Solomon Guadie Worku,Chunxiang Xu,Jining Zhao,Xiaohu He

DOI: https://doi.org/10.1016/j.compeleceng.2013.10.004

2014-01-01

Abstract:Cloud computing poses many challenges on integrity and privacy of users' data though it brings an easy, cost-effective and reliable way of data management. Hence, secure and efficient methods are needed to ensure integrity and privacy of data stored at the cloud. Wang et al. proposed a privacy-preserving public auditing protocol in 2010 but it is seriously insecure. Their scheme is vulnerable to attacks from malicious cloud server and outside attackers regarding to storage correctness. So they proposed a scheme in 2011 with an improved security guarantee but it is not efficient. Thus, in this paper, we proposed a scheme which is secure and with better efficiency. It is a public auditing scheme with third party auditor (TPA), who performs data auditing on behalf of user(s). With detail security analysis, our scheme is proved secure in the random oracle model and our performance analysis shows the scheme is efficient.

Cong Wang,Qian Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tc.2011.245

2013-01-01

Abstract:Cloud Computing is the long dreamed vision of computing as a utility, where users can remotely store their data into the cloud so as to enjoy the on-demand high quality applications and services from a shared pool of configurable computing resources. By data outsourcing, users can be relieved from the burden of local data storage and maintenance. However, the fact that users no longer have physical possession of the possibly large size of outsourced data makes the data integrity protection in Cloud Computing a very challenging and potentially formidable task, especially for users with constrained computing resources and capabilities. Thus, enabling public auditability for cloud data storage security is of critical importance so that users can resort to an external audit party to check the integrity of outsourced data when needed. To securely introduce an effective third party auditor (TPA), the following two fundamental requirements have to be met: 1) TPA should be able to efficiently audit the cloud data storage without demanding the local copy of data, and introduce no additional on-line burden to the cloud user; 2) The third party auditing process should bring in no new vulnerabilities towards user data privacy. In this paper, we utilize and uniquely combine the public key based homomorphic authenticator with random masking to achieve the privacy-preserving public cloud data auditing system, which meets all above requirements. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multi-user setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis shows the proposed schemes are provably secure and highly efficient.

Wenting Shen,Jia Yu,Hui Xia,Hanlin Zhang,Xiuqing Lu,Rong Hao

DOI: https://doi.org/10.1016/j.jnca.2017.01.015

2017-01-01

Abstract:To verify the integrity of cloud data, many cloud storage auditing schemes have been proposed. However, most of them incur a lot of computation overhead for users when data authenticators are generated or the data integrity is verified, which inevitably brings in heavy burdens to resource-constrained users. To overcome this problem, we propose a cloud storage auditing scheme for group users, which greatly reduces the computation burden on the user side. In our scheme, we introduce a Third Party Medium (TPM) to perform time-consuming operations on behalf of users. The TPM is in charge of generating authenticators for users and verifying data integrity on behalf of users. In order to protect the data privacy against the TPM, we blind data using simple operations in the phase of data uploading and data auditing. The user does not need to perform time-consuming decryption operations when using cloud data. We set an expiration time of the authorization to make sure only the TPM who possesses the authorization within valid period is able to upload data to the cloud and challenge the cloud data. The security proof and the performance analysis show that our proposed scheme is secure and efficient.

Hongyu Liu,Leiting Chen,Zahra Davar,Mohammad Ramezanian Pour

2015-01-01

JUCS - Journal of Universal Computer Science

Abstract:Cloud storage has a long string of merits but at the same time, poses many challenges on data integrity and privacy. A cloud data auditing protocol, which enables a cloud server to prove the integrity of stored files to a verifier, is a powerful tool for secure cloud storage. Wang et al. proposed a privacy-preserving public auditing protocol, however, Worku et al. found the protocol is seriously insecure and proposed an improvement to remedy the weakness. In this paper, unfortunately, we demonstrate that the new protocol due to Worku et al. fails to achieve soundness and obtains merely limited privacy. Specifically, we show even deleting all the files of a data owner, a malicious cloud server is able to generate a response to a challenge without being caught by TPA in their enhanced but unrealistic security model. Worse still, the protocol is insecure even in a correct security model. For privacy, a dishonest verifier can tell which file is stored on the cloud. Solutions to efficient public auditing mechanisms with perfect privacy protection are still worth exploring.

Hao Yan,Yanan Liu,Zheng Zhang,Qian Wang

DOI: https://doi.org/10.1155/2021/6639634

IF: 1.968

2021-05-27

Security and Communication Networks

Abstract:Cloud computing is a fast-growing technology which supplies scalable, innovative, and efficient business models. However, cloud computing is not fully trusted, and the security of the data outsourced in cloud storage needs to be guaranteed. One of the hottest issues is how to ensure the integrity of the data in cloud storage. Until now, many researchers have proposed lots of provable data possession (PDP) schemes to deal with the problem of data integrity audition. Nevertheless, very little effort has been devoted to preserve the data uploader’s privacy while auditing the integrity of data shared in a group. To overcome the shortcoming, we propose a novel certificateless PDP protocol to efficiently audit the integrity of data shared in a workgroup with user privacy preserving. Due to the inherent structural advantage of the certificateless crypto mechanism, our PDP scheme eliminates the key escrow problem and the certificate management problem simultaneously. Moreover, the audition process in our scheme does not need any user’s identity which helps to keep the anonymity of data uploader. We give for our scheme a detailed security proof and efficiency analysis. Experiment results of performance evaluation demonstrate that our new scheme is very efficient and feasible.

computer science, information systems,telecommunications

Chunxiang Xu,Yuan Zhang,Yong Yu,Xiaojun Zhang,Junwei Wen

DOI: https://doi.org/10.3837/tiis.2014.11.032

2014-01-01

KSII Transactions on Internet and Information Systems

Abstract:Cloud storage provides an easy, cost-effective and reliable way of data management for users without the burden of local data storage and maintenance. Whereas, this new paradigm poses many challenges on integrity and privacy of users' data, since users losing grip on their data after outsourcing the data to the cloud server. In order to address these problems, recently, Worku et al. have proposed an efficient privacy-preserving public auditing scheme for cloud storage. However, in this paper, we point out the security flaw existing in the scheme. An adversary, who is on-line and active, is capable of modifying the outsourced data arbitrarily and avoiding the detection by exploiting the security flaw. To fix this security flaw, we further propose a secure and efficient privacy-preserving public auditing scheme, which makes up the security flaw of Worku et al.'s scheme while retaining all the features. Finally, we give a formal security proof and the performance analysis, they show the proposed scheme has much more advantages over the Worku et al.'s scheme.

Guangyang Yang,Hui Xia,Wenting Shen,Xiuxiu Jiang,Jia Yu

DOI: https://doi.org/10.14257/ijsia.2015.9.9.03

2015-01-01

International Journal of Security and Its Applications

Abstract:As the popularity and the proliferation of cloud storage increase, data security is becoming one of the biggest concerns for users of cloud storage. How to preserve the data integrity, as one of the most important security aspects, has been a research hotspot in the field of cloud security. Many data auditing schemes for checking the data integrity have been presented, however; these schemes are based on the assumption that the third party auditor (TPA) is secure and trustworthy. If TPA becomes wicked, these schemes are easy to make cloud server suffer distributed denial-of-service (DDOS) attack. In order to deal with this problem, we propose an authorized auditing scheme with constrained auditing number in this paper In our scheme, only authorized TPA can make valid challenges to cloud for data integrity checking. Moreover; the total auditing number that an authorized TPA can make is decided by the user In our construction, a constrained auditing number is integrated into the authorization generated by user to achieve this property. Once the number of a TPA's auditing reaches the constraint, cloud server will not respond to this TPA's challenges, which literally rules out the threat of DDOS attack. Analysis and experimental results show the proposed scheme is secure and efficient.

Hui Tian,Yuxiang Chen,Chin-Chen Chang,Hong Jiang,Yongfeng Huang,Yonghong Chen,Jin Liu

DOI: https://doi.org/10.1109/tsc.2015.2512589

IF: 11.019

2017-01-01

IEEE Transactions on Services Computing

Abstract:Cloud storage is an increasingly popular application of cloud computing, which can provide on-demand outsourcing data services for both organizations and individuals. However, users may not fully trust the cloud service providers (CSPs) in that it is difficult to determine whether the CSPs meet their legal expectations for data security. Therefore, it is critical to develop efficient auditing techniques to strengthen data owners’ trust and confidence in cloud storage. In this paper, we present a novel public auditing scheme for secure cloud storage based on dynamic hash table (DHT), which is a new two-dimensional data structure located at a third parity auditor (TPA) to record the data property information for dynamic auditing. Differing from the existing works, the proposed scheme migrates the authorized information from the CSP to the TPA, and thereby significantly reduces the computational cost and communication overhead. Meanwhile, exploiting the structural advantages of the DHT, our scheme can also achieve higher updating efficiency than the state-of-the-art schemes. In addition, we extend our scheme to support privacy preservation by combining the homomorphic authenticator based on the public key with the random masking generated by the TPA, and achieve batch auditing by employing the aggregate BLS signature technique. We formally prove the security of the proposed scheme, and evaluate the auditing performance by detailed experiments and comparisons with the existing ones. The results demonstrate that the proposed scheme can effectively achieve secure auditing for cloud storage, and outperforms the previous schemes in computation complexity, storage costs and communication overhead.

Yilin Yuan,Jianbiao Zhang,Wanshan Xu,Zheng Li

DOI: https://doi.org/10.1002/cpe.6735

2021-12-09

Concurrency and Computation: Practice and Experience

Abstract:With the popularity of cloud computing, cloud storage technology has also been widely used. Among them, data integrity verification is a hot research topic. At present, the realization of public auditing has become the development trend of integrity verification. Most existing public auditing schemes rarely consider some indispensable functions at the same time. Thus, in this article, we propose a comprehensive public auditing scheme (PDBPA) that can simultaneously support data privacy protection, data dynamics, and multi‐user batch auditing. To guarantee privacy protection during the audit process, our PDBPA design a new method of constructing audit proof, which combines random masking techniques and bilinear properties of bilinear pairing. Not only can it ensure that TPA performs audits correctly, but it can also prevent it from exploring the user's sensitive data. In addition, by utilizing the modified dynamic hash table, which is a novel and small two‐dimensional data structure, data dynamics can be effectively achieved. Furthermore, we provide a detailed process for the third‐party auditors to perform batch audits for multiple users. Moreover, we give the detailed and rigorous security analysis in defending against forgery attack, replace attack, and replay attack. Performance evaluations demonstrate that our PDBPA scheme is effective and feasible.

Yubo Zhao,Jinyong Chang

DOI: https://doi.org/10.1016/j.comnet.2022.109270

IF: 5.493

2022-10-24

Computer Networks

Abstract:In recent years, cloud storage has become an attractive service for data owners to store their personal data. Since they lose physical control of their data, it is necessary to regularly audit its integrity. The public auditing technique is very popular because it is suitable to outsource the auditing task to any third-party auditor, who has professional knowledge on auditing. However in many practical scenarios, the data owner may expect some designated verifier (instead of any) to audit its data. Thus, the public auditing scheme with designated verifier was proposed. In order to further reduce the cost of managing certificates, and to avoid the dependence on public key infrastructure, identity-based auditing scheme with designated verifier was recently proposed. Nevertheless, the proposed identity-based auditing scheme still suffers from the key escrow attack the risk of privacy leakage. In this paper, for the first time, we propose a certificateless public auditing protocol with designated verifier privacy-preserving property. More concretely, it can not only protect the privacy of the stored data against the designated verifier, but also resolve key escrow problem existed in identity-based technique. Its security is based on the Computational Diffie–Hellman and Weil Diffie–Hellman assumptions. Finally, the performance analysis experimental results of the proposed protocol show that our auditing scheme is efficient feasible to applications in real life.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Jiasen Liu,Xu An Wang,Zhiquan Liu,Han Wang,Xiaoyuan Yang

DOI: https://doi.org/10.1109/access.2020.2991033

IF: 3.9

2020-01-01

IEEE Access

Abstract:As one of the most popular applications in recent years, cloud storage has been gradually integrated into all walks of life. In the field of communication techniques for the unmanned aerial vehicles (UAVs), UAVs use sensors to upload collected data to cloud servers during various exploration activities, but UAVs can only store and calculate valid information currently collected due to the limited storage and computing performance. In the actual exploration, UAVs need not only to upload complete data to the cloud server, but also to support the data dynamic update efficiently. Moreover, due to security requirements, the privacy of data uploaded by UAVs must be protected. However, the existing auditing schemes for dynamic data and integrity have many problems, such as high computation cost, low efficiency of dynamic update, low privacy and security. For this reason, we propose a public cloud audit scheme that supports dynamic data and privacy protection based on distributed string equality check protocol and Merkle-hash tree multi-level index structure. First of all, a third-party server (TPS) is set between the cloud service provider and users, which complete digital signature, integrity auditing, and data dynamic operations significantly in place of users to reduce the local computing cost. Users then locally upload data which has been encrypted to the TPS. Secondly, to further improve the security of the scheme, TPS implement signature for encrypted data based on the distributed string equality check protocol. By designing authorizations with time constraints, it is guaranteed that only the legitimate TPS with time constraints can operate with cloud servers. Finally, we implement dynamic data operation efficiently based on MHT multi-level index structure. The security proof and performance analysis show that our proposed scheme is safe and effective.

Yang Yang,Yanjiao Chen,Fei Chen,Jing Chen

DOI: https://doi.org/10.1109/jiot.2021.3121678

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Remote data integrity auditing ensures the integrity of cloud storage. In practice, cloud users may not want their sensitive data to be exposed to others. Thus, it is meaningful to investigate how to realize data sharing with sensitive information hiding in cloud storage auditing. Up to now, cloud storage has been proven to achieve the sensitive information hiding property through a third-party sanitizer dedicated to sanitize user data, which leads to high outlays on purchasing and maintaining a special server. To meet this challenge, we design a novel cloud storage auditing protocol to support sensitive information hiding without the need of a third-party sanitizer. In addition, our scheme allows data owners to enable or disable other users to access their sensitive information with the help of the cloud that dose not deviate from the agreement during access control. To be specific, only after receiving the delegations from the data owner, the users can compute the valid warrants that can pass the access verification of the cloud. The proposed protocol is built on identity-based cryptography, thus avoiding the complex certificate management. We validate the advantages of the proposed protocol through massive theoretical analysis and experimental results.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiong Li,Shanpeng Liu,Rongxing Lu,Muhammad Khurram Khan,Ke Gu,Xiaosong Zhang

DOI: https://doi.org/10.1109/JBHI.2022.3140831

IF: 7.7

2022-01-01

IEEE Journal of Biomedical and Health Informatics

Abstract:The booming Internet of Things makes smart healthcare a reality, while cloud-based medical storage systems solve the problems of large-scale storage and real-time access of medical data. The integrity of medical data outsourced in cloud-based medical storage systems has become crucial since only complete data can make a correct diagnosis, and public auditing protocol is a key technique to solve this problem. To guarantee the integrity of medical data and reduce the burden of the data owner, we propose an efficient privacy-preserving public auditing protocol for the cloud-based medical storage systems, which supports the functions of batch auditing and dynamic update of data. Detailed security analysis shows that our protocol is secure under the defined security model. In addition, we have conducted extensive performance evaluations, and the results indicate that our protocol not only remarkably reduces the computational costs of both the data owner and the third-party auditor (TPA), but also significantly improves the communication efficiency between the TPA and the cloud server. Specifically, compared with other related work, the computational cost of the TPA in our protocol is negligible and the data owner saves more than 2/3 of computational cost. In addition, as the number of challenged blocks increases, our protocol saves nearly 90% of communication overhead between the TPA and the cloud server.

Yilun Wu,Xinye Lin,Xicheng Lu,Jinshu Su,Peixin Chen

DOI: https://doi.org/10.1587/transinf.2016EDL8079

2016-01-01

IEICE Transactions on Information and Systems

Abstract:Public auditing is a new technique to protect the integrity of outsourced data in the remote cloud. Users delegate the ability of auditing to a third party auditor (TPA), and assume that each result from the TPA is correct. However, the TPA is not always trustworthy in reality. In this paper, we consider a scenario in which the TPA may lower the reputation of the cloud server by cheating users, and propose a novel public auditing scheme to address this security issue. The analyses and the evaluation prove that our scheme is both secure and efficient.

Wenyu Xiang,Jie Zhao,Hejiao Huang,Xiaojun Zhang,Zoe Lin Jiang,Daojing He

DOI: https://doi.org/10.1007/978-981-97-0801-7_17

2024-01-01

Abstract:Public auditing mechanism can delegate a third-party auditor (TPA) to check the remote data integrity on behalf of data owners. However, the TPA, as an idealized and benefit-oriented entity, may not provide correct auditing results on time. To date, a large number of public auditing schemes utilize the booming blockchain technique to resist dishonest TPA, but most of them are vulnerable to malicious miners who attempt to manipulate the randomness of auditing challenge generation. In this paper, we propose a novel Blockchain-assisted Privacy-preserving Public Auditing scheme, named BPPA. The BPPA scheme utilizes a smart contract deployed on the Ethereum blockchain to replace the TPA. To eliminate the impact of malicious miners, the smart contract employs unpredictable hash values of the nearest Ethereum blocks to generate the index locators. These locators segmentally produce index subsets of challenged data blocks, ensuring the unpredictability of auditing challenge messages. Meanwhile, BPPA achieves conditional identity anonymity for data owners through the employment of identity-based public key cryptography and key exchange technique. We prove the security of our scheme based on the computational Diffie-Hellman assumption and the discrete logarithm assumption. Furthermore, we analyze the performance from theoretical and experimental aspects, and the evaluation results demonstrate that our auditing scheme is effective and efficient.

Gaimei Gao,Hongxia Fei,Zefeng Qin

DOI: https://doi.org/10.1002/cpe.5924

2020-07-18

Concurrency and Computation: Practice and Experience

Abstract:<p>Cloud storage is a mode of online storage in which data are stored on multiple virtual servers usually hosted by third parties. Cloud service providers manage and operate data storage as services. The major concern in cloud storage is the integrity of outsourced data. Many public auditing schemes which authorize the third party auditor (TPA) to check the integrity of outsourced data have been proposed. However, most of them are based on traditional public key cryptosystems. This paper proposes an efficient certificateless public auditing Scheme (CL‐PAS) in cloud storage. In the process of challenge and auditing, CL‐PAS ensures that malicious cloud servers cannot forge auditing evidences to deceive TPA to pass the verification, and prevents curious TPA from recovering original data from auditing evidences. So it strengthens privacy preserving. Security analysis shows that CL‐PAS scheme meets the predetermined security requirements. The simulation and performance analysis results show that, compared with similar schemes, CL‐PAS scheme has the higher efficiency.</p>

Xiaojun Zhang,Xin Wang,Dawu Gu,Jingting Xue,Wei Tang

DOI: https://doi.org/10.1109/TNSM.2022.3189650

2022-01-01

Abstract:Cloud computing provides users with convenient data storage services, which simultaneously poses various security concerns, the integrity of outsourced data has been termed as one of the most concerning security issues. Certificateless public auditing not only enables a third-party auditor (TPA) to check data integrity, but also avoids complex certificates management and inherent drawbacks of key escrow. Up to date, a few certificateless public auditing schemes have been proposed, without providing fast data dynamics or protecting the identity privacy of users. In this paper, we propose a lightweight conditional anonymous certificateless public auditing (CACPA) scheme, supporting much faster data dynamics in cloud storage systems. Based on a homomorphic hash function, we design a certificateless signature and integrate it into the construction of CACPA, reducing the computational costs of TPA substantially. CACPA achieves conditional identity privacy preservation, anyone cannot infer the real identity of a user based on outsourced data, only the private key generator (PKG) can revoke the users when some misbehaviors occur. We provide security analysis of CACPA, and conduct performance evaluation demonstrating the lightweight advantages of CACPA, and therefore it is suitable for auditors with resource-constrained mobile devices.

Haoming Wang,Yuanhang Zhang,Xu An Wang,Xiaoyuan Yang

DOI: https://doi.org/10.1016/j.heliyon.2024.e36273

IF: 3.776

2024-08-20

Heliyon

Abstract:With the rapid development of informatization, a vast amount of data is continuously generated and accumulated, leading to the emergence of cloud storage services. However, data stored in the cloud is beyond the control of users, posing various security risks. Cloud data auditing technology enables the inspection of data integrity in the cloud without the necessity of data downloading. Among these, public auditing schemes have experienced rapid development due to their ability to avoid additional user auditing expenses. However, malicious third-party auditors can compromise data privacy. This paper proposes an improved identity-based cloud auditing scheme that can resist malicious auditors. This scheme is also constructed on an identity-based public auditing scheme using blockchain to prevent malicious auditing. We found the scheme is not secure because a malicious cloud server can forge authentication tags for outsourced data blocks, while our scheme has not these security flaws. Through security proofs and performance analysis, we further demonstrate that our scheme is secure and efficient. Additionally, our scheme has typical application scenarios.

Salah H. Abbdal,Hai Jin,Deqing Zou,Ali. A. Yassen

DOI: https://doi.org/10.1109/uic-atc-scalcom.2014.17

2014-01-01

Abstract:Although cloud computing is extremely active over the Internet in the real world, it presents many security challenges, such as access control and data integrity, which refer to the fact that while users can deploy their files into the cloud server, no one knows exactly where they should be. Thus, users' data may be threatened by internal or external attacks. Recently, some proposed schemes are aiming to find solutions to these problems which directly affect the data under the cloud. These are based on a Third Party Auditor (TPA) as one of the most popular solutions, where users no longer have physical possession of the possibly large size of their outsourced data, and they consider that the TPA should be able to efficiently audit the cloud data storage without demanding local copies of data, and they introduce no additional on-line burden to the cloud user. Unfortunately, these schemes have assumed that the TPA is a trusted party for users. In fact, this assumption is critical, because the security aspect hinders widespread adoption of the cloud. However, users cannot ensure that either the TPA or the cloud server (CS) will not be impersonated by an attacker. So, the cloud user should be the only person (data owner) who has confidentiality about his data. We offer a new TPA model that differs from previous models and overcomes the above-mentioned issues. Our proposed scheme has three main components: the cloud user (data owner), the TPA, and the cloud server (CS), where only the user has the authority for his data and he deals with other components as services. The proposal enjoys several advantages such as preserving privacy and session key secrecy. Our proposed scheme combines the two important features of both efficiency and security concerns: 1) TPA functionalities, 2) complete confidentiality at the user side. Furthermore, our work includes many security features such as secure and efficient use of the TPA for correct data storage with supporting data dynamics.

Wenyong Yuan,Li,Zhengge Yi,Xiaoyuan Yang

DOI: https://doi.org/10.1117/12.2668300

2023-01-01

Abstract:Integrity verification can effectively protect cloud data. Currently, users entrust third-party auditors to verify the integrity of their outsourced data. Unfortunately, multiple auditors participate in the integrity verification, which increases the risk of data privacy disclosure. Therefore, more users expect a specific verifier to check the files in cloud storage. We proposed a scheme with a designated verifier, which can effectively protect data privacy when auditing. In the process oey generate tags. In the evidence generation, bilinear results of data blocks and tags are directly calculated to realize privacyf tags generation, we utilize the designated auditor public k protection. Based on the computational Diffie– Hellman assumption in the Bilinear Maps, we prove the security for our scheme.