Xiaojun Zhang,Chunxiang Xu

DOI: https://doi.org/10.1109/CSE.2014.334

2014-01-01

Abstract:In this paper, we propose a post-quantum secure cloud storage system supporting privacy-preserving public auditing scheme from lattice assumption. In our public auditing scheme, we introduce a third party auditor (TPA), which can efficiently audit the cloud storage data, bringing no additional on-line burden to the users. We utilize preimage sample able functions to realize our lattice-based signature, thus can be considered as random masking to make sure the TPA can not recover the primitive data blocks of the users. Based on the inhomogeneous small integer solution assumption (ISIS), our public auditing scheme is proved secure against the data lost attacks and tamper attacks from the cloud service providers. To the best of our knowledge, we construct the first identity-based public auditing for secure cloud storage from lattice assumption, which is an interesting stepping stone in the post-quantum cryptographic communication.

Xiaojun Zhang,Chunxiang Xu,Chunhua Jin

DOI: https://doi.org/10.1504/ijesdf.2016.073736

2016-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:With the rapid development of cloud storage technology, users choose to store their data in the cloud server remotely. Without the burden of local data storage and maintenance, users can enjoy on-demand high quality cloud storage services. Recently, lattice-based cryptography has been considered as the best choice for post-quantum cryptography, which can resist quantum computer attacks. Considering the forthcoming of the quantum computer in the near future, in this paper, we propose an efficient identity-based cloud storage public auditing scheme, which is constructed based on lattice. We prove our scheme can guarantee public verifiability, unforgeability. Moreover, our scheme can prevent the third party auditor (TPA) from revealing the primitive data blocks of cloud users. In particular, to achieve efficient data dynamics, by utilising index hash tables, our auditing scheme can efficiently perform dynamic operations. Efficient performance analysis demonstrates that our public auditing scheme is more efficient and more practical even in the post-quantum cryptographic era.

Xiaojun Zhang,Chunxiang Xu,Yuan Zhang,Xiujie Zhang,Junwei Wen

DOI: https://doi.org/10.1049/cje.2016.11.008

IF: 1.019

2017-01-01

Chinese Journal of Electronics

Abstract:Cloud storage auditing is considered as a significant service to verify the integrity of the data stored in cloud. Liu et al. have proposed a proof of storage protocol with public auditing form lattice assumption, which can resist quantum computer attacks. They claim that the protocol enjoys desirable security properties, such as unforgeability and privacy preserving. We demonstrate that any malic...

Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/tnet.2021.3058130

2021-01-01

Abstract:With the widespread application of cloud storage, ensuring the integrity of user outsourced data catches more and more attention. To remotely check the integrity of cloud storage, plenty of protocols have been proposed, implemented by checking the equation constructed by the aggregated blocks, tags, and indices. However, the verifier only has the knowledge of the indices of the audited blocks and tags, which thus requires the cloud to store both data blocks and tags for integrity verification. In this article, we present a compressive secure cloud storage protocol inspired by Goldreich-Goldwasser-Halevi (GGH) cryptosystem. Since the aggregated blocks can be reconstructed from the aggregated tags without the help of data indices, the cloud can only store data tags for providing the verifiable integrity proof. In this way, communication and storage costs can be hugely reduced and user private information can be hidden from the cloud. Furthermore, the proposed protocol only contains a few basic algebraic operations, making it highly efficient. We also provide formal security proof of the proposed protocol regarding forge, replay and replace attacks. In addition, we explore a new technique to support data dynamics. Furthermore, we establish a generic framework of compressive secure cloud storage protocols. Finally, we provide the theoretical analysis and experimental results, which further validate the effectiveness of the proposed protocol.

Jia Yu,Kui Ren,Cong Wang,Vijay Varadharajan

DOI: https://doi.org/10.1109/TIFS.2015.2400425

IF: 7.231

2015-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Cloud storage auditing is viewed as an important service to verify the integrity of the data in public cloud. Current auditing protocols are all based on the assumption that the client's secret key for auditing is absolutely secure. However, such assumption may not always be held, due to the possibly weak sense of security and/or low security settings at the client. If such a secret key for auditing is exposed, most of the current auditing protocols would inevitably become unable to work. In this paper, we focus on this new aspect of cloud storage auditing. We investigate how to reduce the damage of the client's key exposure in cloud storage auditing, and give the first practical solution for this new problem setting. We formalize the definition and the security model of auditing protocol with key-exposure resilience and propose such a protocol. In our design, we employ the binary tree structure and the preorder traversal technique to update the secret keys for the client. We also develop a novel authenticator construction to support the forward security and the property of blockless verifiability. The security proof and the performance analysis show that our proposed protocol is secure and efficient.

Songrun Yang,Jinyong Chang

DOI: https://doi.org/10.1007/s10586-023-04239-9

2024-02-14

Cluster Computing

Abstract:In recent years, cloud storage services have risen widely, and how to ensure the integrity of outsourced data in cloud setting catches more and more attention. Kinds of integrity auditing protocols, additionally attaching tags on original data file, have been proposed. In order to compress the storage and communication overheads, Yang et al. presented a compressive auditing technique, which is identity-based and quantum computing resistant. Note that Yang et al. also claimed that their protocol is "suitable" for outsourcing auditing process to third party auditor (TPA). However, in this paper, we first pointed out that Yang et al.'s compressive protocol is essentially private auditing since the data owner needs to confidential transmit secret value to TPA. In fact, if TPA shares this value to cloud service provider (CSP), then Yang et al.'s scheme will become completely insecure. Then, we propose a new identity-based protocol, which is based on lattice and thus still secure in future quantum computing. Meanwhile, our proposed protocol belongs to public auditing instead of private auditing. Finally, we analyze the performance of our proposed protocol, which shows that it is competitive in the cloud storage applications.

computer science, information systems, theory & methods

Haifeng Li,Yuxin Wang,Xingbing Fu,Caihui Lan,Caifen Wang,Fagen Li,He Guo

DOI: https://doi.org/10.1016/j.jisa.2021.102927

IF: 4.96

2021-09-01

Journal of Information Security and Applications

Abstract:To reduce the local storage burden and enjoy the conveniently ubiquitous access, an increasing number of individuals and enterprises prefer to outsource their data to the cloud server. Due to the loss of physical control over data, how to guarantee the cloud server stores user's data honestly becomes an important security challenge. Meanwhile, most of existing public auditing schemes based on traditional public key cryptosystem either suffer from bearing the heavy burden of certificate management or possess an inherent key escrow drawback. Even worse, with the advent of powerful quantum computers, most of them could be cracked quickly by a large-scale quantum computer in polynomial time in the near future. To this end, we propose a novel post-quantum secure certificateless public auditing scheme in cloud storage (PSCPAC) from lattice assumptions. Compared with the existing schemes, our novel scheme enjoys the following promising merits: (1) removing the requirement for complicated certificate management in traditional PKI-based public auditing schemes; (2) eliminating the inherent key escrow problem in ID-based public auditing schemes; (3) providing resistance against quantum computers attacks. Correctness, security and performance analysis demonstrate that PSCPAC is provably secure, highly efficient and more practical for post-quantum security in cloud storage public auditing.

computer science, information systems

Zhangyun Liu,Xiaowei Yang,Kun Zhao,Yongjian Liao,Yichuan He

DOI: https://doi.org/10.1109/bigcom.2017.29

2017-08-01

Abstract:In cloud storage, remote data integrity checking is considered as a crucial technique about data owners who upload enormous data to cloud server provider. A majority of the existing remote data integrity checking protocols rely on the expensive public key infrastructure. In addition, the verification of certificates needs heavy computation and communication cost. Meanwhile, the existing some protocols are not secure under the quantum computer attacks. However, lattice-based constructed cryptography can resist quantum computer attacks and is fairly effective, involving matrix-matrix or matrix-vector multiplications. So, we propose an identity-based remote data integrity checking protocol from lattices, which can eliminate the certificate management process and resist quantum computer attacks. Our protocol is completeness and provably secure based on the hardness small integer solution assumption. The presented scheme is secure against cloud service provider attacks, and leaks no any blocks of the stored file to the third party auditor during verification stage, namely the data privacy against the curiosity third party auditor attacks. The cloud service provider attack includes lost attack and tamper attack. Furthermore, the performance analysis of some protocols demonstrate that our protocol of remote data integrity checking is useful and efficient.

Md. Jakir Hossain,Chunxiang Xu

DOI: https://doi.org/10.1109/ICCCS52626.2021.9449136

2021-01-01

Abstract:With the rapid development of the computing paradigm, cloud computing becomes the most notable one that offers convenient and on-demand services from a shared pool of configurable computing resources. However, the application of quantum computers in clouds would be realized from the recent breakthrough results of quantum computers. In the near future, existing conventional hardness-based authentication schemes will be confronted with quantum attackers. Lattice-based authentication scheme resolves this tension. Albeit, existing lattice-based schemes, users and cloud servers are always worried about the communication privacy against misbehaved private key generator referred to as mPKG since PKG potentially has the power to generate the secret key for any given identity. In this paper, we proposed a secure authentication scheme for cloud storage that thwarts the misbehaved PKG. We integrate the identity-based encryption (IBE) scheme with the lattice-based signature, which is the variant of existing IBE-based authentication schemes and post-quantum secure. Additionally, we integrate identity certifying authority (ICA) with PKG to ensure security against misbehaved PKG. Our comprehensive security proof demonstrates that the proposed scheme provides stronger security guarantees against misbehaved PKG and ICA.

Chengyu Hu,Yuqin Xu,Pengtao Liu,Jia Yu,Shanqing Guo,Minghao Zhao

DOI: https://doi.org/10.1016/j.ins.2020.02.010

IF: 8.1

2020-01-01

Information Sciences

Abstract:Cloud storage auditing is a service that is usually provided to enable clients to verify the integrity of their data stored in the cloud. However, clients risk exposing their secret key. To address the problem of key exposure, researchers have provided “Forward Security” by dividing the entire lifetime of the secret key into several periods and updating the secret key within each of these periods. Forward security can ensure the validity of authenticators before the period in which the secret key is fully exposed. However, the security of these protocols can be broken by launching side-channel attacks to leak the secret key partially rather than fully. In this study, we focus on implementing measures in cloud storage auditing to protect against side-channel attacks in practice. We formalize the definition and security model of a cloud storage auditing protocol, which supports forward security under continual key-leakage, and construct the first protocol. Our protocol remains secure even if an adversary obtains partial leakage of the secret key during a period. In addition, if the secret key were to be fully disclosed in a certain period, our protocol would maintain forward security. Therefore, the proposed protocol provides stronger security compared with existing protocols.

Jian Zhang,Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/iwqos.2017.7969107

2017-01-01

Abstract:With the development of cloud storage, data owners no longer physically possess their data and thus how to ensure the integrity of their outsourced data becomes a challenging task. Several protocols have been proposed to audit cloud storage, all of which rely mainly on data block tags to check data integrity. However, their block tag constructions employ cryptographic operations, which makes them computationally complex. In this paper, we investigate a secure cloud storage protocol based on the classic discrete logarithm problem. Our protocol generates data block tags with only basic algebraic operations, which brings substantial computation savings compared with previous work. We also strictly prove that the proposed protocol is secure under a definition which captures the real-world uses of cloud storage. In order to fit more application scenarios, we extend the proposed protocol to support data dynamics by employing an index vector and third-party public auditing by using a random masking number, both of which are efficient and provably secure. At last, theoretical analysis and experimental evaluation are provided to validate the superiority of the proposed protocol.

Chunxiang Xu,Yuan Zhang,Yong Yu,Xiaojun Zhang,Junwei Wen

DOI: https://doi.org/10.3837/tiis.2014.11.032

2014-01-01

KSII Transactions on Internet and Information Systems

Abstract:Cloud storage provides an easy, cost-effective and reliable way of data management for users without the burden of local data storage and maintenance. Whereas, this new paradigm poses many challenges on integrity and privacy of users' data, since users losing grip on their data after outsourcing the data to the cloud server. In order to address these problems, recently, Worku et al. have proposed an efficient privacy-preserving public auditing scheme for cloud storage. However, in this paper, we point out the security flaw existing in the scheme. An adversary, who is on-line and active, is capable of modifying the outsourced data arbitrarily and avoiding the detection by exploiting the security flaw. To fix this security flaw, we further propose a secure and efficient privacy-preserving public auditing scheme, which makes up the security flaw of Worku et al.'s scheme while retaining all the features. Finally, we give a formal security proof and the performance analysis, they show the proposed scheme has much more advantages over the Worku et al.'s scheme.

Jia Yu,Kui Ren,Cong Wang

DOI: https://doi.org/10.1109/tifs.2016.2528500

IF: 7.231

2016-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Key-exposure resistance has always been an important issue for in-depth cyber defence in many security applications. Recently, how to deal with the key exposure problem in the settings of cloud storage auditing has been proposed and studied. To address the challenge, existing solutions all require the client to update his secret keys in every time period, which may inevitably bring in new local burdens to the client, especially those with limited computation resources, such as mobile phones. In this paper, we focus on how to make the key updates as transparent as possible for the client and propose a new paradigm called cloud storage auditing with verifiable outsourcing of key updates. In this paradigm, key updates can be safely outsourced to some authorized party, and thus the key-update burden on the client will be kept minimal. In particular, we leverage the third party auditor (TPA) in many existing public auditing designs, let it play the role of authorized party in our case, and make it in charge of both the storage auditing and the secure key updates for key-exposure resistance. In our design, TPA only needs to hold an encrypted version of the client’s secret key while doing all these burdensome tasks on behalf of the client. The client only needs to download the encrypted secret key from the TPA when uploading new files to cloud. Besides, our design also equips the client with capability to further verify the validity of the encrypted secret keys provided by the TPA. All these salient features are carefully designed to make the whole auditing procedure with key exposure resistance as transparent as possible for the client. We formalize the definition and the security model of this paradigm. The security proof and the performance simulation show that our detailed design instantiations are secure and efficient.

Xiufeng Zhao,Xiang Wang,Hao Xu,Yilei Wang

DOI: https://doi.org/10.1504/ijhpcn.2015.070020

2015-01-01

Abstract:Cloud computing is a distributed computing model, which provides services and resources. As a new type of storage services, cloud storage provides a new method for mass data storage management. Nowadays, more and more users upload their data to cloud storage servers and retrieve data when needed. One of the basic tasks of cloud storage is to guarantee the integrity between retrieved and uploaded data. Therefore, data integrity checking of cloud storage becomes a key issue. This paper proposes a privacy-preserving public verifying cloud data integrity checking protocol. To achieve security against quantum computer attacks, we resort to constructing homomorphic linear authenticator based on a lattice-based homomorphic signature algorithm. To eliminate data content exposure to achieve privacy, we use the blind checking technique. Theoretical analysis indicates that our scheme achieves security against malicious cloud server and privacy against third party auditor TPA, and resists the known-proof forgery attack. Compared with other protocols, our protocol does not resort to rank-based authenticated skip list, saving storage and communication overhead. Furthermore, it makes use of matrix-vector multiplication operation, avoiding great amount of module exponential operation, which reduces the computational labour for cloud server and TPA.

Yang Yang,Yanjiao Chen,Fei Chen,Jing Chen

DOI: https://doi.org/10.1109/jiot.2021.3121678

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Remote data integrity auditing ensures the integrity of cloud storage. In practice, cloud users may not want their sensitive data to be exposed to others. Thus, it is meaningful to investigate how to realize data sharing with sensitive information hiding in cloud storage auditing. Up to now, cloud storage has been proven to achieve the sensitive information hiding property through a third-party sanitizer dedicated to sanitize user data, which leads to high outlays on purchasing and maintaining a special server. To meet this challenge, we design a novel cloud storage auditing protocol to support sensitive information hiding without the need of a third-party sanitizer. In addition, our scheme allows data owners to enable or disable other users to access their sensitive information with the help of the cloud that dose not deviate from the agreement during access control. To be specific, only after receiving the delegations from the data owner, the users can compute the valid warrants that can pass the access verification of the cloud. The proposed protocol is built on identity-based cryptography, thus avoiding the complex certificate management. We validate the advantages of the proposed protocol through massive theoretical analysis and experimental results.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yongjun Ren,Jian Shen,Jin Wang,Jin Han,Sungyoung Lee

DOI: https://doi.org/10.6138/jit.2015.16.2.20140918

2015-01-01

Abstract:Cloud storage is now a hot research topic in information technology. In cloud storage, date security properties such as data confidentiality, integrity and availability become more and more important in many commercial applications. Recently, many provable data possession (PDP) schemes are proposed to protect data integrity. In some cases, it has to delegate the remote data possession checking task to some proxy. However, these PDP schemes are not secure since the proxy stores some state information in cloud storage servers. Hence, in this paper, we propose an efficient mutual verifiable provable data possession scheme, which utilizes Diffie-Hellman shared key to construct the homomorphic authenticator. In particular, the verifier in our scheme is stateless and independent of the cloud storage service. It is worth noting that the presented scheme is very efficient compared with the previous PDP schemes, since the bilinear operation is not required.

Yubo Zhao,Jinyong Chang

DOI: https://doi.org/10.1016/j.comnet.2022.109270

IF: 5.493

2022-10-24

Computer Networks

Abstract:In recent years, cloud storage has become an attractive service for data owners to store their personal data. Since they lose physical control of their data, it is necessary to regularly audit its integrity. The public auditing technique is very popular because it is suitable to outsource the auditing task to any third-party auditor, who has professional knowledge on auditing. However in many practical scenarios, the data owner may expect some designated verifier (instead of any) to audit its data. Thus, the public auditing scheme with designated verifier was proposed. In order to further reduce the cost of managing certificates, and to avoid the dependence on public key infrastructure, identity-based auditing scheme with designated verifier was recently proposed. Nevertheless, the proposed identity-based auditing scheme still suffers from the key escrow attack the risk of privacy leakage. In this paper, for the first time, we propose a certificateless public auditing protocol with designated verifier privacy-preserving property. More concretely, it can not only protect the privacy of the stored data against the designated verifier, but also resolve key escrow problem existed in identity-based technique. Its security is based on the Computational Diffie–Hellman and Weil Diffie–Hellman assumptions. Finally, the performance analysis experimental results of the proposed protocol show that our auditing scheme is efficient feasible to applications in real life.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Haoming Wang,Yuanhang Zhang,Xu An Wang,Xiaoyuan Yang

DOI: https://doi.org/10.1016/j.heliyon.2024.e36273

IF: 3.776

2024-08-20

Heliyon

Abstract:With the rapid development of informatization, a vast amount of data is continuously generated and accumulated, leading to the emergence of cloud storage services. However, data stored in the cloud is beyond the control of users, posing various security risks. Cloud data auditing technology enables the inspection of data integrity in the cloud without the necessity of data downloading. Among these, public auditing schemes have experienced rapid development due to their ability to avoid additional user auditing expenses. However, malicious third-party auditors can compromise data privacy. This paper proposes an improved identity-based cloud auditing scheme that can resist malicious auditors. This scheme is also constructed on an identity-based public auditing scheme using blockchain to prevent malicious auditing. We found the scheme is not secure because a malicious cloud server can forge authentication tags for outsourced data blocks, while our scheme has not these security flaws. Through security proofs and performance analysis, we further demonstrate that our scheme is secure and efficient. Additionally, our scheme has typical application scenarios.

Xiuguang Li,Ruifeng Li,Xu An Wang,Ke Niu,Hui Li,Xiaoyuan Yang

DOI: https://doi.org/10.1155/2022/7302767

IF: 1.968

2022-09-01

Security and Communication Networks

Abstract:Cloud storage technology is evolving at a high speed; effectively auditing the cloud data's integrity has become a focal point. Recently, Ming and Shi proposed a certificateless integrity auditing scheme with a privacy protection function. The scheme used the certificateless cryptosystem to solve the certificate management problem of the auditing schemes based on public key infrastructure and the key escrow problem of the identity-based auditing schemes. Although their scheme is novel and efficient, we found that their scheme was not secure and could not achieve integrity auditing of cloud data. The malicious cloud server can generate the proof through the blocks and tags sent by the user. On the basis of the original scheme, we propose an improved auditing scheme; our new scheme is more secure and effective. In addition, for the problem of idle tags in the existing cloud data integrity auditing scheme, we propose the idea of intermediate tags and we applied the idea to the improved scheme to improve audit efficiency.

computer science, information systems,telecommunications

Md Jakir Hossain,Chunxiang Xu,Yuan Zhang,Xiaojun Zhang,Wanpeng Li

DOI: https://doi.org/10.1007/s12652-021-03620-z

IF: 3.662

2022-01-13

Journal of Ambient Intelligence and Humanized Computing

Abstract:The deployment of cloud services enables users to outsource their data to cloud servers and retrieve the target data efficiently. However, the application of quantum computers in clouds would be realized from the recent breakthrough results of quantum computers. Existing authentication schemes based on conventional hardness assumptions will be confronted with quantum attackers in the near future. A lattice-based authentication scheme resolves this tension. Although, existing lattice-based authentication schemes employing identity-based signcryption (IBS), the security against misbehaved private key generators (mPKG) is not well-considered, which may cause privacy issues in some application scenarios since the mPKG can generate the secret key for any given identity. This paper proposes an IBS-based authentication scheme for cloud storage dubbed LAMA that thwarts adversaries who have quantum computing power. We integrate the IBS scheme with the lattice-based cryptography, which is the variant of existing IBS-based authentication schemes and is post-quantum secure. We integrate identity certifying authority (ICA) with private key generator (PKG) to ensure security against mPKG. Our comprehensive security proof demonstrates that LAMA is indistinguishable against chosen plaintext attacks and secure against mPKG. We conduct a comprehensive performance evaluation of LAMA, which demonstrates the high efficiency of LAMA in terms of computation and communication overhead and proves that it can be easily deployed on low configured user devices.

computer science, information systems,telecommunications, artificial intelligence