Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/tnet.2021.3058130

2021-01-01

Abstract:With the widespread application of cloud storage, ensuring the integrity of user outsourced data catches more and more attention. To remotely check the integrity of cloud storage, plenty of protocols have been proposed, implemented by checking the equation constructed by the aggregated blocks, tags, and indices. However, the verifier only has the knowledge of the indices of the audited blocks and tags, which thus requires the cloud to store both data blocks and tags for integrity verification. In this article, we present a compressive secure cloud storage protocol inspired by Goldreich-Goldwasser-Halevi (GGH) cryptosystem. Since the aggregated blocks can be reconstructed from the aggregated tags without the help of data indices, the cloud can only store data tags for providing the verifiable integrity proof. In this way, communication and storage costs can be hugely reduced and user private information can be hidden from the cloud. Furthermore, the proposed protocol only contains a few basic algebraic operations, making it highly efficient. We also provide formal security proof of the proposed protocol regarding forge, replay and replace attacks. In addition, we explore a new technique to support data dynamics. Furthermore, we establish a generic framework of compressive secure cloud storage protocols. Finally, we provide the theoretical analysis and experimental results, which further validate the effectiveness of the proposed protocol.

Xingjun Zhang,Wei Si

DOI: https://doi.org/10.1109/access.2020.2971630

IF: 3.9

2020-01-01

IEEE Access

Abstract:Fog-to-cloud computing has now become a new cutting-edge technique along with the rapid popularity of Internet of Things (IoT). Unlike traditional cloud computing, fog-to-cloud computing needs more entities to participate in, including mobile sinks and fog nodes except for cloud service provider (CSP). Hence, the integrity auditing in fog-to-cloud storage will also be different from that of traditional cloud storage. In the recent work of Tian et al., they took the first step to design public auditing system for fog-to-cloud computing. However, their scheme becomes very inefficient since they uses intricate public key cryptographic techniques, including bilinear mapping, proof of knowledge etc. In this paper, we design a general and more efficient auditing system based on MAC and HMAC, both of which are popular private key cryptographic techniques. By implementing MAC and HMAC, we give a concrete instantiation of our auditing system. Finally, the theoretical analysis and experiment results show that our proposed system has more efficiency in terms of communication and computational costs.

Ke Gu,Wenbin Zhang,Xingqiang Wang,Xiong Li,Weijia Jia

DOI: https://doi.org/10.1109/TNSM.2023.3267235

2023-01-01

IEEE Transactions on Network and Service Management

Abstract:Compared with cloud computing-based data storage, distributed data storage in fog computing is more vulnerable to malicious attacks. So, it is very necessary to provide a secure distributed auditing mechanism with protecting the identity privacy of data owners and controlling the identities of auditors under fog computing-based data storage. In this paper, we propose a dual attribute-based auditing scheme for fog computing-based data dynamic storage. Our auditing scheme can protect the identity privacy of data owners, and provide an attribute-based access control for corresponding audits with a distributed collaborative verification between related fog servers. In our scheme, a data owner can securely upload his divided and blinded file blocks with corresponding block authenticators (related with his attribute set) to related fog servers. To prevent malicious auditors from consuming system resources by abusing audit requests, the data owner can provide an attribute-based access control for corresponding audits, where the data owner specifies the attribute set of corresponding auditors who have the right to check the integrity of related data. Further, a distributed collaborative verification mechanism between related fog servers is constructed to reduce the disadvantages of centralized verification, where the Shamir's secret-sharing method is used to decompose the picked blinding factor as the shared sub-secrets sent to each fog server respectively. Compared with cloud computing-based data storage, our collaborative verification mechanism can implement distributed auditing consent of stored data between multiple fog servers. Our auditing scheme can further audit out specific suspicious fog servers. Additionally, we provide a dynamic data operation mechanism to efficiently support the updating of users' data under fog computing-based data storage. Furthermore, related theoretical analysis and experimental evaluation show our scheme is secure and efficient.

Yifang Zhang,Shengling Wang,Xidi Qu,Chunxiao Li,Enliang Xu

DOI: https://doi.org/10.1109/jiot.2023.3284345

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Fog computing is one of the promising models for mobile edge computing, and greatly reduces the latency of applications by establishing a distributed fog caching system on IoT devices. However, with the popularity and application of fog computing, there are growing concerns about the integrity and security of cached data. Different from centralized cloud servers, fog nodes are distributed and have limited computing and communication capabilities. Therefore, the direct adoptions of the existing centralized data integrity assurance schemes would incur significant communication overheads and cannot meet the real-time requirements of the fog-based applications. In this article, we propose an efficient and secure collaborative cached data auditing scheme for distributed fog computing. The proposed scheme, named FogAudit, enables untrusted fog nodes to collaboratively provide caching services while protecting the integrity and security of cached data. Our design can efficiently support fog nodes to collaborate with each other to identify malicious nodes and realize data recovery without relying on a centralized authority. Besides, we devise ESV, a tailored auditing protocol based on distributed consensus mechanism to handle disputes in the process of collaborative auditing. We provide a formal security analysis and experimentally evaluate its performance against three representative auditing schemes. Our security analysis and experimental evaluation results confirm that FogAudit is efficient and secure.

Hui Tian,Fulin Nan,Chin-Chen Chang,Yongfeng Huang,Jing Lu,Yongqian Du

DOI: https://doi.org/10.1016/j.jnca.2018.12.004

IF: 7.574

2018-01-01

Journal of Network and Computer Applications

Abstract:With increasing popularity of fog-to-cloud based Internet of Things (IoT), how to ensure the integrity of IoT data outsourced in clouds has become one of the biggest security challenges. However, little effort has been put into addressing the problem. To fill this gap, this paper presents a tailor-made public auditing scheme for data storage in fog-to-cloud based IoT scenarios, which can achieve all indispensable performance and security requirements. Particularly, we design a tag-transforming strategy based on the bilinear mapping technique to convert the tags generated by mobile sinks to the ones created by the fog nodes in the phase of proof generation, which cannot only effectively protect the identity privacy, but also reduce the communication and computational costs in the verification phase; moreover, we present a zero-knowledge proof mechanism to verify the integrity of IoT data from various generators (e.g., mobile sinks and fog nodes) while achieving perfect data-privacy preserving. We formally prove the security of our scheme and evaluate its performance by theoretical analysis and comprehensive experiments. The results demonstrate that our scheme can efficiently achieve secure auditing for data storage in fog-to-cloud based IoT scenarios, and outperforms the straight-forward solution in communication and computational costs as well as energy consumption.

Jindan Zhang,Baocang Wang,Debiao He,Xu An Wang

DOI: https://doi.org/10.1007/s00500-017-3000-1

IF: 3.732

2018-01-01

Soft Computing

Abstract:Nowadays, more and more people prefer to outsource their storage to the cloud; however, due to some accidents, cloud storage service providers may lose some data outsourced by the data owners. Thus a mechanism to ensure the outsourced cloud data remaining intact is needed for smoothly running the cloud storage service. Fuzzy cloud auditing protocol is such a mechanism running between data owners and cloud storage service providers. In these protocols, the data owner fuzzy challenges the cloud storage servers on the randomly chosen data blocks with random values, the servers need to response with corrected aggregated tag proof to pass through the auditing process. Until now, there are many fuzzy cloud auditing protocols with various interesting properties. In 2015, Yuan et al. proposed an auditing scheme supporting publicly integrity checking and dynamic data sharing with multi-user modification, which aims at allowing multiple cloud users to modify data while ensuring the cloud data’s integrity. Also recently Yuan et al. proposed a public proofs of retrievability (POR) in cloud with constant cost, they showed their scheme is the first POR scheme which can simultaneously achieve public verifiability, constant communication and computational costs on users, and prove the security of their scheme. However, in this paper, we show their schemes are not secure, concretely, the tags in their schemes can be easily forged. We also give an improved fuzzy cloud auditing scheme for the data owners.

Tian Wang,Jiyuan Zhou,Minzhe Huang,Zakirul Alam Bhuiyan,Anfeng Liu,Wenzheng Xu,Mande Xie

DOI: https://doi.org/10.1016/j.future.2017.12.036

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:The recent emergence of cloud computing has drastically influenced everyone’s perception of infrastructure architectures, data transmission and other aspects. With the advent of both mobile networks and cloud computing, the computationally-intensive services are moving to the cloud, and the end user’s mobile device is used as an interface to access these services. However, cyber threats are also becoming various and sophisticated, which will endanger the security of users’ private data. In traditional service mode, users’ data is totally stored in the cloud, they lose the right of control on their data and face cyber threats such as data loss and malicious modification. To this end, we propose a novel cloud storage scheme based on fog computing. In our scheme, user’s private data is separately stored in the cloud and fog servers. By this way, the integrity, availability and confidentiality of user’s data can be ensured because the data is retrieved from cloud as well as fog, which is safer. We implement a system prototype and design a series of mechanisms. Extensive experiments results also validate the proposed scheme and methods.

Ke Gu,XingQiang Wang,Xiong Li

DOI: https://doi.org/10.1109/tsusc.2024.3362074

2024-01-01

IEEE Transactions on Sustainable Computing

Abstract:The security of fog computing has been researched and concerned with its development, where malicious attacks pose a greater threat to distributed data storage based on fog computing. Also, the rapid increasing on the number of terminal devices has raised the importance of fog computing-based distributed data storage. In response to this demand, it is essential to establish a secure and privacy-preserving distributed data auditing method that enables security protection of stored data and effective control over identities of auditors. In this paper, we propose a dynamic outsourced data audit scheme for Merkle hash grid-based fog storage with privacy-preserving, where fog servers are used to undertake partial outsourced computation and data storage. Our scheme can provide the function of privacy-preserving for outsourced data by blinding original stored data, and supports data owners to define their auditing access policies by the linear secret-sharing scheme to control the identities of auditors. Further, the construction of Merkle hash grid is used to improve the efficiency of dynamic data operations. Also, a server locating approach is proposed to enable the third-part auditor to identify specific malicious data fog servers within distributed data storage. Under the proposed security model, the security of our scheme can be proved, which can further provide collusion resistance and privacy-preserving for outsourced data. Additionally, both theoretical and experimental evaluations illustrate the efficiency of our proposed scheme.

Jin Li,Xiao Tan,Xiaofeng Chen,Duncan S. Wong,Fatos Xhafa

2014-01-01

Abstract:Cloud Computing moves the application software and databases to the centralized large data centers, where the management of the data and services may not be fully trustworthy. In this work, we study the problem of ensuring the integrity of data storage in Cloud Computing. To reduce the computational cost at user side during the integrity verification of their data, the notion of public verifiability has been proposed. However, the challenge is that the computational burden is too huge for the users with resource-constrained devices to compute the public authentication tags of file blocks. To tackle the challenge, we propose OPoR, a new cloud storage scheme involving a cloud storage server and a cloud audit server, where the latter is assumed to be semi-honest. In particular, we consider the task of allowing the cloud audit server, on behalf of the cloud users, to pre-process the data before uploading to the cloud storage server and later verifying the data integrity. OPoR outsources the heavy computation of the tag generation to the cloud audit server and eliminates the involvement of user in the auditing and in the preprocessing phases. Furthermore, we strengthen the Proof of Retrievabiliy (PoR) model to support dynamic data operations, as well as ensure security against reset attacks launched by the cloud storage server in the upload phase.

Jian Zhang,Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/iwqos.2017.7969107

2017-01-01

Abstract:With the development of cloud storage, data owners no longer physically possess their data and thus how to ensure the integrity of their outsourced data becomes a challenging task. Several protocols have been proposed to audit cloud storage, all of which rely mainly on data block tags to check data integrity. However, their block tag constructions employ cryptographic operations, which makes them computationally complex. In this paper, we investigate a secure cloud storage protocol based on the classic discrete logarithm problem. Our protocol generates data block tags with only basic algebraic operations, which brings substantial computation savings compared with previous work. We also strictly prove that the proposed protocol is secure under a definition which captures the real-world uses of cloud storage. In order to fit more application scenarios, we extend the proposed protocol to support data dynamics by employing an index vector and third-party public auditing by using a random masking number, both of which are efficient and provably secure. At last, theoretical analysis and experimental evaluation are provided to validate the superiority of the proposed protocol.

Cong Wang,Qian Wang,Kui Ren,Ning Cao,Wenjing Lou

DOI: https://doi.org/10.1109/tsc.2011.24

IF: 11.019

2011-01-01

IEEE Transactions on Services Computing

Abstract:Cloud storage enables users to remotely store their data and enjoy the on-demand high quality cloud applications without the burden of local hardware and software management. Though the benefits are clear, such a service is also relinquishing users' physical possession of their outsourced data, which inevitably poses new security risks toward the correctness of the data in cloud. In order to address this new problem and further achieve a secure and dependable cloud storage service, we propose in this paper a flexible distributed storage integrity auditing mechanism, utilizing the homomorphic token and distributed erasure-coded data. The proposed design allows users to audit the cloud storage with very lightweight communication and computation cost. The auditing result not only ensures strong cloud storage correctness guarantee, but also simultaneously achieves fast data error localization, i.e., the identification of misbehaving server. Considering the cloud data are dynamic in nature, the proposed design further supports secure and efficient dynamic operations on outsourced data, including block modification, deletion, and append. Analysis shows the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks.

Fei Chen,Fengming Meng,Zhipeng Li,Li Li,Tao Xiang

DOI: https://doi.org/10.1016/j.jpdc.2024.104870

IF: 4.542

2024-07-01

Journal of Parallel and Distributed Computing

Abstract:Cloud storage auditing is a technique that enables a user to remotely check the integrity of the outsourced data in the cloud storage. Although researchers have proposed various protocols for cloud storage auditing, the proposed schemes are theoretical in nature, which are not fit for existing mainstream cloud storage service practices. To bridge this gap, this paper proposes a cloud storage auditing system that works for current mainstream cloud object storage services. We design the proposed system over existing proof of data possession (PDP) schemes and make them practical as well as usable in the real world. Specifically, we propose an architecture that separates the compute and storage functionalities of a storage auditing scheme. Because cloud object storage only provides read and write interfaces, we leverage a cloud virtual machine to implement the user-defined computations that are needed in a PDP scheme. We store the authentication tags of the outsourced data as an independent object to allow existing popular cloud storage applications, e.g., file online previewing. We also present a cost model to analyze the economic cost of a cloud storage auditing scheme. The cost model allows a user to balance security, efficiency, and economic cost by tuning various system parameters. We implemented, open-sourced the proposed system over a mainstream cloud object storage service. Experimental analysis shows that the proposed system is pretty efficient and promising for a production environment usage. Specifically, for a 40 GB sized data, the proposed system only incurs 1.66% additional storage cost, 3796 bytes communication cost, 2.9 seconds maximum auditing time cost, and 0.9 CNY per auditing monetary cost.

computer science, theory & methods

Jiyuan Zhou,Tian Wang,Md. Zakirul Alam Bhuiyan,Anfeng Liu

DOI: https://doi.org/10.1109/DASC-PICom-DataCom-CyberSciTec.2017.90

2017-01-01

Abstract:Since the cloud computing technology was proposed, it has developed rapidly. Cloud computing demonstrated that it was a major driver of change in the IT industry and there are a lot of cloud-based technologies deriving from cloud computing. With the Cloud computing development and global growth of data, cloud storage technology gets more attention and better development and attracts a large number of users. Users depend on the powerful storage capacity of cloud storage. However, in this storage schema, users' data is all stored in cloud servers. In other word, users lose their right of control on data and face privacy leakage risk. Traditional privacy protection schemes are usually based on encryption technology, but these kinds of methods cannot effectively resist attack from the inside of cloud server. Once the password gets compromised, users' data will be exposed to public. In order to solve this problem, we propose a hierarchic storage method based on fog computing model and design a Hash-Solomon code algorithm. We put a small part of data in local machine and fog server, which can take full advantage of cloud storage and protect the privacy of data. Through the theoretical safety analysis and experimental evaluation, the feasibility of our scheme is validated, which is really a powerful supplement to existing cloud storage scheme.

Lei Zhou,Anmin Fu,Guomin Yang,Yansong Gao,Shui Yu,Robert H. Deng

DOI: https://doi.org/10.1109/tdsc.2022.3207384

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Internet of Things (IoT) devices upload their data into the cloud for storage because of their limited resources. However, cloud storage data has been subject to potential integrity threats, and consequently auditing techniques are demanded to ensure the integrity of stored data. Unfortunately, existing auditing approaches require owners to undertake expensive tag calculations, which is unsuitable for resource-constrained IoT devices. To resolve the issue, we present a Fair Cloud Auditing proposal by employing the Blockchain (FCAB). We combine certificateless signatures with the designed dynamic structure to constructively offload the cost of tag computation from the IoT device to the introduced fog node, significantly reducing the local burden. Considering that fog nodes may behave dishonestly during auditing, FCAB enables the IoT device to verify the audit result's authenticity by extracting reliable checking records from the blockchain, thereby achieving auditing fairness, which ensures that the honest cloud and fog node will gain the corresponding reward. Finally, FCAB is proved to satisfy tag unforgeability, proof unforgeability, privacy preserving, and auditing fairness. Experiment evaluations affirm that FCAB is computationally and communicationally efficient and retains a smaller and fixed computation locally at the data processing stage (mainly including tag computation) than existing auditing methods.

Haiyang Yu,Yongquan Cai,Shanshan Kong,Fei Xue,Ditta Allah

DOI: https://doi.org/10.14257/ijsia.2016.10.12.08

2016-01-01

International Journal of Security and Its Applications

Abstract:In cloud computing, cloud users can upload their data to cloud storage server in order to save local storage and access their data from anywhere. However, cloud storage service also brings serious security issues. Cloud users should be convinced of the correctness of their data stored remotely in the cloud. Thus, a reliable auditing scheme is desired to help cloud users check the integrity of their remote data. In this paper, we first propose an efficient cloud auditing scheme for multi-cloud storage systems, which can also preserve the privacy. Then, we extend our auditing scheme to support dynamic auditing and batch auditing for both multiple cloud users and multiple cloud service providers (CSPs), which makes the scheme more practical and efficient. Security analysis shows that our auditing scheme is provably secure. Our experiments indicate that our solution is efficient and significantly relieves the computation burden of both third party auditor (TPA) and CSP.

Jian Shen,Jun Shen,Xiaofeng Chen,Xinyi Huang,Willy Susilo

DOI: https://doi.org/10.1109/tifs.2017.2705620

IF: 7.231

2017-01-01

IEEE Transactions on Information Forensics and Security

Abstract:With the rapid development of cloud computing, cloud storage has been accepted by an increasing number of organizations and individuals, therein serving as a convenient and on-demand outsourcing application. However, upon losing local control of data, it becomes an urgent need for users to verify whether cloud service providers have stored their data securely. Hence, many researchers have devoted themselves to the design of auditing protocols directed at outsourced data. In this paper, we propose an efficient public auditing protocol with global and sampling blockless verification as well as batch auditing, where data dynamics are substantially more efficiently supported than is the case with the state of the art. Note that, the novel dynamic structure in our protocol consists of a doubly linked info table and a location array. Moreover, with such a structure, computational and communication overheads can be reduced substantially. Security analysis indicates that our protocol can achieve the desired properties. Moreover, numerical analysis and real-world experimental results demonstrate that the proposed protocol achieves a given efficiency in practice.

Meng Yan,Jiajia Xu,Trent G. Marbach,Haitao Li,Gang Wang,Xiaoguang Liu

DOI: https://doi.org/10.1109/srds51746.2020.00029

2020-01-01

Abstract:In cloud storage, remote data auditing is designed to verify the integrity of cloud data on behalf of cloud users. The audit is performed by a third-party auditor (TPA) according to auditing protocols such as proof of retrievability and provable data possession. However, the TPA-based auditing framework leads to single-point failures, opaque audit processes and undetected mistakes. In this paper, we propose a decentralized auditing system in which the audit is performed by multiple auditors and the audit result is reached in a collaborative and transparent way. Auditors are selected for each audit randomly from the set of cloud users via modified cryptographic sortition; auditing procedures are implemented using a smart contract, and auditing records are published on a blockchain; an incentive mechanism is provided to regulate the behavior of system participants. We implement a prototype system and demonstrate that the proposed system is reliable and technically feasible.

Ying Wang,Conghao Ruan,Chunqiang Hu

DOI: https://doi.org/10.1007/978-3-030-59016-1_40

2022-01-01

Wireless Communications and Mobile Computing

Abstract:The cloud storage service has brought great convenience to the customer, which can save massive storage and computation resources via outsourcing the data to cloud service provider (CSP). However, the security issues are the biggest challenge such as data integrity. The user can verify the integrity of outsourced data through a remote data auditing solution without retrieving original data from cloud, however, the auditing procedure has heavy computational overhead, which employs third party auditor (TPA) to conduct auditing task on behalf of users. In this paper, we propose a decentralized public auditing scheme for cloud storage based on blockchain, which removes TPA and increases the number of CSP, the auditing task was assigned to multiple CSPs, and the blockchain technology was used to record the audit process. Meanwhile, the structure of e-voting system is utilized to realize the audit result statistics of multiple CSPs via smart contract, which enhanced the credibility and stability of final auditing result. The theoretical analysis and experimental results demonstrate that proposed scheme is secure and efficient.

Yang Yang,Yanjiao Chen,Fei Chen,Jing Chen

DOI: https://doi.org/10.1109/jiot.2021.3121678

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Remote data integrity auditing ensures the integrity of cloud storage. In practice, cloud users may not want their sensitive data to be exposed to others. Thus, it is meaningful to investigate how to realize data sharing with sensitive information hiding in cloud storage auditing. Up to now, cloud storage has been proven to achieve the sensitive information hiding property through a third-party sanitizer dedicated to sanitize user data, which leads to high outlays on purchasing and maintaining a special server. To meet this challenge, we design a novel cloud storage auditing protocol to support sensitive information hiding without the need of a third-party sanitizer. In addition, our scheme allows data owners to enable or disable other users to access their sensitive information with the help of the cloud that dose not deviate from the agreement during access control. To be specific, only after receiving the delegations from the data owner, the users can compute the valid warrants that can pass the access verification of the cloud. The proposed protocol is built on identity-based cryptography, thus avoiding the complex certificate management. We validate the advantages of the proposed protocol through massive theoretical analysis and experimental results.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xinpeng Zhang,Chunxiang Xu,Wei Sai,Ying Li,Tao Zhou

DOI: https://doi.org/10.2991/ictcs-14.2014.10

2014-01-01

Abstract:Cloud storage is a kind of cloud computing services that allows users to store their data in a remote cloud. Because of the loss of data control, data owners will concern that their data will be misused or unauthorized access by other users, in addition, they also worry their data may be lost in the clouds. Therefore, verify the authenticity of the data has become a key issue of data stored on the untrusted server.Shacham and Waters [17] give two Data storage audit protocols with full security proofs against arbitrary adversaries in the strongest secure model, but the server needs to give back a linear combination of the blocks that will leak audit data to the auditor. In order to improve the agreement of Shaham and waters, we use a hash function and blind technique to construct a public's privacy audit protocol.