity of data stored in cloud storage,but also can efficiently reduce the computing cost and communication cost.

MA Hai-feng,WANG Jun-hua,XUE Qing-shui,SHI Xue-lei,ZHANG Ji,YANG Jia-hai

DOI: https://doi.org/10.1109/icdsba57203.2022.00108

2023-01-01

Abstract:With the evolution of cloud storage and the limitations of traditional storage methods, more and more enterprises choose to store data on cloud servers to decrease local storage and maintenance overhead. However, when data is stored on the cloud, no copy is stored locally, so how to ensure the integrity of information on the cloud is significant research topic. In order to efficiently resolve the problem a cloud storage data integrity verification scheme that can be revoked in real time by users is proposed. This paper introduce a trusted third-party proxy to the traditional proxy re-signature technology to complete the re-signature of the data in the cloud for the new user, so as to avoid the untrusted cloud server leaking the signature and damaging the data integrity; Distribute an administrator attribute for users, so that users can revoke in real time according to their actual tenure; Finally, a random mask is used in the audit challenge, which effectively prevents curious third-party audits from recovering and revealing the original data by verifying the information. Security analysis and performance analysis demonstrate that the scheme is secure and effective.

Changsong Yang,Jianfeng Wang,Xiaoling Tao,Xiaofeng Chen

DOI: https://doi.org/10.1016/j.jnca.2017.11.011

IF: 7.574

2018-01-01

Journal of Network and Computer Applications

Abstract:With the rapid development of cloud storage, more and more resource-constraint data owners can employ cloud storage services to reduce the heavy local storage overhead. However, the local data owners lose the direct control over their data, and all the operations over the outsourced data, such as data transfer and deletion, will be executed by the remote cloud server. As a result, the data transfer and deletion have become two security issues because the selfish remote cloud server might not honestly execute these operations for economic benefits. In this article, we design a scheme that aims to make the data transfer and the transferred data deletion operations more transparent and publicly verifiable. Our proposed scheme is based on vector commitment (VC), which is used to deal with the problem of public verification during the data transfer and deletion. More specifically, our new scheme can provide the data owner with the ability to verify the data transfer and deletion results. In addition, by using the advantages of VC, our proposed scheme does not require any trusted third party. Finally, we prove that the proposed scheme not only can reach the expected security goals but also can satisfy the efficiency and practicality.