Yong Yu,Jianbing Ni,Jian Ren,Wei Wu,Lanxiang Chen,Qi Xia

DOI: https://doi.org/10.1007/978-3-319-06320-1_27

2014-01-01

Abstract:Cloud storage allows cloud users to enjoy the on-demand and high quality data storage services without the burden of local data storage and maintenance. However, the cloud servers are not necessarily fully trusted. As a consequence, whether the data stored on the cloud are intact becomes a major concern. To solve this challenging problem, recently, Chen proposed a remote data possession checking (RDPC) protocol using algebraic signatures. It achieves many desirable features such as high efficiency, small challenges and responses, non-block verification. In this paper, we find that the protocol is vulnerable to replay attack and deletion attack launched by a dishonest server. Specifically, the server can either fool the user to believe that the data is well maintained but actually only a proof of the challenge is stored, or can generate a valid response in the integrity checking process after deleting the entire file of the user. We then propose an improved scheme to fix the security flaws of the original protocol without losing the desirable features of the original protocol.

Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/tnet.2021.3058130

2021-01-01

Abstract:With the widespread application of cloud storage, ensuring the integrity of user outsourced data catches more and more attention. To remotely check the integrity of cloud storage, plenty of protocols have been proposed, implemented by checking the equation constructed by the aggregated blocks, tags, and indices. However, the verifier only has the knowledge of the indices of the audited blocks and tags, which thus requires the cloud to store both data blocks and tags for integrity verification. In this article, we present a compressive secure cloud storage protocol inspired by Goldreich-Goldwasser-Halevi (GGH) cryptosystem. Since the aggregated blocks can be reconstructed from the aggregated tags without the help of data indices, the cloud can only store data tags for providing the verifiable integrity proof. In this way, communication and storage costs can be hugely reduced and user private information can be hidden from the cloud. Furthermore, the proposed protocol only contains a few basic algebraic operations, making it highly efficient. We also provide formal security proof of the proposed protocol regarding forge, replay and replace attacks. In addition, we explore a new technique to support data dynamics. Furthermore, we establish a generic framework of compressive secure cloud storage protocols. Finally, we provide the theoretical analysis and experimental results, which further validate the effectiveness of the proposed protocol.

Yong Yu,Jianbing Ni,Man Ho Au,Hongyu Liu,Hua Wang,Chunxiang Xu

DOI: https://doi.org/10.1016/j.eswa.2014.06.027

IF: 8.5

2014-01-01

Expert Systems with Applications

Abstract:Cloud storage offers the users with high quality and on-demand data storage services and frees them from the burden of maintenance. However, the cloud servers are not fully trusted. Whether the data stored on cloud are intact or not becomes a major concern of the users. Recently, Chen et al. proposed a remote data possession checking protocol to address this issue. One distinctive feature of their protocol support data dynamics, meaning that users are allowed to modify, insert and delete their outsourced data without the need to re-run the whole protocol. Unfortunately, in this paper, we find that this protocol fails to achieve its purpose since it is vulnerable to forgery attack and replace attack launched by a malicious server. Specifically, we show how a malicious cloud server can deceive the user to believe that the entire file is well-maintained by using the meta-data related to the file alone, or with only part of the file and its meta-data. Then, we propose an improved protocol to fix the security flaws and formally proved that our proposal is secure under a well-known security model. In addition, our improvement keeps all the desirable features of the original protocol.

Shaojing Fu,Dongsheng Wang,Ming Xu,Jiangchun Ren

DOI: https://doi.org/10.1587/transfun.e97.a.418

2014-01-01

Abstract:Remote data possession checking for cloud storage is very important, since data owners can check the integrity of outsourced data without downloading a copy to their local computers. In a previous work, Chen proposed a remote data possession checking protocol using algebraic signature and showed that it can resist against various known attacks. In this paper, we find serious security flaws in Chen's protocol, and shows that it is vulnerable to replay attack by a malicious cloud server. Finally, we propose an improved version of the protocol to guarantee secure data storage for data owners.

Enguang Zhou,Zhoujun Li

DOI: https://doi.org/10.1007/978-3-319-11194-0_54

2014-01-01

Abstract:In cloud computing, clients put the large data files on the untrusted cloud storage server, how to ensure the integrity of the out-sourced data becomes a big problem. To address this issue, Hao et al. proposed a protocol which supports public verifiability and data dynamics. However, Hao et al.'s protocol suffers from two drawbacks. First, Hao et al.'s protocol is insecure and cannot resist the active adversary. Second, Hao et al.'s protocol only supports fixed-sized blocks as basic unit. As a result, the insertion of short message will cause a considerable waste of storage space. In this paper, we propose an improved remote data integrity checking protocol that can support variable-sized blocks. Besides, the improved protocol can resist the attack of the active adversary, and it is obvious to verify that the improved protocol still preserves the properties of Hao et al.'s protocol such as public verifiability and privacy preserving auditing.

Xiaodong Wang,Wenzhe Jiao,Huan Yang,Lin Guo,Xiaoxue Ye,Yangming Guo

DOI: https://doi.org/10.1109/phm-jinan48558.2020.00010

2020-01-01

Abstract:Cloud computing has been envisioned as a next generation information technology (IT) paradigm. The risk of losing data stored with any untrustworthy service provider is the key barrier to widespread uptake of cloud computing. This paper proposes an algebraic signature based remote data possession checking (RDPC) scheme to verify the integrity of the data stored in the cloud. This scheme integrates forward error-correcting codes to enhance the data possession guarantee, which can recover the data when a small amount of file has been deleted. The scheme allows verification without the need for the auditor to compare against the original data, which reduces the communication complexity dramatically. The storage complexity of cloud user is reduced to several bytes’ information. Extensive security analysis and simulation show that the proposed scheme is highly provably secure. Finally, experiment results reveal that the computation performance is effective, and bounded by disk I/O.

Hongyi Su,Geng Yang,and Dawei Li

2011-01-01

Abstract:Data storage is an important application of cloud computing. With a cloud computing platform, the burden of local data storage can be reduced. However, services and applications in a cloud may come from different providers, and creating an efficient protocol to protect privacy is critical. We propose a verification protocol for cloud database entries that protects against untrusted service providers. Based on identity-based encryption （IBE） for cloud storage, this protocol guards against breaches of privacy in cloud storage. It prevents service providers from easily constructing cloud storage and forging the signature of data owners by secret sharing. Simulation results confirm the availability and efficiency of the proposed protocol.

Huaqun Wang,Qianhong Wu,Bo Qin,Josep Domingo-Ferrer

DOI: https://doi.org/10.1049/iet-ifs.2012.0271

2014-01-01

IET Information Security

Abstract:Checking remote data possession is of crucial importance in public cloud storage. It enables the users to check whether their outsourced data have been kept intact without downloading the original data. The existing remote data possession checking (RDPC) protocols have been designed in the PKI (public key infrastructure) setting. The cloud server has to validate the users' certificates before storing the data uploaded by the users in order to prevent spam. This incurs considerable costs since numerous users may frequently upload data to the cloud server. This study addresses this problem with a new model of identity-based RDPC (ID-RDPC) protocols. The authors present the first ID-RDPC protocol proven to be secure assuming the hardness of the standard computational Diffie-Hellman problem. In addition to the structural advantage of elimination of certificate management and verification, the authors ID-RDPC protocol also outperforms the existing RDPC protocols in the PKI setting in terms of computation and communication.

Wenzhe Jiao,Guoqing Wang,Xiaoxue Ye,Zhengjun Zhai

DOI: https://doi.org/10.4028/www.scientific.net/amr.709.603

2013-01-01

Advanced Materials Research

Abstract:Cloud computing has been envisioned as a next generation information technology (IT) paradigm. The risk of losing data stored with any untrustworthy service provider is the key barrier to widespread uptake of cloud computing. This paper proposes an algebraic signature based remote data possession checking (RPDP) scheme to verify the integrity of the data stored in the cloud. This scheme uses skip-list to support fully dynamic data operation, including insertion, modification and deletion. The scheme allows verification without the need for the auditor to compare against the original data, which reduces the communication complexity dramatically. The storage complexity of cloud user is reduced to several bytes information. Extensive security analysis shows that the proposed scheme is highly provably secure.

Luo Yuchuan,Fu Shaojing,Xu Ming,Wang Dongsheng

DOI: https://doi.org/10.1109/cc.2014.7004529

2014-01-01

China Communications

Abstract:Cloud storage is one of the main application of the cloud computing. With the data services in the cloud, users is able to outsource their data to the cloud, access and share their outsourced data from the cloud server anywhere and anytime. However, this new paradigm of data outsourcing services also introduces new security challenges, among which is how to ensure the integrity of the outsourced data. Although the cloud storage providers commit a reliable and secure environment to users, the integrity of data can still be damaged owing to the carelessness of humans and failures of hardwares/softwares or the attacks from external adversaries. Therefore, it is of great importance for users to audit the integrity of their data outsourced to the cloud. In this paper, we first design an auditing framework for cloud storage and proposed an algebraic signature based remote data possession checking protocol, which allows a third-party to auditing the integrity of the outsourced data on behalf of the users and supports unlimited number of verifications. Then we extends our auditing Protocol to support data dynamic operations, including data update, data insertion and data deletion. The analysis and experiment results demonstrate that our proposed schemes are secure and efficient.

Ma Haifeng,Gao Zhenguo,Yao Nianmin

DOI: https://doi.org/10.1177/1748301816682243

2016-01-01

Journal of Algorithms & Computational Technology

Abstract:Cloud storage service enables users to migrate their data and applications to the cloud, which saves the local data maintenance and brings great convenience to the users. But in cloud storage, the storage servers may not be fully trustworthy. How to verify the integrity of cloud data with lower overhead for users has become an increasingly concerned problem. Many remote data integrity protection methods have been proposed, but these methods authenticated cloud files one by one when verifying multiple files. Therefore, the computation and communication overhead are still high. Aiming at this problem, a hierarchical remote data possession checking (hierarchical-remote data possession checking (H-RDPC)) method is proposed, which can provide efficient and secure remote data integrity protection and can support dynamic data operations. This paper gives the algorithm descriptions, security, and false negative rate analysis of H-RDPC. The security analysis and experimental performance evaluation results show that the proposed H-RDPC is efficient and reliable in verifying massive cloud files, and it has 32–81% improvement in performance compared with RDPC.

Yong Yu,Man Ho Au,Yi Mu,Shaohua Tang,Jian Ren,Willy Susilo,Liju Dong

DOI: https://doi.org/10.1007/s10207-014-0263-8

2014-08-29

International Journal of Information Security

Abstract:Remote data integrity checking (RDIC) enables a server to prove to an auditor the integrity of a stored file. It is a useful technology for remote storage such as cloud storage. The auditor could be a party other than the data owner; hence, an RDIC proof is based usually on publicly available information. To capture the need of data privacy against an untrusted auditor, Hao et al. formally defined “privacy against third party verifiers” as one of the security requirements and proposed a protocol satisfying this definition. However, we observe that all existing protocols with public verifiability supporting data update, including Hao et al.’s proposal, require the data owner to publish some meta-data related to the stored data. We show that the auditor can tell whether or not a client has stored a specific file and link various parts of those files based solely on the published meta-data in Hao et al.’s protocol. In other words, the notion “privacy against third party verifiers” is not sufficient in protecting data privacy, and hence, we introduce “zero-knowledge privacy” to ensure the third party verifier learns nothing about the client’s data from all available information. We enhance the privacy of Hao et al.’s protocol, develop a prototype to evaluate the performance and perform experiment to demonstrate the practicality of our proposal.

computer science, information systems, theory & methods, software engineering

Jian Zhang,Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/iwqos.2017.7969107

2017-01-01

Abstract:With the development of cloud storage, data owners no longer physically possess their data and thus how to ensure the integrity of their outsourced data becomes a challenging task. Several protocols have been proposed to audit cloud storage, all of which rely mainly on data block tags to check data integrity. However, their block tag constructions employ cryptographic operations, which makes them computationally complex. In this paper, we investigate a secure cloud storage protocol based on the classic discrete logarithm problem. Our protocol generates data block tags with only basic algebraic operations, which brings substantial computation savings compared with previous work. We also strictly prove that the proposed protocol is secure under a definition which captures the real-world uses of cloud storage. In order to fit more application scenarios, we extend the proposed protocol to support data dynamics by employing an index vector and third-party public auditing by using a random masking number, both of which are efficient and provably secure. At last, theoretical analysis and experimental evaluation are provided to validate the superiority of the proposed protocol.

Yu Chen,Feng Wang,Liehuang Zhu,Zijian Zhang

DOI: https://doi.org/10.14257/ijgdc.2015.8.4.18

2015-01-01

International Journal of Grid and Distributed Computing

Abstract:Cloud storage offers clients great convenience to relieve them from heavy burden of storage and management, so an increasing number of clients choose to outsource their data to remote cloud providers. However, for clients, this entails a sacrifice of actual control of these files. Remote servers may suffer from disk failure for uncertain reasons or even delete rarely accessed data to sell these storages to other clients. Therefore, there’s a great necessity for clients to make sure that their data are well stored in remote servers. Numbers of remote integrity checking (RIC) schemes are proposed to solve issues above, including following up work Provable Data Possession (PDP) and Proofs of Retrievability (PoR), which can be applied in cloud auditing. This paper presents state-of-the-art RIC schemes and makes a classification from the perspective of whether they support dynamic verifications, i.e., whether they can still be used to make verifications after clients modify, insert or delete files. In static verification schemes, we delve into the mechanisms and techniques used for integrity checking. For dynamic ones, we discuss the authentication structures that support dynamic operations. We also present several remarks to guide readers to a wide vision of data checking as conclusions and future work.

Li Zang,Yong Yu,Liang Xue,Yannan Li,Yujie Ding,Xiaoling Tao

DOI: https://doi.org/10.1007/s00779-017-1052-y

2017-01-01

Personal and Ubiquitous Computing

Abstract:Smart city has been greatly promoted by the adoption of information and communication technology. At the same time, data integrity becomes an urgent necessity in cloud storage scenario. When smart city meets cloud, if the data are damaged or corrupted, it will be a serious security loophole of smart city. Recently, numerous remote data auditing (RDA) protocols have been presented, among which Sookhak et al. put forward a dynamic remote data auditing protocol to deal with this major concern. In this paper, we found that this protocol has inherent security flaws, thus fails to achieve its original goal. Specifically, this protocol is vulnerable to two types of attacks, namely replace attack and replay attack. We show the details that how a malicious server can deceive data owners to believe that the data are maintained well by launching such attacks. Then, we describe an improved RDA protocol with provable security by utilizing algebraic signature to fix those security flaws. We employ the rank-based Merkle Hash Tree to achieve verifiable dynamic data operations for our RDA protocol. We also provide detailed security proof of the proposed RDA protocol.

Jiguo Li,Hao Yan,Yichen Zhang

DOI: https://doi.org/10.1109/jsyst.2020.2978146

IF: 4.802

2021-03-01

IEEE Systems Journal

Abstract:Although cloud storage service enables people easily maintain and manage amounts of data with lower cost, it cannot ensure the integrity of people's data. In order to audit the correctness of the data without downloading them, many remote data integrity checking (RDIC) schemes have been presented. Most existing schemes ignore the important issue of data privacy preserving and suffer from complicated certificate management derived from public key infrastructure. To overcome these shortcomings, this article proposes a new Identity-based RDIC scheme that makes use of homomorphic verifiable tag to decrease the system complexity. The original data in proof are masked by random integer addition, which protects the verifier from obtaining any knowledge about the data during the integrity checking process. Our scheme is proved secure under the assumption of computational Diffie–Hellman problem. Experiment result exhibits that our scheme is very efficient and feasible for real-life applications.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Wenzhe Jiao,Guoqing Wang,Zhengjun Zhai,Xiaoxue Ye

DOI: https://doi.org/10.4304/jnw.8.12.2713-2720

2013-01-01

Journal of Networks

Abstract:Using cloud storage service, data owners can access their data anywhere at any time and enjoy the on-demand high quality applications and services, without the burden of local data storage and maintenance. Meanwhile, the risk of losing data stored with any untrustworthy service provider is the key barrier to widely adopt cloud storage service. To verify the integrity of data stored in cloud and relieve the security concerns of customers, a privacy-preserving data possession checking (DPC) scheme is presented. This scheme uses Merkle Hash Tree to support fully dynamic data operations. To achieve robustness, forward error-correcting codes can be combined with the proposed DPC scheme, which can recover the data when a small amount of file has been corrupted. The scheme allows unlimited times verification without the need for the verifier to compare against the original data, which reduces the communication and computation complexity dramatically and preserves the privacy of the data. Extensive security analysis and simulation show that the proposed scheme is highly provably secure.

Jing Chen,Lihong Zhang,Kun He,Min Chen,Ruiying Du,Lina Wang

DOI: https://doi.org/10.1002/sec.1553

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Cloud storage services are widely deployed and employed in recent years. A number of data checking techniques have been proposed for secure cloud storage services. These state-of-the-art schemes only focus on some aspects, such as data integrity, users' ownership, and data resiliency, but the overall safety of cloud storage services is not discussed sufficiently. Considering cloud storage requirements as a whole, in this paper, we propose a model of message-locked proof of ownership and retrievability with remote repairing, which provides data confidentiality, secure cross-user deduplication at the client-side, file retrievability, ownership privacy-preserving, random block accessing, and remote repairing simultaneously. In addition, we also propose a concrete construction and prove its security in the random oracle model. The experimental results show that our construction is efficient in practice. Copyright © 2016 John Wiley & Sons, Ltd.

Yudong Liu,Xu An Wang,Yunfei Cao,Dianhua Tang,Xiaoyuan Yang

DOI: https://doi.org/10.1007/978-3-319-98557-2_40

2018-01-01

Abstract:Due to the limited computational resources of data owners and the developments in cloud computing, more and more data owners choose to store data on the cloud to reduce their own storage burden. When the data owner wants to re-select a new cloud service provider, the data needs to be transmitted from Cloud A to Cloud B. How to ensure that data has been safely transferred to Cloud B and Cloud A honestly implementing data deletion has become a hot topic for many scholars. To solve these problems, Liang et al. proposed a provable data transfer protocol based on provable data possession and deletion for secure cloud storage. However, we find a security flaw in their scheme. In this paper, we first review their scheme and then present our attack in detail. Finally, we propose an improved scheme which can resist the attack well.