Yang Zhen,Wang Wenyu,Huang Yongfeng,Li Xing

DOI: https://doi.org/10.1049/cje.2018.02.017

IF: 1.019

2019-01-01

Chinese Journal of Electronics

Abstract:Cloud data confidentiality need to be audited for the data owner’s concern. Confidentiality auditing is usually based on logging schemes, whereas cloud data dynamics and sharing group dynamics result in massive logs, which makes confidentiality auditing a formidable task for user with limited resources. So we propose a public auditing scheme for data confidentiality,in which user resorts to a Third-party auditor（TPA）for auditing. Our scheme design a special log called attestation in which hash user pseudonym is used to preserve user privacy. Attestation-based data access identifying is presented in our scheme which brings no new vulnerabilities toward data confidentiality and no extra online burden for user. We further support accountability of responsible user for data leakage based on user pseudonym. Extensive security and performance analysis compare our scheme with existing auditing schemes.Results indicate that the proposed scheme is provably secure and highly efficient.

Cong Wang,Qian Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tc.2011.245

2013-01-01

Abstract:Cloud Computing is the long dreamed vision of computing as a utility, where users can remotely store their data into the cloud so as to enjoy the on-demand high quality applications and services from a shared pool of configurable computing resources. By data outsourcing, users can be relieved from the burden of local data storage and maintenance. However, the fact that users no longer have physical possession of the possibly large size of outsourced data makes the data integrity protection in Cloud Computing a very challenging and potentially formidable task, especially for users with constrained computing resources and capabilities. Thus, enabling public auditability for cloud data storage security is of critical importance so that users can resort to an external audit party to check the integrity of outsourced data when needed. To securely introduce an effective third party auditor (TPA), the following two fundamental requirements have to be met: 1) TPA should be able to efficiently audit the cloud data storage without demanding the local copy of data, and introduce no additional on-line burden to the cloud user; 2) The third party auditing process should bring in no new vulnerabilities towards user data privacy. In this paper, we utilize and uniquely combine the public key based homomorphic authenticator with random masking to achieve the privacy-preserving public cloud data auditing system, which meets all above requirements. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multi-user setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis shows the proposed schemes are provably secure and highly efficient.

Haoming Wang,Yuanhang Zhang,Xu An Wang,Xiaoyuan Yang

DOI: https://doi.org/10.1016/j.heliyon.2024.e36273

IF: 3.776

2024-08-20

Heliyon

Abstract:With the rapid development of informatization, a vast amount of data is continuously generated and accumulated, leading to the emergence of cloud storage services. However, data stored in the cloud is beyond the control of users, posing various security risks. Cloud data auditing technology enables the inspection of data integrity in the cloud without the necessity of data downloading. Among these, public auditing schemes have experienced rapid development due to their ability to avoid additional user auditing expenses. However, malicious third-party auditors can compromise data privacy. This paper proposes an improved identity-based cloud auditing scheme that can resist malicious auditors. This scheme is also constructed on an identity-based public auditing scheme using blockchain to prevent malicious auditing. We found the scheme is not secure because a malicious cloud server can forge authentication tags for outsourced data blocks, while our scheme has not these security flaws. Through security proofs and performance analysis, we further demonstrate that our scheme is secure and efficient. Additionally, our scheme has typical application scenarios.

Faen Zhang,Xinyu Fan,Pengcheng Zhou,Wenfeng Zhou

DOI: https://doi.org/10.48550/arXiv.1912.02089

2019-12-01

Cryptography and Security

Abstract:Data security and privacy is an important but challenging problem in cloud computing. One of the security concerns from cloud users is how to efficiently verify the integrity of their data stored on the cloud server. Third Party Auditing (TPA) is a new technique proposed in recent years to achieve this goal. In a recent paper (IEEE Transactions on Computers 62(2): 362-375 (2013)), Wang et al. proposed a highly efficient and scalable TPA protocol and also a Zero Knowledge Public Auditing protocol which can prevent offline guessing attacks. However, in this paper, we point out several security weaknesses in Wang et al's protocols: first, we show that an attacker can arbitrarily modify the cloud data without being detected by the auditor in the integrity checking process, and the attacker can achieve this goal even without knowing the content of the cloud data or any verification metadata maintained by the cloud server; secondly, we show that the Zero Knowledge Public Auditing protocol cannot achieve its design goal, that is to prevent offline guessing attacks.

Gaimei Gao,Hongxia Fei,Zefeng Qin

DOI: https://doi.org/10.1002/cpe.5924

2020-07-18

Concurrency and Computation: Practice and Experience

Abstract:<p>Cloud storage is a mode of online storage in which data are stored on multiple virtual servers usually hosted by third parties. Cloud service providers manage and operate data storage as services. The major concern in cloud storage is the integrity of outsourced data. Many public auditing schemes which authorize the third party auditor (TPA) to check the integrity of outsourced data have been proposed. However, most of them are based on traditional public key cryptosystems. This paper proposes an efficient certificateless public auditing Scheme (CL‐PAS) in cloud storage. In the process of challenge and auditing, CL‐PAS ensures that malicious cloud servers cannot forge auditing evidences to deceive TPA to pass the verification, and prevents curious TPA from recovering original data from auditing evidences. So it strengthens privacy preserving. Security analysis shows that CL‐PAS scheme meets the predetermined security requirements. The simulation and performance analysis results show that, compared with similar schemes, CL‐PAS scheme has the higher efficiency.</p>

Hui Tian,Yuxiang Chen,Hong Jiang,Yongfeng Huang,Fulin Nan,Yonghong Chen

DOI: https://doi.org/10.1109/msec.2018.2875880

IF: 3.105

2019-01-01

IEEE Security & Privacy

Abstract:Cloud storage can provide on-demand outsourcing of data services for organizations and individuals. However, because customers may not fully trust that cloud service providers meet their legal expectations for data security, techniques for auditing the cloud have attracted increasing attention. Here, we present an architecture of public data auditing, review existing methods or mechanisms for various auditing objectives, and discuss trends and possible future developments.

Xiuguang Li,Ruifeng Li,Xu An Wang,Ke Niu,Hui Li,Xiaoyuan Yang

DOI: https://doi.org/10.1155/2022/7302767

IF: 1.968

2022-09-01

Security and Communication Networks

Abstract:Cloud storage technology is evolving at a high speed; effectively auditing the cloud data's integrity has become a focal point. Recently, Ming and Shi proposed a certificateless integrity auditing scheme with a privacy protection function. The scheme used the certificateless cryptosystem to solve the certificate management problem of the auditing schemes based on public key infrastructure and the key escrow problem of the identity-based auditing schemes. Although their scheme is novel and efficient, we found that their scheme was not secure and could not achieve integrity auditing of cloud data. The malicious cloud server can generate the proof through the blocks and tags sent by the user. On the basis of the original scheme, we propose an improved auditing scheme; our new scheme is more secure and effective. In addition, for the problem of idle tags in the existing cloud data integrity auditing scheme, we propose the idea of intermediate tags and we applied the idea to the improved scheme to improve audit efficiency.

computer science, information systems,telecommunications

Caiyuan Tang,Feng Wang,Chenbin Zhao,Xiuqiang Chen

DOI: https://doi.org/10.1002/ett.4816

IF: 3.6

2023-06-21

Transactions on Emerging Telecommunications Technologies

Abstract:This image is the system model of our proposed scheme (IPAPS) and shows that our scheme includes three entires: data owner (DO), medical cloud storage server (MCSS), and third‐party auditor (TPA). In order to verify the integrity of data outsourced to the server, DO authorizes TPA to achieve the public auditing, then the authorized TPA sends verification requests to the MCSS. Finally, TPA verifies the responses returned from the MCSS and sends the result of the verification to the DO. Cloud‐based medical storage system is becoming popular. Cloud server is curious about the private information of stored cases, and the integrity of outsourced data has become increasingly concerned. Numerous public auditing protocols for the outsourced data into the cloud server were proposed. Unfortunately, in the existing protocols, some of them may neglect security to improve efficiency. Recently, Li et al. proposed an efficient privacy‐preserving public auditing protocol for cloud‐based medical storage system (EPPAP), which improved the communication efficiency by storing some of data owner's data in third part auditors, however we find that the protocol is vulnerable to collusion attack and replace attack. In this paper, we analyze the security attacks of the existing protocol, and further propose an improved public auditing protocol for secure data storage in cloud‐based medical storage system (IPAPS). In addition, we give the formal security proof and analyze the performance of our proposed protocol. The security proof shows our protocol takes into account integrity, collusion attack and replace attack at the same time. The simulation experiments in our performance analysis show that the proposed protocol is practical.

telecommunications

Hui Tian,Yuxiang Chen,Chin-Chen Chang,Hong Jiang,Yongfeng Huang,Yonghong Chen,Jin Liu

DOI: https://doi.org/10.1109/tsc.2015.2512589

IF: 11.019

2017-01-01

IEEE Transactions on Services Computing

Abstract:Cloud storage is an increasingly popular application of cloud computing, which can provide on-demand outsourcing data services for both organizations and individuals. However, users may not fully trust the cloud service providers (CSPs) in that it is difficult to determine whether the CSPs meet their legal expectations for data security. Therefore, it is critical to develop efficient auditing techniques to strengthen data owners’ trust and confidence in cloud storage. In this paper, we present a novel public auditing scheme for secure cloud storage based on dynamic hash table (DHT), which is a new two-dimensional data structure located at a third parity auditor (TPA) to record the data property information for dynamic auditing. Differing from the existing works, the proposed scheme migrates the authorized information from the CSP to the TPA, and thereby significantly reduces the computational cost and communication overhead. Meanwhile, exploiting the structural advantages of the DHT, our scheme can also achieve higher updating efficiency than the state-of-the-art schemes. In addition, we extend our scheme to support privacy preservation by combining the homomorphic authenticator based on the public key with the random masking generated by the TPA, and achieve batch auditing by employing the aggregate BLS signature technique. We formally prove the security of the proposed scheme, and evaluate the auditing performance by detailed experiments and comparisons with the existing ones. The results demonstrate that the proposed scheme can effectively achieve secure auditing for cloud storage, and outperforms the previous schemes in computation complexity, storage costs and communication overhead.

Yilin Yuan,Jianbiao Zhang,Wanshan Xu,Zheng Li

DOI: https://doi.org/10.1002/cpe.6735

2021-12-09

Concurrency and Computation: Practice and Experience

Abstract:With the popularity of cloud computing, cloud storage technology has also been widely used. Among them, data integrity verification is a hot research topic. At present, the realization of public auditing has become the development trend of integrity verification. Most existing public auditing schemes rarely consider some indispensable functions at the same time. Thus, in this article, we propose a comprehensive public auditing scheme (PDBPA) that can simultaneously support data privacy protection, data dynamics, and multi‐user batch auditing. To guarantee privacy protection during the audit process, our PDBPA design a new method of constructing audit proof, which combines random masking techniques and bilinear properties of bilinear pairing. Not only can it ensure that TPA performs audits correctly, but it can also prevent it from exploring the user&#x27;s sensitive data. In addition, by utilizing the modified dynamic hash table, which is a novel and small two‐dimensional data structure, data dynamics can be effectively achieved. Furthermore, we provide a detailed process for the third‐party auditors to perform batch audits for multiple users. Moreover, we give the detailed and rigorous security analysis in defending against forgery attack, replace attack, and replay attack. Performance evaluations demonstrate that our PDBPA scheme is effective and feasible.

Yiteng Feng,Yi Mu,Guomin Yang,Joseph K. Liu

DOI: https://doi.org/10.1007/978-3-319-19962-7_22

2015-01-01

Abstract:With a cloud storage, users can store their data files on a remote cloud server with a high quality on-demand cloud service and are able to share their data with other users. Since cloud servers are not usually regarded as fully trusted and the cloud data can be shared amongst users, the integrity checking of the remote files has become an important issue. A number of remote data integrity checking protocols have been proposed in the literature to allow public auditing of cloud data by a third party auditor (TPA). However, user privacy is not taken into account in most of the existing protocols. We believe that preserving the anonymity (i.e., identity privacy) of the data owner is also very importa nt in many applications. In this paper, we propose a new remote integrity checking scheme which allows the cloud server to protect the identity information of the data owner against the TPA. We also define a formal security model to capture the requirement of user anonymity, and prove the anonymity as well as the soundness of the proposed scheme.

Hao Yan,Yanan Liu,Zheng Zhang,Qian Wang

DOI: https://doi.org/10.1155/2021/6639634

IF: 1.968

2021-05-27

Security and Communication Networks

Abstract:Cloud computing is a fast-growing technology which supplies scalable, innovative, and efficient business models. However, cloud computing is not fully trusted, and the security of the data outsourced in cloud storage needs to be guaranteed. One of the hottest issues is how to ensure the integrity of the data in cloud storage. Until now, many researchers have proposed lots of provable data possession (PDP) schemes to deal with the problem of data integrity audition. Nevertheless, very little effort has been devoted to preserve the data uploader’s privacy while auditing the integrity of data shared in a group. To overcome the shortcoming, we propose a novel certificateless PDP protocol to efficiently audit the integrity of data shared in a workgroup with user privacy preserving. Due to the inherent structural advantage of the certificateless crypto mechanism, our PDP scheme eliminates the key escrow problem and the certificate management problem simultaneously. Moreover, the audition process in our scheme does not need any user’s identity which helps to keep the anonymity of data uploader. We give for our scheme a detailed security proof and efficiency analysis. Experiment results of performance evaluation demonstrate that our new scheme is very efficient and feasible.

computer science, information systems,telecommunications

Fei Chen,Fengming Meng,Zhipeng Li,Li Li,Tao Xiang

DOI: https://doi.org/10.1016/j.jpdc.2024.104870

IF: 4.542

2024-07-01

Journal of Parallel and Distributed Computing

Abstract:Cloud storage auditing is a technique that enables a user to remotely check the integrity of the outsourced data in the cloud storage. Although researchers have proposed various protocols for cloud storage auditing, the proposed schemes are theoretical in nature, which are not fit for existing mainstream cloud storage service practices. To bridge this gap, this paper proposes a cloud storage auditing system that works for current mainstream cloud object storage services. We design the proposed system over existing proof of data possession (PDP) schemes and make them practical as well as usable in the real world. Specifically, we propose an architecture that separates the compute and storage functionalities of a storage auditing scheme. Because cloud object storage only provides read and write interfaces, we leverage a cloud virtual machine to implement the user-defined computations that are needed in a PDP scheme. We store the authentication tags of the outsourced data as an independent object to allow existing popular cloud storage applications, e.g., file online previewing. We also present a cost model to analyze the economic cost of a cloud storage auditing scheme. The cost model allows a user to balance security, efficiency, and economic cost by tuning various system parameters. We implemented, open-sourced the proposed system over a mainstream cloud object storage service. Experimental analysis shows that the proposed system is pretty efficient and promising for a production environment usage. Specifically, for a 40 GB sized data, the proposed system only incurs 1.66% additional storage cost, 3796 bytes communication cost, 2.9 seconds maximum auditing time cost, and 0.9 CNY per auditing monetary cost.

computer science, theory & methods

Yubo Zhao,Jinyong Chang

DOI: https://doi.org/10.1016/j.comnet.2022.109270

IF: 5.493

2022-10-24

Computer Networks

Abstract:In recent years, cloud storage has become an attractive service for data owners to store their personal data. Since they lose physical control of their data, it is necessary to regularly audit its integrity. The public auditing technique is very popular because it is suitable to outsource the auditing task to any third-party auditor, who has professional knowledge on auditing. However in many practical scenarios, the data owner may expect some designated verifier (instead of any) to audit its data. Thus, the public auditing scheme with designated verifier was proposed. In order to further reduce the cost of managing certificates, and to avoid the dependence on public key infrastructure, identity-based auditing scheme with designated verifier was recently proposed. Nevertheless, the proposed identity-based auditing scheme still suffers from the key escrow attack the risk of privacy leakage. In this paper, for the first time, we propose a certificateless public auditing protocol with designated verifier privacy-preserving property. More concretely, it can not only protect the privacy of the stored data against the designated verifier, but also resolve key escrow problem existed in identity-based technique. Its security is based on the Computational Diffie–Hellman and Weil Diffie–Hellman assumptions. Finally, the performance analysis experimental results of the proposed protocol show that our auditing scheme is efficient feasible to applications in real life.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Hemalata A. Gosavi,Manish R. Umale

DOI: https://doi.org/10.14445/22315381/IJETT-V11P235

2014-05-24

Abstract:Cloud computing has been envisioned as the next generation architecture of IT Enterprise. Using Cloud Storage,users can remotely store their data and enjoy the on demand high quality applications and services from a shared pool of configurable computing resources, without the burden local copy data storage and maintenance. It moves the application of software data stored to the centralized large data centers, where the management of the data stored services may not be completely trusted. There are many new security challenges and the problems taken into account for ensuring the integrity of data storage in Cloud Computing. In particular, we consider the task of allowing a third party auditor (TPA) to perform verifies the integrity of the dynamic data stored in the cloud.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Jiahao Jiang,Xiao Tan,Lidong Han,Qi Xie,Shengbao Wang

DOI: https://doi.org/10.1109/access.2023.3295248

IF: 3.9

2023-01-01

IEEE Access

Abstract:We propose a credible alliance-chain-based public auditing scheme (CACPA) to properly address the trust problem of third-party auditor (TPA) in the traditional audit scheme for cloud storage. Based on the non-tamperability and traceability of blockchain, we design a novel incentive mechanism to enforce honest and reliable behaviors of TPA. The basic idea is to organize TPA as a group of blockchain nodes conducting mutual surveillance. Any behavior of a TPA node will be inspected by other nodes to maintain good reputation of the group, and malicious behaviors will bring severe punishments. Accordingly, we develop system model of the proposed CACPA, as well as smart contracts to deal with transactions-related issues, such as dispute resolution. Finally, performance evaluation validates that our scheme enjoys acceptable efficiency and suits for real-world applications.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jianming Du,Guofang Dong,Juangui Ning,Zhengnan Xu,Ruicheng Yang

DOI: https://doi.org/10.1038/s41598-024-58325-y

IF: 4.6

2024-03-31

Scientific Reports

Abstract:With the continuous development of cloud computing, the application of cloud storage has become more and more popular. To ensure the integrity and availability of cloud data, scholars have proposed several cloud data auditing schemes. Still, most need help with outsourced data integrity, controlled outsourcing, and source file auditing. Therefore, we propose a controlled delegation outsourcing data integrity auditing scheme based on the identity-based encryption model. Our proposed scheme allows users to specify a dedicated agent to assist in uploading data to the cloud. These authorized proxies use recognizable identities for authentication and authorization, thus avoiding the need for cumbersome certificate management in a secure distributed computing system. While solving the above problems, our scheme adopts a bucket-based red–black tree structure to efficiently realize the dynamic updating of data, which can complete the updating of data and rebalancing of structural updates constantly and realize the high efficiency of data operations. We define the security model of the scheme in detail and prove the scheme's security under the difficult problem assumption. In the performance analysis section, the proposed scheme is analyzed experimentally in comparison with other schemes, and the results show that the proposed scheme is efficient and secure.

multidisciplinary sciences

Cong Wang,Kui Ren,Wenjing Lou,Jin Li

DOI: https://doi.org/10.1109/mnet.2010.5510914

IF: 10.294

2010-01-01

IEEE Network

Abstract:Cloud computing is the long dreamed vision of computing as a utility, where data owners can remotely store their data in the cloud to enjoy on-demand high-quality applications and services from a shared pool of configurable computing resources. While data outsourcing relieves the owners of the burden of local data storage and maintenance, it also eliminates their physical control of storage dependability and security, which traditionally has been expected by both enterprises and individuals with high service-level requirements. In order to facilitate rapid deployment of cloud data storage service and regain security assurances with outsourced data dependability, efficient methods that enable on-demand data correctness verification on behalf of cloud data owners have to be designed. In this article we propose that publicly auditable cloud data storage is able to help this nascent cloud economy become fully established. With public auditability, a trusted entity with expertise and capabilities data owners do not possess can be delegated as an external audit party to assess the risk of outsourced data when needed. Such an auditing service not only helps save data owners' computation resources but also provides a transparent yet cost-effective method for data owners to gain trust in the cloud. We describe approaches and system requirements that should be brought into consideration, and outline challenges that need to be resolved for such a publicly auditable secure cloud storage service to become a reality.

Hui Tian,Weiping Ye,Jia Wang,Hanyu Quan,Chin-Chen Chang

DOI: https://doi.org/10.1155/2023/3375823

IF: 8.993

2023-11-27

International Journal of Intelligent Systems

Abstract:In the context of healthcare 4.0, cloud-based eHealth is a common paradigm, enabling stakeholders to access medical data and interact efficiently. However, it still faces some serious security issues that cannot be ignored. One of the major challenges is the assurance of the integrity of medical data remotely stored in the cloud. To solve this problem, we propose a novel certificateless public auditing for medical data in the cloud (CPAMD), which can achieve efficient batch auditing without complicated certificate management and key escrow. Specifically, in our CPAMD, a new secure certificateless signature method is designed to generate tamper-proof data block tags; a manageable delegated data outsourcing mechanism is presented to reduce the burden of data maintenance on patients and achieve auditability of outsourcing behavior; and a privacy-preserving augmented verification strategy is proposed to provide comprehensive auditing of both medical data and its source information without compromising privacy. We perform formal security analysis and comprehensive performance evaluation for CPAMD. The results demonstrate that the presented scheme can provide better auditing security and more comprehensive auditing capabilities while achieving good performance comparable to state-of-the-art ones.

computer science, artificial intelligence

Ying Miao,Yapeng Miao,Xuexue Miao

DOI: https://doi.org/10.1007/s10619-024-07446-4

IF: 0.974

2024-11-09

Distributed and Parallel Databases

Abstract:To improve the data security and integrity of the outsourced data, storing multiple copies of data on multiple cloud servers is a good way. Many public Provable Data Possession (PDP) schemes in multiple cloud servers have been proposed in recent years. However, in some scenarios, the Data Owner (DO) may not want anyone (e.g. a stranger) to check the integrity of their data. Nevertheless, few schemes consider the fault's location function when the data auditing fails. Another problem is that anyone can make a challenge for the Cloud Server (CS) in the PDP schemes. Some access control strategies are necessary to reduce the waste of computation power resources of the CS. To solve these problems, we propose a certificateless and designed-verifier auditing scheme in multi-cloud storage environments. In our scheme, we utilize certificateless signature combined with a delegation key to achieve designed-verifier auditing. We design a secret Merkle Hash Tree (MHT) to locate the faults of CSs and data blocks. We utilize Zero-Knowledge Proof (ZKP) to achieve access control. Theoretical and experimental evaluation show that the proposed scheme is efficient and practical.

computer science, information systems, theory & methods