Jian Liu,N. Asokan,Benny Pinkas

DOI: https://doi.org/10.1145/2810103.2813623

2015-01-01

Abstract:Encrypting data on client-side before uploading it to a cloud storage is essential for protecting users' privacy. However client-side encryption is at odds with the standard practice of deduplication. Reconciling client-side encryption with cross-user deduplication is an active research topic. We present the first secure cross-user deduplication scheme that supports client-side encryption without requiring any additional independent servers. Interestingly, the scheme is based on using a PAKE (password authenticated key exchange) protocol. We demonstrate that our scheme provides better security guarantees than previous efforts. We show both the effectiveness and the efficiency of our scheme, via simulations using realistic datasets and an implementation.

Yuhan Li,Anmin Fu,Yan Yu,Gongxuan Zhang

DOI: https://doi.org/10.1109/icc.2017.7997106

2017-01-01

Abstract:With the arrival of big data era, cloud storage has become more ubiquitous. A growing number of consumers remote their data into cloud, as cloud can provide them with ample storage space and powerful computational capacity. However, storing data in cloud means that data is out of their control. How to verify the integrity of stored data and retrieve the corrupted data has become an urgent security problem. In this paper, we propose a new efficient proof of retrievability scheme, named as IPOR, for cloud storage systems. The IPOR not only can verify the integrity of remote data, but also can retrieve the original data of corrupted blocks from the healthy servers with probability 100%. Moreover, IPOR obviously decreases the complexity of data integrity tags and it requires performing a few multiplication and addition operations to retrieve the corrupted data. Therefore, our scheme is much more efficient than the state-of-the-art schemes. In addition, the security analysis indicates that our scheme is provably secure.

Hongyi Su,Geng Yang,and Dawei Li

2011-01-01

Abstract:Data storage is an important application of cloud computing. With a cloud computing platform, the burden of local data storage can be reduced. However, services and applications in a cloud may come from different providers, and creating an efficient protocol to protect privacy is critical. We propose a verification protocol for cloud database entries that protects against untrusted service providers. Based on identity-based encryption （IBE） for cloud storage, this protocol guards against breaches of privacy in cloud storage. It prevents service providers from easily constructing cloud storage and forging the signature of data owners by secret sharing. Simulation results confirm the availability and efficiency of the proposed protocol.

Mengyu Zhang,Hecan Zhang,Yahui Yang,Qingni Shen

DOI: https://doi.org/10.1109/ISCC47284.2019.8969763

2019-01-01

Abstract:As an efficient deletion method, unlinking is widely used in cloud storage. While unlinking is a kind of incomplete deletion, `deleted data' remains on cloud and can be recovered. To make `deleted data' unrecoverable, overwriting is an effective method on cloud. Users lose control over their data on cloud once deleted, so it is difficult for them to confirm overwriting. In face of such a crucial problem, we propose a Provable and Traceable Assured Deletion (PTAD) scheme in cloud storage based on blockchain. PTAD scheme relies on overwriting to achieve assured deletion. We reference the idea of data integrity checking and design algorithms to verify if cloud overwrites original blocks properly as specific patterns. We utilize technique of smart contract in blockchain to automatically execute verification and keep transaction in ledger for tracking. The whole scheme can be divided into three stages-unlinking, overwriting and verification-and we design one specific algorithm for each stage. For evaluation, we implement PTAD scheme on cloud and construct a consortium chain with Hyperledger Fabric. The performance shows that PTAD scheme is effective and feasible.

Qingxuan Wang,Chi Cheng,Rui Xu,Jintai Ding,Zhe Liu

DOI: https://doi.org/10.1109/TSC.2020.3041324

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:Recently, Zhang et al. proposed a lattice-based data outsourcing scheme with public integrity verification (DOPIV), which enables an original data owner to delegate a proxy to generate the signatures of data and outsource them to the cloud server. They employed a third party auditor (TPA) to check the integrity of the outsourced data and any TPA can verify the data integrity efficiently. DOPIV is claimed to achieve proxy-oriented secure data outsourcing as well as storage correctness guarantee. Unfortunately, we find that there exist vulnerabilities in DOPIV which allow the cloud server to simply delete the received data without being noticed by the TPA. Fortunately, we come up with a simple and efficient solution to thwart the proposed attack. Our improved scheme maintains all the features claimed in DOPIV.

Xiangman Li,Jianbing Ni

2023-08-04

Abstract:Secure data deletion enables data owners to fully control the erasure of their data stored on local or cloud data centers and is essential for preventing data leakage, especially for cloud storage. However, traditional data deletion based on unlinking, overwriting, and cryptographic key management either ineffectiveness in cloud storage or rely on unpractical assumption. In this paper, we present SevDel, a secure and verifiable data deletion scheme, which leverages the zero-knowledge proof to achieve the verification of the encryption of the outsourced data without retrieving the ciphertexts, while the deletion of the encryption keys are guaranteed based on Intel SGX. SevDel implements secure interfaces to perform data encryption and decryption for secure cloud storage. It also utilizes smart contract to enforce the operations of the cloud service provider to follow service level agreements with data owners and the penalty over the service provider, who discloses the cloud data on its servers. Evaluation on real-world workload demonstrates that SevDel achieves efficient data deletion verification and maintain high bandwidth savings.

Cryptography and Security

Anmin Fu,Yuhan Li,Shui Yu,Yan Yu,Gongxuan Zhang

DOI: https://doi.org/10.1016/j.jnca.2017.12.007

IF: 7.574

2018-01-01

Journal of Network and Computer Applications

Abstract:As cloud storage has become more and more ubiquitous, there are a large number of consumers renting cloud storage services. However, as users lose direct control over the data, the integrity and availability of the outsourced data become a big concern for users. Accordingly, how to verify the integrity of stored data and retrieve the availability of the corrupted data has become an urgent problem. Moreover, in most cases, users' data is not always static, but needs to be updated. In this paper, we propose a dynamic proof of retrievability scheme for cloud storage system, named as DIPOR. The DIPOR not only can retrieve the original data of corrupted blocks by using partial healthy data stored in healthy servers, but also support for updating operations of data. Furthermore, the number of forks in our scheme is not fixed, which means we can always look for the optimal forks based on the number of data blocks. In addition, the security analysis indicates that our scheme is provably secure and the performance evaluations show the efficiency of the proposed scheme.

Changsong Yang,Yueling Liu,Yong Ding

DOI: https://doi.org/10.1007/s12083-024-01818-4

IF: 3.488

2024-11-28

Peer-to-Peer Networking and Applications

Abstract:Due to the rapid increasing of the total amount of global digital data, cloud storage has gained wide attention from both academia and industry, since it can offer nearly measureless storage spaces to the resource-constraint clients. As a consequence, by employing cloud storage service, clients are able to store massive data on the remote cloud data center. That is, clients can migrate the local heavy storage burden and expensive computation overhead to the cloud data center. Despite plenty of attractive strengths, cloud storage service is consequentially subjected to a few new severe security problems and privacy challenges, such as data deletion, data insertion, and so on. In this article, we focus on a primary but quite important issue, i.e., fine-grained deletion supporting dynamic insertion over cloud data. Specifically, we improve the classical invertible Bloom filter (IBF) and construct a new data validation structure, namely, invertible Bloom filter tree (IBFT). Subsequently, we connect digital signature and IBFT to design a new scheme that can fulfill fine-grained data deletion as well as dynamic data insertion. In our new solution, only client and cloud data center are involved when inserting/deleting cloud data and validating the insertion/deletion consequences, which makes our new solution more practical. At last, we formally analyze the security and implement a prototype system, in which we implement our new proposed solution and evaluate its performance. The experimental consequences prove that contrasted to a few previous solutions, our new solution equipped with more attractive feasibility and efficiency in the real-world applications.

computer science, information systems,telecommunications

Xiaojun Zhang,Jie Zhao,Chunxiang Xu,Huaxiong Wang,Yuan Zhang

DOI: https://doi.org/10.1109/tsc.2019.2942297

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:Public verification enables cloud users to employ a third party auditor (TPA) to check the data integrity. However, recent breakthrough results on quantum computers indicate that applying quantum computers in clouds would be realized. A majority of existing public verification schemes are based on conventional hardness assumptions, which are vulnerable to adversaries equipped with quantum computers in the near future. Moreover, new security issues need to be solved when an original data owner is restricted or cannot access the remote cloud server flexibly. In this paper, we propose an efficient identity-based data outsourcing with public integrity verification scheme (DOPIV) in cloud storage. DOPIV is designed on lattice-based cryptography, which achieves post-quantum security. DOPIV enables an original data owner to delegate a proxy to generate the signatures of data and outsource them to the cloud server. Any TPA can perform data integrity verification efficiently on behalf of the original data owner, without retrieving the entire data set. Additionally, DOPIV possesses the advantages of being identity-based systems, avoiding complex certificate management procedures. We provide security proofs of DOPIV in the random oracle model, and conduct a comprehensive performance evaluation to show that DOPIV is more practical in post-quantum secure cloud storage systems.

computer science, information systems, software engineering

Zizhou Sun,Yahui Yang,Qingni Shen,Zhonghai Wu,Xiaochen Li

DOI: https://doi.org/10.1007/978-3-319-29814-6_28

2015-01-01

Abstract:Outsourcing data to are remote cloud service provider allows organizations or individual users to store more data on the cloud storage than on private computer systems. However, a specific problem encountered in cloud storage is how to ensure user’s confidence of the integrity of their outsourced data on cloud. One important approach is Proof of Retrievability (POR) which allows a verifier to check and repair the data stored in the cloud server. However, most of existing PORs can only deal with static data and provide one single recovery method which may lead to inefficiency and inflexibility. To address these cloud storage issues, we propose a map-based dynamic data integrity verification and recovery scheme in cloud storages. We first present two recovery methods with different granularity and introduce a new data structure. Relying on algebraic signature with homomorphism property, our integrity verification is highly efficient. Furthermore, our solution can prevent multiple cloud servers from colluding to fabricate consistent signatures.

Jianming Du,Guofang Dong,Juangui Ning,Zhengnan Xu,Ruicheng Yang

DOI: https://doi.org/10.1038/s41598-024-58325-y

IF: 4.6

2024-03-31

Scientific Reports

Abstract:With the continuous development of cloud computing, the application of cloud storage has become more and more popular. To ensure the integrity and availability of cloud data, scholars have proposed several cloud data auditing schemes. Still, most need help with outsourced data integrity, controlled outsourcing, and source file auditing. Therefore, we propose a controlled delegation outsourcing data integrity auditing scheme based on the identity-based encryption model. Our proposed scheme allows users to specify a dedicated agent to assist in uploading data to the cloud. These authorized proxies use recognizable identities for authentication and authorization, thus avoiding the need for cumbersome certificate management in a secure distributed computing system. While solving the above problems, our scheme adopts a bucket-based red–black tree structure to efficiently realize the dynamic updating of data, which can complete the updating of data and rebalancing of structural updates constantly and realize the high efficiency of data operations. We define the security model of the scheme in detail and prove the scheme's security under the difficult problem assumption. In the performance analysis section, the proposed scheme is analyzed experimentally in comparison with other schemes, and the results show that the proposed scheme is efficient and secure.

multidisciplinary sciences

Jian Zhang,Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/iwqos.2017.7969107

2017-01-01

Abstract:With the development of cloud storage, data owners no longer physically possess their data and thus how to ensure the integrity of their outsourced data becomes a challenging task. Several protocols have been proposed to audit cloud storage, all of which rely mainly on data block tags to check data integrity. However, their block tag constructions employ cryptographic operations, which makes them computationally complex. In this paper, we investigate a secure cloud storage protocol based on the classic discrete logarithm problem. Our protocol generates data block tags with only basic algebraic operations, which brings substantial computation savings compared with previous work. We also strictly prove that the proposed protocol is secure under a definition which captures the real-world uses of cloud storage. In order to fit more application scenarios, we extend the proposed protocol to support data dynamics by employing an index vector and third-party public auditing by using a random masking number, both of which are efficient and provably secure. At last, theoretical analysis and experimental evaluation are provided to validate the superiority of the proposed protocol.

MA Hai-feng,WANG Jun-hua,XUE Qing-shui,SHI Xue-lei,ZHANG Ji,YANG Jia-hai

DOI: https://doi.org/10.1109/icdsba57203.2022.00108

2023-01-01

Abstract:With the evolution of cloud storage and the limitations of traditional storage methods, more and more enterprises choose to store data on cloud servers to decrease local storage and maintenance overhead. However, when data is stored on the cloud, no copy is stored locally, so how to ensure the integrity of information on the cloud is significant research topic. In order to efficiently resolve the problem a cloud storage data integrity verification scheme that can be revoked in real time by users is proposed. This paper introduce a trusted third-party proxy to the traditional proxy re-signature technology to complete the re-signature of the data in the cloud for the new user, so as to avoid the untrusted cloud server leaking the signature and damaging the data integrity; Distribute an administrator attribute for users, so that users can revoke in real time according to their actual tenure; Finally, a random mask is used in the audit challenge, which effectively prevents curious third-party audits from recovering and revealing the original data by verifying the information. Security analysis and performance analysis demonstrate that the scheme is secure and effective.

Jian Mao,Yan Zhang,Xiandong Xu,Jianwei Liu,Tao Wei

DOI: https://doi.org/10.1109/iNCoS.2012.67

2012-01-01

Abstract:Distributed storage is a scheme to store data in networked storage services, which is the basis of popular cloud storage solutions. Although this scheme has huge benefits in reducing maintenance and operation cost, it has several security concerns. Among them, malicious file deletion by the storage providers is a top concern. In this paper, we develop a novel error-tolerant solution, ET-DME, to effectively detect malicious file deletion behaviors in distributed storage services. Our approach prevents malicious servers from forging evidence to bypass data auditing test. In addition, our approach does not limit the number of challenges made by the client. Our approach also has low computation and communication overhead.

Wenlong Tian,Guo Jian,Zhiyong Xu,Ruixuan Li,Weijun Xiao

DOI: https://doi.org/10.1109/tdsc.2024.3361450

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Recently, Oblivious Storage has been proposed to prevent privacy leakage from user access patterns, which obfuscates and makes it computationally indistinguishable from the random sequences by fake accesses and probabilistic encryption. The same data exhibits distinct ciphertexts. Thus, it seriously impedes cloud providers' efforts to improve storage utilization to remove user redundancy, which has been widely used in the existing cloud storage scenario. Inspired by the successful adoption of removing duplicate data in cloud storage, we attempt to integrate obliviousness, remove redundancy, and propose a practical oblivious storage, PEO-Store. Instead of fake accesses, introducing delegates breaks the mapping link between a valid access pattern and a specific client. The cloud interacts only with randomly authorized delegates. This design leverages non-interactive zero-knowledge-based redundancy detection, discrete logarithm problem-based key sharing, and secure time-based delivery proof. These components collectively protect access pattern privacy, accurately eliminate redundancy, and prove the data delivery among delegates and the cloud. Theoretical proof demonstrates that, in our design, the probability of identifying the valid access pattern with a specific client is negligible. Experimental results show that PEO-Store outperforms state-of-the-art methods, achieving an average throughput of up to 3 times faster and saving 74% of storage space.

computer science, information systems, software engineering, hardware & architecture

Cong Wang,Qian Wang,Kui Ren,Ning Cao,Wenjing Lou

DOI: https://doi.org/10.1109/tsc.2011.24

IF: 11.019

2011-01-01

IEEE Transactions on Services Computing

Abstract:Cloud storage enables users to remotely store their data and enjoy the on-demand high quality cloud applications without the burden of local hardware and software management. Though the benefits are clear, such a service is also relinquishing users' physical possession of their outsourced data, which inevitably poses new security risks toward the correctness of the data in cloud. In order to address this new problem and further achieve a secure and dependable cloud storage service, we propose in this paper a flexible distributed storage integrity auditing mechanism, utilizing the homomorphic token and distributed erasure-coded data. The proposed design allows users to audit the cloud storage with very lightweight communication and computation cost. The auditing result not only ensures strong cloud storage correctness guarantee, but also simultaneously achieves fast data error localization, i.e., the identification of misbehaving server. Considering the cloud data are dynamic in nature, the proposed design further supports secure and efficient dynamic operations on outsourced data, including block modification, deletion, and append. Analysis shows the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks.

Yong Yu,Jianbing Ni,Wei Wu,Yilei Wang

DOI: https://doi.org/10.1109/bwcca.2015.44

2015-01-01

Abstract:Due to the appealing advantages of cloud storage, such as on-demand self-service and ubiquitous network access, an increasing number of users prefer to store their data on remote remote servers. However, outsourced data transfer becomes a critical requirement for users to shift their cloud storage providers because of the emergence of various cloud storage services with different qualities of services. Therefore, the users may not only be anxious about the state of their data on the cloud server, but also concern on whether the data are transferred entirely to the new cloud without corruption and whether the data on original cloud are discarded. To address these problems, we propose a provable data possession scheme for cloud storage services characterized by secure data transfer, provable data erasure, high error detection probability, confidential data storage. Our scheme can guarantee the remote data integrity when the data are maintaining on the cloud servers and are transferring between two clouds, and secure deletion of transferred data on the original cloud.

Zequan Zhou,Xiling Luo,Yupeng Wang,Jian Mao,Feixiang Luo,Yi Bai,Xiaochao Wang,Gang Liu,Junjun Wang,Feng Zeng

DOI: https://doi.org/10.1109/tvt.2023.3295953

IF: 6.8

2023-01-01

IEEE Transactions on Vehicular Technology

Abstract:In vehicular cloud computing (VCC), cloud servers provide enormous storage and powerful computing capacity to Vehicular Ad-hoc Networks (VANETs). Resource-constrained vehicles outsource data to vehicular cloud platforms for timely traffic safety services, e.g., navigation, accident alarms, etc. Auditing the authenticity of data has become a critical issue in outsourcing data to untrusted servers. Existing data audit methods encode all data with error correction codes (ECC) techniques that retrieve corrupted data by downloading all data. The communication overhead of such methods is $O(n)$ ($n$ is the number of data blocks) which is unbearable for vehicles with limited resources. In addition, these schemes employ an inaccurate privacy-preserving model. This will lead to data leakage in the third-party audit process. Although they use randomness to confuse parts of the proof that is used to prove the data state, a small amount of information is still distinguishable. For such, in this paper, we propose a practical data audit scheme with retrievability and indistinguishable privacy-preserving to efficiently audit the state of outsourced data. We improve the Invertible Bloom Filter (IBF) to compress redundancy locally, which can retrieve corrupted data without prior context. Furthermore, we define an indistinguishable privacy-preserving model to capture the complete semantics of repeated audit attacks and achieve indistinguishability in the audit. We prove that our scheme is secure against adaptive chosen message attacks and is indistinguishable privacy-preserving against repeated audit attacks. The experiment results demonstrate that for 1.9GB data when $\sqrt[]{n}$ blocks are corrupted, auditors complete a check in 3.31 seconds with 99% confidence, and vehicles retrieve corrupted data in 3.16 seconds with 16.67MB communication overhead.

telecommunications,engineering, electrical & electronic,transportation science & technology

Xiao Tan,Qi Xie,Lidong Han,Shengbao Wang,Wenhao Liu

DOI: https://doi.org/10.1016/j.cose.2023.103486

IF: 5.105

2023-09-23

Computers & Security

Abstract:With numerous applications in cloud storage, Proof of Retrievability (PoR) is an efficient solution for verification and retrieval of big data on a remote server. Existing PoR schemes can support two mutually exclusive verification modes, namely either private verifiability or public verifiability, depending on whether the outsourced data is verifiabile by the data owner (user) only or by everyone. In order to allow the user to flexibly designate the capability of verification, we propose a novel framework for PoR schemes that enables fine-grained control of remote data verification for cloud storage. Our idea is enabling the user to dynamically release some tokens (verification keys) to one or more third parties (designated verifiers), such that only the user and the designated verifiers can verify and retrieve the outsourced data from the server. We formalize this notion as PoR with Flexible Designated Verification (PoR-FDV), and define an extended adversarial model for PoR-FDV based on Juel et al.'s PoR model. Under the new framework, we propose a generic, simple and elegant construction of PoR-FDV from public verifiable PoR and identity-based KEM/DEM, which then gives birth to a concrete and efficient PoR-FDV scheme. Compared to existing PoR schemes, PoR-FDV provides higher flexibility and scalability, as well as many useful features.

computer science, information systems

Yang Xu,Cheng Zhang,Guojun Wang,Zheng Qin,Quanrun Zeng

DOI: https://doi.org/10.1109/tetc.2020.3005610

2021-07-01

IEEE Transactions on Emerging Topics in Computing

Abstract:Since network storage services achieve widespread adoption, security and performance issues are becoming primary concerns, affecting the scalability of storage systems. Countermeasures like data auditing mechanisms and deduplication techniques are widely studied. However, the existing data auditing mechanism with deduplication cannot solve the problems such as high cost and reliance on trusted third parties in traditional approaches, and it also faces the problem of repeated auditing of data shared by multiple-tenant. This article proposes a blockchain-based deduplicatable data auditing mechanism. We first design a client-side data deduplication scheme based on bilinear-pair techniques to reduce the burden on users and service providers. On this basis, we achieve a trustworthy and efficient data auditing mechanism that helps to check data integrity by using both the blockchain technique and bilinear pairing cryptosystem. The blockchain system is used to record the behaviors of entities in both data outsourcing and auditing processes so that the corresponding immutable records can be used to not only ensure the credibility of audit results but also help to monitor unreliable third-party auditors. Finally, theoretical analysis and experiments reveal the effectiveness and performance of our scheme.

computer science, information systems,telecommunications