Yang Zhen,Wang Wenyu,Huang Yongfeng,Li Xing

DOI: https://doi.org/10.1049/cje.2018.02.017

IF: 1.019

2019-01-01

Chinese Journal of Electronics

Abstract:Cloud data confidentiality need to be audited for the data owner’s concern. Confidentiality auditing is usually based on logging schemes, whereas cloud data dynamics and sharing group dynamics result in massive logs, which makes confidentiality auditing a formidable task for user with limited resources. So we propose a public auditing scheme for data confidentiality,in which user resorts to a Third-party auditor（TPA）for auditing. Our scheme design a special log called attestation in which hash user pseudonym is used to preserve user privacy. Attestation-based data access identifying is presented in our scheme which brings no new vulnerabilities toward data confidentiality and no extra online burden for user. We further support accountability of responsible user for data leakage based on user pseudonym. Extensive security and performance analysis compare our scheme with existing auditing schemes.Results indicate that the proposed scheme is provably secure and highly efficient.

Solomon Guadie Worku,Chunxiang Xu,Jining Zhao,Xiaohu He

DOI: https://doi.org/10.1016/j.compeleceng.2013.10.004

2014-01-01

Abstract:Cloud computing poses many challenges on integrity and privacy of users' data though it brings an easy, cost-effective and reliable way of data management. Hence, secure and efficient methods are needed to ensure integrity and privacy of data stored at the cloud. Wang et al. proposed a privacy-preserving public auditing protocol in 2010 but it is seriously insecure. Their scheme is vulnerable to attacks from malicious cloud server and outside attackers regarding to storage correctness. So they proposed a scheme in 2011 with an improved security guarantee but it is not efficient. Thus, in this paper, we proposed a scheme which is secure and with better efficiency. It is a public auditing scheme with third party auditor (TPA), who performs data auditing on behalf of user(s). With detail security analysis, our scheme is proved secure in the random oracle model and our performance analysis shows the scheme is efficient.

Cong Wang,Qian Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tc.2011.245

2013-01-01

Abstract:Cloud Computing is the long dreamed vision of computing as a utility, where users can remotely store their data into the cloud so as to enjoy the on-demand high quality applications and services from a shared pool of configurable computing resources. By data outsourcing, users can be relieved from the burden of local data storage and maintenance. However, the fact that users no longer have physical possession of the possibly large size of outsourced data makes the data integrity protection in Cloud Computing a very challenging and potentially formidable task, especially for users with constrained computing resources and capabilities. Thus, enabling public auditability for cloud data storage security is of critical importance so that users can resort to an external audit party to check the integrity of outsourced data when needed. To securely introduce an effective third party auditor (TPA), the following two fundamental requirements have to be met: 1) TPA should be able to efficiently audit the cloud data storage without demanding the local copy of data, and introduce no additional on-line burden to the cloud user; 2) The third party auditing process should bring in no new vulnerabilities towards user data privacy. In this paper, we utilize and uniquely combine the public key based homomorphic authenticator with random masking to achieve the privacy-preserving public cloud data auditing system, which meets all above requirements. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multi-user setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis shows the proposed schemes are provably secure and highly efficient.

Yilun Wu,Xinye Lin,Xicheng Lu,Jinshu Su,Peixin Chen

DOI: https://doi.org/10.1587/transinf.2016EDL8079

2016-01-01

IEICE Transactions on Information and Systems

Abstract:Public auditing is a new technique to protect the integrity of outsourced data in the remote cloud. Users delegate the ability of auditing to a third party auditor (TPA), and assume that each result from the TPA is correct. However, the TPA is not always trustworthy in reality. In this paper, we consider a scenario in which the TPA may lower the reputation of the cloud server by cheating users, and propose a novel public auditing scheme to address this security issue. The analyses and the evaluation prove that our scheme is both secure and efficient.

Dengzhi Liu,Jian Shen,Yuling Chen,Chen Wang,Tianqi Zhou,Anxi Wang

DOI: https://doi.org/10.1007/978-3-030-14234-6_12

2018-01-01

Abstract:The cloud can provide unlimited storage space to users via the Internet. Unlike locally data storing, users will lose the direct control of the data after outsourcing it to the cloud. Moreover, the cloud is an untrusted entity. It is possible that the cloud may try to extract, discard and destroy users’ data due to benefits. Hence, the data security in cloud computing needs to be well guaranteed. In this paper, we propose a privacy-preserving data outsourcing scheme with integrity auditing for lightweight devices in cloud computing. On the one hand, the blind signature is used in the proposed scheme to delegate the generation of users’ data signatures to the TPA. On the other hand, based on the property of the BLS signature, the blinded signatures received from the TPA can be verified by the user and the data integrity stored in the cloud can be audited by the TPA. In addition, the proposed scheme supports batch operation. Security analysis shows that the proposed scheme achieves the properties of correctness, privacy-preserving and non-forgeability. Performance analysis indicates that the proposed scheme can be performed with high efficiency.

Chunxiang Xu,Yuan Zhang,Yong Yu,Xiaojun Zhang,Junwei Wen

DOI: https://doi.org/10.3837/tiis.2014.11.032

2014-01-01

KSII Transactions on Internet and Information Systems

Abstract:Cloud storage provides an easy, cost-effective and reliable way of data management for users without the burden of local data storage and maintenance. Whereas, this new paradigm poses many challenges on integrity and privacy of users' data, since users losing grip on their data after outsourcing the data to the cloud server. In order to address these problems, recently, Worku et al. have proposed an efficient privacy-preserving public auditing scheme for cloud storage. However, in this paper, we point out the security flaw existing in the scheme. An adversary, who is on-line and active, is capable of modifying the outsourced data arbitrarily and avoiding the detection by exploiting the security flaw. To fix this security flaw, we further propose a secure and efficient privacy-preserving public auditing scheme, which makes up the security flaw of Worku et al.'s scheme while retaining all the features. Finally, we give a formal security proof and the performance analysis, they show the proposed scheme has much more advantages over the Worku et al.'s scheme.

Hao Yan,Yanan Liu,Zheng Zhang,Qian Wang

DOI: https://doi.org/10.1155/2021/6639634

IF: 1.968

2021-05-27

Security and Communication Networks

Abstract:Cloud computing is a fast-growing technology which supplies scalable, innovative, and efficient business models. However, cloud computing is not fully trusted, and the security of the data outsourced in cloud storage needs to be guaranteed. One of the hottest issues is how to ensure the integrity of the data in cloud storage. Until now, many researchers have proposed lots of provable data possession (PDP) schemes to deal with the problem of data integrity audition. Nevertheless, very little effort has been devoted to preserve the data uploader’s privacy while auditing the integrity of data shared in a group. To overcome the shortcoming, we propose a novel certificateless PDP protocol to efficiently audit the integrity of data shared in a workgroup with user privacy preserving. Due to the inherent structural advantage of the certificateless crypto mechanism, our PDP scheme eliminates the key escrow problem and the certificate management problem simultaneously. Moreover, the audition process in our scheme does not need any user’s identity which helps to keep the anonymity of data uploader. We give for our scheme a detailed security proof and efficiency analysis. Experiment results of performance evaluation demonstrate that our new scheme is very efficient and feasible.

computer science, information systems,telecommunications

Jiasen Liu,Xu An Wang,Zhiquan Liu,Han Wang,Xiaoyuan Yang

DOI: https://doi.org/10.1109/access.2020.2991033

IF: 3.9

2020-01-01

IEEE Access

Abstract:As one of the most popular applications in recent years, cloud storage has been gradually integrated into all walks of life. In the field of communication techniques for the unmanned aerial vehicles (UAVs), UAVs use sensors to upload collected data to cloud servers during various exploration activities, but UAVs can only store and calculate valid information currently collected due to the limited storage and computing performance. In the actual exploration, UAVs need not only to upload complete data to the cloud server, but also to support the data dynamic update efficiently. Moreover, due to security requirements, the privacy of data uploaded by UAVs must be protected. However, the existing auditing schemes for dynamic data and integrity have many problems, such as high computation cost, low efficiency of dynamic update, low privacy and security. For this reason, we propose a public cloud audit scheme that supports dynamic data and privacy protection based on distributed string equality check protocol and Merkle-hash tree multi-level index structure. First of all, a third-party server (TPS) is set between the cloud service provider and users, which complete digital signature, integrity auditing, and data dynamic operations significantly in place of users to reduce the local computing cost. Users then locally upload data which has been encrypted to the TPS. Secondly, to further improve the security of the scheme, TPS implement signature for encrypted data based on the distributed string equality check protocol. By designing authorizations with time constraints, it is guaranteed that only the legitimate TPS with time constraints can operate with cloud servers. Finally, we implement dynamic data operation efficiently based on MHT multi-level index structure. The security proof and performance analysis show that our proposed scheme is safe and effective.

Guangyang Yang,Hui Xia,Wenting Shen,Xiuxiu Jiang,Jia Yu

DOI: https://doi.org/10.14257/ijsia.2015.9.9.03

2015-01-01

International Journal of Security and Its Applications

Abstract:As the popularity and the proliferation of cloud storage increase, data security is becoming one of the biggest concerns for users of cloud storage. How to preserve the data integrity, as one of the most important security aspects, has been a research hotspot in the field of cloud security. Many data auditing schemes for checking the data integrity have been presented, however; these schemes are based on the assumption that the third party auditor (TPA) is secure and trustworthy. If TPA becomes wicked, these schemes are easy to make cloud server suffer distributed denial-of-service (DDOS) attack. In order to deal with this problem, we propose an authorized auditing scheme with constrained auditing number in this paper In our scheme, only authorized TPA can make valid challenges to cloud for data integrity checking. Moreover; the total auditing number that an authorized TPA can make is decided by the user In our construction, a constrained auditing number is integrated into the authorization generated by user to achieve this property. Once the number of a TPA's auditing reaches the constraint, cloud server will not respond to this TPA's challenges, which literally rules out the threat of DDOS attack. Analysis and experimental results show the proposed scheme is secure and efficient.

Hongyu Liu,Leiting Chen,Zahra Davar,Mohammad Ramezanian Pour

2015-01-01

JUCS - Journal of Universal Computer Science

Abstract:Cloud storage has a long string of merits but at the same time, poses many challenges on data integrity and privacy. A cloud data auditing protocol, which enables a cloud server to prove the integrity of stored files to a verifier, is a powerful tool for secure cloud storage. Wang et al. proposed a privacy-preserving public auditing protocol, however, Worku et al. found the protocol is seriously insecure and proposed an improvement to remedy the weakness. In this paper, unfortunately, we demonstrate that the new protocol due to Worku et al. fails to achieve soundness and obtains merely limited privacy. Specifically, we show even deleting all the files of a data owner, a malicious cloud server is able to generate a response to a challenge without being caught by TPA in their enhanced but unrealistic security model. Worse still, the protocol is insecure even in a correct security model. For privacy, a dishonest verifier can tell which file is stored on the cloud. Solutions to efficient public auditing mechanisms with perfect privacy protection are still worth exploring.

Hui Tian,Yuxiang Chen,Chin-Chen Chang,Hong Jiang,Yongfeng Huang,Yonghong Chen,Jin Liu

DOI: https://doi.org/10.1109/tsc.2015.2512589

IF: 11.019

2017-01-01

IEEE Transactions on Services Computing

Abstract:Cloud storage is an increasingly popular application of cloud computing, which can provide on-demand outsourcing data services for both organizations and individuals. However, users may not fully trust the cloud service providers (CSPs) in that it is difficult to determine whether the CSPs meet their legal expectations for data security. Therefore, it is critical to develop efficient auditing techniques to strengthen data owners’ trust and confidence in cloud storage. In this paper, we present a novel public auditing scheme for secure cloud storage based on dynamic hash table (DHT), which is a new two-dimensional data structure located at a third parity auditor (TPA) to record the data property information for dynamic auditing. Differing from the existing works, the proposed scheme migrates the authorized information from the CSP to the TPA, and thereby significantly reduces the computational cost and communication overhead. Meanwhile, exploiting the structural advantages of the DHT, our scheme can also achieve higher updating efficiency than the state-of-the-art schemes. In addition, we extend our scheme to support privacy preservation by combining the homomorphic authenticator based on the public key with the random masking generated by the TPA, and achieve batch auditing by employing the aggregate BLS signature technique. We formally prove the security of the proposed scheme, and evaluate the auditing performance by detailed experiments and comparisons with the existing ones. The results demonstrate that the proposed scheme can effectively achieve secure auditing for cloud storage, and outperforms the previous schemes in computation complexity, storage costs and communication overhead.

Xiong Li,Shanpeng Liu,Rongxing Lu,Muhammad Khurram Khan,Ke Gu,Xiaosong Zhang

DOI: https://doi.org/10.1109/JBHI.2022.3140831

IF: 7.7

2022-01-01

IEEE Journal of Biomedical and Health Informatics

Abstract:The booming Internet of Things makes smart healthcare a reality, while cloud-based medical storage systems solve the problems of large-scale storage and real-time access of medical data. The integrity of medical data outsourced in cloud-based medical storage systems has become crucial since only complete data can make a correct diagnosis, and public auditing protocol is a key technique to solve this problem. To guarantee the integrity of medical data and reduce the burden of the data owner, we propose an efficient privacy-preserving public auditing protocol for the cloud-based medical storage systems, which supports the functions of batch auditing and dynamic update of data. Detailed security analysis shows that our protocol is secure under the defined security model. In addition, we have conducted extensive performance evaluations, and the results indicate that our protocol not only remarkably reduces the computational costs of both the data owner and the third-party auditor (TPA), but also significantly improves the communication efficiency between the TPA and the cloud server. Specifically, compared with other related work, the computational cost of the TPA in our protocol is negligible and the data owner saves more than 2/3 of computational cost. In addition, as the number of challenged blocks increases, our protocol saves nearly 90% of communication overhead between the TPA and the cloud server.

Xia'nan Zhao,Dongsheng Wang

DOI: https://doi.org/10.1109/sec54971.2022.00074

2022-01-01

Abstract:With the mobile cloud storage services, mobile users can easily form a group and share data with each other. Given the fact that the cloud are not trustable, a third party public auditor can be introduced to audit data integrity, and supporting group dynamics and protecting the privacy of the original user of shared data from the public auditor is a fundamental issue during the auditing. In this paper, we propose a new identity privacy-preserving public auditing scheme for the integrity of group data with efficient group dynamics utilizing the multilinear maps based Diffie-Hellman Key Exchange protocol. With our proposed scheme, a third party auditor is able to audit the integrity of shared data without learning private identity information of the group members, and proxy re-signatures are used here to allow the cloud to do the re-computing to support group dynamics (user join and user revocation). Besides, our scheme also supports secure and efficient public auditing due to our improved polynomial-based authentication tags. The security and performance analysis shows that our proposed scheme is secure and highly efficient.

Jiangtao Li,Lei Zhang,Joseph K. Liu,Haifeng Qian,Zheming Dong

DOI: https://doi.org/10.1109/tifs.2016.2587242

IF: 7.231

2016-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Cloud storage provides tremendous storage resources for both individual and enterprise users. In a cloud storage system, the data owned by a user are no longer possessed locally. Hence, it is not competent to ensure the integrity of the outsourced data using traditional data integrity checking methods. A privacy-preserving public auditing protocol allows a third party auditor to check the integrity of the outsourced data on behalf of the users without violating the privacy of the data. However, existing privacy-preserving public auditing protocols assume that the end devices of users are powerful enough to compute all costly operations in real time when the data to be outsourced are given. In fact, the end devices may also be those with low computation capabilities. In this paper, we propose two lightweight privacy-preserving public auditing protocols. Our protocols are based on online/offline signatures, by which an end device only needs to perform lightweight computations when a file to be outsourced is available. Besides, our proposals support batch auditing and data dynamics. Experiments show that our protocols are hundreds of times more efficient than a recent proposal regarding to the computational overhead on user side.

Jin Li,Xiao Tan,Xiaofeng Chen,Duncan S. Wong,Fatos Xhafa

2014-01-01

Abstract:Cloud Computing moves the application software and databases to the centralized large data centers, where the management of the data and services may not be fully trustworthy. In this work, we study the problem of ensuring the integrity of data storage in Cloud Computing. To reduce the computational cost at user side during the integrity verification of their data, the notion of public verifiability has been proposed. However, the challenge is that the computational burden is too huge for the users with resource-constrained devices to compute the public authentication tags of file blocks. To tackle the challenge, we propose OPoR, a new cloud storage scheme involving a cloud storage server and a cloud audit server, where the latter is assumed to be semi-honest. In particular, we consider the task of allowing the cloud audit server, on behalf of the cloud users, to pre-process the data before uploading to the cloud storage server and later verifying the data integrity. OPoR outsources the heavy computation of the tag generation to the cloud audit server and eliminates the involvement of user in the auditing and in the preprocessing phases. Furthermore, we strengthen the Proof of Retrievabiliy (PoR) model to support dynamic data operations, as well as ensure security against reset attacks launched by the cloud storage server in the upload phase.

Salah H. Abbdal,Hai Jin,Deqing Zou,Ali. A. Yassen

DOI: https://doi.org/10.1109/uic-atc-scalcom.2014.17

2014-01-01

Abstract:Although cloud computing is extremely active over the Internet in the real world, it presents many security challenges, such as access control and data integrity, which refer to the fact that while users can deploy their files into the cloud server, no one knows exactly where they should be. Thus, users' data may be threatened by internal or external attacks. Recently, some proposed schemes are aiming to find solutions to these problems which directly affect the data under the cloud. These are based on a Third Party Auditor (TPA) as one of the most popular solutions, where users no longer have physical possession of the possibly large size of their outsourced data, and they consider that the TPA should be able to efficiently audit the cloud data storage without demanding local copies of data, and they introduce no additional on-line burden to the cloud user. Unfortunately, these schemes have assumed that the TPA is a trusted party for users. In fact, this assumption is critical, because the security aspect hinders widespread adoption of the cloud. However, users cannot ensure that either the TPA or the cloud server (CS) will not be impersonated by an attacker. So, the cloud user should be the only person (data owner) who has confidentiality about his data. We offer a new TPA model that differs from previous models and overcomes the above-mentioned issues. Our proposed scheme has three main components: the cloud user (data owner), the TPA, and the cloud server (CS), where only the user has the authority for his data and he deals with other components as services. The proposal enjoys several advantages such as preserving privacy and session key secrecy. Our proposed scheme combines the two important features of both efficiency and security concerns: 1) TPA functionalities, 2) complete confidentiality at the user side. Furthermore, our work includes many security features such as secure and efficient use of the TPA for correct data storage with supporting data dynamics.

Yuchuan Luo,Ming Xu,Kai Huang,Dongsheng Wang,Shaojing Fu

DOI: https://doi.org/10.1016/j.cose.2017.12.004

IF: 5.105

2017-01-01

Computers & Security

Abstract:With the cloud storage services, users can easily form a group and share data with each other. Considering the cloud is untrusted, public auditing is needed to ensure the integrity of the shared data. Once a user is revoked from the group, signatures from this revoked users need to be re-computed by an existing user, which may incur heavy communication and computation cost. Proxy re-signatures can be used here to allow the cloud to compute re-signatures on behalf of the group. However, a malicious cloud is able to arbitrarily convert signatures from one user to another using the re-signing keys. Moreover, collusion between revoked users and malicious clouds will disclose the secret values of the remaining users. In this paper, we propose a novel public auditing scheme for the integrity of shared data with efficient collusion-resistant user revocation. In addition, we extend the proposed scheme to support securely signature and verification outsourcing, which allow more efficiency for group users and the auditor. The numerical analyses and experimental results demonstrate that our scheme is provably secure and highly efficient, the outsourcing algorithms make the signatures generation and verification process more efficient and affordable for mobile devices.

Hui Tian,Fulin Nan,Hong Jiang,Chin-Chen Chang,Jianting Ning,Yongfeng Huang

DOI: https://doi.org/10.1016/j.ins.2018.09.009

IF: 8.1

2018-01-01

Information Sciences

Abstract:With increasing popularity of collaboration in clouds, shared data auditing has become an important issue in cloud auditing field, and attracted extensive attention from the research community. However, none of the state of the arts can fully achieve all indispensable functional and security requirements. Thus, in this paper, we present a comprehensive public auditing scheme for shared data. Specifically, to preserve users' identity privacy, signatures on the challenged blocks are converted to the ones signed by the group manager during proof generation; to protect data privacy, a random masking is adopted to blind data proof; a modification record table is designed to record operation information to support identity traceability; we further extend the dynamic hash table to support shared-data dynamics, and present a batch auditing strategy. Moreover, we design a lazy-revocation based group management mechanism to achieve efficient group dynamics, which can resist collusion attacks while significantly reducing computational costs. We formally prove the security of our scheme, and evaluate its performance by comprehensive experiments and comparisons with the state-of-the-art ones. The results demonstrate that our scheme can effectively achieve secure auditing and outperforms the previous ones in computational overhead while maintaining relatively low communication costs. (C) 2018 Elsevier Inc. All rights reserved.

Xiuguang Li,Ruifeng Li,Xu An Wang,Ke Niu,Hui Li,Xiaoyuan Yang

DOI: https://doi.org/10.1155/2022/7302767

IF: 1.968

2022-09-01

Security and Communication Networks

Abstract:Cloud storage technology is evolving at a high speed; effectively auditing the cloud data's integrity has become a focal point. Recently, Ming and Shi proposed a certificateless integrity auditing scheme with a privacy protection function. The scheme used the certificateless cryptosystem to solve the certificate management problem of the auditing schemes based on public key infrastructure and the key escrow problem of the identity-based auditing schemes. Although their scheme is novel and efficient, we found that their scheme was not secure and could not achieve integrity auditing of cloud data. The malicious cloud server can generate the proof through the blocks and tags sent by the user. On the basis of the original scheme, we propose an improved auditing scheme; our new scheme is more secure and effective. In addition, for the problem of idle tags in the existing cloud data integrity auditing scheme, we propose the idea of intermediate tags and we applied the idea to the improved scheme to improve audit efficiency.

computer science, information systems,telecommunications

Tao Jiang,Xiaofeng Chen,Jianfeng Ma

DOI: https://doi.org/10.1109/tc.2015.2389955

IF: 3.183

2016-01-01

IEEE Transactions on Computers

Abstract:The advent of the cloud computing makes storage outsourcing become a rising trend, which promotes the secure remote data auditing a hot topic that appeared in the research literature. Recently some research consider the problem of secure and efficient public data integrity auditing for shared dynamic data. However, these schemes are still not secure against the collusion of cloud storage server and revoked group users during user revocation in practical cloud storage system. In this paper, we figure out the collusion attack in the exiting scheme and provide an efficient public integrity auditing scheme with secure group user revocation based on vector commitment and verifier-local revocation group signature. We design a concrete scheme based on the our scheme definition. Our scheme supports the public checking and efficient user revocation and also some nice properties, such as confidently, efficiency, countability and traceability of secure group user revocation. Finally, the security and experimental analysis show that, compared with its relevant schemes our scheme is also secure and efficient.