Xiaojun Zhang,Jie Zhao,Chunxiang Xu,Huaxiong Wang,Yuan Zhang

DOI: https://doi.org/10.1109/tsc.2019.2942297

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:Public verification enables cloud users to employ a third party auditor (TPA) to check the data integrity. However, recent breakthrough results on quantum computers indicate that applying quantum computers in clouds would be realized. A majority of existing public verification schemes are based on conventional hardness assumptions, which are vulnerable to adversaries equipped with quantum computers in the near future. Moreover, new security issues need to be solved when an original data owner is restricted or cannot access the remote cloud server flexibly. In this paper, we propose an efficient identity-based data outsourcing with public integrity verification scheme (DOPIV) in cloud storage. DOPIV is designed on lattice-based cryptography, which achieves post-quantum security. DOPIV enables an original data owner to delegate a proxy to generate the signatures of data and outsource them to the cloud server. Any TPA can perform data integrity verification efficiently on behalf of the original data owner, without retrieving the entire data set. Additionally, DOPIV possesses the advantages of being identity-based systems, avoiding complex certificate management procedures. We provide security proofs of DOPIV in the random oracle model, and conduct a comprehensive performance evaluation to show that DOPIV is more practical in post-quantum secure cloud storage systems.

computer science, information systems, software engineering

Wei Guo,Hua Zhang,Sujuan Qin,Fei Gao,Zhengping Jin,Wenmin Li,Qiaoyan Wen

DOI: https://doi.org/10.1016/j.future.2019.01.009

IF: 7.307

2019-01-01

Future Generation Computer Systems

Abstract:With the advent of data outsourcing, how to efficiently verify the integrity of data stored at an untrusted cloud service provider (CSP) has become a significant problem in cloud storage. Provable data possession (PDP) is a model that allows clients or a trusted auditor to verify whether CSP possesses the outsourced data without downloading it. However, this model requires clients to tolerate non-negligible computation burden incurred by frequent verifications in private schemes, and does not provide any security assurances when client or/and auditor are dishonest. Therefore, it cannot be directly transformed into a secure outsourced auditing scheme, where any one of three participants (i.e., CSP, client and auditor) may be dishonest and any two participants may be colluded with each other. In this paper, we propose an outsourced dynamic provable data possession (ODPDP) scheme, which migrates frequent auditing task to an external auditor to reduce clients’ verification overhead, and simultaneously provides log audit mechanism with lower computation burden for clients to prevent from dishonest auditor. In addition, we propose a batch update algorithm that can perform and verify multiple update operations at once, avoiding repetitive calculations and transmissions. Security analysis proves that our scheme is secure in the enhanced threat model, and experimental results show that our scheme achieves high efficiency in terms of computation time and communication cost compared with existing outsourced auditing schemes.

Jining Zhao,Chunxiang Xu,Kefei Chen

DOI: https://doi.org/10.1016/j.jisa.2019.04.002

2018-01-01

Abstract:In big data age, flexible cloud service greatly enhances productivity for enterprises and individuals in different applications. When cloud access is restricted, data owner could authorize a proxy to process the data, and upload them to enjoy the powerful cloud storage service. Meanwhile, outsourced data integrity breach becomes a serious security issue for cloud storage. Identity Based Provable Data Possession (PDP) as a critical technology, could enable each data owner to efficiently verify cloud data integrity, without downloading entire copy and complicated public key certificate management issue. But it remains a great challenge for multiple data owners to efficiently and securely perform batch data integrity checking on huge data on different storage clouds, with proxy processing. Yu et al. recently proposed an Identity-Based Public Auditing for Dynamic Outsourced Data with Proxy Processing ( https://doi.org/10.3837/tiis.2017.10.019 ), which tried to address this problem. In this article, we first demonstrate that this scheme is insecure since malicious clouds could pass integrity auditing without original data. Additionally, malicious clouds are able to recover the proxys private key and thus impersonate proxy to arbitrarily forge tags for any modified data. Secondly, in order to repair these security flaws, we propose an improved scheme to enable secure identity based batch public auditing with proxy processing. Thirdly, the security of our improved scheme is proved under CDH hard problem in the random oracle model. The complexity analysis of its performance shows better efficiency over identity-based proxy-oriented data uploading and remote data integrity checking in public cloud on single owner effort on a single cloud, which will benefit big data storage if it is extrapolated in real application.

Henan Institute of Technology,Xu Chunxiang,Zhang Yuan,Chen Kefei

DOI: https://doi.org/10.1007/s10207-020-00486-8

2020-01-01

International Journal of Information Security

Abstract:Cloud storage services allow users to outsource their data to remote cloud servers to relieve from the burden of local data storage and maintenance. Despite the benefits, data outsourcing has also made the data integrity protection in cloud storage a very challenging issue. Plenty of public auditing schemes have been proposed, which allow a third-party auditor to check the data integrity on behalf of users. However, most of these schemes are constructed on homomorphic authenticators, which require strong computation capability on the user side and incur high storage overhead. In this paper, a novel public data integrity auditing scheme is proposed from indistinguishability obfuscation. In our scheme, each user processes the entire data to be outsourced by using only symmetric key primitives, and the server only needs to store the outsourced data. In comparison with existing works, the proposed scheme frees users from the heavy burden on calculating the authenticators and reduces the storage overhead significantly. Moreover, we show the security of the proposed scheme with rigorous proofs. Finally, the performance analysis and comparison with existing works demonstrate the proposed scheme achieves better performance in terms of data processing cost on the user side and storage overhead.

Haibin Yang,Zhengge Yi,Ruifeng Li,Zheng Tu,Xu An Wang,Yuanyou Cui,Xiaoyuan Yang

DOI: https://doi.org/10.1155/2021/1805615

IF: 1.968

2021-07-22

Security and Communication Networks

Abstract:With the advent of data outsourcing, how to efficiently verify the integrity of data stored at an untrusted cloud service provider (CSP) has become a significant problem in cloud storage. In 2019, Guo et al. proposed an outsourced dynamic provable data possession scheme with batch update for secure cloud storage. Although their scheme is very novel, we find that their proposal is not secure in this paper. The malicious cloud server has ability to forge the authentication labels, and thus it can forge or delete the user’s data but still provide a correct data possession proof. Based on the original protocol, we proposed an improved one for the auditing scheme, and our new protocol is effective yet resistant to attacks.

computer science, information systems,telecommunications

Jianming Du,Guofang Dong,Juangui Ning,Zhengnan Xu,Ruicheng Yang

DOI: https://doi.org/10.1038/s41598-024-58325-y

IF: 4.6

2024-03-31

Scientific Reports

Abstract:With the continuous development of cloud computing, the application of cloud storage has become more and more popular. To ensure the integrity and availability of cloud data, scholars have proposed several cloud data auditing schemes. Still, most need help with outsourced data integrity, controlled outsourcing, and source file auditing. Therefore, we propose a controlled delegation outsourcing data integrity auditing scheme based on the identity-based encryption model. Our proposed scheme allows users to specify a dedicated agent to assist in uploading data to the cloud. These authorized proxies use recognizable identities for authentication and authorization, thus avoiding the need for cumbersome certificate management in a secure distributed computing system. While solving the above problems, our scheme adopts a bucket-based red–black tree structure to efficiently realize the dynamic updating of data, which can complete the updating of data and rebalancing of structural updates constantly and realize the high efficiency of data operations. We define the security model of the scheme in detail and prove the scheme's security under the difficult problem assumption. In the performance analysis section, the proposed scheme is analyzed experimentally in comparison with other schemes, and the results show that the proposed scheme is efficient and secure.

multidisciplinary sciences

Jianbing Ni,Xiaodong Lin,Kuan Zhang,Yong Yu,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/iccchina.2016.7636866

2016-01-01

Abstract:With the proliferation of cloud storage, outsourced data transfer becomes an essential requirement for users to migrate their outsourced data from one cloud to another. However, data confidentiality and integrity are big concerns for users when their data are migrating between two semi-honest clouds. In this paper, we propose a secure outsourced data transfer scheme (SODT) to achieve secure data migration in cloud storage. SODT allows users to migrate the remote data from one cloud to another without retrieving the data from the former cloud, such that the data confidentiality and integrity can be achieved during this process. In addition, the cloud can perform secure data erasure after the data are migrated by utilizing the proxy re-encryption technique. Finally, we discuss the security properties including confidentiality and integrity of SODT, and demonstrate its efficiency in terms of the computational and communication overhead.

Chunxiang Xu,Yuan Zhang,Yong Yu,Xiaojun Zhang,Junwei Wen

DOI: https://doi.org/10.3837/tiis.2014.11.032

2014-01-01

KSII Transactions on Internet and Information Systems

Abstract:Cloud storage provides an easy, cost-effective and reliable way of data management for users without the burden of local data storage and maintenance. Whereas, this new paradigm poses many challenges on integrity and privacy of users' data, since users losing grip on their data after outsourcing the data to the cloud server. In order to address these problems, recently, Worku et al. have proposed an efficient privacy-preserving public auditing scheme for cloud storage. However, in this paper, we point out the security flaw existing in the scheme. An adversary, who is on-line and active, is capable of modifying the outsourced data arbitrarily and avoiding the detection by exploiting the security flaw. To fix this security flaw, we further propose a secure and efficient privacy-preserving public auditing scheme, which makes up the security flaw of Worku et al.'s scheme while retaining all the features. Finally, we give a formal security proof and the performance analysis, they show the proposed scheme has much more advantages over the Worku et al.'s scheme.

Songrun Yang,Jinyong Chang

DOI: https://doi.org/10.1007/s10586-023-04239-9

2024-02-14

Cluster Computing

Abstract:In recent years, cloud storage services have risen widely, and how to ensure the integrity of outsourced data in cloud setting catches more and more attention. Kinds of integrity auditing protocols, additionally attaching tags on original data file, have been proposed. In order to compress the storage and communication overheads, Yang et al. presented a compressive auditing technique, which is identity-based and quantum computing resistant. Note that Yang et al. also claimed that their protocol is "suitable" for outsourcing auditing process to third party auditor (TPA). However, in this paper, we first pointed out that Yang et al.'s compressive protocol is essentially private auditing since the data owner needs to confidential transmit secret value to TPA. In fact, if TPA shares this value to cloud service provider (CSP), then Yang et al.'s scheme will become completely insecure. Then, we propose a new identity-based protocol, which is based on lattice and thus still secure in future quantum computing. Meanwhile, our proposed protocol belongs to public auditing instead of private auditing. Finally, we analyze the performance of our proposed protocol, which shows that it is competitive in the cloud storage applications.

computer science, information systems, theory & methods

Lifeng Zhou,Chunguang Li

DOI: https://doi.org/10.1109/access.2016.2535103

IF: 3.9

2016-01-01

IEEE Access

Abstract:Cloud computing enables customers with limited computational resources to outsource their huge computation workloads to the cloud with massive computational power. However, in order to utilize this computing paradigm, it presents various challenges that need to be addressed, especially security. As eigen-decomposition (ED) and singular value decomposition (SVD) of a matrix are widely applied in engineering tasks, we are motivated to design secure, correct, and efficient protocols for outsourcing the ED and SVD of a matrix to a malicious cloud in this paper. In order to achieve security, we employ efficient privacy-preserving transformations to protect both the input and output privacy. In order to check the correctness of the result returned from the cloud, an efficient verification algorithm is employed. A computational complexity analysis shows that our protocols are highly efficient. We also introduce an outsourcing principle component analysis as an application of our two proposed protocols.

Jining Zhao,Chunxiang Xu,Kefei Chen

DOI: https://doi.org/10.3837/tiis.2019.02.030

2019-01-01

KSII Transactions on Internet and Information Systems

Abstract:With delegating proxy to process data before outsourcing, data owners in restricted access could enjoy flexible and powerful cloud storage service for productivity, but still confront with data integrity breach. Identity-based data auditing as a critical technology, could address this security concern efficiently and eliminate complicated owners' public key certificates management issue. Recently, Yu et al. proposed an Identity-Based Public Auditing for Dynamic Outsourced Data with Proxy Processing (https://doi.org/10.3837/tiis.2017.10.019) It aims to offer identity-based, privacy-preserving and batch auditing for multiple owners' data on different clouds, while allowing proxy processing. In this article, we first demonstrate this scheme is insecure in the sense that malicious cloud could pass integrity auditing without original data. Additionally, clouds and owners are able to recover proxy's private key and thus impersonate it to forge tags for any data. Secondly, we propose an improved scheme with provable security in the random oracle model, to achieve desirable secure identity based privacy-preserving batch public auditing with proxy processing. Thirdly, based on theoretical analysis and performance simulation, our scheme shows better efficiency over existing identity-based auditing scheme with proxy processing on single owner and single cloud effort, which will benefit secure big data storage if extrapolating in real application.

Yuan Zhang,Chunxiang Xu,Xiaohui Liang,Hongwei Li,Yi Mu,Xiaojun Zhang

DOI: https://doi.org/10.1109/mcc.2016.94

2016-01-01

IEEE Cloud Computing

Abstract:Cloud storage services allow users to outsource their data to cloud servers to save local data storage costs. However, unlike using local storage devices, users do not physically manage the data stored on cloud servers; therefore, the data integrity of the outsourced data has become an issue. Many public verification schemes have been proposed to enable a third-party auditor to verify the data integrity for users. These schemes make an impractical assumption—the auditors have enough computation capability to bear expensive verification costs. In this paper, we propose a novel public verification scheme for the cloud storage using indistinguishability obfuscation, which requires a lightweight computation on the auditor and the delegate most computation to the cloud. We further extend our scheme to support batch verification and data dynamic operations, where multiple verification tasks from different users can be performed efficiently by the auditor and the cloud-stored data can be updated dynamically. Compared with other existing works, our scheme significantly reduces the auditor’s computation overhead. Moreover, the batch verification overhead on the auditor side in our scheme is independent of the number of verification tasks. Our scheme could be practical in a scenario, where the data integrity verifications are executed frequently, and the number of verification tasks (i.e., the number of users) is numerous; even if the auditor is equipped with a low-power device, it can verify the data integrity efficiently. We prove the security of our scheme under the strongest security model proposed by Shi et al. (ACM CCS 2013). Finally, we conduct a performance analysis to demonstrate that our scheme is more efficient than other existing works in terms of the auditor’s communication and computation efficiency.

Shunrong Jiang,Jianqing Liu,Jingwei Chen,Yiliang Liu,Liangmin Wang,Yong Zhou

DOI: https://doi.org/10.1109/TSC.2022.3199111

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:Cloud outsourcing provides flexible storage and computation services for data users in a low cost, but it brings many security threats as the cloud server may not be fully trusted. Previous secure outsourcing solutions mostly assume that the server is honest-but-curious while the adversary model of a malicious server that may return incorrect results is rarely explored. Moreover, with the increasing popularity of verifiable computations, existing verification schemes are yet not efficient and cannot cater to different scenarios in practice. In this paper, we propose a blockchain-based verifiable search framework for the adversarial cloud outsourcing context. When outsourcing the encrypted data to the cloud or Interplanetary File System (IPFS), we also store the encrypted data index in a decentralized blockchain (i.e., Ethereum in this paper) which is public and cannot be modified. Once a user is authorized, he/she can flexibly obtain the query results and efficiently check the query integrity via the pre-deployed smart contract, without the need of the data owner being online. Moreover, for user's privacy protection, we construct a stealth authorization scheme to deliver the access authorization without any identity disclosure. Finally, theoretical analysis and performance evaluation validate the security and efficiency of our proposed framework.

Solomon Guadie Worku,Chunxiang Xu,Jining Zhao,Xiaohu He

DOI: https://doi.org/10.1016/j.compeleceng.2013.10.004

2014-01-01

Abstract:Cloud computing poses many challenges on integrity and privacy of users' data though it brings an easy, cost-effective and reliable way of data management. Hence, secure and efficient methods are needed to ensure integrity and privacy of data stored at the cloud. Wang et al. proposed a privacy-preserving public auditing protocol in 2010 but it is seriously insecure. Their scheme is vulnerable to attacks from malicious cloud server and outside attackers regarding to storage correctness. So they proposed a scheme in 2011 with an improved security guarantee but it is not efficient. Thus, in this paper, we proposed a scheme which is secure and with better efficiency. It is a public auditing scheme with third party auditor (TPA), who performs data auditing on behalf of user(s). With detail security analysis, our scheme is proved secure in the random oracle model and our performance analysis shows the scheme is efficient.

Xiong Li,Shanpeng Liu,Rongxing Lu

DOI: https://doi.org/10.1109/tifs.2020.2978592

IF: 7.231

2020-01-01

IEEE Transactions on Information Forensics and Security

Abstract:In this paper, we discuss a security weakness of Shen et al.'s public auditing protocol for cloud data [IEEE Transactions on Information Forensics and Security, 12(10): 2402-2415, 2017.]. Specifically, we point out their protocol is vulnerable to a data privacy breach attack, i.e., an adversary, once he compromises the third-party auditor latently, can also obtain all data owners' outsourced data by constructing appropriate challenges. As a result, it breaks the property of "privacy preserving". We hope that by identifying this design flaw, similar weaknesses can be avoided in future designs.

Xiufeng Zhao,Xiang Wang,Hao Xu,Yilei Wang

DOI: https://doi.org/10.1504/ijhpcn.2015.070020

2015-01-01

Abstract:Cloud computing is a distributed computing model, which provides services and resources. As a new type of storage services, cloud storage provides a new method for mass data storage management. Nowadays, more and more users upload their data to cloud storage servers and retrieve data when needed. One of the basic tasks of cloud storage is to guarantee the integrity between retrieved and uploaded data. Therefore, data integrity checking of cloud storage becomes a key issue. This paper proposes a privacy-preserving public verifying cloud data integrity checking protocol. To achieve security against quantum computer attacks, we resort to constructing homomorphic linear authenticator based on a lattice-based homomorphic signature algorithm. To eliminate data content exposure to achieve privacy, we use the blind checking technique. Theoretical analysis indicates that our scheme achieves security against malicious cloud server and privacy against third party auditor TPA, and resists the known-proof forgery attack. Compared with other protocols, our protocol does not resort to rank-based authenticated skip list, saving storage and communication overhead. Furthermore, it makes use of matrix-vector multiplication operation, avoiding great amount of module exponential operation, which reduces the computational labour for cloud server and TPA.

Han Wang,Xu An Wang,Shuai Xiao,JiaSen Liu

DOI: https://doi.org/10.1007/s12652-020-02432-x

IF: 3.662

2020-08-06

Journal of Ambient Intelligence and Humanized Computing

Abstract:The rapid popularization of cloud computing and ultra-high-speed Internet has promoted the vigorous development of data sharing and collaborative office, especially in Big Data and AI. Aiming at protecting the security of users' data, researchers developed PDP scheme to verify data. However, existing schemes all rely on semi-trusted Third Party Auditor (TPA) or group management to store verification information. In order to solve this problem, we propose a distributed data integrity audit scheme based on blockchain. This scheme provides a brand-new method, which allows customers to store data safely without relying on any specific TPA and protect users' privacy at a lower cost. For the new concept, this paper points out the problems of the existing scheme and puts forward system model and security model. Then, a decentralized data integrity audit scheme using blockchain is designed. The proposed private PDP scheme based on blockchain is provably secure. At the same time, the security analysis and efficiency analysis show that the proposed PDP scheme is safe, efficient and practical.

computer science, information systems,telecommunications, artificial intelligence

Genqing Bian,Rui Zhang,Bilin Shao

DOI: https://doi.org/10.1109/access.2022.3166920

IF: 3.9

2022-01-01

IEEE Access

Abstract:The remote data possession checking mechanism can effectively verify the integrity of outsourced data, which can usually be divided into public verification and private verification. The verifier of public verification can be any cloud user, while private verification can only be the data owner. However, in most practical situations, the data owner expects that only a specific verifier can perform integrity checking tasks and that verifier cannot gain any knowledge about the data. Yan et al. proposed a remote data possession checking scheme with the designated verifier, which can guarantee that only the designated verifier can check data integrity, whereas others cannot do it. However, this scheme relies on public key infrastructure technology and does not consider data privacy protection issues. To overcome these shortcomings, we propose an identity-based remote data possession checking scheme that satisfies the data owner's requirement to specify a unique verifier. Moreover, in this scheme, we use a random integer to blind data integrity proof to protect data privacy and use Merkle hash tree structure to achieve dynamic update of data. At the same time, our scheme can avoid the complex certificate management in public key infrastructure. We proved the safety of our scheme based on the discrete logarithm assumption and the computational Diffie-Hellman assumption. Theoretical analysis and experimental results show that our scheme is feasible and effective in practical applications.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiaojun Zhang,Chunxiang Xu

DOI: https://doi.org/10.1109/CSE.2014.334

2014-01-01

Abstract:In this paper, we propose a post-quantum secure cloud storage system supporting privacy-preserving public auditing scheme from lattice assumption. In our public auditing scheme, we introduce a third party auditor (TPA), which can efficiently audit the cloud storage data, bringing no additional on-line burden to the users. We utilize preimage sample able functions to realize our lattice-based signature, thus can be considered as random masking to make sure the TPA can not recover the primitive data blocks of the users. Based on the inhomogeneous small integer solution assumption (ISIS), our public auditing scheme is proved secure against the data lost attacks and tamper attacks from the cloud service providers. To the best of our knowledge, we construct the first identity-based public auditing for secure cloud storage from lattice assumption, which is an interesting stepping stone in the post-quantum cryptographic communication.

Yong Yu,Yannan Li,Bo Yang,Willy Susilo,Guomin Yang,Jian Bai

DOI: https://doi.org/10.1109/tetc.2017.2759329

2020-01-01

IEEE Transactions on Emerging Topics in Computing

Abstract:Outsourced storage such as cloud storage can significantly reduce the burden of data management of data owners. Despite of a long list of merits of cloud storage, it triggers many security risks at the same time. Data integrity, one of the most burning challenges in secure cloud storage, is a fundamental and pivotal element in outsourcing services. Outsourced data auditing protocols enable a verifier to efficiently check the integrity of the outsourced files without downloading the entire file from the cloud, which can dramatically reduce the communication overhead between the cloud server and the verifier. Existing protocols are mostly based on public key infrastructure or an exact identity, which lacks flexibility of key management. In this paper, we seek to address the complex key management challenge in cloud data integrity checking by introducing attribute-based cloud data auditing, where users can upload files to cloud through some customized attribute set and specify some designated auditor set to check the integrity of the outsourced data. We formalize the system model and the security model for this new primitive, and describe a concrete construction of attribute-based cloud data integrity auditing protocol. The new protocol offers desirable properties namely attribute privacy-preserving and collusion-resistance. We prove soundness of our protocol based on the computational Diffie-Hellman assumption and the discrete logarithm assumption. Finally, we develop a prototype of the protocol which demonstrates the practicality of the protocol.