Anh Le,Athina Markopoulou

DOI: https://doi.org/10.1109/netcod.2012.6261901

2012-06-01

Abstract:Network coding-based storage has recently received a lot of attention in the network coding community. Independently, another body of work has proposed integrity checking schemes for cloud storage, none of which, however, is customized for network coding storage or can efficiently support repair. In this work, we bridge the gap between these currently disconnected bodies of work, and we focus on the (novel) advantage of network coding for integrity checking. We propose NC-Audit - a remote data integrity checking scheme, designed specifically for network coding-based storage cloud. NC-Audit provides a unique combination of desired properties: (i) efficient checking of data integrity (ii) efficient support for repairing failed nodes (iii) full support for modification of outsourced data and (iv) protection against information leakage when checking is performed by a third party. The key ingredient of the design of NC-Audit is a novel combination of SpaceMac, a homomorphic MAC scheme for network coding, and NCrypt, a novel CPA-secure encryption scheme that is compatible with SpaceMac. Our evaluation of a Java implementation of NC-Audit shows that an audit costs the storage node and the auditor only a few milliseconds of computation time, and lower bandwidth than prior work.

Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/tnet.2021.3058130

2021-01-01

Abstract:With the widespread application of cloud storage, ensuring the integrity of user outsourced data catches more and more attention. To remotely check the integrity of cloud storage, plenty of protocols have been proposed, implemented by checking the equation constructed by the aggregated blocks, tags, and indices. However, the verifier only has the knowledge of the indices of the audited blocks and tags, which thus requires the cloud to store both data blocks and tags for integrity verification. In this article, we present a compressive secure cloud storage protocol inspired by Goldreich-Goldwasser-Halevi (GGH) cryptosystem. Since the aggregated blocks can be reconstructed from the aggregated tags without the help of data indices, the cloud can only store data tags for providing the verifiable integrity proof. In this way, communication and storage costs can be hugely reduced and user private information can be hidden from the cloud. Furthermore, the proposed protocol only contains a few basic algebraic operations, making it highly efficient. We also provide formal security proof of the proposed protocol regarding forge, replay and replace attacks. In addition, we explore a new technique to support data dynamics. Furthermore, we establish a generic framework of compressive secure cloud storage protocols. Finally, we provide the theoretical analysis and experimental results, which further validate the effectiveness of the proposed protocol.

Anh Le,Athina Markopoulou,Alexandros G. Dimakis,Anh Le,Athina Markopoulou,Alexandros G. Dimakis

DOI: https://doi.org/10.1109/TNET.2015.2450761

2016-08-01

IEEE/ACM Transactions on Networking

Abstract:Distributed storage codes have recently received a lot of attention in the community. Independently, another body of work has proposed integrity-checking schemes for cloud storage, none of which, however, is customized for coding-based storage or can efficiently support repair. In this work, we bridge the gap between these two currently disconnected bodies of work. We propose \ssr NC \mathchar"702D Audit, a novel cryptography-based remote data integrity-checking scheme, designed specifically for network-coding-based distributed storage systems. \ssr NC \mathchar"702D Audit combines, for the first time, the following desired properties: 1 efficient checking of data integrity; 2 efficient support for repairing failed nodes; and 3 protection against information leakage when checking is performed by a third party. The key ingredient of the design of \ssr NC \mathchar"702D Audit is a novel combination of \ssr SpaceMac, a homomorphic message authentication code MAC scheme for network coding, and \ssr NCrypt, a novel chosen-plaintext attack CPA secure encryption scheme that preserves the correctness of \ssr SpaceMac. Our evaluation of \ssr NC \mathchar"702D Audit based on a real Java implementation shows that the proposed scheme has significantly lower overhead compared to the state-of-the-art schemes for both auditing and repairing of failed nodes.

Xiang Liu,Jie Huang,Guowen Zong

DOI: https://doi.org/10.1109/trustcom/bigdatase.2018.00104

2018-08-01

Abstract:This paper investigates the intrinsic relationship between secure network coding and secure cloud storage. We propose a novel homomorphic signature scheme and then illustrate a method to construct the network coding based secure cloud storage (NCSCS) protocol, wherein the security of the homomorphic signature scheme is the foundation of the NCSCS protocol. By employing network coding and homomorphic signature technique, the proposed NCSCS system can serve as both cloud service provider and router of a communication network at the same time, where the public auditing of the outsourced data is enabled. Finally, we perform the simulation of the proposed protocol and evaluate its performance. The security and efficiency can be validated from the simulation results.

Jian Zhang,Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/iwqos.2017.7969107

2017-01-01

Abstract:With the development of cloud storage, data owners no longer physically possess their data and thus how to ensure the integrity of their outsourced data becomes a challenging task. Several protocols have been proposed to audit cloud storage, all of which rely mainly on data block tags to check data integrity. However, their block tag constructions employ cryptographic operations, which makes them computationally complex. In this paper, we investigate a secure cloud storage protocol based on the classic discrete logarithm problem. Our protocol generates data block tags with only basic algebraic operations, which brings substantial computation savings compared with previous work. We also strictly prove that the proposed protocol is secure under a definition which captures the real-world uses of cloud storage. In order to fit more application scenarios, we extend the proposed protocol to support data dynamics by employing an index vector and third-party public auditing by using a random masking number, both of which are efficient and provably secure. At last, theoretical analysis and experimental evaluation are provided to validate the superiority of the proposed protocol.

Fei Chen,Fengming Meng,Tao Xiang,Hua Dai,Jianqiang Li,Jing Qin

DOI: https://doi.org/10.1109/tpds.2020.2998462

IF: 5.3

2020-11-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Cloud storage security has gained considerable research efforts with the wide adoption of cloud computing. As a security mechanism, researchers have been investigating cloud storage auditing schemes that enable a user to verify whether the cloud keeps the user's outsourced data undamaged. However, existing schemes have usability issues in compatibility with existing real world cloud storage applications, error-tolerance, and efficiency. To mitigate this usability gap, this article proposes a new general cloud storage auditing scheme that is more usable. The proposed scheme uses the idea of integrating linear error correcting codes and linear homomorphic authentication schemes together. This integration uses only one additional block to achieve error tolerance and authentication simultaneously. To demonstrate the power of the general construction, we also propose one detailed scheme based on the proposed general construction using the Reed Solomon code and the universal hash based MAC authentication scheme, both of which are implemented over the computation-efficient Galois field $mathrm {GF}{(2^8)}$<math> GF (28)</math>. We also show that the proposed scheme is secure under the standard definition. Moreover, we implemented and open-sourced the proposed scheme. Experimental results show that the proposed scheme is orders of magnitude more efficient than the state-of-the-art scheme.

computer science, theory & methods,engineering, electrical & electronic

Cong Wang,Qian Wang,Kui Ren,Ning Cao,Wenjing Lou

DOI: https://doi.org/10.1109/tsc.2011.24

IF: 11.019

2011-01-01

IEEE Transactions on Services Computing

Abstract:Cloud storage enables users to remotely store their data and enjoy the on-demand high quality cloud applications without the burden of local hardware and software management. Though the benefits are clear, such a service is also relinquishing users' physical possession of their outsourced data, which inevitably poses new security risks toward the correctness of the data in cloud. In order to address this new problem and further achieve a secure and dependable cloud storage service, we propose in this paper a flexible distributed storage integrity auditing mechanism, utilizing the homomorphic token and distributed erasure-coded data. The proposed design allows users to audit the cloud storage with very lightweight communication and computation cost. The auditing result not only ensures strong cloud storage correctness guarantee, but also simultaneously achieves fast data error localization, i.e., the identification of misbehaving server. Considering the cloud data are dynamic in nature, the proposed design further supports secure and efficient dynamic operations on outsourced data, including block modification, deletion, and append. Analysis shows the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks.

Qingyang Zhang,Zhiming Zhang,Jie Cui,Hong Zhong,Yang Li,Chengjie Gu,Debiao He

DOI: https://doi.org/10.1109/tpds.2023.3323155

IF: 5.3

2023-12-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:As the disruptor of cloud storage, decentralized storage could lead to a major shift in how organizations store data in the future. To ensure data availability, users generally encrypt the data and distribute it to multiple storage service providers. It is necessary to study data integrity verification in decentralized storage. Although some recent studies have proposed the using blockchain technology to assist auditing work in decentralized storage networks, the on-chain overhead still increases linearly with an increase in audit requests. Blockchain networks will inevitably be overloaded. In this study, we propose an efficient data integrity auditing scheme for multiple copies in decentralized storage. Particularly, using different polynomial commitment schemes, we first propose a basic scheme for verifying multiple copies of a single file, and then we propose an efficient batch auditing scheme for multiple copies of multiple files. Our scheme can significantly reduce the computation overhead of storage service providers while keeping the on-chain storage overhead constant. Security analysis and performance analysis show that our scheme is efficient and practical.

computer science, theory & methods,engineering, electrical & electronic

Jianming Du,Guofang Dong,Juangui Ning,Zhengnan Xu,Ruicheng Yang

DOI: https://doi.org/10.1038/s41598-024-58325-y

IF: 4.6

2024-03-31

Scientific Reports

Abstract:With the continuous development of cloud computing, the application of cloud storage has become more and more popular. To ensure the integrity and availability of cloud data, scholars have proposed several cloud data auditing schemes. Still, most need help with outsourced data integrity, controlled outsourcing, and source file auditing. Therefore, we propose a controlled delegation outsourcing data integrity auditing scheme based on the identity-based encryption model. Our proposed scheme allows users to specify a dedicated agent to assist in uploading data to the cloud. These authorized proxies use recognizable identities for authentication and authorization, thus avoiding the need for cumbersome certificate management in a secure distributed computing system. While solving the above problems, our scheme adopts a bucket-based red–black tree structure to efficiently realize the dynamic updating of data, which can complete the updating of data and rebalancing of structural updates constantly and realize the high efficiency of data operations. We define the security model of the scheme in detail and prove the scheme's security under the difficult problem assumption. In the performance analysis section, the proposed scheme is analyzed experimentally in comparison with other schemes, and the results show that the proposed scheme is efficient and secure.

multidisciplinary sciences

Xiuguang Li,Ruifeng Li,Xu An Wang,Ke Niu,Hui Li,Xiaoyuan Yang

DOI: https://doi.org/10.1155/2022/7302767

IF: 1.968

2022-09-01

Security and Communication Networks

Abstract:Cloud storage technology is evolving at a high speed; effectively auditing the cloud data's integrity has become a focal point. Recently, Ming and Shi proposed a certificateless integrity auditing scheme with a privacy protection function. The scheme used the certificateless cryptosystem to solve the certificate management problem of the auditing schemes based on public key infrastructure and the key escrow problem of the identity-based auditing schemes. Although their scheme is novel and efficient, we found that their scheme was not secure and could not achieve integrity auditing of cloud data. The malicious cloud server can generate the proof through the blocks and tags sent by the user. On the basis of the original scheme, we propose an improved auditing scheme; our new scheme is more secure and effective. In addition, for the problem of idle tags in the existing cloud data integrity auditing scheme, we propose the idea of intermediate tags and we applied the idea to the improved scheme to improve audit efficiency.

computer science, information systems,telecommunications

Yu-Jia Chen,Li-Chun Wang,Chen-Hung Liao

DOI: https://doi.org/10.1109/tpds.2015.2486772

IF: 5.3

2016-08-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Network coding is an important cloud storage technique, which can recover data with small repair bandwidth and high reliability compared to the existing erasure coding and replication methods. However, regardless of which data recovery technique is used, the repaired data in a geographically distributed cloud storage system are easy to be eavesdropped at the transmission link between the local datacenter and its remote backup site. This kind of network security issue is called link eavesdropping in this paper. For a network coded cloud storage system, we propose a systematic design methodology to determine the important data recovery system parameters for any specified security level. Through analysis, we present the performance curves to relate the remote repair bandwidth and the number of coded data fragments. Consequently, all the important system parameters of a network coded data recovery system, including the number of storage nodes and the link capacity between the datacenter and the backup site, can be precisely designed for satisfying different security level requirements.

computer science, theory & methods,engineering, electrical & electronic

K. Mahalakshmi,K. Kousalya,Himanshu Shekhar,Aby K. Thomas,L. Bhagyalakshmi,Sanjay Kumar Suman,S. Chandragandhi,Prashant Bachanna,K. Srihari,Venkatesa Prabhu Sundramurthy

DOI: https://doi.org/10.1155/2021/8533995

2021-12-22

Scientific Programming

Abstract:Cloud storage provides a potential solution replacing physical disk drives in terms of prominent outsourcing services. A threaten from an untrusted server affects the security and integrity of the data. However, the major problem between the data integrity and cost of communication and computation is directly proportional to each other. It is hence necessary to develop a model that provides the trade-off between the data integrity and cost metrics in cloud environment. In this paper, we develop an integrity verification mechanism that enables the utilisation of cryptographic solution with algebraic signature. The model utilises elliptic curve digital signature algorithm (ECDSA) to verify the data outsources. The study further resists the malicious attacks including forgery attacks, replacing attacks and replay attacks. The symmetric encryption guarantees the privacy of the data. The simulation is conducted to test the efficacy of the algorithm in maintaining the data integrity with reduced cost. The performance of the entire model is tested against the existing methods in terms of their communication cost, computation cost, and overhead cost. The results of simulation show that the proposed method obtains reduced computational of 0.25% and communication cost of 0.21% than other public auditing schemes.

computer science, software engineering

Zequan Zhou,Xiling Luo,Yupeng Wang,Jian Mao,Feixiang Luo,Yi Bai,Xiaochao Wang,Gang Liu,Junjun Wang,Feng Zeng

DOI: https://doi.org/10.1109/tvt.2023.3295953

IF: 6.8

2023-01-01

IEEE Transactions on Vehicular Technology

Abstract:In vehicular cloud computing (VCC), cloud servers provide enormous storage and powerful computing capacity to Vehicular Ad-hoc Networks (VANETs). Resource-constrained vehicles outsource data to vehicular cloud platforms for timely traffic safety services, e.g., navigation, accident alarms, etc. Auditing the authenticity of data has become a critical issue in outsourcing data to untrusted servers. Existing data audit methods encode all data with error correction codes (ECC) techniques that retrieve corrupted data by downloading all data. The communication overhead of such methods is $O(n)$ ($n$ is the number of data blocks) which is unbearable for vehicles with limited resources. In addition, these schemes employ an inaccurate privacy-preserving model. This will lead to data leakage in the third-party audit process. Although they use randomness to confuse parts of the proof that is used to prove the data state, a small amount of information is still distinguishable. For such, in this paper, we propose a practical data audit scheme with retrievability and indistinguishable privacy-preserving to efficiently audit the state of outsourced data. We improve the Invertible Bloom Filter (IBF) to compress redundancy locally, which can retrieve corrupted data without prior context. Furthermore, we define an indistinguishable privacy-preserving model to capture the complete semantics of repeated audit attacks and achieve indistinguishability in the audit. We prove that our scheme is secure against adaptive chosen message attacks and is indistinguishable privacy-preserving against repeated audit attacks. The experiment results demonstrate that for 1.9GB data when $\sqrt[]{n}$ blocks are corrupted, auditors complete a check in 3.31 seconds with 99% confidence, and vehicles retrieve corrupted data in 3.16 seconds with 16.67MB communication overhead.

telecommunications,engineering, electrical & electronic,transportation science & technology

Zheng Tu,Xu An Wang,Weidong Du,Zexi Wang,Ming Lv

DOI: https://doi.org/10.1016/j.jksuci.2023.01.021

IF: 9.006

2023-02-08

Journal of King Saud University - Computer and Information Sciences

Abstract:The security of the data in the cloud server suffers great challenges, and how to ensure the integrity of the outsourced data in the cloud servers is a problem that should be solved. Cloud data auditing technique is such a solution , which allows to check data integrity without retrieving them from the cloud. In case single-copy data may be violated by malicious attackers, Zhang et al. proposed a multi-copy cloud data auditing scheme MCAM in 2020. However, in their scheme, an attacker can forge the evidence for integrity verification only by exploiting public information and the cloud server can compromise the integrity verification even it does not store any data. In this paper, we identify these security flaws in MCAM and design a new evidence verification algorithm to fix them. Then, we propose a multi-copy cloud data auditing scheme based on our evidence verification algorithm and MCAM. In security analysis, we prove that our multi-copy cloud data auditing scheme can fix the security flaws of MCAM. Thus, our scheme is more secure than MCAM. In performance analysis, we show that our scheme is more communication efficient than MCAM. Finally, we point out one potential application of our scheme.

computer science, information systems

Yu-Jia Chen,Li-Chun Wang

DOI: https://doi.org/10.1109/tpds.2018.2870890

IF: 5.3

2019-04-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:<p>In this paper, we present the overflow problem of a network coding storage system (NCSS) when the encoding parameters and the storage parameters are mismatched. The overflow problem of the NCSS occurs because the network-coded encryption yields extended coded data, resulting in high storage and processing overhead. To avoid the overflow problem, we propose an overflow-avoidance NCSS scheme that takes account of security and storage requirements in both encoding and storage procedures. We provide the analytical results of the maximum allowable stored encoded data under the perfect secrecy criterion. The design guidelines to achieve high coding efficiency with the lowest storage cost are also presented.</p>

computer science, theory & methods,engineering, electrical & electronic

Jian Xu,Yewen Cao,Deqiang Wang

DOI: https://doi.org/10.1016/j.jisa.2017.02.002

IF: 4.96

2017-01-01

Journal of Information Security and Applications

Abstract:Regenerating codes (RCs) are efficient at both storage cost and repair bandwidth, and thus are regarded as preferable candidates for distributed storage systems (DSSs). For DSSs with RCs, a file stored across n distributed nodes can be reconstructed from k (< n) nodes. The collection of the k nodes is called the reconstruction set. A failed node can be regenerated (i.e., repaired) from d (< n) remaining nodes. The collection of the d nodes is called the regeneration set. In traditional RCs, the numbers of reconstruction sets and regeneration sets are fixed to some specific values. In this paper, we introduce the concept of generalised RCs, in which the value ranges of the numbers of both reconstruction sets and regeneration sets are extended. Compared to traditional RCs, the generalised RCs possess more coding schemes and better system security level in terms of the probability of revealing original data file. An explicit construction of generalised RCs is provided, in which the numbers of both reconstruction sets and regeneration sets can be designed flexibly. Furthermore, based on the generalised RCs, an intruder model where an eavesdropper can access to some nodes is considered and a general upper bound on secrecy capacity is derived. The relationship between the obtained upper bound and existing ones achieved by traditional RCs is discussed in detail. The provided explicit construction is the first optimal construction of generalised RCs, which achieves the upper bound on secrecy capacity and has the flexibility in designing the numbers of reconstruction sets and regeneration sets.

Dimitris S. Papailiopoulos,Jianqiang Luo,Alexandros G. Dimakis,Cheng Huang,Jin Li

DOI: https://doi.org/10.1109/infcom.2012.6195703

2011-01-01

Abstract:Network codes designed specifically for distributed storage systems have the potential to provide dramatically higher storage efficiency for the same availability. One main challenge in the design of such codes is the exact repair problem: if a node storing encoded information fails, in order to maintain the same level of reliability we need to create encoded information at a new node. One of the main open problems in this emerging area has been the design of simple coding schemes that allow exact and low cost repair of failed nodes and have high data rates. In particular, all prior known explicit constructions have data rates bounded by 1/2. In this paper we introduce the first family of distributed storage codes that have simple look-up repair and can achieve rates up to 2/3. Our constructions are very simple to implement and perform exact repair by simple XORing of packets. We experimentally evaluate the proposed codes in a realistic cloud storage simulator and show significant benefits in both performance and reliability compared to replication and standard Reed-Solomon codes.

Caihui Lan,Haifeng Li,Caifen Wang

DOI: https://doi.org/10.1109/icist49303.2020.9202102

2020-09-01

Abstract:C. Sasikala et al.’s proposed a certificateless RDIC protocol to audit the outsourced data without the requirement of PKI infrastructure and against quantum computer attacks. They argue the RDIC is correct and possesses desired security properties. However, through cryptoanalysis technique we find that their scheme is neither correct nor secure against two common attacks, that is, signature forgery attack from the malicious cloud service provider (CSP) and public key replacement attack from the curious private key generator (PKG) and other malicious users. Furthermore, we remark that their RDIC is not a rigorous certificateless protocol.

Jian Xu,Yewen Cao,Deqiang Wang

DOI: https://doi.org/10.1109/cisp-bmei.2016.7853043

2016-01-01

Abstract:Distributed storage systems (DSSs) can provide reliable access to data over individually unreliable nodes for a long period of time. Regenerating codes (RCs) are efficient at both storage and repair bandwidth, and thus are regarded as a promising option for DSSs. In this paper, the generalized RCs (GRCs) are considered, which possess the relaxed conditions on reconstruction sets and regeneration sets. Compared to traditional RCs, GRCs can provide more coding schemes and better system security degrees (SDs). The SD is inversely proportional to the probability of revealing original data file in the presence of an eavesdropper. Two different coding schemes of GRCs are provided to achieve different SDs. Compared to traditional RCs, coding schemes with different SDs are more valuable for DSSs that require different security levels. Besides, the coding schemes of GRCs can provide better SDs, and thus are more suitable for practical applications.

Zirui Guo,Kai Zhang,Lifei Wei,Siyuan Chen,Liangliang Wang

DOI: https://doi.org/10.1016/j.sysarc.2023.102913

IF: 5.836

2023-06-03

Journal of Systems Architecture

Abstract:Multi-copy data possession on multi-cloud storage service provides resource-constrained users with a secure and effective way to process data maintenance. To enable integrity for the outsourced data, numerous multi-copy data auditing schemes for multi-cloud storage have been proposed. Nevertheless, existing solutions suffer from the following limitations: (i) cannot support dynamic data updates; (ii) fail to consider the user revocation feature; (iii) may leak the privacy of user identity. To address these limitations, we propose a new identity-based multi-copy data auditing scheme for multi-cloud storage, termed RDIMM . We introduce a new variant of Merkle Tree to enable fully dynamic data updates, in which all copies of a raw block are kept in the same leaf node. In addition, we design a new key generation strategy and a private key update technique, where the cost of user revocation is independent of the total number of file blocks owned by the revoked user. Moreover, we conduct a comprehensive correctness analysis and security analysis of our proposed RDIMM. In addition, we provide detailed theoretical analysis and experimental simulations, which illustrate the effective functionality and practical performance compared to state-of-the-art works.

computer science, software engineering, hardware & architecture