Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/tnet.2021.3058130

2021-01-01

Abstract:With the widespread application of cloud storage, ensuring the integrity of user outsourced data catches more and more attention. To remotely check the integrity of cloud storage, plenty of protocols have been proposed, implemented by checking the equation constructed by the aggregated blocks, tags, and indices. However, the verifier only has the knowledge of the indices of the audited blocks and tags, which thus requires the cloud to store both data blocks and tags for integrity verification. In this article, we present a compressive secure cloud storage protocol inspired by Goldreich-Goldwasser-Halevi (GGH) cryptosystem. Since the aggregated blocks can be reconstructed from the aggregated tags without the help of data indices, the cloud can only store data tags for providing the verifiable integrity proof. In this way, communication and storage costs can be hugely reduced and user private information can be hidden from the cloud. Furthermore, the proposed protocol only contains a few basic algebraic operations, making it highly efficient. We also provide formal security proof of the proposed protocol regarding forge, replay and replace attacks. In addition, we explore a new technique to support data dynamics. Furthermore, we establish a generic framework of compressive secure cloud storage protocols. Finally, we provide the theoretical analysis and experimental results, which further validate the effectiveness of the proposed protocol.

Yang Yang,Yanjiao Chen,Fei Chen,Jing Chen

DOI: https://doi.org/10.1109/jiot.2021.3121678

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Remote data integrity auditing ensures the integrity of cloud storage. In practice, cloud users may not want their sensitive data to be exposed to others. Thus, it is meaningful to investigate how to realize data sharing with sensitive information hiding in cloud storage auditing. Up to now, cloud storage has been proven to achieve the sensitive information hiding property through a third-party sanitizer dedicated to sanitize user data, which leads to high outlays on purchasing and maintaining a special server. To meet this challenge, we design a novel cloud storage auditing protocol to support sensitive information hiding without the need of a third-party sanitizer. In addition, our scheme allows data owners to enable or disable other users to access their sensitive information with the help of the cloud that dose not deviate from the agreement during access control. To be specific, only after receiving the delegations from the data owner, the users can compute the valid warrants that can pass the access verification of the cloud. The proposed protocol is built on identity-based cryptography, thus avoiding the complex certificate management. We validate the advantages of the proposed protocol through massive theoretical analysis and experimental results.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zizhou Sun,Yahui Yang,Qingni Shen,Zhonghai Wu,Xiaochen Li

DOI: https://doi.org/10.1007/978-3-319-29814-6_28

2015-01-01

Abstract:Outsourcing data to are remote cloud service provider allows organizations or individual users to store more data on the cloud storage than on private computer systems. However, a specific problem encountered in cloud storage is how to ensure user’s confidence of the integrity of their outsourced data on cloud. One important approach is Proof of Retrievability (POR) which allows a verifier to check and repair the data stored in the cloud server. However, most of existing PORs can only deal with static data and provide one single recovery method which may lead to inefficiency and inflexibility. To address these cloud storage issues, we propose a map-based dynamic data integrity verification and recovery scheme in cloud storages. We first present two recovery methods with different granularity and introduce a new data structure. Relying on algebraic signature with homomorphism property, our integrity verification is highly efficient. Furthermore, our solution can prevent multiple cloud servers from colluding to fabricate consistent signatures.

Ying Miao,Yapeng Miao,Xuexue Miao

DOI: https://doi.org/10.1007/s10619-024-07446-4

IF: 0.974

2024-11-09

Distributed and Parallel Databases

Abstract:To improve the data security and integrity of the outsourced data, storing multiple copies of data on multiple cloud servers is a good way. Many public Provable Data Possession (PDP) schemes in multiple cloud servers have been proposed in recent years. However, in some scenarios, the Data Owner (DO) may not want anyone (e.g. a stranger) to check the integrity of their data. Nevertheless, few schemes consider the fault's location function when the data auditing fails. Another problem is that anyone can make a challenge for the Cloud Server (CS) in the PDP schemes. Some access control strategies are necessary to reduce the waste of computation power resources of the CS. To solve these problems, we propose a certificateless and designed-verifier auditing scheme in multi-cloud storage environments. In our scheme, we utilize certificateless signature combined with a delegation key to achieve designed-verifier auditing. We design a secret Merkle Hash Tree (MHT) to locate the faults of CSs and data blocks. We utilize Zero-Knowledge Proof (ZKP) to achieve access control. Theoretical and experimental evaluation show that the proposed scheme is efficient and practical.

computer science, information systems, theory & methods

Jingting Xue,Chunxiang Xu,Jining Zhao,Jianfeng Ma

DOI: https://doi.org/10.1007/s11432-018-9462-0

2019-01-01

Abstract:Cloud storage systems provide users with convenient data storage services, which allow users to access and update outsourced data remotely. However, these cloud storage services do not guarantee the integrity of the data that users store in the cloud. Thus, public auditing is necessary, in which a third-party auditor (TPA) is delegated to audit the integrity of the outsourced data. This system allows users to enjoy on-demand cloud storage services without the burden of continually auditing their data integrity. However, certain TPAs might deviate from the public auditing protocol and/or collude with the cloud servers. In this article, we propose an identity-based public auditing (IBPA) scheme for cloud storage systems. In IBPA, the nonces in a blockchain are employed to construct unpredictable and easily verified challenge messages, thereby preventing the forging of auditing results by malicious TPAs to deceive users. Users need only to verify the TPAs' auditing results in batches to ensure the integrity of their data that are stored in the cloud. A detailed security analysis shows that IBPA can preserve data integrity against various attacks. In addition, a comprehensive performance evaluation demonstrates that IBPA is feasible and efficient.

Jiguo Li,Hao Yan,Yichen Zhang

DOI: https://doi.org/10.1109/jsyst.2020.2978146

IF: 4.802

2021-03-01

IEEE Systems Journal

Abstract:Although cloud storage service enables people easily maintain and manage amounts of data with lower cost, it cannot ensure the integrity of people's data. In order to audit the correctness of the data without downloading them, many remote data integrity checking (RDIC) schemes have been presented. Most existing schemes ignore the important issue of data privacy preserving and suffer from complicated certificate management derived from public key infrastructure. To overcome these shortcomings, this article proposes a new Identity-based RDIC scheme that makes use of homomorphic verifiable tag to decrease the system complexity. The original data in proof are masked by random integer addition, which protects the verifier from obtaining any knowledge about the data during the integrity checking process. Our scheme is proved secure under the assumption of computational Diffie–Hellman problem. Experiment result exhibits that our scheme is very efficient and feasible for real-life applications.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Yong Yu,Liang Xue,Man Ho Au,Willy Susilo,Jianbing Ni,Yafang Zhang,Athanasios V. Vasilakos,Jian Shen

DOI: https://doi.org/10.1016/j.future.2016.02.003

IF: 7.307

2016-01-01

Future Generation Computer Systems

Abstract:Cloud data auditing is extremely essential for securing cloud storage since it enables cloud users to verify the integrity of their outsourced data efficiently. The computation overheads on both the cloud server and the verifier can be significantly reduced by making use of data auditing because there is no necessity to retrieve the entire file but rather just use a spot checking technique. A number of cloud data auditing schemes have been proposed recently, but a majority of the proposals are based on Public Key Infrastructure (PKI). There are some drawbacks in these protocols: (1) It is mandatory to verify the validity of public key certificates before using any public key, which makes the verifier incur expensive computation cost. (2) Complex certificate management makes the whole protocol inefficient. To address the key management issues in cloud data auditing, in this paper, we propose ID-CDIC, an identity-based cloud data integrity checking protocol which can eliminate the complex certificate management in traditional cloud data integrity checking protocols. The proposed concrete construction from RSA signature can support variable-sized file blocks and public auditing. In addition, we provide a formal security model for ID-CDIC and prove the security of our construction under the RSA assumption with large public exponents in the random oracle model. We demonstrate the performance of our proposal by developing a prototype of the protocol. Implementation results show that the proposed ID-CDIC protocol is very practical and adoptable in real life.

Zirui Guo,Kai Zhang,Lifei Wei,Siyuan Chen,Liangliang Wang

DOI: https://doi.org/10.1016/j.sysarc.2023.102913

IF: 5.836

2023-06-03

Journal of Systems Architecture

Abstract:Multi-copy data possession on multi-cloud storage service provides resource-constrained users with a secure and effective way to process data maintenance. To enable integrity for the outsourced data, numerous multi-copy data auditing schemes for multi-cloud storage have been proposed. Nevertheless, existing solutions suffer from the following limitations: (i) cannot support dynamic data updates; (ii) fail to consider the user revocation feature; (iii) may leak the privacy of user identity. To address these limitations, we propose a new identity-based multi-copy data auditing scheme for multi-cloud storage, termed RDIMM . We introduce a new variant of Merkle Tree to enable fully dynamic data updates, in which all copies of a raw block are kept in the same leaf node. In addition, we design a new key generation strategy and a private key update technique, where the cost of user revocation is independent of the total number of file blocks owned by the revoked user. Moreover, we conduct a comprehensive correctness analysis and security analysis of our proposed RDIMM. In addition, we provide detailed theoretical analysis and experimental simulations, which illustrate the effective functionality and practical performance compared to state-of-the-art works.

computer science, software engineering, hardware & architecture

Cong Wang,Qian Wang,Kui Ren,Ning Cao,Wenjing Lou

DOI: https://doi.org/10.1109/tsc.2011.24

IF: 11.019

2011-01-01

IEEE Transactions on Services Computing

Abstract:Cloud storage enables users to remotely store their data and enjoy the on-demand high quality cloud applications without the burden of local hardware and software management. Though the benefits are clear, such a service is also relinquishing users' physical possession of their outsourced data, which inevitably poses new security risks toward the correctness of the data in cloud. In order to address this new problem and further achieve a secure and dependable cloud storage service, we propose in this paper a flexible distributed storage integrity auditing mechanism, utilizing the homomorphic token and distributed erasure-coded data. The proposed design allows users to audit the cloud storage with very lightweight communication and computation cost. The auditing result not only ensures strong cloud storage correctness guarantee, but also simultaneously achieves fast data error localization, i.e., the identification of misbehaving server. Considering the cloud data are dynamic in nature, the proposed design further supports secure and efficient dynamic operations on outsourced data, including block modification, deletion, and append. Analysis shows the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks.

YiNing Qi,YongFeng Huang

DOI: https://doi.org/10.1007/s11431-017-9258-0

2018-01-01

Science China Technological Sciences

Abstract:Multi-cloud storage is a promising platform to offer resilient solution for clients in financial or confidentiality aspects. The research of provable data possession (PDP) schemes has long been a popular topic in the perspective of enhancing trust between clients and clouds. For multi-cloud, the works almost rely on centralized agent server called organizer to control the clouds and third party auditor (TPA) to realize public verification and reputation system. However, such centralized structure brings in the risk of collusion attack that malicious clouds can collaborate with TPA to deceive the client. This paper tries to explore a new way to construct decentralized integrity and reputation audit (DIRA) scheme, by taking advantage of improved blockchain with two-step transaction validation and removing all the centralized structure from the multi-cloud storage. The analysis shows that the DIRA scheme obtains the resistance to collusion attack.

Cheng Zhang,Yang Xu,Yupeng Hu,Jiajing Wu,Ju Ren,Yaoxue Zhang

DOI: https://doi.org/10.1109/tcc.2021.3057771

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:Network storage services have benefited countless users worldwide due to the notable features of convenience, economy and high availability. Since a single service provider is not always reliable enough, more complex multi-cloud storage systems are developed for mitigating the data corruption risk. While a data auditing scheme is still needed in multi-cloud storage to help users confirm the integrity of their outsourced data. Unfortunately, most of the corresponding schemes rely on trusted institutions such as the centralized third-party auditor (TPA) and the cloud service organizer, and it is difficult to identify malicious service providers after service disputes. Therefore, we present a blockchain-based multi-cloud storage data auditing scheme to protect data integrity and accurately arbitrate service disputes. We not only introduce the blockchain to record the interactions among users, service providers, and organizers in data auditing process as evidence, but also employ the smart contract to detect service dispute, so as to enforce the untrusted organizer to honestly identify malicious service providers. We also use the blockchain network and homomorphic verifiable tags to achieve the low-cost batch verification without TPA. Theoretical analyses and experiments reveal that the scheme is effective in multi-cloud environments and the cost is acceptable.

Ke Gu,Wenbin Zhang,Xingqiang Wang,Xiong Li,Weijia Jia

DOI: https://doi.org/10.1109/TNSM.2023.3267235

2023-01-01

IEEE Transactions on Network and Service Management

Abstract:Compared with cloud computing-based data storage, distributed data storage in fog computing is more vulnerable to malicious attacks. So, it is very necessary to provide a secure distributed auditing mechanism with protecting the identity privacy of data owners and controlling the identities of auditors under fog computing-based data storage. In this paper, we propose a dual attribute-based auditing scheme for fog computing-based data dynamic storage. Our auditing scheme can protect the identity privacy of data owners, and provide an attribute-based access control for corresponding audits with a distributed collaborative verification between related fog servers. In our scheme, a data owner can securely upload his divided and blinded file blocks with corresponding block authenticators (related with his attribute set) to related fog servers. To prevent malicious auditors from consuming system resources by abusing audit requests, the data owner can provide an attribute-based access control for corresponding audits, where the data owner specifies the attribute set of corresponding auditors who have the right to check the integrity of related data. Further, a distributed collaborative verification mechanism between related fog servers is constructed to reduce the disadvantages of centralized verification, where the Shamir's secret-sharing method is used to decompose the picked blinding factor as the shared sub-secrets sent to each fog server respectively. Compared with cloud computing-based data storage, our collaborative verification mechanism can implement distributed auditing consent of stored data between multiple fog servers. Our auditing scheme can further audit out specific suspicious fog servers. Additionally, we provide a dynamic data operation mechanism to efficiently support the updating of users' data under fog computing-based data storage. Furthermore, related theoretical analysis and experimental evaluation show our scheme is secure and efficient.

Qian Wang,Cong Wang,Kui Ren,Wenjing Lou,Jin Li

DOI: https://doi.org/10.1109/tpds.2010.183

IF: 5.3

2010-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Cloud Computing has been envisioned as the next-generation architecture of IT Enterprise. It moves the application software and databases to the centralized large data centers, where the management of the data and services may not be fully trustworthy. This unique paradigm brings about many new security challenges, which have not been well understood. This work studies the problem of ensuring the integrity of data storage in Cloud Computing. In particular, we consider the task of allowing a third party auditor (TPA), on behalf of the cloud client, to verify the integrity of the dynamic data stored in the cloud. The introduction of TPA eliminates the involvement of the client through the auditing of whether his data stored in the cloud are indeed intact, which can be important in achieving economies of scale for Cloud Computing. The support for data dynamics via the most general forms of data operation, such as block modification, insertion, and deletion, is also a significant step toward practicality, since services in Cloud Computing are not limited to archive or backup data only. While prior works on ensuring remote data integrity often lacks the support of either public auditability or dynamic data operations, this paper achieves both. We first identify the difficulties and potential security problems of direct extensions with fully dynamic data updates from prior works and then show how to construct an elegant verification scheme for the seamless integration of these two salient features in our protocol design. In particular, to achieve efficient data dynamics, we improve the existing proof of storage models by manipulating the classic Merkle Hash Tree construction for block tag authentication. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multiuser setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis show that the proposed schemes are highly efficient and provably secure.

Yangfei Lin,Jie Li,Xiaohua Jia,Kui Ren

DOI: https://doi.org/10.1002/cpe.5356

2021-01-01

Abstract:Cloud computing has been an essential technology for providing on-demand computing resources as a service on the Internet. Not only enterprises but also individuals can outsource their data to the cloud without worrying about purchase and maintenance cost. The cloud storage system, however, is not fully trustable. Cloud data integrity auditing is crucial for defending against the security threats of data in the untrusted multicloud environment. Storing multiple replicas is a commonly used strategy for the availability and reliability of critical data. In this paper, we summarize and analyze the state-of-the-art multiple-replica integrity auditing schemes in cloud data storage. We present the system model and security threats of outsourcing data to the cloud with classification of ongoing developments. We also summarize the existing data integrity auditing schemes for multicloud data storage. The important open issues and potential research directions are addressed.

Jining Zhao,Chunxiang Xu,Fagen Li,Wenzheng Zhang

DOI: https://doi.org/10.1587/transfun.E96.A.2709

2013-01-01

Abstract:In the Cloud computing era, users could have their data outsourced to cloud service provider (CSP) to enjoy on-demand high quality service. On the behalf of the user, a third party auditor (TPA) which could verify the real data possession on CSP is critically important. The central challenge is to build efficient and provably secure data verification scheme while ensuring that no users' privacy is leaked to any unauthorized party, including TPA. In this paper, we propose the first identity-based public verification scheme, based on the identity-based aggregate signature (IBAS). In particular, by minimizing information that verification messages carry and TPA obtains or stores, we could simplify key management and greatly reduce the overheads of communication and computation. Unlike the existing works based on certificates, in our scheme, only a private key generator (PKG) has a traditional public key while the user just keeps its identity without binding with certificate. Meanwhile, we utilize privacy-preserving technology to keep users' private data off TPA. We also extend our scheme with the support of batch verification task to enable TPA to perform public audits among different users simultaneously. Our scheme is provably secure in the random oracle model under the hardness of computational Diffie-Hellman assumption over pairing-friendly groups and Discrete Logarithm assumption.

Yun Xue Yan,Lei Wu,Wen Yu Xu,Hao Wang,Zhao Man Liu

DOI: https://doi.org/10.1155/2019/1354346

IF: 1.968

2019-03-06

Security and Communication Networks

Abstract:More and more users are uploading their data to the cloud without storing any copies locally. Under the premise that cloud users cannot fully trust cloud service providers, how to ensure the integrity of users’ shared data in the cloud storage environment is one of the current research hotspots. In this paper, we propose a secure and effective data sharing scheme for dynamic user groups. ( 1 ) In order to realize the user identity tracking and the addition and deletion of dynamic group users, we add a new role called Rights Distribution Center (RDC) in our scheme. ( 2 ) To protect the privacy of user identity, when performing third party audit to verify data integrity, it is not possible to determine which user is a specific user. Therefore, the fairness of the audit can be promoted. ( 3 ) Define a new integrity audit model for shared cloud data. In this scheme, the user sends the encrypted data to the cloud and the data tag to the Rights Distribution Center (RDC) by using data blindness technology. Finally, we prove the security of the scheme through provable security theory. In addition, the experimental data shows that our proposed scheme is more efficient and scalable than the state-of-the-art solution.

computer science, information systems,telecommunications

Yong Yu,Yannan Li,Bo Yang,Willy Susilo,Guomin Yang,Jian Bai

DOI: https://doi.org/10.1109/tetc.2017.2759329

2020-01-01

IEEE Transactions on Emerging Topics in Computing

Abstract:Outsourced storage such as cloud storage can significantly reduce the burden of data management of data owners. Despite of a long list of merits of cloud storage, it triggers many security risks at the same time. Data integrity, one of the most burning challenges in secure cloud storage, is a fundamental and pivotal element in outsourcing services. Outsourced data auditing protocols enable a verifier to efficiently check the integrity of the outsourced files without downloading the entire file from the cloud, which can dramatically reduce the communication overhead between the cloud server and the verifier. Existing protocols are mostly based on public key infrastructure or an exact identity, which lacks flexibility of key management. In this paper, we seek to address the complex key management challenge in cloud data integrity checking by introducing attribute-based cloud data auditing, where users can upload files to cloud through some customized attribute set and specify some designated auditor set to check the integrity of the outsourced data. We formalize the system model and the security model for this new primitive, and describe a concrete construction of attribute-based cloud data integrity auditing protocol. The new protocol offers desirable properties namely attribute privacy-preserving and collusion-resistance. We prove soundness of our protocol based on the computational Diffie-Hellman assumption and the discrete logarithm assumption. Finally, we develop a prototype of the protocol which demonstrates the practicality of the protocol.

Haoming Wang,Yuanhang Zhang,Xu An Wang,Xiaoyuan Yang

DOI: https://doi.org/10.1016/j.heliyon.2024.e36273

IF: 3.776

2024-08-20

Heliyon

Abstract:With the rapid development of informatization, a vast amount of data is continuously generated and accumulated, leading to the emergence of cloud storage services. However, data stored in the cloud is beyond the control of users, posing various security risks. Cloud data auditing technology enables the inspection of data integrity in the cloud without the necessity of data downloading. Among these, public auditing schemes have experienced rapid development due to their ability to avoid additional user auditing expenses. However, malicious third-party auditors can compromise data privacy. This paper proposes an improved identity-based cloud auditing scheme that can resist malicious auditors. This scheme is also constructed on an identity-based public auditing scheme using blockchain to prevent malicious auditing. We found the scheme is not secure because a malicious cloud server can forge authentication tags for outsourced data blocks, while our scheme has not these security flaws. Through security proofs and performance analysis, we further demonstrate that our scheme is secure and efficient. Additionally, our scheme has typical application scenarios.

Yuan Zhang,Chunxiang Xu,Xiaohui Liang,Hongwei Li,Yi Mu,Xiaojun Zhang

DOI: https://doi.org/10.1109/mcc.2016.94

2016-01-01

IEEE Cloud Computing

Abstract:Cloud storage services allow users to outsource their data to cloud servers to save local data storage costs. However, unlike using local storage devices, users do not physically manage the data stored on cloud servers; therefore, the data integrity of the outsourced data has become an issue. Many public verification schemes have been proposed to enable a third-party auditor to verify the data integrity for users. These schemes make an impractical assumption—the auditors have enough computation capability to bear expensive verification costs. In this paper, we propose a novel public verification scheme for the cloud storage using indistinguishability obfuscation, which requires a lightweight computation on the auditor and the delegate most computation to the cloud. We further extend our scheme to support batch verification and data dynamic operations, where multiple verification tasks from different users can be performed efficiently by the auditor and the cloud-stored data can be updated dynamically. Compared with other existing works, our scheme significantly reduces the auditor’s computation overhead. Moreover, the batch verification overhead on the auditor side in our scheme is independent of the number of verification tasks. Our scheme could be practical in a scenario, where the data integrity verifications are executed frequently, and the number of verification tasks (i.e., the number of users) is numerous; even if the auditor is equipped with a low-power device, it can verify the data integrity efficiently. We prove the security of our scheme under the strongest security model proposed by Shi et al. (ACM CCS 2013). Finally, we conduct a performance analysis to demonstrate that our scheme is more efficient than other existing works in terms of the auditor’s communication and computation efficiency.