Hui Tian,Fulin Nan,Chin-Chen Chang,Yongfeng Huang,Jing Lu,Yongqian Du

DOI: https://doi.org/10.1016/j.jnca.2018.12.004

IF: 7.574

2018-01-01

Journal of Network and Computer Applications

Abstract:With increasing popularity of fog-to-cloud based Internet of Things (IoT), how to ensure the integrity of IoT data outsourced in clouds has become one of the biggest security challenges. However, little effort has been put into addressing the problem. To fill this gap, this paper presents a tailor-made public auditing scheme for data storage in fog-to-cloud based IoT scenarios, which can achieve all indispensable performance and security requirements. Particularly, we design a tag-transforming strategy based on the bilinear mapping technique to convert the tags generated by mobile sinks to the ones created by the fog nodes in the phase of proof generation, which cannot only effectively protect the identity privacy, but also reduce the communication and computational costs in the verification phase; moreover, we present a zero-knowledge proof mechanism to verify the integrity of IoT data from various generators (e.g., mobile sinks and fog nodes) while achieving perfect data-privacy preserving. We formally prove the security of our scheme and evaluate its performance by theoretical analysis and comprehensive experiments. The results demonstrate that our scheme can efficiently achieve secure auditing for data storage in fog-to-cloud based IoT scenarios, and outperforms the straight-forward solution in communication and computational costs as well as energy consumption.

Ke Gu,Wenbin Zhang,Xingqiang Wang,Xiong Li,Weijia Jia

DOI: https://doi.org/10.1109/TNSM.2023.3267235

2023-01-01

IEEE Transactions on Network and Service Management

Abstract:Compared with cloud computing-based data storage, distributed data storage in fog computing is more vulnerable to malicious attacks. So, it is very necessary to provide a secure distributed auditing mechanism with protecting the identity privacy of data owners and controlling the identities of auditors under fog computing-based data storage. In this paper, we propose a dual attribute-based auditing scheme for fog computing-based data dynamic storage. Our auditing scheme can protect the identity privacy of data owners, and provide an attribute-based access control for corresponding audits with a distributed collaborative verification between related fog servers. In our scheme, a data owner can securely upload his divided and blinded file blocks with corresponding block authenticators (related with his attribute set) to related fog servers. To prevent malicious auditors from consuming system resources by abusing audit requests, the data owner can provide an attribute-based access control for corresponding audits, where the data owner specifies the attribute set of corresponding auditors who have the right to check the integrity of related data. Further, a distributed collaborative verification mechanism between related fog servers is constructed to reduce the disadvantages of centralized verification, where the Shamir's secret-sharing method is used to decompose the picked blinding factor as the shared sub-secrets sent to each fog server respectively. Compared with cloud computing-based data storage, our collaborative verification mechanism can implement distributed auditing consent of stored data between multiple fog servers. Our auditing scheme can further audit out specific suspicious fog servers. Additionally, we provide a dynamic data operation mechanism to efficiently support the updating of users' data under fog computing-based data storage. Furthermore, related theoretical analysis and experimental evaluation show our scheme is secure and efficient.

Ke Gu,XingQiang Wang,Xiong Li

DOI: https://doi.org/10.1109/tsusc.2024.3362074

2024-01-01

IEEE Transactions on Sustainable Computing

Abstract:The security of fog computing has been researched and concerned with its development, where malicious attacks pose a greater threat to distributed data storage based on fog computing. Also, the rapid increasing on the number of terminal devices has raised the importance of fog computing-based distributed data storage. In response to this demand, it is essential to establish a secure and privacy-preserving distributed data auditing method that enables security protection of stored data and effective control over identities of auditors. In this paper, we propose a dynamic outsourced data audit scheme for Merkle hash grid-based fog storage with privacy-preserving, where fog servers are used to undertake partial outsourced computation and data storage. Our scheme can provide the function of privacy-preserving for outsourced data by blinding original stored data, and supports data owners to define their auditing access policies by the linear secret-sharing scheme to control the identities of auditors. Further, the construction of Merkle hash grid is used to improve the efficiency of dynamic data operations. Also, a server locating approach is proposed to enable the third-part auditor to identify specific malicious data fog servers within distributed data storage. Under the proposed security model, the security of our scheme can be proved, which can further provide collusion resistance and privacy-preserving for outsourced data. Additionally, both theoretical and experimental evaluations illustrate the efficiency of our proposed scheme.

Yeojin Kim,Donghyun Kim,Junggab Son,Wei Wang,YoungTae Noh

DOI: https://doi.org/10.1109/icc.2018.8422479

2018-01-01

Abstract:Recently, the concept of fog-cloud storage is attracting lots of attentions to overcome the limit of the central cloud storage. A storage audit scheme aims to ensure user that his/her data on the storage is sound. So far, various audit schemes have been introduced for cloud storages. However, compared to a central cloud storage, a distributed fog-cloud storage consists of multiple local fog storages in addition to a global cloud storage and therefore it is not straightforward to directly apply an existing audit scheme for a cloud storage to a fog-cloud storage. To address this issue, this paper introduces a new fog-cloud storage architecture which can achieve much higher throughput compared to the traditional central cloud storage architecture by reducing the traffics at the routers nearby the cloud storage. The proposed architecture provides transparency such that an end user device does not know the existence of fog storages, and only needs to upload its request toward the central cloud. This means that there is no need to make a modification on the existing end user devices. Our system provides a stronger audit scheme which is naturally coupled with the initial data upload process and does not suffer from the replay attack using old proof of data soundness.

Meng Liu,Xuan Wang,Chi Yang,Zoe Lin Jiang,Ye Li

DOI: https://doi.org/10.1177/1550147716686579

IF: 1.938

2017-01-01

International Journal of Distributed Sensor Networks

Abstract:Nowadays, an increasing number of cloud users including both individuals and enterprises store their Internet of things data in cloud for benefits like cost saving. However, the cloud storage service is often regarded to be untrusted due to their loss of direct control over the data. Hence, it is necessary to verify the integrity of their data on cloud storage servers via a third party. In real cloud systems, it is very important to improve the performance of the auditing protocol. Hence, the well-designed and cost-effective auditing protocol is expected to meet with the performance requirement while the data size is very large in real cloud systems. In this article, we also propose an auditing protocol based on pairing-based cryptography, which can reduce the computation cost compared to the state-of-the-art third-party auditing protocol. Moreover, we also study how to determine the number of sectors to achieve the optimal performance of our auditing protocol in a case of the same challenged data. And an equation for computing the optimal number of sectors is proposed to further improve the performance of our auditing protocol. Both the mathematical analysis method and experiment results show that our solution is more efficient.

Jian Shen,Jun Shen,Xiaofeng Chen,Xinyi Huang,Willy Susilo

DOI: https://doi.org/10.1109/tifs.2017.2705620

IF: 7.231

2017-01-01

IEEE Transactions on Information Forensics and Security

Abstract:With the rapid development of cloud computing, cloud storage has been accepted by an increasing number of organizations and individuals, therein serving as a convenient and on-demand outsourcing application. However, upon losing local control of data, it becomes an urgent need for users to verify whether cloud service providers have stored their data securely. Hence, many researchers have devoted themselves to the design of auditing protocols directed at outsourced data. In this paper, we propose an efficient public auditing protocol with global and sampling blockless verification as well as batch auditing, where data dynamics are substantially more efficiently supported than is the case with the state of the art. Note that, the novel dynamic structure in our protocol consists of a doubly linked info table and a location array. Moreover, with such a structure, computational and communication overheads can be reduced substantially. Security analysis indicates that our protocol can achieve the desired properties. Moreover, numerical analysis and real-world experimental results demonstrate that the proposed protocol achieves a given efficiency in practice.

Chunxiang Xu,Yuan Zhang,Yong Yu,Xiaojun Zhang,Junwei Wen

DOI: https://doi.org/10.3837/tiis.2014.11.032

2014-01-01

KSII Transactions on Internet and Information Systems

Abstract:Cloud storage provides an easy, cost-effective and reliable way of data management for users without the burden of local data storage and maintenance. Whereas, this new paradigm poses many challenges on integrity and privacy of users' data, since users losing grip on their data after outsourcing the data to the cloud server. In order to address these problems, recently, Worku et al. have proposed an efficient privacy-preserving public auditing scheme for cloud storage. However, in this paper, we point out the security flaw existing in the scheme. An adversary, who is on-line and active, is capable of modifying the outsourced data arbitrarily and avoiding the detection by exploiting the security flaw. To fix this security flaw, we further propose a secure and efficient privacy-preserving public auditing scheme, which makes up the security flaw of Worku et al.'s scheme while retaining all the features. Finally, we give a formal security proof and the performance analysis, they show the proposed scheme has much more advantages over the Worku et al.'s scheme.

Jian Zhang,Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/iwqos.2017.7969107

2017-01-01

Abstract:With the development of cloud storage, data owners no longer physically possess their data and thus how to ensure the integrity of their outsourced data becomes a challenging task. Several protocols have been proposed to audit cloud storage, all of which rely mainly on data block tags to check data integrity. However, their block tag constructions employ cryptographic operations, which makes them computationally complex. In this paper, we investigate a secure cloud storage protocol based on the classic discrete logarithm problem. Our protocol generates data block tags with only basic algebraic operations, which brings substantial computation savings compared with previous work. We also strictly prove that the proposed protocol is secure under a definition which captures the real-world uses of cloud storage. In order to fit more application scenarios, we extend the proposed protocol to support data dynamics by employing an index vector and third-party public auditing by using a random masking number, both of which are efficient and provably secure. At last, theoretical analysis and experimental evaluation are provided to validate the superiority of the proposed protocol.

Fei Chen,Fengming Meng,Tao Xiang,Hua Dai,Jianqiang Li,Jing Qin

DOI: https://doi.org/10.1109/tpds.2020.2998462

IF: 5.3

2020-11-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Cloud storage security has gained considerable research efforts with the wide adoption of cloud computing. As a security mechanism, researchers have been investigating cloud storage auditing schemes that enable a user to verify whether the cloud keeps the user's outsourced data undamaged. However, existing schemes have usability issues in compatibility with existing real world cloud storage applications, error-tolerance, and efficiency. To mitigate this usability gap, this article proposes a new general cloud storage auditing scheme that is more usable. The proposed scheme uses the idea of integrating linear error correcting codes and linear homomorphic authentication schemes together. This integration uses only one additional block to achieve error tolerance and authentication simultaneously. To demonstrate the power of the general construction, we also propose one detailed scheme based on the proposed general construction using the Reed Solomon code and the universal hash based MAC authentication scheme, both of which are implemented over the computation-efficient Galois field $mathrm {GF}{(2^8)}$<math> GF (28)</math>. We also show that the proposed scheme is secure under the standard definition. Moreover, we implemented and open-sourced the proposed scheme. Experimental results show that the proposed scheme is orders of magnitude more efficient than the state-of-the-art scheme.

computer science, theory & methods,engineering, electrical & electronic

Hui Tian,Yuxiang Chen,Chin-Chen Chang,Hong Jiang,Yongfeng Huang,Yonghong Chen,Jin Liu

DOI: https://doi.org/10.1109/tsc.2015.2512589

IF: 11.019

2017-01-01

IEEE Transactions on Services Computing

Abstract:Cloud storage is an increasingly popular application of cloud computing, which can provide on-demand outsourcing data services for both organizations and individuals. However, users may not fully trust the cloud service providers (CSPs) in that it is difficult to determine whether the CSPs meet their legal expectations for data security. Therefore, it is critical to develop efficient auditing techniques to strengthen data owners’ trust and confidence in cloud storage. In this paper, we present a novel public auditing scheme for secure cloud storage based on dynamic hash table (DHT), which is a new two-dimensional data structure located at a third parity auditor (TPA) to record the data property information for dynamic auditing. Differing from the existing works, the proposed scheme migrates the authorized information from the CSP to the TPA, and thereby significantly reduces the computational cost and communication overhead. Meanwhile, exploiting the structural advantages of the DHT, our scheme can also achieve higher updating efficiency than the state-of-the-art schemes. In addition, we extend our scheme to support privacy preservation by combining the homomorphic authenticator based on the public key with the random masking generated by the TPA, and achieve batch auditing by employing the aggregate BLS signature technique. We formally prove the security of the proposed scheme, and evaluate the auditing performance by detailed experiments and comparisons with the existing ones. The results demonstrate that the proposed scheme can effectively achieve secure auditing for cloud storage, and outperforms the previous schemes in computation complexity, storage costs and communication overhead.

Yuan Zhang,Chunxiang Xu,Xiaohui Liang,Hongwei Li,Yi Mu,Xiaojun Zhang

DOI: https://doi.org/10.1109/mcc.2016.94

2016-01-01

IEEE Cloud Computing

Abstract:Cloud storage services allow users to outsource their data to cloud servers to save local data storage costs. However, unlike using local storage devices, users do not physically manage the data stored on cloud servers; therefore, the data integrity of the outsourced data has become an issue. Many public verification schemes have been proposed to enable a third-party auditor to verify the data integrity for users. These schemes make an impractical assumption—the auditors have enough computation capability to bear expensive verification costs. In this paper, we propose a novel public verification scheme for the cloud storage using indistinguishability obfuscation, which requires a lightweight computation on the auditor and the delegate most computation to the cloud. We further extend our scheme to support batch verification and data dynamic operations, where multiple verification tasks from different users can be performed efficiently by the auditor and the cloud-stored data can be updated dynamically. Compared with other existing works, our scheme significantly reduces the auditor’s computation overhead. Moreover, the batch verification overhead on the auditor side in our scheme is independent of the number of verification tasks. Our scheme could be practical in a scenario, where the data integrity verifications are executed frequently, and the number of verification tasks (i.e., the number of users) is numerous; even if the auditor is equipped with a low-power device, it can verify the data integrity efficiently. We prove the security of our scheme under the strongest security model proposed by Shi et al. (ACM CCS 2013). Finally, we conduct a performance analysis to demonstrate that our scheme is more efficient than other existing works in terms of the auditor’s communication and computation efficiency.

Xinpeng Zhang,Chunxiang Xu,Xiaojun Zhang

DOI: https://doi.org/10.1155/2015/593759

IF: 1.938

2015-01-01

International Journal of Distributed Sensor Networks

Abstract:With the rapid growth of the distributed sensor networks, the distributed sensor network data security problems begin to attract the attention of people. The previous research of distributed sensor network security has focused on secure information in communication; however the research of secure data storage has been overlooked. As we know, cloud data storage and retrieval have become popular for efficient data management in distributed sensor networks; thus they can enjoy the on-demand high-quality cloud storage service. Meanwhile, it also introduces new security challenges. To tackle with these security challenges, many classic auditing schemes of cloud storage have been proposed. However, these schemes all need very expensive pairing computation, which is not suitable for sensor networks. In this paper, we propose an efficient pairing-free auditing scheme for data storage of distributed sensor networks. We exploit homomorphic message authentication codes (MACs) to reduce the space used to store the verification information. We also employ the random masking technique to make sure the TPA cannot recover the primitive data blocks of the sensor networks data manager. Experimental results show that our auditing scheme is more light-weight than previous auditing schemes and more practical in applied distributed sensor networks environments.

Cong Wang,Qian Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tc.2011.245

2013-01-01

Abstract:Cloud Computing is the long dreamed vision of computing as a utility, where users can remotely store their data into the cloud so as to enjoy the on-demand high quality applications and services from a shared pool of configurable computing resources. By data outsourcing, users can be relieved from the burden of local data storage and maintenance. However, the fact that users no longer have physical possession of the possibly large size of outsourced data makes the data integrity protection in Cloud Computing a very challenging and potentially formidable task, especially for users with constrained computing resources and capabilities. Thus, enabling public auditability for cloud data storage security is of critical importance so that users can resort to an external audit party to check the integrity of outsourced data when needed. To securely introduce an effective third party auditor (TPA), the following two fundamental requirements have to be met: 1) TPA should be able to efficiently audit the cloud data storage without demanding the local copy of data, and introduce no additional on-line burden to the cloud user; 2) The third party auditing process should bring in no new vulnerabilities towards user data privacy. In this paper, we utilize and uniquely combine the public key based homomorphic authenticator with random masking to achieve the privacy-preserving public cloud data auditing system, which meets all above requirements. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multi-user setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis shows the proposed schemes are provably secure and highly efficient.

Fei Chen,Fengming Meng,Zhipeng Li,Li Li,Tao Xiang

DOI: https://doi.org/10.1016/j.jpdc.2024.104870

IF: 4.542

2024-07-01

Journal of Parallel and Distributed Computing

Abstract:Cloud storage auditing is a technique that enables a user to remotely check the integrity of the outsourced data in the cloud storage. Although researchers have proposed various protocols for cloud storage auditing, the proposed schemes are theoretical in nature, which are not fit for existing mainstream cloud storage service practices. To bridge this gap, this paper proposes a cloud storage auditing system that works for current mainstream cloud object storage services. We design the proposed system over existing proof of data possession (PDP) schemes and make them practical as well as usable in the real world. Specifically, we propose an architecture that separates the compute and storage functionalities of a storage auditing scheme. Because cloud object storage only provides read and write interfaces, we leverage a cloud virtual machine to implement the user-defined computations that are needed in a PDP scheme. We store the authentication tags of the outsourced data as an independent object to allow existing popular cloud storage applications, e.g., file online previewing. We also present a cost model to analyze the economic cost of a cloud storage auditing scheme. The cost model allows a user to balance security, efficiency, and economic cost by tuning various system parameters. We implemented, open-sourced the proposed system over a mainstream cloud object storage service. Experimental analysis shows that the proposed system is pretty efficient and promising for a production environment usage. Specifically, for a 40 GB sized data, the proposed system only incurs 1.66% additional storage cost, 3796 bytes communication cost, 2.9 seconds maximum auditing time cost, and 0.9 CNY per auditing monetary cost.

computer science, theory & methods

Zaid Alaa Hussien,Hai Jin,Zaid Ameen Abduljabbar,Ali A. Yassin,Mohammed Abdulridha Hussain,Salah H. Abbdal,Deqing Zou

DOI: https://doi.org/10.1109/ISIAS.2015.7492748

2015-01-01

Abstract:Outsourced data in cloud and computation results are not always trustworthy because data owners lack physical possession and control over the data as a result of virtualization, replication, and migration techniques. Protecting outsourced data from security threats has become a challenging and potentially formidable task in cloud computing; hence, many schemes have focused on ameliorating this problem and on enabling public auditability for cloud data storage security. These schemes drop into two categories: total computation cost and burden on client side. Researchers have used bilinear map technology with public key cryptography. Although this technology is highly efficient, computation time is long and overhead cost is high. The client needs to perform numerous computations to ensure the integrity of data storage. To reduce auditing cost, we propose an efficient and robust scheme to maintain data integrity in cases that involve public auditing. Our scheme adopts modern cipher cryptography with a cryptographic hash function. We consider allowing a third party auditor to preprocess data on behalf of cloud users before uploading them to cloud service providers and then verifying data integrity afterward. Our proposed scheme has important security characteristics, such as privacy, key management, low cost computation, key exchange, low overhead cost, no burden on client side, inability of cloud service providers to create correct verifier respond without data, and one-time key. Finally, efficiency analysis shows that our scheme is faster and more cost-efficient than the bilinear map-based scheme.

Solomon Guadie Worku,Chunxiang Xu,Jining Zhao,Xiaohu He

DOI: https://doi.org/10.1016/j.compeleceng.2013.10.004

2014-01-01

Abstract:Cloud computing poses many challenges on integrity and privacy of users' data though it brings an easy, cost-effective and reliable way of data management. Hence, secure and efficient methods are needed to ensure integrity and privacy of data stored at the cloud. Wang et al. proposed a privacy-preserving public auditing protocol in 2010 but it is seriously insecure. Their scheme is vulnerable to attacks from malicious cloud server and outside attackers regarding to storage correctness. So they proposed a scheme in 2011 with an improved security guarantee but it is not efficient. Thus, in this paper, we proposed a scheme which is secure and with better efficiency. It is a public auditing scheme with third party auditor (TPA), who performs data auditing on behalf of user(s). With detail security analysis, our scheme is proved secure in the random oracle model and our performance analysis shows the scheme is efficient.

Wenyi Tang,Bo Qin,Yanan Li,Qianhong Wu

DOI: https://doi.org/10.3837/tiis.2020.01.016

2020-01-01

Abstract:Fog computing has become a popular concept in the application of internet of things (IoT). With the superiority in better service providing, the edge cloud has become an attractive solution to IoT networks. The data outsourcing scheme of IoT devices demands privacy protection as well as computation verification since the lightweight devices not only outsource their data but also their computation. Existing solutions mainly deal with the operations over encrypted data, but cannot support the computation verification in the same time. In this paper, we propose a data outsourcing scheme based on an encrypted database system with linear computation as well as efficient query ability, and enhance the interlayer program in the original system with homomorphic message authenticators so that the system could perform computational verifying. The tools we use to construct our scheme have been proven secure and valid. With our scheme, the system could check if the cloud provides the correct service as the system asks. The experiment also shows that our scheme could be as effective as the original version, and the extra load in time is neglectable.

Jin Li,Xiao Tan,Xiaofeng Chen,Duncan S. Wong

DOI: https://doi.org/10.1109/incos.2013.185

2013-01-01

Abstract:Cloud Computing moves the application software and databases to the centralized large data centers, where the management of the data and services may not be fully trustworthy. In this work, we study the problem of ensuring the integrity of data storage in Cloud Computing. To reduce the computational cost at user side during the integrity verification of their data, the notion of public verifiability has been proposed. However, the challenge is that the computational burden is too huge for the users to compute the public authentication tags of file blocks. To tackle the challenge, we propose a new cloud storage architecture with two independent cloud servers, that is, the cloud storage server and the cloud audit server, where the latter is assumed to be semi-honest. In particular, we consider the task of allowing the cloud audit server, on behalf of the cloud users, to pre-process the data before uploading to the cloud storage server and later verifying the data integrity. The introduction of cloud audit server eliminates the involvement of user in the auditing and in the pre-processing phases.

Haoming Wang,Yuanhang Zhang,Xu An Wang,Xiaoyuan Yang

DOI: https://doi.org/10.1016/j.heliyon.2024.e36273

IF: 3.776

2024-08-20

Heliyon

Abstract:With the rapid development of informatization, a vast amount of data is continuously generated and accumulated, leading to the emergence of cloud storage services. However, data stored in the cloud is beyond the control of users, posing various security risks. Cloud data auditing technology enables the inspection of data integrity in the cloud without the necessity of data downloading. Among these, public auditing schemes have experienced rapid development due to their ability to avoid additional user auditing expenses. However, malicious third-party auditors can compromise data privacy. This paper proposes an improved identity-based cloud auditing scheme that can resist malicious auditors. This scheme is also constructed on an identity-based public auditing scheme using blockchain to prevent malicious auditing. We found the scheme is not secure because a malicious cloud server can forge authentication tags for outsourced data blocks, while our scheme has not these security flaws. Through security proofs and performance analysis, we further demonstrate that our scheme is secure and efficient. Additionally, our scheme has typical application scenarios.

Gaimei Gao,Hongxia Fei,Zefeng Qin

DOI: https://doi.org/10.1002/cpe.5924

2020-07-18

Concurrency and Computation: Practice and Experience

Abstract:<p>Cloud storage is a mode of online storage in which data are stored on multiple virtual servers usually hosted by third parties. Cloud service providers manage and operate data storage as services. The major concern in cloud storage is the integrity of outsourced data. Many public auditing schemes which authorize the third party auditor (TPA) to check the integrity of outsourced data have been proposed. However, most of them are based on traditional public key cryptosystems. This paper proposes an efficient certificateless public auditing Scheme (CL‐PAS) in cloud storage. In the process of challenge and auditing, CL‐PAS ensures that malicious cloud servers cannot forge auditing evidences to deceive TPA to pass the verification, and prevents curious TPA from recovering original data from auditing evidences. So it strengthens privacy preserving. Security analysis shows that CL‐PAS scheme meets the predetermined security requirements. The simulation and performance analysis results show that, compared with similar schemes, CL‐PAS scheme has the higher efficiency.</p>