Limin Li,Yahui Yang,Zhonghai Wu

DOI: https://doi.org/10.1109/iscc.2017.8024675

2017-01-01

Abstract:Cloud storage is a service provided by cloud service provider (CSP). More and more individuals and organizations accept the scheme and outsource their data to CSP seeking to reduce local storage burden. Since the outsourced files are no longer under the data owners' direct control and CSP is not trustworthy, it is necessary for data owners to check the integrity of their files outsourced to CSP. To address this crucial problem, some provable data possession (PDP) protocols have been presented. In order to obtain higher availability, storing multiple replicas is a common strategy in cloud storage. Most recent researches on multiple-replica provable data possession (MR-PDP) use homomorphic linear authenticators (HLAs) to generate aggregated tags for the blocks at the same indices in each replica, but it cannot verify single replica to identify the corrupted replicas. In this paper, we proposed a novel multiple replica provable data possession scheme, named FMR-PDP. In FMR-PDP, we compute tags based on vector dot product instead of expensive group exponentiation operations, and only generate one tag for all blocks at the same indices in each replica. Our FMR-PDP scheme supports a flexible data possession verification, which means the data owner can check any number of replicas in a verification. In addition, we make a comprehensive performance analysis, which shows that our proposed scheme is flexible and efficient.

Wei Guo,Sujuan Qin,Fei Gao,Hua Zhang,Wenmin Li,Zhengping Jin,Qiaoyan Wen

DOI: https://doi.org/10.1109/tsc.2020.3022812

IF: 11.019

2020-01-01

IEEE Transactions on Services Computing

Abstract:Cloud storage attracts a lot of clients to join the paradise. For a high data availability, some clients require their files to be replicated and stored on multiple servers. Because clients are generally charged based on the redundancy level required by them, it is critical for clients to obtain convincing evidence that all replicas are stored correctly and are updated to the up-to-date version. In this article, we propose a dynamic proof of data possession and replication (DPDPR) scheme, which is proved to be secure in the defined security model. Our scheme shares a single authenticated tree across multiple replicas, which reduces the tree's storage cost significantly. Our scheme allows for batch verification for multiple challenged leaves and can verify multiple replicas in a single batch way, which considerably save bandwidth and computation resources during audit process. We also evaluate the DPDPR's performance and compare it with the most related scheme. The evaluation results show that our scheme saves almost 66 percent tree's storage cost for three replicas, and obtains almost 60 and 80 percent efficiency improvements in terms of the overall bandwidth and computation costs, respectively, when three replicas are checked and each challenged with 460 blocks.

Zhuo Hao,Nenghai Yu

DOI: https://doi.org/10.1109/isdpe.2010.20

2010-01-01

Abstract:Many cloud storage providers declare that they store multiple replicas of clients' data in order to prevent data loss. However, currently there is no guarantee that they actually spend storage for multiple replicas. Recently a multiple-replica provable data possession (MR-PDP) protocol is proposed, which provides clients with the ability to check whether multiple replicas are really stored at the cloud storage servers. However, in MR-PDP, only private verifiability is achieved. In this paper, we propose a multiple-replica remote data possession checking protocol which has public verifiability. The public verifiability increases the protocol's flexibility in that a third-party auditor can perform the data checking on behalf of the clients. Homomorphic authentication tags based on BLS signature are used in the proposed protocol. By security analysis and performance analysis, the proposed protocol is shown to be secure and efficient, which makes it very suitable in cloud storage systems.

Zuojie Deng,Jingli Zhou

DOI: https://doi.org/10.3233/jifs-169035

2016-01-01

Journal of Intelligent & Fuzzy Systems

Abstract:Nowadays, cloud storage has become an attractive storage scheme for a user to store his files. When a user stores his files on a remote cloud storage system, he cannot make sure whether his files are intact, so he must use some protocol to check the integrity of his files in the cloud storage. To guarantee high availability, some cloud storage servers provide a kind of highly-available service, which stores multiple copies of user files in the cloud storage, and the file owner cannot make sure whether all these copies are intact as well. Some cloud storage servers allow his users to operate their files online. As the file owner cannot always be online, he must entrust a trusted public data auditor to check his files in the cloud storage. In this work, we investigate the above issues about provable data possession with multi-copy and data dynamics supporting public verification in a cloud storage. We design a kind of authenticated 2-3 tree with ordered leaves and use this kind of tree to organize file block tags. We design a privacy preserving provable data possession scheme with multi-copy and data dynamics which supports public verification, and use a kind of RSA tag to construct this scheme. We apply our scheme to a cloud file backup system. Our theoretical proofs and experiments show that our scheme is feasible and reasonable.

Wang Junxiang,Liu Shengli

DOI: https://doi.org/10.1109/ICADE.2012.6330109

2012-01-01

Abstract:Cloud storage security has drawn more and more concerns in Cloud Computing literatures. The Provable Data Possession (PDP) model has been defined for ensuring the integrity of files on untrusted storages. Since cloud storage is practically not only used for storing static data, the Dynamic Provable Data Possession (DPDP) model has been put forward, in which model, file content can be updated while the storage server is still able to prove the integrity and freshness of the file. In existing DPDP schemes, homomorphic MAC or signature is applied to achieve blockless verification in the course of integrity checking, whereas in the course of update verification, the verification protocol has to be performed for every single block update. In this paper, we develop a batch-update verifiable DPDP mode that verifies a batch of block updates at once to achieve efficiency. We construct our scheme by developing a variant authenticated 2-3 tree to enable data dynamics and batch-update verification. We also employ a BLS-like signature to enable public verification. The simulation shows that our batched scheme achieves great performance improvement on update verification.

Zuojie Deng,Shuhong Chen,Xiaolan Tan,Dan Song,Fan Wu

DOI: https://doi.org/10.1007/978-3-030-05345-1_34

2018-01-01

Abstract:A user can use a provable multi-copy data possession schemes (PMDP) to ascertain whether its copies in cloud storage are kept securely. Unfortunately, all existing PMDP are not secure and efficient. To address this problem, we propose an efficient provable multi-copy data possession scheme with data dynamics (EPMDP). We design a kind of authenticated 2-3 tree with arrays in ordered leaves (A2-3AOL) and use the A2-3AOL and a kind of RSA tag to construct EPMDP. The analysis results of the security and performance show that EPMDP has strong security and good performance.

Wen-zhuo LIU,Tian-jie CAO,Shi HUANG

DOI: https://doi.org/10.6040/j.issn.1671-9352.2.2014.183

2014-01-01

Abstract:In order to verify whether the users’file replicas were stored by the cloud storage service provider (CSP),a RDPC that supports dynamic data was improved and expanded by analyzing its weakness,and then an efficient multiple-replica data possession scheme based on the homomorphic hash was proposed.Multiple-replica data possession can be verified simultaneously in the scheme,which can resist the replace attack,replay attack and forgery attack.To support data dynamic better,the Merkle hash tree was improved in the scheme,and the γcode was used to decrease the com-munication bandwith in the process of data blocks checking and update operations.

REN Jingsi,WANG Jinlin,CHEN Xiao,YE Xiaozhou

DOI: https://doi.org/10.3969/j.issn.1001-2400.2017.06.027

2017-01-01

Abstract:In the cloud storage paradigm,verifying the integrity of multiple remote copies is inefficient,and dynamic data updates are not supported.To solve this problem,we first propose a multi-copy integrity checking model for the distributed cloud storage system,and then design a multi-copy provable data possession scheme based on the bilinear map and pseudo-random mask technique.Aiming at updating multiple copies,each data block is mapped to an entry in the seed mapping table.Security analysis and performance evaluation show that our scheme is correct and complete,and can significantly improve efficiency.

Yongjun Ren,Jian Shen,Jin Wang,Jin Han,Sungyoung Lee

DOI: https://doi.org/10.6138/jit.2015.16.2.20140918

2015-01-01

Abstract:Cloud storage is now a hot research topic in information technology. In cloud storage, date security properties such as data confidentiality, integrity and availability become more and more important in many commercial applications. Recently, many provable data possession (PDP) schemes are proposed to protect data integrity. In some cases, it has to delegate the remote data possession checking task to some proxy. However, these PDP schemes are not secure since the proxy stores some state information in cloud storage servers. Hence, in this paper, we propose an efficient mutual verifiable provable data possession scheme, which utilizes Diffie-Hellman shared key to construct the homomorphic authenticator. In particular, the verifier in our scheme is stateless and independent of the cloud storage service. It is worth noting that the presented scheme is very efficient compared with the previous PDP schemes, since the bilinear operation is not required.

Su Peng,Fucai Zhou,Jin Li,Qiang Wang,Zifeng Xu

DOI: https://doi.org/10.1016/j.jnca.2019.02.014

IF: 7.574

2019-05-01

Journal of Network and Computer Applications

Abstract:Nowadays, cloud storage plays an increasingly important role in our daily life. However, the cloud users do not have the physical possession of their own data anymore. To confirm whether the outsourced files are maintained intact without downloading them entirely, a mechanism namely Remote Data Integrity Checking (RDIC) is invented. Currently, some RDIC schemes allow the data owners with limited computation or communication power to delegate the checking task to a third-party verifier. However, most of these schemes rely on the complicated and resource consuming public key infrastructure (PKI). In this paper, we propose a novel identity-based RDIC scheme, namely Efficient, Dynamic and Identity-based Multiple Replication Provable Data Possession (EDID-MRPDP) without the burden of PKI. We introduce a new construction of Homomorphic Verifiable Tag (HVT) and a novel data structure namely Compressed Authentication Array (CAA), which allow EDID-MRPDP to perform batch verification for multiple data owners and cloud servers simultaneously and efficiently, both from computation and communication aspects. To the best of our knowledge, EDID-MRPDP is the first ID-based RDIC scheme with full dynamic updates and multi-replica batch checking. We provide comprehensive correctness and soundness proofs of EDID-MRPDP. Meanwhile, the detailed performance analyses and simulations show that EDID-MRPDP is practical for large-scale cloud applications.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Kun He,Jing Chen,Quan Yuan,Shouling Ji,Debiao He,Ruiying Du

DOI: https://doi.org/10.1109/tdsc.2019.2925800

2021-01-01

Abstract:As an important security property of cloud storage, data integrity has not been sufficiently studied under the multi-writer model, where a group of users work on shared files collaboratively and any group member can update the data by modification, insertion, and deletion operations. Existing works under such multi-writer model would bring large storage cost to the third-party verifiers. Furthermore, to the best of our knowledge, none of the existing works for shared files supports fully dynamic operations, which implies that users cannot freely perform the update operations. In this paper, we propose the first public auditing scheme for shared data that supports fully dynamic operations and achieves constant storage cost for the verifiers. Our scheme, named PRAYS, is boosted by a new paradigm for remote data integrity checking. To implement the new paradigm, we proposed a specially designed authenticated structure, called blockless Merkle tree, and a novel cryptographic primitive, called permission-based signature. Extensive evaluation demonstrates that PRAYS is as efficient as the existing less-functional solutions. We believe that PRAYS is an important step towards designing practical multi-writer cloud storage systems.

Lei Zhou,Anmin Fu,Yi Mu,Huaqun Wang,Shui Yu,Yinxia Sun

DOI: https://doi.org/10.1016/j.ins.2020.08.031

IF: 8.1

2021-02-01

Information Sciences

Abstract:<p>In the era of big data, there are several insuperable research challenges in establishing Electronic Medical Record (EMR) for updating massive data with traditional methods. It is an attractive option to create the cloud-based EMR system, since cloud provides elastic and affordable data storage and management services. However, once the medical records are uploaded into the cloud, the owner will lose the control over the data, and sensitive contents might be accessed or modified by unauthorized entities. To address this issue, we propose a multicopy provable data possession for cloud-based EMR systems, which ensures the integrity and privacy of EMR data. In particular, to achieve data updates, we design a novel dynamic structure that improves the Merkle Hash Tree for multicopy storage, which achieves full dynamics efficiently and safely. Moreover, a random masking technique is employed in our proposal to generate distinguishable replica blocks of one block. Our construction prevents a verifier from obtaining medical records from challenge responses, but also eliminates exposing the content to unauthorized entities. Our security analysis shows that our scheme is provably secure. Evaluation experiments demonstrate that the proposal has lower communication and computation costs in comparison with the existing schemes.</p>

computer science, information systems

Chang Liu,Rajiv Ranjan,Chi Yang,Xuyun Zhang,Lizhe Wang,Jinjun Chen

DOI: https://doi.org/10.1109/tc.2014.2375190

IF: 3.183

2015-09-01

IEEE Transactions on Computers

Abstract:Cloud computing that provides elastic computing and storage resource on demand has become increasingly important due to the emergence of “big data”. Cloud computing resources are a natural fit for processing big data streams as they allow big data application to run at a scale which is required for handling its complexities (data volume, variety and velocity). With the data no longer under users&#x27; direct control, data security in cloud computing is becoming one of the most concerns in the adoption of cloud computing resources. In order to improve data reliability and availability, storing multiple replicas along with original datasets is a common strategy for cloud service providers. Public data auditing schemes allow users to verify their outsourced data storage without having to retrieve the whole dataset. However, existing data auditing techniques suffers from efficiency and security problems. First, for dynamic datasets with multiple replicas, the communication overhead for update verifications is very large, because each update requires updating of all replicas, where verification for each update requires O(log n ) communication complexity. Second, existing schemes cannot provide public auditing and authentication of block indices at the same time. Without authentication of block indices, the server can build a valid proof based on data blocks other than the blocks client requested to verify. In order to address these problems, in this paper, we present a novel public auditing scheme named MuR-DPA. The new scheme incorporated a novel authenticated data structure (ADS) based on the Merkle hash tree (MHT), which we call MR-MHT. To support full dynamic data updates and authentication of block indices, we included rank and level values in computation of MHT nodes. In contrast to existing schemes, level values of nodes in MR-MHT are assigned in a top-down order, and all replica blocks for each data block are organized into a same replica sub-tree. Such a configuration allows efficient verification of updates for multiple replicas. Compared to existing integrity verification and public auditing schemes, theoretical analysis and experimental results show that the proposed MuR-DPA scheme can not only incur much less communication overhead for both update verification and integrity verification of cloud datasets with multiple replicas, but also provide enhanced security against dishonest cloud service providers.

engineering, electrical & electronic,computer science, hardware & architecture

Wei Guo,Sujuan Qin,Fei Gao,Hua Zhang,Wenmin Li,Zhengping Jin,Qiaoyan Wen

DOI: https://doi.org/10.1109/tifs.2020.2970591

IF: 7.231

2020-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Replication is a fundamental solution for the cloud service provider (CSP) to guarantee data availability. To provide users with convincing evidence that the copies required by them are all stored correctly, a number of multi-copy integrity auditing schemes were presented. Recently, Barsoum and Hasan proposed a map-based provable multi-copy dynamic data possession scheme (IEEE Transactions on Information Forensics and Security, vol. 10, no. 3, pp. 485-497, 2015), which was claimed to be secure and can ensure that the CSP possesses all copies required by the contract. However, in this letter, we show that the scheme is easily subject to a copy-summation attack and a single-copy attack, by which a cheating CSP only needs to invest a storage cost of a single copy-while can still pass the verifier's challenge at all times. Therefore, the scheme is no longer secure in this case. Furthermore, we propose some simple but effective countermeasures and give a repaired scheme which is free from the above two attacks.

Da Xiao,Lvyin Yang,Chuanyi Liu,Bin Sun,Shihui Zheng

DOI: https://doi.org/10.1587/transinf.2014ICP0016

2015-01-01

IEICE Transactions on Information and Systems

Abstract:Provable Data Possession (PDP) schemes enable users to efficiently check the integrity of their data in the cloud. Support for massive and dynamic sets of data and adaptability to third-party auditing are two key factors that affect the practicality of existing PDP schemes. We propose a secure and efficient PDP system called IDPA-MF-PDP, by exploiting the characteristics of real-world cloud storage environments. The cost of auditing massive and dynamic sets of data is dramatically reduced by utilizing a multiple-file PDP scheme (MF-PDP), based on the data update patterns of cloud storage. Deployment and operational costs of third-party auditing and information leakage risks are reduced by an auditing framework based on integrated data possession auditors (DPAs), instantiated by trusted hardware and tamper-evident audit logs. The interaction protocols between the user, the cloud server, and the DPA integrate MF-PDP with the auditing framework. Analytical and experimental results demonstrate that IDPA-MF-PDP provides the same level of security as the original PDP scheme while reducing computation and communication overhead on the DPA, from linear the size of data to near constant. The performance of the system is bounded by disk I/O capacity.

Jining Zhao,Chunxiang Xu,Kefei Chen

DOI: https://doi.org/10.3837/tiis.2018.09.025

2018-01-01

KSII Transactions on Internet and Information Systems

Abstract:In big data age, flexible and affordable cloud storage service greatly enhances productivity for enterprises and individuals, but spontaneously has their outsourced data susceptible to integrity breaches. Provable Data Possession (PDP) as a critical technology, could enable data owners to efficiently verify cloud data integrity, without downloading entire copy. To address challenging integrity problem on multiple clouds for multiple owners, an identity-based batch PDP scheme was presented in ProvSec 2016, which attempted to eliminate public key certificate management issue and reduce computation overheads in a secure and batch method. In this paper, we firstly demonstrate this scheme is insecure so that any clouds who have outsourced data deleted or modified, could efficiently pass integrity verification, simply by utilizing two arbitrary block-tag pairs of one data owner. Specifically, malicious clouds are able to fabricate integrity proofs by 1) universally forging valid tags and 2) recovering data owners' private keys. Secondly, to enhance the security, we propose an improved scheme to withstand these attacks, and prove its security with CDH assumption under random oracle model. Finally, based on simulations and overheads analysis, our batch scheme demonstrates better efficiency compared to an identity based multi-cloud PDP with single owner effort.

Jian Zhang,Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/iwqos.2017.7969107

2017-01-01

Abstract:With the development of cloud storage, data owners no longer physically possess their data and thus how to ensure the integrity of their outsourced data becomes a challenging task. Several protocols have been proposed to audit cloud storage, all of which rely mainly on data block tags to check data integrity. However, their block tag constructions employ cryptographic operations, which makes them computationally complex. In this paper, we investigate a secure cloud storage protocol based on the classic discrete logarithm problem. Our protocol generates data block tags with only basic algebraic operations, which brings substantial computation savings compared with previous work. We also strictly prove that the proposed protocol is secure under a definition which captures the real-world uses of cloud storage. In order to fit more application scenarios, we extend the proposed protocol to support data dynamics by employing an index vector and third-party public auditing by using a random masking number, both of which are efficient and provably secure. At last, theoretical analysis and experimental evaluation are provided to validate the superiority of the proposed protocol.

Qian Wang,Cong Wang,Kui Ren,Wenjing Lou,Jin Li

DOI: https://doi.org/10.1109/tpds.2010.183

IF: 5.3

2010-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Cloud Computing has been envisioned as the next-generation architecture of IT Enterprise. It moves the application software and databases to the centralized large data centers, where the management of the data and services may not be fully trustworthy. This unique paradigm brings about many new security challenges, which have not been well understood. This work studies the problem of ensuring the integrity of data storage in Cloud Computing. In particular, we consider the task of allowing a third party auditor (TPA), on behalf of the cloud client, to verify the integrity of the dynamic data stored in the cloud. The introduction of TPA eliminates the involvement of the client through the auditing of whether his data stored in the cloud are indeed intact, which can be important in achieving economies of scale for Cloud Computing. The support for data dynamics via the most general forms of data operation, such as block modification, insertion, and deletion, is also a significant step toward practicality, since services in Cloud Computing are not limited to archive or backup data only. While prior works on ensuring remote data integrity often lacks the support of either public auditability or dynamic data operations, this paper achieves both. We first identify the difficulties and potential security problems of direct extensions with fully dynamic data updates from prior works and then show how to construct an elegant verification scheme for the seamless integration of these two salient features in our protocol design. In particular, to achieve efficient data dynamics, we improve the existing proof of storage models by manipulating the classic Merkle Hash Tree construction for block tag authentication. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multiuser setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis show that the proposed schemes are highly efficient and provably secure.

Yong Yu,Yafang Zhang,Yi Mu,Willy Susilo,Hongyu Liu

DOI: https://doi.org/10.1007/978-3-319-26059-4_17

2015-01-01

Abstract:Provable Data Possession PDP, which enables cloud users to verify the integrity of their outsourced data without retrieving the entire file from cloud servers, is highly essential in secure cloud storage. A majority of the existing PDP schemes rely on the expensive Public Key Infrastructure PKI. In this paper, we eliminate the complex certificate management of PDP by presenting a generic construction of identity-based PDP ID-PDP protocol, derived from identity-based signatures IBS and traditional PDP protocols. We formalize the security model of ID-PDP and prove that the soundness of the generic construction depends on the security of the underlying PDP protocols and the IBS. Then, a concrete ID-PDP protocol is described as an instance of the generic construction to a state-of-the-art PDP protocol due to Shacham and Waters. The implementation shows that our ID-PDP protocol is efficient and practical.