Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/tnet.2021.3058130

2021-01-01

Abstract:With the widespread application of cloud storage, ensuring the integrity of user outsourced data catches more and more attention. To remotely check the integrity of cloud storage, plenty of protocols have been proposed, implemented by checking the equation constructed by the aggregated blocks, tags, and indices. However, the verifier only has the knowledge of the indices of the audited blocks and tags, which thus requires the cloud to store both data blocks and tags for integrity verification. In this article, we present a compressive secure cloud storage protocol inspired by Goldreich-Goldwasser-Halevi (GGH) cryptosystem. Since the aggregated blocks can be reconstructed from the aggregated tags without the help of data indices, the cloud can only store data tags for providing the verifiable integrity proof. In this way, communication and storage costs can be hugely reduced and user private information can be hidden from the cloud. Furthermore, the proposed protocol only contains a few basic algebraic operations, making it highly efficient. We also provide formal security proof of the proposed protocol regarding forge, replay and replace attacks. In addition, we explore a new technique to support data dynamics. Furthermore, we establish a generic framework of compressive secure cloud storage protocols. Finally, we provide the theoretical analysis and experimental results, which further validate the effectiveness of the proposed protocol.

Qingxuan Wang,Chi Cheng,Rui Xu,Jintai Ding,Zhe Liu

DOI: https://doi.org/10.1109/TSC.2020.3041324

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:Recently, Zhang et al. proposed a lattice-based data outsourcing scheme with public integrity verification (DOPIV), which enables an original data owner to delegate a proxy to generate the signatures of data and outsource them to the cloud server. They employed a third party auditor (TPA) to check the integrity of the outsourced data and any TPA can verify the data integrity efficiently. DOPIV is claimed to achieve proxy-oriented secure data outsourcing as well as storage correctness guarantee. Unfortunately, we find that there exist vulnerabilities in DOPIV which allow the cloud server to simply delete the received data without being noticed by the TPA. Fortunately, we come up with a simple and efficient solution to thwart the proposed attack. Our improved scheme maintains all the features claimed in DOPIV.

Hongyi Su,Geng Yang,and Dawei Li

2011-01-01

Abstract:Data storage is an important application of cloud computing. With a cloud computing platform, the burden of local data storage can be reduced. However, services and applications in a cloud may come from different providers, and creating an efficient protocol to protect privacy is critical. We propose a verification protocol for cloud database entries that protects against untrusted service providers. Based on identity-based encryption （IBE） for cloud storage, this protocol guards against breaches of privacy in cloud storage. It prevents service providers from easily constructing cloud storage and forging the signature of data owners by secret sharing. Simulation results confirm the availability and efficiency of the proposed protocol.

Yongjun Ren,Jian Shen,Jin Wang,Jin Han,Sungyoung Lee

DOI: https://doi.org/10.6138/jit.2015.16.2.20140918

2015-01-01

Abstract:Cloud storage is now a hot research topic in information technology. In cloud storage, date security properties such as data confidentiality, integrity and availability become more and more important in many commercial applications. Recently, many provable data possession (PDP) schemes are proposed to protect data integrity. In some cases, it has to delegate the remote data possession checking task to some proxy. However, these PDP schemes are not secure since the proxy stores some state information in cloud storage servers. Hence, in this paper, we propose an efficient mutual verifiable provable data possession scheme, which utilizes Diffie-Hellman shared key to construct the homomorphic authenticator. In particular, the verifier in our scheme is stateless and independent of the cloud storage service. It is worth noting that the presented scheme is very efficient compared with the previous PDP schemes, since the bilinear operation is not required.

Lifeng Zhou,Chunguang Li

DOI: https://doi.org/10.1109/access.2015.2505720

IF: 3.9

2015-01-01

IEEE Access

Abstract:Cloud computing provides service for resource-constrained customers to perform large-scale scientific computation. However, it also brings some new challenges, which have to be considered in designing outsourcing protocols. In recent years, a few outsourcing protocols have been proposed for different kinds of problems. Quadratic programming (QP) is a class of mathematical optimization problem, and solving a large-scale QP problem requires a large amount of computation. Thus, there is a great need for customer to outsource large-scale QP problem to cloud. In this paper, we design a secure, verifiable, and efficient outsourcing protocol for QP problem. For security consideration, we encrypt the matrices and vectors contained in the QP problem in an efficient way. After cloud computing, we decrypt the result to get the ultimate solution. To ensure correctness, we verify the result returned by the cloud through Karush Kuhn Tucker conditions that are the necessary and sufficient conditions for the optimal solution. We also present complexity analysis and numerical simulations to illustrate the efficiency of our outsourcing protocol.

Lifeng Zhou,Chunguang Li

DOI: https://doi.org/10.1109/access.2016.2535103

IF: 3.9

2016-01-01

IEEE Access

Abstract:Cloud computing enables customers with limited computational resources to outsource their huge computation workloads to the cloud with massive computational power. However, in order to utilize this computing paradigm, it presents various challenges that need to be addressed, especially security. As eigen-decomposition (ED) and singular value decomposition (SVD) of a matrix are widely applied in engineering tasks, we are motivated to design secure, correct, and efficient protocols for outsourcing the ED and SVD of a matrix to a malicious cloud in this paper. In order to achieve security, we employ efficient privacy-preserving transformations to protect both the input and output privacy. In order to check the correctness of the result returned from the cloud, an efficient verification algorithm is employed. A computational complexity analysis shows that our protocols are highly efficient. We also introduce an outsourcing principle component analysis as an application of our two proposed protocols.

Yang Yang,Yanjiao Chen,Fei Chen,Jing Chen

DOI: https://doi.org/10.1109/tifs.2022.3159152

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Cloud storage is more and more prevalent in practice, and thus how to check its integrity becomes increasingly essential. A classical solution is identity-based (ID-based) provable data possession (PDP), which supports certificateless cloud storage auditing without entire user data. However, existing ID-PDP protocols always require that cloud users outsource data blocks, authenticators and a small-sized file tag to the cloud, and make use of the heavy elliptic curve cryptography over bilinear pairing. These disadvantages would result in vast storage, communication, and computation costs, which is unexpected, especially for resource-limited cloud users. To improve the performance, this paper proposes a novel cryptographic primitive: ID-based PDP with compressed cloud storage. In this model, cloud storage auditing can be achieved by using only encrypted data blocks in a self-verified way, and original data blocks can be reconstructed from the outsourced data. Thus, data owners no longer need to store original data blocks on the cloud. We also use some basic algebraic operations to realize a concrete ID-based PDP protocol with compressed cloud storage, which is quite efficient due to no heavy cryptographic operations involved. The proposed protocol can easily be extended to support the other practical functions by using the primitive replacement technique. The proposed protocol is strictly proven to have the properties of correctness, privacy, unforgeability and detectability. Finally, we give plenty of theoretical analysis and experimental results to validate the efficiency of the proposed protocol.

computer science, theory & methods,engineering, electrical & electronic

Jiang Xu,Jin Han,Yongjun Ren,Jin Wang

DOI: https://doi.org/10.14257/astl.2014.79.22

2014-01-01

Abstract:Cloud storage is now an important development trend in information technology. To ensure the integrity of data storage in cloud storing, researchers have present some proof of storage schemes. In some cases, the ability to check data possession is delegated by data owners. Hence, the delegable provable data possession and proxy provable data possession are proposed. However the schemes are not secure since the proxy or designated verifier stores some delegation information in cloud storage servers. In this paper, we propose PC-DV POS scheme, which can preserve clients' privacy and designate a verifier by the client signed the data blocks. In particular, we utilize group signatures and key exchange to construct homomorphic authenticators, so that only the designated verifier is able to check the integrity of shared data for users without retrieving the entire data, and cannot reveal the identities of signers on all blocks in shared data.

D. Dhinakaran,D. Selvaraj,N. Dharini,S. Edwin Raja,C. Sakthi Lakshmi Priya

2024-07-09

Abstract:The intersection of cloud computing, blockchain technology, and the impending era of quantum computing presents a critical juncture for data security. This research addresses the escalating vulnerabilities by proposing a comprehensive framework that integrates Quantum Key Distribution (QKD), CRYSTALS Kyber, and Zero-Knowledge Proofs (ZKPs) for securing data in cloud-based blockchain systems. The primary objective is to fortify data against quantum threats through the implementation of QKD, a quantum-safe cryptographic protocol. We leverage the lattice-based cryptographic mechanism, CRYSTALS Kyber, known for its resilience against quantum attacks. Additionally, ZKPs are introduced to enhance data privacy and verification processes within the cloud and blockchain environment. A significant focus of this research is the performance evaluation of the proposed framework. Rigorous analyses encompass encryption and decryption processes, quantum key generation rates, and overall system efficiency. Practical implications are scrutinized, considering factors such as file size, response time, and computational overhead. The evaluation sheds light on the framework's viability in real-world cloud environments, emphasizing its efficiency in mitigating quantum threats. The findings contribute a robust quantum-safe and ZKP-integrated security framework tailored for cloud-based blockchain storage. By addressing critical gaps in theoretical advancements, this research offers practical insights for organizations seeking to secure their data against quantum threats. The framework's efficiency and scalability underscore its practical feasibility, serving as a guide for implementing enhanced data security in the evolving landscape of quantum computing and blockchain integration within cloud environments.

Cryptography and Security

Zhen Xu,Cong Wang,Kui Ren,Lingyu Wang,Bingsheng Zhang

DOI: https://doi.org/10.1109/tifs.2014.2352457

2013-01-01

Abstract:Cloud computing provides a “pay-per-use” utility service which offers the customer the economical access to large amount of computing resources with minimal management overhead. Despite the tremendous benefits, computation outsourcing also eliminates the customer's ultimate control over the data computation process, which makes securing cloud computation an imperative and challenging task, especially in the aspect of integrity verification. To address these challenges, in this paper we propose to research on integrity verification mechanisms for secure outsourced computations in cloud computing. In particular, we focus on outsourcing the widely applicable engineering optimization problem, i.e., convex optimization, and aim to investigate efficient integrity verification mechanisms using application-specific techniques. Our security design does not require the use of heavy cryptographic tools. Instead, we leverage the inherent structure of the optimization problems and the proof-carrying characteristics of the solving algorithms to achieve efficient integrity verification. The proposed design provides substantial computational savings on the customer side and introduce marginal overhead on the cloud side. We further prove its correctness and soundness. The extensive experiments under real cloud environment show our mechanisms ensure strong integrity assurance with high efficiency on both the customer and cloud sides and are readily applicable in practice.

Genqing Bian,Rui Zhang,Bilin Shao

DOI: https://doi.org/10.1109/access.2022.3166920

IF: 3.9

2022-01-01

IEEE Access

Abstract:The remote data possession checking mechanism can effectively verify the integrity of outsourced data, which can usually be divided into public verification and private verification. The verifier of public verification can be any cloud user, while private verification can only be the data owner. However, in most practical situations, the data owner expects that only a specific verifier can perform integrity checking tasks and that verifier cannot gain any knowledge about the data. Yan et al. proposed a remote data possession checking scheme with the designated verifier, which can guarantee that only the designated verifier can check data integrity, whereas others cannot do it. However, this scheme relies on public key infrastructure technology and does not consider data privacy protection issues. To overcome these shortcomings, we propose an identity-based remote data possession checking scheme that satisfies the data owner's requirement to specify a unique verifier. Moreover, in this scheme, we use a random integer to blind data integrity proof to protect data privacy and use Merkle hash tree structure to achieve dynamic update of data. At the same time, our scheme can avoid the complex certificate management in public key infrastructure. We proved the safety of our scheme based on the discrete logarithm assumption and the computational Diffie-Hellman assumption. Theoretical analysis and experimental results show that our scheme is feasible and effective in practical applications.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jiguo Li,Hao Yan,Yichen Zhang

DOI: https://doi.org/10.1109/jsyst.2020.2978146

IF: 4.802

2021-03-01

IEEE Systems Journal

Abstract:Although cloud storage service enables people easily maintain and manage amounts of data with lower cost, it cannot ensure the integrity of people's data. In order to audit the correctness of the data without downloading them, many remote data integrity checking (RDIC) schemes have been presented. Most existing schemes ignore the important issue of data privacy preserving and suffer from complicated certificate management derived from public key infrastructure. To overcome these shortcomings, this article proposes a new Identity-based RDIC scheme that makes use of homomorphic verifiable tag to decrease the system complexity. The original data in proof are masked by random integer addition, which protects the verifier from obtaining any knowledge about the data during the integrity checking process. Our scheme is proved secure under the assumption of computational Diffie–Hellman problem. Experiment result exhibits that our scheme is very efficient and feasible for real-life applications.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Anmin Fu,Yuhan Li,Shui Yu,Yan Yu,Gongxuan Zhang

DOI: https://doi.org/10.1016/j.jnca.2017.12.007

IF: 7.574

2018-01-01

Journal of Network and Computer Applications

Abstract:As cloud storage has become more and more ubiquitous, there are a large number of consumers renting cloud storage services. However, as users lose direct control over the data, the integrity and availability of the outsourced data become a big concern for users. Accordingly, how to verify the integrity of stored data and retrieve the availability of the corrupted data has become an urgent problem. Moreover, in most cases, users' data is not always static, but needs to be updated. In this paper, we propose a dynamic proof of retrievability scheme for cloud storage system, named as DIPOR. The DIPOR not only can retrieve the original data of corrupted blocks by using partial healthy data stored in healthy servers, but also support for updating operations of data. Furthermore, the number of forks in our scheme is not fixed, which means we can always look for the optimal forks based on the number of data blocks. In addition, the security analysis indicates that our scheme is provably secure and the performance evaluations show the efficiency of the proposed scheme.

Yanyan Ji,Bilin Shao,Jinyong Chang,Genqing Bian

DOI: https://doi.org/10.1007/s10586-021-03408-y

2021-09-09

Cluster Computing

Abstract:Provable data possession (PDP) protocol is a mechanism that guarantees the integrity of user's cloud data, and many efficient protocols have been proposed. Many of them ignore data's privacy against the third-party auditor (TPA) and also suffer from intricate management of certificates, which heavily relies on the public key infrastructure (PKI). In order to overcome the two shortcomings, Li et al. recently proposed an "identity-based" (IB) PDP protocol with the privacy-preserving property (IEEE Syst J, https://doi.org/10.1109/JSYST.2020.2978146). However, we find out that (1) their protocol has great communication overhead, (2) a PKI-based signature scheme is used as a building block, which results in their protocol is not completely identity-based. Hence, in this paper, we try to improve the performance of this protocol. Concretely, by adopting flexible data-splitting and tag-aggregating techniques, we can greatly reduce its communication overhead. A concrete example shows that the total communication overhead can be reduced over 99%. Moreover, by replacing with an identity-based signature, we can twist this protocol into a complete IB-PDP protocol.

English Else

Haifeng Li,Yuxin Wang,Xingbing Fu,Caihui Lan,Caifen Wang,Fagen Li,He Guo

DOI: https://doi.org/10.1016/j.jisa.2021.102927

IF: 4.96

2021-09-01

Journal of Information Security and Applications

Abstract:To reduce the local storage burden and enjoy the conveniently ubiquitous access, an increasing number of individuals and enterprises prefer to outsource their data to the cloud server. Due to the loss of physical control over data, how to guarantee the cloud server stores user's data honestly becomes an important security challenge. Meanwhile, most of existing public auditing schemes based on traditional public key cryptosystem either suffer from bearing the heavy burden of certificate management or possess an inherent key escrow drawback. Even worse, with the advent of powerful quantum computers, most of them could be cracked quickly by a large-scale quantum computer in polynomial time in the near future. To this end, we propose a novel post-quantum secure certificateless public auditing scheme in cloud storage (PSCPAC) from lattice assumptions. Compared with the existing schemes, our novel scheme enjoys the following promising merits: (1) removing the requirement for complicated certificate management in traditional PKI-based public auditing schemes; (2) eliminating the inherent key escrow problem in ID-based public auditing schemes; (3) providing resistance against quantum computers attacks. Correctness, security and performance analysis demonstrate that PSCPAC is provably secure, highly efficient and more practical for post-quantum security in cloud storage public auditing.

computer science, information systems

Songrun Yang,Jinyong Chang

DOI: https://doi.org/10.1007/s10586-023-04239-9

2024-02-14

Cluster Computing

Abstract:In recent years, cloud storage services have risen widely, and how to ensure the integrity of outsourced data in cloud setting catches more and more attention. Kinds of integrity auditing protocols, additionally attaching tags on original data file, have been proposed. In order to compress the storage and communication overheads, Yang et al. presented a compressive auditing technique, which is identity-based and quantum computing resistant. Note that Yang et al. also claimed that their protocol is "suitable" for outsourcing auditing process to third party auditor (TPA). However, in this paper, we first pointed out that Yang et al.'s compressive protocol is essentially private auditing since the data owner needs to confidential transmit secret value to TPA. In fact, if TPA shares this value to cloud service provider (CSP), then Yang et al.'s scheme will become completely insecure. Then, we propose a new identity-based protocol, which is based on lattice and thus still secure in future quantum computing. Meanwhile, our proposed protocol belongs to public auditing instead of private auditing. Finally, we analyze the performance of our proposed protocol, which shows that it is competitive in the cloud storage applications.

computer science, information systems, theory & methods

Yingjie Xia,Fubiao Xia,Xuejiao Liu,Xin Sun,Yuncai Liu,Yi Ge

DOI: https://doi.org/10.3837/tiis.2014.10.019

2014-01-01

Abstract:The increasing demand in promoting cloud computing in either business or other areas requires more security of a cloud storage system. Traditional cloud storage systems fail to protect data integrity information (DII), when the interactive messages between the client and the data storage server are sniffed. To protect DII and support public verifiability, we propose a data integrity verification scheme by deploying a designated confirmer signature DCS as a building block. The DCS scheme strikes the balance between public verifiable signatures and zero-knowledge proofs which can address disputes between the cloud storage server and any user, whoever acting as a malicious player during the two-round verification. In addition, our verification scheme remains blockless and stateless, which is important in conducting a secure and efficient cryptosystem. We perform security analysis and performance evaluation on our scheme, and compared with the existing schemes, the results show that our scheme is more secure and efficient.

Jian Zhang,Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/iwqos.2017.7969107

2017-01-01

Abstract:With the development of cloud storage, data owners no longer physically possess their data and thus how to ensure the integrity of their outsourced data becomes a challenging task. Several protocols have been proposed to audit cloud storage, all of which rely mainly on data block tags to check data integrity. However, their block tag constructions employ cryptographic operations, which makes them computationally complex. In this paper, we investigate a secure cloud storage protocol based on the classic discrete logarithm problem. Our protocol generates data block tags with only basic algebraic operations, which brings substantial computation savings compared with previous work. We also strictly prove that the proposed protocol is secure under a definition which captures the real-world uses of cloud storage. In order to fit more application scenarios, we extend the proposed protocol to support data dynamics by employing an index vector and third-party public auditing by using a random masking number, both of which are efficient and provably secure. At last, theoretical analysis and experimental evaluation are provided to validate the superiority of the proposed protocol.

Yuhan Li,Anmin Fu,Yan Yu,Gongxuan Zhang

DOI: https://doi.org/10.1109/icc.2017.7997106

2017-01-01

Abstract:With the arrival of big data era, cloud storage has become more ubiquitous. A growing number of consumers remote their data into cloud, as cloud can provide them with ample storage space and powerful computational capacity. However, storing data in cloud means that data is out of their control. How to verify the integrity of stored data and retrieve the corrupted data has become an urgent security problem. In this paper, we propose a new efficient proof of retrievability scheme, named as IPOR, for cloud storage systems. The IPOR not only can verify the integrity of remote data, but also can retrieve the original data of corrupted blocks from the healthy servers with probability 100%. Moreover, IPOR obviously decreases the complexity of data integrity tags and it requires performing a few multiplication and addition operations to retrieve the corrupted data. Therefore, our scheme is much more efficient than the state-of-the-art schemes. In addition, the security analysis indicates that our scheme is provably secure.