Shengli Liu,Kefei Chen

DOI: https://doi.org/10.1109/INCoS.2011.101

2011-01-01

Abstract:In a proof of retrievability (POR) system, interactive POR protocols are executed between a storage server and clients, so that clients can be convinced that their data is available at the storage server, ready to be retrieved when needed. In an interactive POR protocol, clients initiate challenges to the server, and the server feedbacks responses to clients with input of the stored data. Retrievability means that it should be possible for a client to extract the his/her data from the server's valid responses. An essential step-stone leading to retrievability is server's unforgeability of valid responses, i.e, any server coming up valid responses to a client's challenges is actually storing the client's data with overwhelming probability. Unforgeability can be achieved with authentication schemes like MAC, Digital Signature, etc. With homomorphic linear authentication schemes, the authenticators can be aggregated into one tag for the challenges, hence reducing the communication complexity. In this paper, we explore some new homomorphic linear authenticator schemes in POR to provide unforgeability. Compared with the recent work of Shacham and Waters, our scheme enjoys the same shortest responses, but reduces the local storage from O(s) to O(1).

Chaowen Guan,Kui Ren,Fangguo Zhang,Florian Kerschbaum,Jia Yu

DOI: https://doi.org/10.1007/978-3-319-24174-6_11

2015-01-01

Abstract:Proofs-of-Retrievability enables a client to store his data on a cloud server so that he executes an efficient auditing protocol to check that the server possesses all of his data in the future. During an audit, the server must maintain full knowledge of the client's data to pass, even though only a few blocks of the data need to be accessed. Since the first work by Juels and Kaliski, many PoR schemes have been proposed and some of them can support dynamic updates. However, all the existing works that achieve public verifiability are built upon traditional public-key cryptosystems which imposes a relatively high computational burden on low-power clients (e.g., mobile devices).In this work we explore indistinguishability obfuscation for building a Proof-of-Retrievability scheme that provides public verification while the encryption is based on symmetric key primitives. The resulting scheme offers light-weight storing and proving at the expense of longer verification. This could be useful in apations where outsourcing files is usually done by low-power client and verifications can be done by well equipped machines (e.g., a third party server). We also show that the proposed scheme can support dynamic updates. At last, for better assessing our proposed scheme, we give a performance analysis of our scheme and a comparison with several other existing schemes which demonstrates that our scheme achieves better performance on the data owner side and the server side.

Xiao Tan,Qi Xie,Lidong Han,Shengbao Wang,Wenhao Liu

DOI: https://doi.org/10.1016/j.cose.2023.103486

IF: 5.105

2023-09-23

Computers & Security

Abstract:With numerous applications in cloud storage, Proof of Retrievability (PoR) is an efficient solution for verification and retrieval of big data on a remote server. Existing PoR schemes can support two mutually exclusive verification modes, namely either private verifiability or public verifiability, depending on whether the outsourced data is verifiabile by the data owner (user) only or by everyone. In order to allow the user to flexibly designate the capability of verification, we propose a novel framework for PoR schemes that enables fine-grained control of remote data verification for cloud storage. Our idea is enabling the user to dynamically release some tokens (verification keys) to one or more third parties (designated verifiers), such that only the user and the designated verifiers can verify and retrieve the outsourced data from the server. We formalize this notion as PoR with Flexible Designated Verification (PoR-FDV), and define an extended adversarial model for PoR-FDV based on Juel et al.'s PoR model. Under the new framework, we propose a generic, simple and elegant construction of PoR-FDV from public verifiable PoR and identity-based KEM/DEM, which then gives birth to a concrete and efficient PoR-FDV scheme. Compared to existing PoR schemes, PoR-FDV provides higher flexibility and scalability, as well as many useful features.

computer science, information systems

Gaspard Anthoine,Jean-Guillaume Dumas,Michael Hanling,Mélanie de Jonghe,Aude Maignan,Clément Pernet,Daniel Roche

DOI: https://doi.org/10.48550/arXiv.2007.12556

2021-06-08

Abstract:Proofs of Retrievability (PoRs) are protocols which allow a client to store data remotely and to efficiently ensure, via audits, that the entirety of that data is still intact. A dynamic PoR system also supports efficient retrieval and update of any small portion of the data. We propose new, simple protocols for dynamic PoR that are designed for practical efficiency, trading decreased persistent storage for increased server computation, and show in fact that this tradeoff is inherent via a lower bound proof of time-space for any PoR scheme. Notably, ours is the first dynamic PoR which does not require any special encoding of the data stored on the server, meaning it can be trivially composed with any database service or with existing techniques for encryption or redundancy. Our implementation and deployment on Google Cloud Platform demonstrates our solution is scalable: for example, auditing a 1TB file takes just less than 5 minutes and costs less than $0.08 USD. We also present several further enhancements, reducing the amount of client storage, or the communication bandwidth, or allowing public verifiability, wherein any untrusted third party may conduct an audit.

Cryptography and Security

Tao Wang,Bo Yang,Hongyu Liu,Yong Yu,Guoyong Qiu,Zhe Xia

DOI: https://doi.org/10.1007/s00500-018-3155-4

IF: 3.732

2018-01-01

Soft Computing

Abstract:Public cloud data auditing allows a user to delegate an auditing job to a third party who is responsible for verifying whether a cloud server has faithfully stored a file or not. Proof of retrievability (PoR) is a widely used protocol for this kind of job. To the best of our knowledge, in the publicly verifiable setting with supporting data dynamics, all known PoR schemes are either rely on the random oracles or are built in the standard model but require nonstandard assumptions. In this paper, we present a scheme which explores the linear homomorphic signature and the sequence Merkle hash tree to construct the homomorphic linear authenticator for the PoR. The security of our proposed scheme can be proved in the standard model, assuming the hash function is collision resilient and the computational Diffie–Hellman assumption holds. The scheme also supports data modification, data insertion and data deletion. Furthermore, our technique can also be regarded as a novel paradigm by combining the homomorphic signature and authenticated data structure (with certain properties) to construct the homomorphic linear authenticator for the PoR protocols.

S. Liu,K. Chem

2012-01-01

Abstract:Proof of Retrievability (POR) refers to interactive auditing protocols executed between a storage server and clients, so that clients can be convinced that their data is available at the stor- age server, ready to be retrieved when needed. In an interactive POR protocol, clients initiate challenges to the server, and the server feed- backs responses to clients with the help of the stored data. Retriev- ability means that it should be possible for a client to extract his/her data from the server's valid responses. An essential step leading to retrievability is the server's unforgeability of valid responses, i.e, any server coming up with valid responses to a client's challenges is ac- tually storing the client's data with overwhelming probability. Un- forgeability can be achieved with authentication schemes like MAC, Digital Signature, etc. With Homomorphic Linear Authentication (HLA) schemes, the server's several responses can be aggregated into one, hence reducing the communication complexity. In this paper, we explore some new constructions of ǫ-almost strong universal hash- ing functions (ǫ-ASU2), which are used to build homomorphic linear authenticator schemes in POR to provide unforgeability. We show the HLA scheme involved in Shacham and Waters' POR scheme (see Shacham and Waters, 2008) is just an employment of a class ǫ-ASU2 functions. Using another class of ǫ-ASU2 for authentication in POR results in a new HLA scheme, which enjoys unforgability, the same shortest responses as the SW scheme, but reduces the local storage from O(n+s) to O(n) for information soundness, and from O(s) to O(1) for knowledge-soundness.

Shuai Han,Shengli Liu,Fangguo Zhang,Kefei Chen

DOI: https://doi.org/10.1145/2897845.2897859

2016-01-01

Abstract:Proofs of Data Possession/Retrievability (PoDP/PoR) schemes are essential to cloud storage services, since they can increase clients' confidence on the integrity and availability of their data. The majority of PoDP/PoR schemes are constructed from homomorphic linear authentication (HLA) schemes, which decrease the price of communication between the client and the server. In this paper, a new subclass of authentication codes, named epsilon-authentication codes, is proposed, and a modular construction of HLA schemes from epsilon-authentication codes is presented. We prove that the security notions of HLA schemes are closely related to the size of the authenticator/tag space and the successful probability of impersonation attacks (with non-zero source states) of the underlying epsilon-authentication codes. We show that most of HLA schemes used for the PoDP/PoR schemes are instantiations of our modular construction from some epsilon-authentication codes. Following this line, an algebraic curves-based epsilon-authentication code yields a new HLA scheme.

Shuai Han,Shengli Liu,Kefei Chen,Dawu Gu

DOI: https://doi.org/10.1007/978-3-319-06320-1_25

2014-01-01

Abstract:Proofs of Data Possession (PoDP) scheme is essential to data outsourcing. It provides an efficient audit to convince a client that his/her file is available at the storage server, ready for retrieval when needed. An updated version of PoDP is Proofs of Retrievability (PoR), which proves the client's file can be recovered by interactions with the storage server. We propose a PoR scheme based on Maximum Rank Distance (MRD) codes. The client file is encoded block-wise to generate homomorphic tags with help of an MRD code. In an audit, the storage provider is able to aggregate the blocks and tags into one block and one tag, due to the homomorphic property of tags. The algebraic structure of MRD codewords enables the aggregation to be operated over a binary field, which simplifies the computation of storage provider to be the most efficient XOR operation. With properties of MRD codes, we also prove an important security notion, namely soundness of PoR.

Xin Tang,Yining Qi,Yongfeng Huang

DOI: https://doi.org/10.1007/978-3-319-53465-7_22

2017-01-01

Abstract:Cloud storage is widely used to ease the storage burden of clients. Meanwhile it raises a basic issue in the security of outsourced data: whether the corruption can be detected and recovered? Focusing on this problem, most existing proofs of retrievability (POR) schemes relies on precomputed tokens or tags as well as code redundancy to achieve integrity verification and corruption recovery, which, however, results in extra storage cost for cloud storage and high computational overhead for clients. Fragile watermarking provides a new way to implement the scheme without such drawbacks. In this paper, we propose a novel fragile watermarking based public auditable POR scheme for archival cloud data, which is able to not only improve the efficiency of audit process but also ensure both privacy-preserving and replay attack resistance simultaneously. The simulation results validate both the correctness of our scheme in detecting and recovering data corruption and the large improvement in performance compared to traditional POR schemes.

Jean-Guillaume Dumas,Aude Maignan,Clément Pernet,Daniel S. Roche

DOI: https://doi.org/10.48550/arXiv.2110.02022

2023-03-13

Abstract:Proofs of Retrievability are protocols which allow a Client to store data remotely and to efficiently ensure, via audits, that the entirety of that data is still intact. Dynamic Proofs of Retrievability (DPoR) also support efficient retrieval and update of any small portion of the <a class="link-external link-http" href="http://data.We" rel="external noopener nofollow">this http URL</a> propose a novel protocol for arbitrary outsourced data storage that achieves both low remote storage size and audit complexity.A key ingredient, that can be also of intrinsic interest, reduces to efficiently evaluating a secret polynomial at given public points, when the (encrypted) polynomial is stored on an untrusted <a class="link-external link-http" href="http://Server.The" rel="external noopener nofollow">this http URL</a> Server performs the evaluations and also returns associated certificates. A Client can check that the evaluations are correct using the certificates and some pre-computed keys, more efficiently than re-evaluating the <a class="link-external link-http" href="http://polynomial.Our" rel="external noopener nofollow">this http URL</a> protocols support two important features: the polynomial itself can be encrypted on the Server, and it can be dynamically updated by changing individual coefficients cheaply without redoing the entire <a class="link-external link-http" href="http://setup.Our" rel="external noopener nofollow">this http URL</a> methods rely on linearly homomorphic encryption and pairings, and our implementation shows good performance for polynomial evaluations with millions of coefficients, and efficient DPoR with terabytes of <a class="link-external link-http" href="http://data.For" rel="external noopener nofollow">this http URL</a> instance, for a 1TB database, compared to the state of art, we can reduce the Client storage by 5000x, communication size by 20x, and client-side audit time by 2x, at the cost of one order of magnitude increase in server-side audit time.

Cryptography and Security,Symbolic Computation

Shuai Han,Shengli Liu,Kefei Chen,Dawu Gu

2013-01-01

Abstract:Proofs of Data Possession (PoDP) scheme is essential to data outsourcing. It provides an efficient audit to convince a client that his/her file is available at the storage server, ready for retrieval when needed. An updated version of PoDP is Proofs of Retrievability (PoR), which proves the client’s file can be recovered by interactions with the storage server. We propose a PoDP/PoR scheme based on Maximum Rank Distance (MRD) codes. The client file is encoded block-wise to generate homomorphic tags with help of an MRD code. In an audit, the storage provider is able to aggregate the blocks and tags into one block and one tag, due to the homomorphic property of tags. The algebraic structure of MRD codewords enables the aggregation to be operated over a binary field, which simplifies the computation of storage provider to be the most efficient XOR operation. We also prove two security notions, unforgeability served for PoDP and soundness served for PoR with properties of MRD codes. Meanwhile, the storage provider can also audit itself to locate and correct errors in the data storage to improve the reliability of the system, thanks to the MRD code again.

Maura B. Paterson,Douglas R. Stinson,Jalaj Upadhyay

DOI: https://doi.org/10.48550/arXiv.1210.7756

2012-10-30

Abstract:There has been considerable recent interest in "cloud storage" wherein a user asks a server to store a large file. One issue is whether the user can verify that the server is actually storing the file, and typically a challenge-response protocol is employed to convince the user that the file is indeed being stored correctly. The security of these schemes is phrased in terms of an extractor which will recover or retrieve the file given any "proving algorithm" that has a sufficiently high success probability. This paper treats proof-of-retrievability schemes in the model of unconditional security, where an adversary has unlimited computational power. In this case retrievability of the file can be modelled as error-correction in a certain code. We provide a general analytical framework for such schemes that yields exact (non-asymptotic) reductions that precisely quantify conditions for extraction to succeed as a function of the success probability of a proving algorithm, and we apply this analysis to several archetypal schemes. In addition, we provide a new methodology for the analysis of keyed POR schemes in an unconditionally secure setting, and use it to prove the security of a modified version of a scheme due to Shacham and Waters under a slightly restricted attack model, thus providing the first example of a keyed POR scheme with unconditional security. We also show how classical statistical techniques can be used to evaluate whether the responses of the prover are accurate enough to permit successful extraction. Finally, we prove a new lower bound on storage and communication complexity of POR schemes.

Cryptography and Security,Combinatorics

Qingxuan Wang,Chi Cheng,Rui Xu,Jintai Ding,Zhe Liu

DOI: https://doi.org/10.1109/TSC.2020.3041324

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:Recently, Zhang et al. proposed a lattice-based data outsourcing scheme with public integrity verification (DOPIV), which enables an original data owner to delegate a proxy to generate the signatures of data and outsource them to the cloud server. They employed a third party auditor (TPA) to check the integrity of the outsourced data and any TPA can verify the data integrity efficiently. DOPIV is claimed to achieve proxy-oriented secure data outsourcing as well as storage correctness guarantee. Unfortunately, we find that there exist vulnerabilities in DOPIV which allow the cloud server to simply delete the received data without being noticed by the TPA. Fortunately, we come up with a simple and efficient solution to thwart the proposed attack. Our improved scheme maintains all the features claimed in DOPIV.

Yuhan Li,Anmin Fu,Yan Yu,Gongxuan Zhang

DOI: https://doi.org/10.1109/icc.2017.7997106

2017-01-01

Abstract:With the arrival of big data era, cloud storage has become more ubiquitous. A growing number of consumers remote their data into cloud, as cloud can provide them with ample storage space and powerful computational capacity. However, storing data in cloud means that data is out of their control. How to verify the integrity of stored data and retrieve the corrupted data has become an urgent security problem. In this paper, we propose a new efficient proof of retrievability scheme, named as IPOR, for cloud storage systems. The IPOR not only can verify the integrity of remote data, but also can retrieve the original data of corrupted blocks from the healthy servers with probability 100%. Moreover, IPOR obviously decreases the complexity of data integrity tags and it requires performing a few multiplication and addition operations to retrieve the corrupted data. Therefore, our scheme is much more efficient than the state-of-the-art schemes. In addition, the security analysis indicates that our scheme is provably secure.

Yongjun Ren,Jian Shen,Jin Wang,Jin Han,Sungyoung Lee

DOI: https://doi.org/10.6138/jit.2015.16.2.20140918

2015-01-01

Abstract:Cloud storage is now a hot research topic in information technology. In cloud storage, date security properties such as data confidentiality, integrity and availability become more and more important in many commercial applications. Recently, many provable data possession (PDP) schemes are proposed to protect data integrity. In some cases, it has to delegate the remote data possession checking task to some proxy. However, these PDP schemes are not secure since the proxy stores some state information in cloud storage servers. Hence, in this paper, we propose an efficient mutual verifiable provable data possession scheme, which utilizes Diffie-Hellman shared key to construct the homomorphic authenticator. In particular, the verifier in our scheme is stateless and independent of the cloud storage service. It is worth noting that the presented scheme is very efficient compared with the previous PDP schemes, since the bilinear operation is not required.

Anmin Fu,Yuhan Li,Shui Yu,Yan Yu,Gongxuan Zhang

DOI: https://doi.org/10.1016/j.jnca.2017.12.007

IF: 7.574

2018-01-01

Journal of Network and Computer Applications

Abstract:As cloud storage has become more and more ubiquitous, there are a large number of consumers renting cloud storage services. However, as users lose direct control over the data, the integrity and availability of the outsourced data become a big concern for users. Accordingly, how to verify the integrity of stored data and retrieve the availability of the corrupted data has become an urgent problem. Moreover, in most cases, users' data is not always static, but needs to be updated. In this paper, we propose a dynamic proof of retrievability scheme for cloud storage system, named as DIPOR. The DIPOR not only can retrieve the original data of corrupted blocks by using partial healthy data stored in healthy servers, but also support for updating operations of data. Furthermore, the number of forks in our scheme is not fixed, which means we can always look for the optimal forks based on the number of data blocks. In addition, the security analysis indicates that our scheme is provably secure and the performance evaluations show the efficiency of the proposed scheme.

Genqing Bian,Rui Zhang,Bilin Shao

DOI: https://doi.org/10.1109/access.2022.3166920

IF: 3.9

2022-01-01

IEEE Access

Abstract:The remote data possession checking mechanism can effectively verify the integrity of outsourced data, which can usually be divided into public verification and private verification. The verifier of public verification can be any cloud user, while private verification can only be the data owner. However, in most practical situations, the data owner expects that only a specific verifier can perform integrity checking tasks and that verifier cannot gain any knowledge about the data. Yan et al. proposed a remote data possession checking scheme with the designated verifier, which can guarantee that only the designated verifier can check data integrity, whereas others cannot do it. However, this scheme relies on public key infrastructure technology and does not consider data privacy protection issues. To overcome these shortcomings, we propose an identity-based remote data possession checking scheme that satisfies the data owner's requirement to specify a unique verifier. Moreover, in this scheme, we use a random integer to blind data integrity proof to protect data privacy and use Merkle hash tree structure to achieve dynamic update of data. At the same time, our scheme can avoid the complex certificate management in public key infrastructure. We proved the safety of our scheme based on the discrete logarithm assumption and the computational Diffie-Hellman assumption. Theoretical analysis and experimental results show that our scheme is feasible and effective in practical applications.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jiang Xu,Jin Han,Yongjun Ren,Jin Wang

DOI: https://doi.org/10.14257/astl.2014.79.22

2014-01-01

Abstract:Cloud storage is now an important development trend in information technology. To ensure the integrity of data storage in cloud storing, researchers have present some proof of storage schemes. In some cases, the ability to check data possession is delegated by data owners. Hence, the delegable provable data possession and proxy provable data possession are proposed. However the schemes are not secure since the proxy or designated verifier stores some delegation information in cloud storage servers. In this paper, we propose PC-DV POS scheme, which can preserve clients' privacy and designate a verifier by the client signed the data blocks. In particular, we utilize group signatures and key exchange to construct homomorphic authenticators, so that only the designated verifier is able to check the integrity of shared data for users without retrieving the entire data, and cannot reveal the identities of signers on all blocks in shared data.

Zuojie Deng,Jingli Zhou

DOI: https://doi.org/10.3233/jifs-169035

2016-01-01

Journal of Intelligent & Fuzzy Systems

Abstract:Nowadays, cloud storage has become an attractive storage scheme for a user to store his files. When a user stores his files on a remote cloud storage system, he cannot make sure whether his files are intact, so he must use some protocol to check the integrity of his files in the cloud storage. To guarantee high availability, some cloud storage servers provide a kind of highly-available service, which stores multiple copies of user files in the cloud storage, and the file owner cannot make sure whether all these copies are intact as well. Some cloud storage servers allow his users to operate their files online. As the file owner cannot always be online, he must entrust a trusted public data auditor to check his files in the cloud storage. In this work, we investigate the above issues about provable data possession with multi-copy and data dynamics supporting public verification in a cloud storage. We design a kind of authenticated 2-3 tree with ordered leaves and use this kind of tree to organize file block tags. We design a privacy preserving provable data possession scheme with multi-copy and data dynamics which supports public verification, and use a kind of RSA tag to construct this scheme. We apply our scheme to a cloud file backup system. Our theoretical proofs and experiments show that our scheme is feasible and reasonable.

Yang Xu,Quanrun Zeng,Ju Ren,Yaoxue Zhang,Guojun Wang,Hao Min

DOI: https://doi.org/10.1109/smartworld.2018.00331

2018-01-01

Abstract:The wide use of network computing technologies has promoted the popularity of outsourced storage services. Meanwhile, the provable data possession (PDP) techniques are widely studied as the outsourcing storage servers are not always trustworthy and dependable in maintaining the outsourced data. However, most existing PDP solutions are either costly for the current Internet of things (IoT) devices, or vulnerable to spoofing attacks. In this paper, we propose a succinct anti-spoofing provable data possession scheme for lightweight clients in network computing. We employ the basic integrity comparison-based verification to fit for the resource-constrained verifiers, and propose a random sentinel metadata setup mechanism and the true-fake blended challenge scheme to improve the robustness against spoofing attacks of untrusted servers. The analyses reveal that our approach is effective in data possession verification with the robustness against spoofing attacks, while the overhead on the verifier side is low.