Jiguo Li,Hao Yan,Yichen Zhang

DOI: https://doi.org/10.1109/jsyst.2020.2978146

IF: 4.802

2021-03-01

IEEE Systems Journal

Abstract:Although cloud storage service enables people easily maintain and manage amounts of data with lower cost, it cannot ensure the integrity of people's data. In order to audit the correctness of the data without downloading them, many remote data integrity checking (RDIC) schemes have been presented. Most existing schemes ignore the important issue of data privacy preserving and suffer from complicated certificate management derived from public key infrastructure. To overcome these shortcomings, this article proposes a new Identity-based RDIC scheme that makes use of homomorphic verifiable tag to decrease the system complexity. The original data in proof are masked by random integer addition, which protects the verifier from obtaining any knowledge about the data during the integrity checking process. Our scheme is proved secure under the assumption of computational Diffie–Hellman problem. Experiment result exhibits that our scheme is very efficient and feasible for real-life applications.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Yong Yu,Man Ho Au,Giuseppe Ateniese,Xinyi Huang,Willy Susilo,Yuanshun Dai,Geyong Min

DOI: https://doi.org/10.1109/tifs.2016.2615853

IF: 7.231

2017-04-01

IEEE Transactions on Information Forensics and Security

Abstract:Remote data integrity checking (RDIC) enables a data storage server, say a cloud server, to prove to a verifier that it is actually storing a data owner’s data honestly. To date, a number of RDIC protocols have been proposed in the literature, but most of the constructions suffer from the issue of a complex key management, that is, they rely on the expensive public key infrastructure (PKI), which might hinder the deployment of RDIC in practice. In this paper, we propose a new construction of identity-based (ID-based) RDIC protocol by making use of key-homomorphic cryptographic primitive to reduce the system complexity and the cost for establishing and managing the public key authentication framework in PKI-based RDIC schemes. We formalize ID-based RDIC and its security model, including security against a malicious cloud server and zero knowledge privacy against a third party verifier. The proposed ID-based RDIC protocol leaks no information of the stored data to the verifier during the RDIC process. The new construction is proven secure against the malicious server in the generic group model and achieves zero knowledge privacy against a verifier. Extensive security analysis and implementation results demonstrate that the proposed protocol is provably secure and practical in the real-world applications.

computer science, theory & methods,engineering, electrical & electronic

Hongyi Su,Geng Yang,and Dawei Li

2011-01-01

Abstract:Data storage is an important application of cloud computing. With a cloud computing platform, the burden of local data storage can be reduced. However, services and applications in a cloud may come from different providers, and creating an efficient protocol to protect privacy is critical. We propose a verification protocol for cloud database entries that protects against untrusted service providers. Based on identity-based encryption （IBE） for cloud storage, this protocol guards against breaches of privacy in cloud storage. It prevents service providers from easily constructing cloud storage and forging the signature of data owners by secret sharing. Simulation results confirm the availability and efficiency of the proposed protocol.

Genqing Bian,Rui Zhang,Bilin Shao

DOI: https://doi.org/10.1109/access.2022.3166920

IF: 3.9

2022-01-01

IEEE Access

Abstract:The remote data possession checking mechanism can effectively verify the integrity of outsourced data, which can usually be divided into public verification and private verification. The verifier of public verification can be any cloud user, while private verification can only be the data owner. However, in most practical situations, the data owner expects that only a specific verifier can perform integrity checking tasks and that verifier cannot gain any knowledge about the data. Yan et al. proposed a remote data possession checking scheme with the designated verifier, which can guarantee that only the designated verifier can check data integrity, whereas others cannot do it. However, this scheme relies on public key infrastructure technology and does not consider data privacy protection issues. To overcome these shortcomings, we propose an identity-based remote data possession checking scheme that satisfies the data owner's requirement to specify a unique verifier. Moreover, in this scheme, we use a random integer to blind data integrity proof to protect data privacy and use Merkle hash tree structure to achieve dynamic update of data. At the same time, our scheme can avoid the complex certificate management in public key infrastructure. We proved the safety of our scheme based on the discrete logarithm assumption and the computational Diffie-Hellman assumption. Theoretical analysis and experimental results show that our scheme is feasible and effective in practical applications.

computer science, information systems,telecommunications,engineering, electrical & electronic

T. Vamsi Vardhan Reddy,

DOI: https://doi.org/10.55041/ijsrem15946

2022-03-22

INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT

Abstract:–In this paper, we executing Identity based (ID-based) far off remote data integrity checking (RDIC) convention by utilizing key-homomorphic cryptographic crude to decrease the framework intricacy and the expense for laying out and dealing with the public key verification structure in PKI based RDIC plans. We formalize ID-based RDIC and its security model including protection from a noxious cloud server and zero information security against an outsider verifier. The proposed ID-based RDIC convention releases no data of the put away information to the verifier during the RDIC cycle. The new development is demonstrated secure against the vindictive server in the nonexclusive gathering model and accomplishes zero information protection against a verifier. Index Terms – Cloud storage, data integrity, privacy preserving, identity-based cryptography.

Yong Yu,Man Ho Au,Yi Mu,Shaohua Tang,Jian Ren,Willy Susilo,Liju Dong

DOI: https://doi.org/10.1007/s10207-014-0263-8

2014-08-29

International Journal of Information Security

Abstract:Remote data integrity checking (RDIC) enables a server to prove to an auditor the integrity of a stored file. It is a useful technology for remote storage such as cloud storage. The auditor could be a party other than the data owner; hence, an RDIC proof is based usually on publicly available information. To capture the need of data privacy against an untrusted auditor, Hao et al. formally defined “privacy against third party verifiers” as one of the security requirements and proposed a protocol satisfying this definition. However, we observe that all existing protocols with public verifiability supporting data update, including Hao et al.’s proposal, require the data owner to publish some meta-data related to the stored data. We show that the auditor can tell whether or not a client has stored a specific file and link various parts of those files based solely on the published meta-data in Hao et al.’s protocol. In other words, the notion “privacy against third party verifiers” is not sufficient in protecting data privacy, and hence, we introduce “zero-knowledge privacy” to ensure the third party verifier learns nothing about the client’s data from all available information. We enhance the privacy of Hao et al.’s protocol, develop a prototype to evaluate the performance and perform experiment to demonstrate the practicality of our proposal.

computer science, information systems, theory & methods, software engineering

Huaqun Wang,Qianhong Wu,Bo Qin,Josep Domingo-Ferrer

DOI: https://doi.org/10.1049/iet-ifs.2012.0271

2014-01-01

IET Information Security

Abstract:Checking remote data possession is of crucial importance in public cloud storage. It enables the users to check whether their outsourced data have been kept intact without downloading the original data. The existing remote data possession checking (RDPC) protocols have been designed in the PKI (public key infrastructure) setting. The cloud server has to validate the users' certificates before storing the data uploaded by the users in order to prevent spam. This incurs considerable costs since numerous users may frequently upload data to the cloud server. This study addresses this problem with a new model of identity-based RDPC (ID-RDPC) protocols. The authors present the first ID-RDPC protocol proven to be secure assuming the hardness of the standard computational Diffie-Hellman problem. In addition to the structural advantage of elimination of certificate management and verification, the authors ID-RDPC protocol also outperforms the existing RDPC protocols in the PKI setting in terms of computation and communication.

Su Peng,Fucai Zhou,Jin Li,Qiang Wang,Zifeng Xu

DOI: https://doi.org/10.1016/j.jnca.2019.02.014

IF: 7.574

2019-05-01

Journal of Network and Computer Applications

Abstract:Nowadays, cloud storage plays an increasingly important role in our daily life. However, the cloud users do not have the physical possession of their own data anymore. To confirm whether the outsourced files are maintained intact without downloading them entirely, a mechanism namely Remote Data Integrity Checking (RDIC) is invented. Currently, some RDIC schemes allow the data owners with limited computation or communication power to delegate the checking task to a third-party verifier. However, most of these schemes rely on the complicated and resource consuming public key infrastructure (PKI). In this paper, we propose a novel identity-based RDIC scheme, namely Efficient, Dynamic and Identity-based Multiple Replication Provable Data Possession (EDID-MRPDP) without the burden of PKI. We introduce a new construction of Homomorphic Verifiable Tag (HVT) and a novel data structure namely Compressed Authentication Array (CAA), which allow EDID-MRPDP to perform batch verification for multiple data owners and cloud servers simultaneously and efficiently, both from computation and communication aspects. To the best of our knowledge, EDID-MRPDP is the first ID-based RDIC scheme with full dynamic updates and multi-replica batch checking. We provide comprehensive correctness and soundness proofs of EDID-MRPDP. Meanwhile, the detailed performance analyses and simulations show that EDID-MRPDP is practical for large-scale cloud applications.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Yingjie Xia,Fubiao Xia,Xuejiao Liu,Xin Sun,Yuncai Liu,Yi Ge

DOI: https://doi.org/10.3837/tiis.2014.10.019

2014-01-01

Abstract:The increasing demand in promoting cloud computing in either business or other areas requires more security of a cloud storage system. Traditional cloud storage systems fail to protect data integrity information (DII), when the interactive messages between the client and the data storage server are sniffed. To protect DII and support public verifiability, we propose a data integrity verification scheme by deploying a designated confirmer signature DCS as a building block. The DCS scheme strikes the balance between public verifiable signatures and zero-knowledge proofs which can address disputes between the cloud storage server and any user, whoever acting as a malicious player during the two-round verification. In addition, our verification scheme remains blockless and stateless, which is important in conducting a secure and efficient cryptosystem. We perform security analysis and performance evaluation on our scheme, and compared with the existing schemes, the results show that our scheme is more secure and efficient.

C. Sasikala,C. Shoba Bindu

DOI: https://doi.org/10.1109/pkia.2017.8278959

2017-11-01

Abstract:Remote Data Integrity Checking (RDIC) is crucial for implementing secure cloud storage. It enables the users to check the integrity of the outsourced data without downloading the entire data. As a solution to this, some RDIC protocols have been proposed by many researchers. Most of the existing RDIC protocols are designed based on Public Key Infrastructure (PKI) and ID-Based Cryptography (IBC). However, each protocol has its own advantages and disadvantages. This paper presents a detailed study on RDIC protocols in a cloud environment and discusses the taxonomy of RDIC protocols such as Provable Data Possession (PDP), Proof of Retrievability (POR), Proof of Ownership (POW) and ID-based RDIC protocols. We also analysze and compares the existing RDIC approaches based on the parameters such as integrity checking method, cryptographic model, auditing mode and data recovery. Finally, it throws light on the open issues such as research directions in designing RDIC protocol.

Yanyan Ji,Bilin Shao,Jinyong Chang,Genqing Bian

DOI: https://doi.org/10.1007/s10586-021-03408-y

2021-09-09

Cluster Computing

Abstract:Provable data possession (PDP) protocol is a mechanism that guarantees the integrity of user's cloud data, and many efficient protocols have been proposed. Many of them ignore data's privacy against the third-party auditor (TPA) and also suffer from intricate management of certificates, which heavily relies on the public key infrastructure (PKI). In order to overcome the two shortcomings, Li et al. recently proposed an "identity-based" (IB) PDP protocol with the privacy-preserving property (IEEE Syst J, https://doi.org/10.1109/JSYST.2020.2978146). However, we find out that (1) their protocol has great communication overhead, (2) a PKI-based signature scheme is used as a building block, which results in their protocol is not completely identity-based. Hence, in this paper, we try to improve the performance of this protocol. Concretely, by adopting flexible data-splitting and tag-aggregating techniques, we can greatly reduce its communication overhead. A concrete example shows that the total communication overhead can be reduced over 99%. Moreover, by replacing with an identity-based signature, we can twist this protocol into a complete IB-PDP protocol.

English Else

Runze Ji,Nankun Mu,Xiaofeng Liao

DOI: https://doi.org/10.1109/icist.2018.8426114

2018-01-01

Abstract:Recently, cloud storage is widely concerned due to the properties of low cost, advanced technology and efficient business model, and has been made a rapid development. However, as a new storage model, there are known security and privacy issues in migrating data to the cloud. Therefore, how to ensure the integrity and correctness of data storage is the main research direction and development of cloud storage technology. Moreover, the main purpose of the data integrity verification mechanism is to verify that the data is completely stored in the cloud server and is not modified maliciously or deleted. Sometimes the user can't perform data integrity verification for some reason, and the verification right need to be delegate to a third party auditor. In this paper, we proposed: (1) a new data integrity verification by partial delegation(PDIPD) is proposed, which delegates the remote data possession checking to a third party auditor. Compared with the existing data integrity verification scheme, the new scheme has less computational overhead and the flexibility at the same security level. (2) Extensive security analyses show this scheme is provable secure in random oracle. Estimating the cost of basic cryptographic and analyzing the experiment show, the proposed schemes are highly efficient and practical.

Yong Yu,Liang Xue,Man Ho Au,Willy Susilo,Jianbing Ni,Yafang Zhang,Athanasios V. Vasilakos,Jian Shen

DOI: https://doi.org/10.1016/j.future.2016.02.003

IF: 7.307

2016-01-01

Future Generation Computer Systems

Abstract:Cloud data auditing is extremely essential for securing cloud storage since it enables cloud users to verify the integrity of their outsourced data efficiently. The computation overheads on both the cloud server and the verifier can be significantly reduced by making use of data auditing because there is no necessity to retrieve the entire file but rather just use a spot checking technique. A number of cloud data auditing schemes have been proposed recently, but a majority of the proposals are based on Public Key Infrastructure (PKI). There are some drawbacks in these protocols: (1) It is mandatory to verify the validity of public key certificates before using any public key, which makes the verifier incur expensive computation cost. (2) Complex certificate management makes the whole protocol inefficient. To address the key management issues in cloud data auditing, in this paper, we propose ID-CDIC, an identity-based cloud data integrity checking protocol which can eliminate the complex certificate management in traditional cloud data integrity checking protocols. The proposed concrete construction from RSA signature can support variable-sized file blocks and public auditing. In addition, we provide a formal security model for ID-CDIC and prove the security of our construction under the RSA assumption with large public exponents in the random oracle model. We demonstrate the performance of our proposal by developing a prototype of the protocol. Implementation results show that the proposed ID-CDIC protocol is very practical and adoptable in real life.

Jining Zhao,Chunxiang Xu,Fagen Li,Wenzheng Zhang

DOI: https://doi.org/10.1587/transfun.E96.A.2709

2013-01-01

Abstract:In the Cloud computing era, users could have their data outsourced to cloud service provider (CSP) to enjoy on-demand high quality service. On the behalf of the user, a third party auditor (TPA) which could verify the real data possession on CSP is critically important. The central challenge is to build efficient and provably secure data verification scheme while ensuring that no users' privacy is leaked to any unauthorized party, including TPA. In this paper, we propose the first identity-based public verification scheme, based on the identity-based aggregate signature (IBAS). In particular, by minimizing information that verification messages carry and TPA obtains or stores, we could simplify key management and greatly reduce the overheads of communication and computation. Unlike the existing works based on certificates, in our scheme, only a private key generator (PKG) has a traditional public key while the user just keeps its identity without binding with certificate. Meanwhile, we utilize privacy-preserving technology to keep users' private data off TPA. We also extend our scheme with the support of batch verification task to enable TPA to perform public audits among different users simultaneously. Our scheme is provably secure in the random oracle model under the hardness of computational Diffie-Hellman assumption over pairing-friendly groups and Discrete Logarithm assumption.

Yong Yu,Yafang Zhang,Jianbing Ni,Man Ho Au,Lanxiang Chen,Hongyu Liu

DOI: https://doi.org/10.1016/j.future.2014.10.006

IF: 7.307

2015-01-01

Future Generation Computer Systems

Abstract:Cloud storage allows users to enjoy the on-demand and high quality data storage services without the load of local data maintenance. However, the cloud server providers are not fully trusted. Whether the data over cloud servers are intact becomes a major concern of data owners. To offer cloud users with the capacity of data integrity verification, recently, Chen proposed a remote data possession checking (RDPC) protocol from algebraic signatures which achieves many desirable features such as high efficiency, short length of challenges and responses, non-block verification. Unfortunately, in this paper, we find that the protocol is vulnerable to replay attack and deletion attack launched by a dishonest server. Specifically, the server can deceive the users to believe that their data are well hold by replaying a previous evidence or re-constructing the deleted data blocks from the corresponding tags in the integrity checking process, while their data have been partially discarded in fact. Then, we present an improved scheme to fix the security flaws of the original protocol. Both the theoretical analysis and the implementation results show that the improvement is secure and practical.

Yu Chen,Feng Wang,Liehuang Zhu,Zijian Zhang

DOI: https://doi.org/10.14257/ijgdc.2015.8.4.18

2015-01-01

International Journal of Grid and Distributed Computing

Abstract:Cloud storage offers clients great convenience to relieve them from heavy burden of storage and management, so an increasing number of clients choose to outsource their data to remote cloud providers. However, for clients, this entails a sacrifice of actual control of these files. Remote servers may suffer from disk failure for uncertain reasons or even delete rarely accessed data to sell these storages to other clients. Therefore, there’s a great necessity for clients to make sure that their data are well stored in remote servers. Numbers of remote integrity checking (RIC) schemes are proposed to solve issues above, including following up work Provable Data Possession (PDP) and Proofs of Retrievability (PoR), which can be applied in cloud auditing. This paper presents state-of-the-art RIC schemes and makes a classification from the perspective of whether they support dynamic verifications, i.e., whether they can still be used to make verifications after clients modify, insert or delete files. In static verification schemes, we delve into the mechanisms and techniques used for integrity checking. For dynamic ones, we discuss the authentication structures that support dynamic operations. We also present several remarks to guide readers to a wide vision of data checking as conclusions and future work.

Xiaoyuan Yang,Shuaishuai Zhu,Xiaozhong Pan

DOI: https://doi.org/10.1007/s11859-011-0769-0

2011-01-01

Abstract:In Cloud computing, data and service requests are responded by remote processes calls on huge data server clusters that are not totally trusted. The new computing pattern may cause many potential security threats. This paper explores how to ensure the integrity and correctness of data storage in cloud computing with user’s key pair. In this paper, we aim mainly at constructing of a quick data chunk verifying scheme to maintain data in data center by implementing a balance strategy of cloud computing costs, removing the heavy computing load of clients, and applying an automatic data integrity maintenance method. In our scheme, third party auditor (TPA) is kept in the scheme, for the sake of the client, to periodically check the integrity of data blocks stored in data center. Our scheme supports quick public data integrity verification and chunk redundancy strategy. Compared with the existing scheme, it takes the advantage of ocean data support and high performance.

Yuan Zhang,Chunxiang Xu,Xiaohui Liang,Hongwei Li,Yi Mu,Xiaojun Zhang

DOI: https://doi.org/10.1109/mcc.2016.94

2016-01-01

IEEE Cloud Computing

Abstract:Cloud storage services allow users to outsource their data to cloud servers to save local data storage costs. However, unlike using local storage devices, users do not physically manage the data stored on cloud servers; therefore, the data integrity of the outsourced data has become an issue. Many public verification schemes have been proposed to enable a third-party auditor to verify the data integrity for users. These schemes make an impractical assumption—the auditors have enough computation capability to bear expensive verification costs. In this paper, we propose a novel public verification scheme for the cloud storage using indistinguishability obfuscation, which requires a lightweight computation on the auditor and the delegate most computation to the cloud. We further extend our scheme to support batch verification and data dynamic operations, where multiple verification tasks from different users can be performed efficiently by the auditor and the cloud-stored data can be updated dynamically. Compared with other existing works, our scheme significantly reduces the auditor’s computation overhead. Moreover, the batch verification overhead on the auditor side in our scheme is independent of the number of verification tasks. Our scheme could be practical in a scenario, where the data integrity verifications are executed frequently, and the number of verification tasks (i.e., the number of users) is numerous; even if the auditor is equipped with a low-power device, it can verify the data integrity efficiently. We prove the security of our scheme under the strongest security model proposed by Shi et al. (ACM CCS 2013). Finally, we conduct a performance analysis to demonstrate that our scheme is more efficient than other existing works in terms of the auditor’s communication and computation efficiency.