Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/tnet.2021.3058130

2021-01-01

Abstract:With the widespread application of cloud storage, ensuring the integrity of user outsourced data catches more and more attention. To remotely check the integrity of cloud storage, plenty of protocols have been proposed, implemented by checking the equation constructed by the aggregated blocks, tags, and indices. However, the verifier only has the knowledge of the indices of the audited blocks and tags, which thus requires the cloud to store both data blocks and tags for integrity verification. In this article, we present a compressive secure cloud storage protocol inspired by Goldreich-Goldwasser-Halevi (GGH) cryptosystem. Since the aggregated blocks can be reconstructed from the aggregated tags without the help of data indices, the cloud can only store data tags for providing the verifiable integrity proof. In this way, communication and storage costs can be hugely reduced and user private information can be hidden from the cloud. Furthermore, the proposed protocol only contains a few basic algebraic operations, making it highly efficient. We also provide formal security proof of the proposed protocol regarding forge, replay and replace attacks. In addition, we explore a new technique to support data dynamics. Furthermore, we establish a generic framework of compressive secure cloud storage protocols. Finally, we provide the theoretical analysis and experimental results, which further validate the effectiveness of the proposed protocol.

Jiang Xu,Jin Han,Yongjun Ren,Jin Wang

DOI: https://doi.org/10.14257/astl.2014.79.22

2014-01-01

Abstract:Cloud storage is now an important development trend in information technology. To ensure the integrity of data storage in cloud storing, researchers have present some proof of storage schemes. In some cases, the ability to check data possession is delegated by data owners. Hence, the delegable provable data possession and proxy provable data possession are proposed. However the schemes are not secure since the proxy or designated verifier stores some delegation information in cloud storage servers. In this paper, we propose PC-DV POS scheme, which can preserve clients' privacy and designate a verifier by the client signed the data blocks. In particular, we utilize group signatures and key exchange to construct homomorphic authenticators, so that only the designated verifier is able to check the integrity of shared data for users without retrieving the entire data, and cannot reveal the identities of signers on all blocks in shared data.

Hongyi Su,Geng Yang,and Dawei Li

2011-01-01

Abstract:Data storage is an important application of cloud computing. With a cloud computing platform, the burden of local data storage can be reduced. However, services and applications in a cloud may come from different providers, and creating an efficient protocol to protect privacy is critical. We propose a verification protocol for cloud database entries that protects against untrusted service providers. Based on identity-based encryption （IBE） for cloud storage, this protocol guards against breaches of privacy in cloud storage. It prevents service providers from easily constructing cloud storage and forging the signature of data owners by secret sharing. Simulation results confirm the availability and efficiency of the proposed protocol.

Yongjun Ren,Jian Shen,Jin Wang,Jin Han,Sungyoung Lee

DOI: https://doi.org/10.6138/jit.2015.16.2.20140918

2015-01-01

Abstract:Cloud storage is now a hot research topic in information technology. In cloud storage, date security properties such as data confidentiality, integrity and availability become more and more important in many commercial applications. Recently, many provable data possession (PDP) schemes are proposed to protect data integrity. In some cases, it has to delegate the remote data possession checking task to some proxy. However, these PDP schemes are not secure since the proxy stores some state information in cloud storage servers. Hence, in this paper, we propose an efficient mutual verifiable provable data possession scheme, which utilizes Diffie-Hellman shared key to construct the homomorphic authenticator. In particular, the verifier in our scheme is stateless and independent of the cloud storage service. It is worth noting that the presented scheme is very efficient compared with the previous PDP schemes, since the bilinear operation is not required.

Kun He,Jing Chen,Quan Yuan,Shouling Ji,Debiao He,Ruiying Du

DOI: https://doi.org/10.1109/tdsc.2019.2925800

2021-01-01

Abstract:As an important security property of cloud storage, data integrity has not been sufficiently studied under the multi-writer model, where a group of users work on shared files collaboratively and any group member can update the data by modification, insertion, and deletion operations. Existing works under such multi-writer model would bring large storage cost to the third-party verifiers. Furthermore, to the best of our knowledge, none of the existing works for shared files supports fully dynamic operations, which implies that users cannot freely perform the update operations. In this paper, we propose the first public auditing scheme for shared data that supports fully dynamic operations and achieves constant storage cost for the verifiers. Our scheme, named PRAYS, is boosted by a new paradigm for remote data integrity checking. To implement the new paradigm, we proposed a specially designed authenticated structure, called blockless Merkle tree, and a novel cryptographic primitive, called permission-based signature. Extensive evaluation demonstrates that PRAYS is as efficient as the existing less-functional solutions. We believe that PRAYS is an important step towards designing practical multi-writer cloud storage systems.

Zuojie Deng,Jingli Zhou

DOI: https://doi.org/10.3233/jifs-169035

2016-01-01

Journal of Intelligent & Fuzzy Systems

Abstract:Nowadays, cloud storage has become an attractive storage scheme for a user to store his files. When a user stores his files on a remote cloud storage system, he cannot make sure whether his files are intact, so he must use some protocol to check the integrity of his files in the cloud storage. To guarantee high availability, some cloud storage servers provide a kind of highly-available service, which stores multiple copies of user files in the cloud storage, and the file owner cannot make sure whether all these copies are intact as well. Some cloud storage servers allow his users to operate their files online. As the file owner cannot always be online, he must entrust a trusted public data auditor to check his files in the cloud storage. In this work, we investigate the above issues about provable data possession with multi-copy and data dynamics supporting public verification in a cloud storage. We design a kind of authenticated 2-3 tree with ordered leaves and use this kind of tree to organize file block tags. We design a privacy preserving provable data possession scheme with multi-copy and data dynamics which supports public verification, and use a kind of RSA tag to construct this scheme. We apply our scheme to a cloud file backup system. Our theoretical proofs and experiments show that our scheme is feasible and reasonable.

Hongbin Yang,Shuxiong Jiang,Wenfeng Shen,Zhou Lei

DOI: https://doi.org/10.3390/fi10060049

2018-06-07

Future Internet

Abstract:Provable Data Possession (PDP) protocol makes it possible for cloud users to check whether the cloud servers possess their original data without downloading all the data. However, most of the existing PDP schemes are based on either public key infrastructure (PKI) or identity-based cryptography, which will suffer from issues of expensive certificate management or key escrow. In this paper, we propose a new construction of certificateless provable group shared data possession (CL-PGSDP) protocol by making use of certificateless cryptography, which will eliminate the above issues. Meanwhile, by taking advantage of zero-knowledge protocol and randomization method, the proposed CL-PGSDP protocol leaks no information of the stored data and the group user’s identity to the verifiers during the verifying process, which is of the property of comprehensive privacy preservation. In addition, our protocol also supports efficient user revocation from the group. Security analysis and experimental evaluation indicate that our CL-PGSDP protocol provides strong security with desirable efficiency.

Jian Zhang,Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/iwqos.2017.7969107

2017-01-01

Abstract:With the development of cloud storage, data owners no longer physically possess their data and thus how to ensure the integrity of their outsourced data becomes a challenging task. Several protocols have been proposed to audit cloud storage, all of which rely mainly on data block tags to check data integrity. However, their block tag constructions employ cryptographic operations, which makes them computationally complex. In this paper, we investigate a secure cloud storage protocol based on the classic discrete logarithm problem. Our protocol generates data block tags with only basic algebraic operations, which brings substantial computation savings compared with previous work. We also strictly prove that the proposed protocol is secure under a definition which captures the real-world uses of cloud storage. In order to fit more application scenarios, we extend the proposed protocol to support data dynamics by employing an index vector and third-party public auditing by using a random masking number, both of which are efficient and provably secure. At last, theoretical analysis and experimental evaluation are provided to validate the superiority of the proposed protocol.

Yong Yu,Jianbing Ni,Wei Wu,Yilei Wang

DOI: https://doi.org/10.1109/bwcca.2015.44

2015-01-01

Abstract:Due to the appealing advantages of cloud storage, such as on-demand self-service and ubiquitous network access, an increasing number of users prefer to store their data on remote remote servers. However, outsourced data transfer becomes a critical requirement for users to shift their cloud storage providers because of the emergence of various cloud storage services with different qualities of services. Therefore, the users may not only be anxious about the state of their data on the cloud server, but also concern on whether the data are transferred entirely to the new cloud without corruption and whether the data on original cloud are discarded. To address these problems, we propose a provable data possession scheme for cloud storage services characterized by secure data transfer, provable data erasure, high error detection probability, confidential data storage. Our scheme can guarantee the remote data integrity when the data are maintaining on the cloud servers and are transferring between two clouds, and secure deletion of transferred data on the original cloud.

Yining Qi,Yubo Luo,Yongfeng Huang,Xing Li

DOI: https://doi.org/10.32604/iasc.2023.030191

2023-01-01

Abstract:Cloud storage has been widely used to team work or cooperation development.Data owners set up groups, generating and uploading their data to cloud storage, while other users in the groups download and make use of it, which is called group data sharing.As all kinds of cloud service, data group sharing also suffers from hardware/software failures and human errors.Provable Data Possession (PDP) schemes are proposed to check the integrity of data stored in cloud without downloading.However, there are still some unmet needs lying in auditing group shared data.Researchers propose four issues necessary for a secure group shared data auditing: public verification, identity privacy, collusion attack resistance and traceability.However, none of the published work has succeeded in achieving all of these properties so far.In this paper, we propose a novel blockchain-based ring signature PDP scheme for group shared data, with an instance deployed on a cloud server.We design a linkable ring signature method called Linkable Homomorphic Authenticable Ring Signature (LHARS) to implement public anonymous auditing for group data.We also build smart contracts to resist collusion attack in group auditing.The security analysis and performance evaluation prove that our scheme is both secure and efficient.

Hao Yan,Yanan Liu,Zheng Zhang,Qian Wang

DOI: https://doi.org/10.1155/2021/6639634

IF: 1.968

2021-05-27

Security and Communication Networks

Abstract:Cloud computing is a fast-growing technology which supplies scalable, innovative, and efficient business models. However, cloud computing is not fully trusted, and the security of the data outsourced in cloud storage needs to be guaranteed. One of the hottest issues is how to ensure the integrity of the data in cloud storage. Until now, many researchers have proposed lots of provable data possession (PDP) schemes to deal with the problem of data integrity audition. Nevertheless, very little effort has been devoted to preserve the data uploader’s privacy while auditing the integrity of data shared in a group. To overcome the shortcoming, we propose a novel certificateless PDP protocol to efficiently audit the integrity of data shared in a workgroup with user privacy preserving. Due to the inherent structural advantage of the certificateless crypto mechanism, our PDP scheme eliminates the key escrow problem and the certificate management problem simultaneously. Moreover, the audition process in our scheme does not need any user’s identity which helps to keep the anonymity of data uploader. We give for our scheme a detailed security proof and efficiency analysis. Experiment results of performance evaluation demonstrate that our new scheme is very efficient and feasible.

computer science, information systems,telecommunications

Xia'nan Zhao,Dongsheng Wang

DOI: https://doi.org/10.1109/sec54971.2022.00074

2022-01-01

Abstract:With the mobile cloud storage services, mobile users can easily form a group and share data with each other. Given the fact that the cloud are not trustable, a third party public auditor can be introduced to audit data integrity, and supporting group dynamics and protecting the privacy of the original user of shared data from the public auditor is a fundamental issue during the auditing. In this paper, we propose a new identity privacy-preserving public auditing scheme for the integrity of group data with efficient group dynamics utilizing the multilinear maps based Diffie-Hellman Key Exchange protocol. With our proposed scheme, a third party auditor is able to audit the integrity of shared data without learning private identity information of the group members, and proxy re-signatures are used here to allow the cloud to do the re-computing to support group dynamics (user join and user revocation). Besides, our scheme also supports secure and efficient public auditing due to our improved polynomial-based authentication tags. The security and performance analysis shows that our proposed scheme is secure and highly efficient.

Xiaojun Zhang,Chunxiang Xu,Yuan Zhang,Xiujie Zhang,Junwei Wen

DOI: https://doi.org/10.1049/cje.2016.11.008

IF: 1.019

2017-01-01

Chinese Journal of Electronics

Abstract:Cloud storage auditing is considered as a significant service to verify the integrity of the data stored in cloud. Liu et al. have proposed a proof of storage protocol with public auditing form lattice assumption, which can resist quantum computer attacks. They claim that the protocol enjoys desirable security properties, such as unforgeability and privacy preserving. We demonstrate that any malic...

Jining Zhao,Chunxiang Xu,Kefei Chen

DOI: https://doi.org/10.3837/tiis.2018.09.025

2018-01-01

KSII Transactions on Internet and Information Systems

Abstract:In big data age, flexible and affordable cloud storage service greatly enhances productivity for enterprises and individuals, but spontaneously has their outsourced data susceptible to integrity breaches. Provable Data Possession (PDP) as a critical technology, could enable data owners to efficiently verify cloud data integrity, without downloading entire copy. To address challenging integrity problem on multiple clouds for multiple owners, an identity-based batch PDP scheme was presented in ProvSec 2016, which attempted to eliminate public key certificate management issue and reduce computation overheads in a secure and batch method. In this paper, we firstly demonstrate this scheme is insecure so that any clouds who have outsourced data deleted or modified, could efficiently pass integrity verification, simply by utilizing two arbitrary block-tag pairs of one data owner. Specifically, malicious clouds are able to fabricate integrity proofs by 1) universally forging valid tags and 2) recovering data owners' private keys. Secondly, to enhance the security, we propose an improved scheme to withstand these attacks, and prove its security with CDH assumption under random oracle model. Finally, based on simulations and overheads analysis, our batch scheme demonstrates better efficiency compared to an identity based multi-cloud PDP with single owner effort.

Chunxiang Xu,Yuan Zhang,Yong Yu,Xiaojun Zhang,Junwei Wen

DOI: https://doi.org/10.3837/tiis.2014.11.032

2014-01-01

KSII Transactions on Internet and Information Systems

Abstract:Cloud storage provides an easy, cost-effective and reliable way of data management for users without the burden of local data storage and maintenance. Whereas, this new paradigm poses many challenges on integrity and privacy of users' data, since users losing grip on their data after outsourcing the data to the cloud server. In order to address these problems, recently, Worku et al. have proposed an efficient privacy-preserving public auditing scheme for cloud storage. However, in this paper, we point out the security flaw existing in the scheme. An adversary, who is on-line and active, is capable of modifying the outsourced data arbitrarily and avoiding the detection by exploiting the security flaw. To fix this security flaw, we further propose a secure and efficient privacy-preserving public auditing scheme, which makes up the security flaw of Worku et al.'s scheme while retaining all the features. Finally, we give a formal security proof and the performance analysis, they show the proposed scheme has much more advantages over the Worku et al.'s scheme.

ZHAO Yang,REN Hua-qiang,XIONG Hu,CHEN Yang

DOI: https://doi.org/10.3969/j.issn.1001-0548.2016.05.015

2016-01-01

Abstract:In the traditional cloud storage system which supports dynamic operations, the computing and communication cost derived from the dynamic operations to the file is undertaken by the user completely. It brings user the corresponding pressure on computation and communication. In order to solve this problem, we design a provable data possession scheme via third-party proxy dynamic operations in clouds. In this scheme we bring in a powerful third-party auditor, the users can delegate it to perform the audit and fulfill the dynamic operations. In this processing, the system can ensure the user's data privacy in the third party auditor. Finally, the security and performance analysis show that our scheme can complete the audit task efficiently and securely.

Haibin Yang,Zhengge Yi,Ruifeng Li,Zheng Tu,Xu An Wang,Yuanyou Cui,Xiaoyuan Yang

DOI: https://doi.org/10.1155/2021/1805615

IF: 1.968

2021-07-22

Security and Communication Networks

Abstract:With the advent of data outsourcing, how to efficiently verify the integrity of data stored at an untrusted cloud service provider (CSP) has become a significant problem in cloud storage. In 2019, Guo et al. proposed an outsourced dynamic provable data possession scheme with batch update for secure cloud storage. Although their scheme is very novel, we find that their proposal is not secure in this paper. The malicious cloud server has ability to forge the authentication labels, and thus it can forge or delete the user’s data but still provide a correct data possession proof. Based on the original protocol, we proposed an improved one for the auditing scheme, and our new protocol is effective yet resistant to attacks.

computer science, information systems,telecommunications

Hui Tian,Fulin Nan,Hong Jiang,Chin-Chen Chang,Jianting Ning,Yongfeng Huang

DOI: https://doi.org/10.1016/j.ins.2018.09.009

IF: 8.1

2018-01-01

Information Sciences

Abstract:With increasing popularity of collaboration in clouds, shared data auditing has become an important issue in cloud auditing field, and attracted extensive attention from the research community. However, none of the state of the arts can fully achieve all indispensable functional and security requirements. Thus, in this paper, we present a comprehensive public auditing scheme for shared data. Specifically, to preserve users' identity privacy, signatures on the challenged blocks are converted to the ones signed by the group manager during proof generation; to protect data privacy, a random masking is adopted to blind data proof; a modification record table is designed to record operation information to support identity traceability; we further extend the dynamic hash table to support shared-data dynamics, and present a batch auditing strategy. Moreover, we design a lazy-revocation based group management mechanism to achieve efficient group dynamics, which can resist collusion attacks while significantly reducing computational costs. We formally prove the security of our scheme, and evaluate its performance by comprehensive experiments and comparisons with the state-of-the-art ones. The results demonstrate that our scheme can effectively achieve secure auditing and outperforms the previous ones in computational overhead while maintaining relatively low communication costs. (C) 2018 Elsevier Inc. All rights reserved.

Xiong Li,Saru Kumari,Jian Shen,Fan Wu,Caisen Chen,SK Hafizul Islam

DOI: https://doi.org/10.1007/s11277-016-3742-6

IF: 2.017

2016-01-01

Wireless Personal Communications

Abstract:Cloud storage is a new storage mode emerged along with the development of cloud computing paradigm. By migrating the data to cloud storage, the consumers can be liberated from building and maintaining the private storage infrastructure, and they can enjoy the data storage service at anywhere and anytime with high reliability and a relatively low cost. However, the security and privacy risks, especially the confidentiality and integrity of data seem to be the biggest hurdle to the adoption of the cloud storage applications. In this paper, we consider the secure data access and sharing issues for cloud storage services. Based on the intractability of the discrete logarithm problem, we design a secure data access and data sharing scheme for cloud storage, where we utilize the user authentication scheme to deal with the data access problem. According to our analysis, through our scheme, only valid user with the correct password and biometric can access to the cloud storage provider. Besides, the authorized users can access the rightful resources and verify the validity of the shared data, but cannot transfer the permission to any other party. At the same time, the confidentiality and integrity of data can be guaranteed.

Binanda Sengupta,Sushmita Ruj

DOI: https://doi.org/10.48550/arXiv.1712.04417

2018-09-25

Abstract:Cloud users (clients) with limited storage capacity at their end can outsource bulk data to the cloud storage server. A client can later access her data by downloading the required data files. However, a large fraction of the data files the client outsources to the server is often archival in nature that the client uses for backup purposes and accesses less frequently. An untrusted server can thus delete some of these archival data files in order to save some space (and allocate the same to other clients) without being detected by the client (data owner). Proofs of storage enable the client to audit her data files uploaded to the server in order to ensure the integrity of those files. In this work, we introduce one type of (selective) proofs of storage that we call keyword-based delegable proofs of storage, where the client wants to audit all her data files containing a specific keyword (e.g., "important"). Moreover, it satisfies the notion of public verifiability where the client can delegate the auditing task to a third-party auditor who audits the set of files corresponding to the keyword on behalf of the client. We formally define the security of a keyword-based delegable proof-of-storage protocol. We construct such a protocol based on an existing proof-of-storage scheme and analyze the security of our protocol. We argue that the techniques we use can be applied atop any existing publicly verifiable proof-of-storage scheme for static data. Finally, we discuss the efficiency of our construction.

Cryptography and Security