Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/tnet.2021.3058130

2021-01-01

Abstract:With the widespread application of cloud storage, ensuring the integrity of user outsourced data catches more and more attention. To remotely check the integrity of cloud storage, plenty of protocols have been proposed, implemented by checking the equation constructed by the aggregated blocks, tags, and indices. However, the verifier only has the knowledge of the indices of the audited blocks and tags, which thus requires the cloud to store both data blocks and tags for integrity verification. In this article, we present a compressive secure cloud storage protocol inspired by Goldreich-Goldwasser-Halevi (GGH) cryptosystem. Since the aggregated blocks can be reconstructed from the aggregated tags without the help of data indices, the cloud can only store data tags for providing the verifiable integrity proof. In this way, communication and storage costs can be hugely reduced and user private information can be hidden from the cloud. Furthermore, the proposed protocol only contains a few basic algebraic operations, making it highly efficient. We also provide formal security proof of the proposed protocol regarding forge, replay and replace attacks. In addition, we explore a new technique to support data dynamics. Furthermore, we establish a generic framework of compressive secure cloud storage protocols. Finally, we provide the theoretical analysis and experimental results, which further validate the effectiveness of the proposed protocol.

Jianhong Zhang,Pengyan Li,Jian Mao

DOI: https://doi.org/10.1007/s10586-015-0511-3

2015-01-01

Cluster Computing

Abstract:Cloud storage is an important cloud computing service, it allows data users to store and access their files anytime, from anywhere and with any device. To ensure the security of the outsourced data, it also must allow data user to periodically verify integrity of the data which was outsourced to an untrusted cloud server at a relatively low cost. To solve this problem, most recent auditing protocols are mainly based on the traditional-public key infrastructure. In this infrastructure, the auditor must validate the certificates of data user before auditing data integrity. Thus, it results in a large amount of computation cost and is not suitable to the multi-user setting. To overcome this problem, in this paper, we propose two efficient ID-based public auditing protocols for the outsourced data by combing Water's signature and public auditing for the outsourced data. And the two protocols are provably secure in the standard security model. Especially, our optimized protocol has constant communication overhead and computation cost. To the best of our knowledge, it is the first ID-based auditing for data integrity in the standard security model. By comparison with Wang et al.'s scheme and Tan et al.'s scheme, our protocols have the large advantages over the other two schemes in terms of communication cost and computation cost. Simulation results show that our proposed ID-based auditing protocols are the most efficient among three schemes in terms of computation cost.

Wenting Shen,Jia Yu,Hui Xia,Rong Hao

DOI: https://doi.org/10.1007/978-3-319-48671-0_30

2016-01-01

Abstract:Cloud storage is an increasingly popular data storage manner which allows cloud data owners to outsource their data to the cloud for storage and maintaining. However, users will lose their physical control over their data after their data are outsourced to the cloud. To ensure the integrity of data stored in the cloud, many public auditing schemes have been proposed. Recently, Zhang et al. proposed an ID-based public auditing scheme for the outsourced data in the standard model. In this note, we prove this scheme is not secure. We show that the malicious cloud can pass the auditor's verification even if it has deleted or modified the users' data in this scheme.

Xinpeng Zhang,Chunxiang Xu,Wei Sai,Ying Li,Tao Zhou

DOI: https://doi.org/10.2991/ictcs-14.2014.10

2014-01-01

Abstract:Cloud storage is a kind of cloud computing services that allows users to store their data in a remote cloud. Because of the loss of data control, data owners will concern that their data will be misused or unauthorized access by other users, in addition, they also worry their data may be lost in the clouds. Therefore, verify the authenticity of the data has become a key issue of data stored on the untrusted server.Shacham and Waters [17] give two Data storage audit protocols with full security proofs against arbitrary adversaries in the strongest secure model, but the server needs to give back a linear combination of the blocks that will leak audit data to the auditor. In order to improve the agreement of Shaham and waters, we use a hash function and blind technique to construct a public's privacy audit protocol.

Hongyu Liu,Leiting Chen,Zahra Davar,Mohammad Ramezanian Pour

2015-01-01

JUCS - Journal of Universal Computer Science

Abstract:Cloud storage has a long string of merits but at the same time, poses many challenges on data integrity and privacy. A cloud data auditing protocol, which enables a cloud server to prove the integrity of stored files to a verifier, is a powerful tool for secure cloud storage. Wang et al. proposed a privacy-preserving public auditing protocol, however, Worku et al. found the protocol is seriously insecure and proposed an improvement to remedy the weakness. In this paper, unfortunately, we demonstrate that the new protocol due to Worku et al. fails to achieve soundness and obtains merely limited privacy. Specifically, we show even deleting all the files of a data owner, a malicious cloud server is able to generate a response to a challenge without being caught by TPA in their enhanced but unrealistic security model. Worse still, the protocol is insecure even in a correct security model. For privacy, a dishonest verifier can tell which file is stored on the cloud. Solutions to efficient public auditing mechanisms with perfect privacy protection are still worth exploring.

Wang Huifeng,Li Zhanhuai,Zhang Xiao,Sun Jian,Zhao Xiaonan

DOI: https://doi.org/10.7544/issn1000-1239.2017.20150900

2017-01-01

Journal of Computer Research and Development

Abstract:As an important issue of cloud storage security ,data integrity checking has attracted a lot of attention from academia and industry .In order to verify data integrity in the cloud ,the researchers have proposed many public audit schemes for data integrity .However ,most of the existing schemes are inefficient and waste much computing resource because they adopt fixed parameters for auditing all the files .In other words ,they have not considered the issue of coordinating and auditing the large-scale files .In order to improve the audit efficiency of the system ,we propose a self-adaptive provable data possession (SA-PDP) ,which uses a self-adaptive algorithm to adjust the audit tasks for different files and manage the tasks by the audit queues .By the quantitative analysis of the audit requirements of files ,it can dynamically adjust the audit plans ,which guarantees the dynamic matching between the audit requirements of files and the execution strength of audit plans .In order to enhance the flexibility of updating audit plans ,SA-PDP designs two different update algorithms of audit plans on the basis of different initiators .The active update algorithm ensures that the audit system has high coverage rate while the lazy update algorithm can make the audit system timely meet the audit requirements of files . Experimental results show that SA-PDP can reduce more than 50% of the total audit time than the traditional method .And SA-PDP effectively increases the number of audit files in the audit system . Compared with the traditional audit method ,SA-PDP can improve the standard-reaching rate of audit plans by more than 30% .

Faen Zhang,Xinyu Fan,Pengcheng Zhou,Wenfeng Zhou

DOI: https://doi.org/10.48550/arXiv.1912.02089

2019-12-01

Cryptography and Security

Abstract:Data security and privacy is an important but challenging problem in cloud computing. One of the security concerns from cloud users is how to efficiently verify the integrity of their data stored on the cloud server. Third Party Auditing (TPA) is a new technique proposed in recent years to achieve this goal. In a recent paper (IEEE Transactions on Computers 62(2): 362-375 (2013)), Wang et al. proposed a highly efficient and scalable TPA protocol and also a Zero Knowledge Public Auditing protocol which can prevent offline guessing attacks. However, in this paper, we point out several security weaknesses in Wang et al's protocols: first, we show that an attacker can arbitrarily modify the cloud data without being detected by the auditor in the integrity checking process, and the attacker can achieve this goal even without knowing the content of the cloud data or any verification metadata maintained by the cloud server; secondly, we show that the Zero Knowledge Public Auditing protocol cannot achieve its design goal, that is to prevent offline guessing attacks.

Jianhong Zhang,Shuai Liu,Jian Mao

DOI: https://doi.org/10.1109/cisp-bmei.2016.7853038

2016-01-01

Abstract:Cloud-based data storage is a popular cloud services. It can alleviate data management burden of data owner. However, after data file is transferred to the cloud, data owner is not able to physical dominate these outsourced data file. To efficiently ensure these data intact, several ReD-based integrity checking schemes were presented to ensure data integrity. Due to periodical checking, many data integrity checking schemes makes that the verifier takes high computational cost or communication overhead to verify data intactness. This results in a heavy burden for some schemes. Recently, to ensure secure cloud storage, a dynamic-hash-Table based public auditing protocol was put forward to achieve data privacy protection and data dynamics. An outstanding feature of the protocol is to significantly decease computational cost and communication cost in terms of cloud server and the verifier. Very regretfully, in this work, we will point out that their protocol is not secure. Our attack enables a malicious cloud server to arbitrarily delete or alter the outsourced data without being inspected by the verifier. And We analyze the reason to produce such attack and give a advice to fix the problem. Finally, we also point out that their protocol still exist a security threat: malicious auditor attack, and analyze the corresponding reason to produce such threat.

Jian Shen,Jun Shen,Xiaofeng Chen,Xinyi Huang,Willy Susilo

DOI: https://doi.org/10.1109/tifs.2017.2705620

IF: 7.231

2017-01-01

IEEE Transactions on Information Forensics and Security

Abstract:With the rapid development of cloud computing, cloud storage has been accepted by an increasing number of organizations and individuals, therein serving as a convenient and on-demand outsourcing application. However, upon losing local control of data, it becomes an urgent need for users to verify whether cloud service providers have stored their data securely. Hence, many researchers have devoted themselves to the design of auditing protocols directed at outsourced data. In this paper, we propose an efficient public auditing protocol with global and sampling blockless verification as well as batch auditing, where data dynamics are substantially more efficiently supported than is the case with the state of the art. Note that, the novel dynamic structure in our protocol consists of a doubly linked info table and a location array. Moreover, with such a structure, computational and communication overheads can be reduced substantially. Security analysis indicates that our protocol can achieve the desired properties. Moreover, numerical analysis and real-world experimental results demonstrate that the proposed protocol achieves a given efficiency in practice.

Haoming Wang,Yuanhang Zhang,Xu An Wang,Xiaoyuan Yang

DOI: https://doi.org/10.1016/j.heliyon.2024.e36273

IF: 3.776

2024-08-20

Heliyon

Abstract:With the rapid development of informatization, a vast amount of data is continuously generated and accumulated, leading to the emergence of cloud storage services. However, data stored in the cloud is beyond the control of users, posing various security risks. Cloud data auditing technology enables the inspection of data integrity in the cloud without the necessity of data downloading. Among these, public auditing schemes have experienced rapid development due to their ability to avoid additional user auditing expenses. However, malicious third-party auditors can compromise data privacy. This paper proposes an improved identity-based cloud auditing scheme that can resist malicious auditors. This scheme is also constructed on an identity-based public auditing scheme using blockchain to prevent malicious auditing. We found the scheme is not secure because a malicious cloud server can forge authentication tags for outsourced data blocks, while our scheme has not these security flaws. Through security proofs and performance analysis, we further demonstrate that our scheme is secure and efficient. Additionally, our scheme has typical application scenarios.

Chunxiang Xu,Xiaohu He,Daniel Abraha-Weldemariam

DOI: https://doi.org/10.1007/978-3-642-34041-3_59

2012-01-01

Abstract:Cloud Computing as the on-demand and remote provision of computational resources has been eagerly waited for a long time as a computing utility. It helps users to store their data in the cloud and enjoy the high quality service. However, users do not have physical possession on their own data, hence it is indispensable to create mechanisms on how to protect the security of the data stored. Thus, some auditing protocols are introduced to ensure authenticity and integrity of the outsourced data. Wang et al. proposed a public auditing protocol in 2010 and argued that it can resist against various known attacks. However, serious security flaws are found by analyzing their protocol. The above analysis shows that the public auditing protocol proposed by Wang et al. can not resist against existential forgery using a known message attack. Moreover, the protocol is vulnerable to attacks by a malicious cloud server and an outside attacker through four specific attacking schemes. The results show that the protocol can not provide secure data storage for users.

Bin Feng,Xinzhu Ma,Cheng Guo,Hui Shi,Zhangjie Fu,Tie Qiu

DOI: https://doi.org/10.1109/access.2016.2621005

IF: 3.9

2016-01-01

IEEE Access

Abstract:In cloud computing, data owners host their data on cloud servers, and users (data consumers) can access the data from the cloud servers. This new paradigm of data hosting service also introduces new security challenges that require an independent auditing service to check the integrity of the data in the cloud. Some existing methods for checking the integrity of the data cannot handle this problem efficiently and they cannot deal with the error condition. Thus, a secure and efficient dynamic auditing protocol should reject requests that are made with improper authentication. In addition, an excellent remote data authentication method should be able to collect information for statistical analysis, such as validation results. In this paper, first we design an auditing framework for cloud storage systems and propose an efficient and privacy-preserving auditing protocol. Then, we extend our auditing protocol to support dynamic data operations, which is efficient and has been proven to be secure in the random oracle model. We extended our auditing protocol further to support bidirectional authentication and statistical analysis. In addition, we use a better load distribution strategy, which greatly reduces the computational overhead of the client. Last, we provide an error response scheme, and our experiments show that our solution has good error-handling ability and offers lower overhead expenses for computation and communication than other approaches.

Jian Zhang,Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/iwqos.2017.7969107

2017-01-01

Abstract:With the development of cloud storage, data owners no longer physically possess their data and thus how to ensure the integrity of their outsourced data becomes a challenging task. Several protocols have been proposed to audit cloud storage, all of which rely mainly on data block tags to check data integrity. However, their block tag constructions employ cryptographic operations, which makes them computationally complex. In this paper, we investigate a secure cloud storage protocol based on the classic discrete logarithm problem. Our protocol generates data block tags with only basic algebraic operations, which brings substantial computation savings compared with previous work. We also strictly prove that the proposed protocol is secure under a definition which captures the real-world uses of cloud storage. In order to fit more application scenarios, we extend the proposed protocol to support data dynamics by employing an index vector and third-party public auditing by using a random masking number, both of which are efficient and provably secure. At last, theoretical analysis and experimental evaluation are provided to validate the superiority of the proposed protocol.

Caiyuan Tang,Feng Wang,Chenbin Zhao,Xiuqiang Chen

DOI: https://doi.org/10.1002/ett.4816

IF: 3.6

2023-06-21

Transactions on Emerging Telecommunications Technologies

Abstract:This image is the system model of our proposed scheme (IPAPS) and shows that our scheme includes three entires: data owner (DO), medical cloud storage server (MCSS), and third‐party auditor (TPA). In order to verify the integrity of data outsourced to the server, DO authorizes TPA to achieve the public auditing, then the authorized TPA sends verification requests to the MCSS. Finally, TPA verifies the responses returned from the MCSS and sends the result of the verification to the DO. Cloud‐based medical storage system is becoming popular. Cloud server is curious about the private information of stored cases, and the integrity of outsourced data has become increasingly concerned. Numerous public auditing protocols for the outsourced data into the cloud server were proposed. Unfortunately, in the existing protocols, some of them may neglect security to improve efficiency. Recently, Li et al. proposed an efficient privacy‐preserving public auditing protocol for cloud‐based medical storage system (EPPAP), which improved the communication efficiency by storing some of data owner's data in third part auditors, however we find that the protocol is vulnerable to collusion attack and replace attack. In this paper, we analyze the security attacks of the existing protocol, and further propose an improved public auditing protocol for secure data storage in cloud‐based medical storage system (IPAPS). In addition, we give the formal security proof and analyze the performance of our proposed protocol. The security proof shows our protocol takes into account integrity, collusion attack and replace attack at the same time. The simulation experiments in our performance analysis show that the proposed protocol is practical.

telecommunications

Solomon Guadie Worku,Chunxiang Xu,Jining Zhao,Xiaohu He

DOI: https://doi.org/10.1016/j.compeleceng.2013.10.004

2014-01-01

Abstract:Cloud computing poses many challenges on integrity and privacy of users' data though it brings an easy, cost-effective and reliable way of data management. Hence, secure and efficient methods are needed to ensure integrity and privacy of data stored at the cloud. Wang et al. proposed a privacy-preserving public auditing protocol in 2010 but it is seriously insecure. Their scheme is vulnerable to attacks from malicious cloud server and outside attackers regarding to storage correctness. So they proposed a scheme in 2011 with an improved security guarantee but it is not efficient. Thus, in this paper, we proposed a scheme which is secure and with better efficiency. It is a public auditing scheme with third party auditor (TPA), who performs data auditing on behalf of user(s). With detail security analysis, our scheme is proved secure in the random oracle model and our performance analysis shows the scheme is efficient.

Chunxiang Xu,Yuan Zhang,Yong Yu,Xiaojun Zhang,Junwei Wen

DOI: https://doi.org/10.3837/tiis.2014.11.032

2014-01-01

KSII Transactions on Internet and Information Systems

Abstract:Cloud storage provides an easy, cost-effective and reliable way of data management for users without the burden of local data storage and maintenance. Whereas, this new paradigm poses many challenges on integrity and privacy of users' data, since users losing grip on their data after outsourcing the data to the cloud server. In order to address these problems, recently, Worku et al. have proposed an efficient privacy-preserving public auditing scheme for cloud storage. However, in this paper, we point out the security flaw existing in the scheme. An adversary, who is on-line and active, is capable of modifying the outsourced data arbitrarily and avoiding the detection by exploiting the security flaw. To fix this security flaw, we further propose a secure and efficient privacy-preserving public auditing scheme, which makes up the security flaw of Worku et al.'s scheme while retaining all the features. Finally, we give a formal security proof and the performance analysis, they show the proposed scheme has much more advantages over the Worku et al.'s scheme.

Yong Yu,Yannan Li,Bo Yang,Willy Susilo,Guomin Yang,Jian Bai

DOI: https://doi.org/10.1109/tetc.2017.2759329

2020-01-01

IEEE Transactions on Emerging Topics in Computing

Abstract:Outsourced storage such as cloud storage can significantly reduce the burden of data management of data owners. Despite of a long list of merits of cloud storage, it triggers many security risks at the same time. Data integrity, one of the most burning challenges in secure cloud storage, is a fundamental and pivotal element in outsourcing services. Outsourced data auditing protocols enable a verifier to efficiently check the integrity of the outsourced files without downloading the entire file from the cloud, which can dramatically reduce the communication overhead between the cloud server and the verifier. Existing protocols are mostly based on public key infrastructure or an exact identity, which lacks flexibility of key management. In this paper, we seek to address the complex key management challenge in cloud data integrity checking by introducing attribute-based cloud data auditing, where users can upload files to cloud through some customized attribute set and specify some designated auditor set to check the integrity of the outsourced data. We formalize the system model and the security model for this new primitive, and describe a concrete construction of attribute-based cloud data integrity auditing protocol. The new protocol offers desirable properties namely attribute privacy-preserving and collusion-resistance. We prove soundness of our protocol based on the computational Diffie-Hellman assumption and the discrete logarithm assumption. Finally, we develop a prototype of the protocol which demonstrates the practicality of the protocol.

Xu An Wang,Zhengge Yi,Xiaoyuan Yang,Jindan Zhang,Yun Xie,Manman Zhang,Guixin Wu

DOI: https://doi.org/10.1155/2022/5127499

2022-01-01

Wireless Communications and Mobile Computing

Abstract:Data integrity verification mechanisms play an important role in cloud environments. Recently, a lightweight identity-based cloud storage audit scheme has been proposed; this paper points out security vulnerabilities of their OffTagGen algorithm. That is, the attackers such as malicious cloud servers can forge the tags, which can destroy data integrity. By improving the construction of OffTagGen algorithm, an improved security cloud auditing protocol is proposed in this work to better protect user’s privacy. The analysis shows that the new protocol is effective and resistant to attacks.

Yang Yang,Yanjiao Chen,Fei Chen,Jing Chen

DOI: https://doi.org/10.1109/jiot.2021.3121678

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Remote data integrity auditing ensures the integrity of cloud storage. In practice, cloud users may not want their sensitive data to be exposed to others. Thus, it is meaningful to investigate how to realize data sharing with sensitive information hiding in cloud storage auditing. Up to now, cloud storage has been proven to achieve the sensitive information hiding property through a third-party sanitizer dedicated to sanitize user data, which leads to high outlays on purchasing and maintaining a special server. To meet this challenge, we design a novel cloud storage auditing protocol to support sensitive information hiding without the need of a third-party sanitizer. In addition, our scheme allows data owners to enable or disable other users to access their sensitive information with the help of the cloud that dose not deviate from the agreement during access control. To be specific, only after receiving the delegations from the data owner, the users can compute the valid warrants that can pass the access verification of the cloud. The proposed protocol is built on identity-based cryptography, thus avoiding the complex certificate management. We validate the advantages of the proposed protocol through massive theoretical analysis and experimental results.

computer science, information systems,telecommunications,engineering, electrical & electronic

Fei Chen,Fengming Meng,Zhipeng Li,Li Li,Tao Xiang

DOI: https://doi.org/10.1016/j.jpdc.2024.104870

IF: 4.542

2024-07-01

Journal of Parallel and Distributed Computing

Abstract:Cloud storage auditing is a technique that enables a user to remotely check the integrity of the outsourced data in the cloud storage. Although researchers have proposed various protocols for cloud storage auditing, the proposed schemes are theoretical in nature, which are not fit for existing mainstream cloud storage service practices. To bridge this gap, this paper proposes a cloud storage auditing system that works for current mainstream cloud object storage services. We design the proposed system over existing proof of data possession (PDP) schemes and make them practical as well as usable in the real world. Specifically, we propose an architecture that separates the compute and storage functionalities of a storage auditing scheme. Because cloud object storage only provides read and write interfaces, we leverage a cloud virtual machine to implement the user-defined computations that are needed in a PDP scheme. We store the authentication tags of the outsourced data as an independent object to allow existing popular cloud storage applications, e.g., file online previewing. We also present a cost model to analyze the economic cost of a cloud storage auditing scheme. The cost model allows a user to balance security, efficiency, and economic cost by tuning various system parameters. We implemented, open-sourced the proposed system over a mainstream cloud object storage service. Experimental analysis shows that the proposed system is pretty efficient and promising for a production environment usage. Specifically, for a 40 GB sized data, the proposed system only incurs 1.66% additional storage cost, 3796 bytes communication cost, 2.9 seconds maximum auditing time cost, and 0.9 CNY per auditing monetary cost.

computer science, theory & methods