Hao Yan,Yanan Liu,Zheng Zhang,Qian Wang

DOI: https://doi.org/10.1155/2021/6639634

IF: 1.968

2021-05-27

Security and Communication Networks

Abstract:Cloud computing is a fast-growing technology which supplies scalable, innovative, and efficient business models. However, cloud computing is not fully trusted, and the security of the data outsourced in cloud storage needs to be guaranteed. One of the hottest issues is how to ensure the integrity of the data in cloud storage. Until now, many researchers have proposed lots of provable data possession (PDP) schemes to deal with the problem of data integrity audition. Nevertheless, very little effort has been devoted to preserve the data uploader’s privacy while auditing the integrity of data shared in a group. To overcome the shortcoming, we propose a novel certificateless PDP protocol to efficiently audit the integrity of data shared in a workgroup with user privacy preserving. Due to the inherent structural advantage of the certificateless crypto mechanism, our PDP scheme eliminates the key escrow problem and the certificate management problem simultaneously. Moreover, the audition process in our scheme does not need any user’s identity which helps to keep the anonymity of data uploader. We give for our scheme a detailed security proof and efficiency analysis. Experiment results of performance evaluation demonstrate that our new scheme is very efficient and feasible.

computer science, information systems,telecommunications

Solomon Guadie Worku,Chunxiang Xu,Jining Zhao,Xiaohu He

DOI: https://doi.org/10.1016/j.compeleceng.2013.10.004

2014-01-01

Abstract:Cloud computing poses many challenges on integrity and privacy of users' data though it brings an easy, cost-effective and reliable way of data management. Hence, secure and efficient methods are needed to ensure integrity and privacy of data stored at the cloud. Wang et al. proposed a privacy-preserving public auditing protocol in 2010 but it is seriously insecure. Their scheme is vulnerable to attacks from malicious cloud server and outside attackers regarding to storage correctness. So they proposed a scheme in 2011 with an improved security guarantee but it is not efficient. Thus, in this paper, we proposed a scheme which is secure and with better efficiency. It is a public auditing scheme with third party auditor (TPA), who performs data auditing on behalf of user(s). With detail security analysis, our scheme is proved secure in the random oracle model and our performance analysis shows the scheme is efficient.

Xiaojun Zhang,Xin Wang,Dawu Gu,Jingting Xue,Wei Tang

DOI: https://doi.org/10.1109/TNSM.2022.3189650

2022-01-01

Abstract:Cloud computing provides users with convenient data storage services, which simultaneously poses various security concerns, the integrity of outsourced data has been termed as one of the most concerning security issues. Certificateless public auditing not only enables a third-party auditor (TPA) to check data integrity, but also avoids complex certificates management and inherent drawbacks of key escrow. Up to date, a few certificateless public auditing schemes have been proposed, without providing fast data dynamics or protecting the identity privacy of users. In this paper, we propose a lightweight conditional anonymous certificateless public auditing (CACPA) scheme, supporting much faster data dynamics in cloud storage systems. Based on a homomorphic hash function, we design a certificateless signature and integrate it into the construction of CACPA, reducing the computational costs of TPA substantially. CACPA achieves conditional identity privacy preservation, anyone cannot infer the real identity of a user based on outsourced data, only the private key generator (PKG) can revoke the users when some misbehaviors occur. We provide security analysis of CACPA, and conduct performance evaluation demonstrating the lightweight advantages of CACPA, and therefore it is suitable for auditors with resource-constrained mobile devices.

Xiuguang Li,Ruifeng Li,Xu An Wang,Ke Niu,Hui Li,Xiaoyuan Yang

DOI: https://doi.org/10.1155/2022/7302767

IF: 1.968

2022-09-01

Security and Communication Networks

Abstract:Cloud storage technology is evolving at a high speed; effectively auditing the cloud data's integrity has become a focal point. Recently, Ming and Shi proposed a certificateless integrity auditing scheme with a privacy protection function. The scheme used the certificateless cryptosystem to solve the certificate management problem of the auditing schemes based on public key infrastructure and the key escrow problem of the identity-based auditing schemes. Although their scheme is novel and efficient, we found that their scheme was not secure and could not achieve integrity auditing of cloud data. The malicious cloud server can generate the proof through the blocks and tags sent by the user. On the basis of the original scheme, we propose an improved auditing scheme; our new scheme is more secure and effective. In addition, for the problem of idle tags in the existing cloud data integrity auditing scheme, we propose the idea of intermediate tags and we applied the idea to the improved scheme to improve audit efficiency.

computer science, information systems,telecommunications

Yubo Zhao,Jinyong Chang

DOI: https://doi.org/10.1016/j.comnet.2022.109270

IF: 5.493

2022-10-24

Computer Networks

Abstract:In recent years, cloud storage has become an attractive service for data owners to store their personal data. Since they lose physical control of their data, it is necessary to regularly audit its integrity. The public auditing technique is very popular because it is suitable to outsource the auditing task to any third-party auditor, who has professional knowledge on auditing. However in many practical scenarios, the data owner may expect some designated verifier (instead of any) to audit its data. Thus, the public auditing scheme with designated verifier was proposed. In order to further reduce the cost of managing certificates, and to avoid the dependence on public key infrastructure, identity-based auditing scheme with designated verifier was recently proposed. Nevertheless, the proposed identity-based auditing scheme still suffers from the key escrow attack the risk of privacy leakage. In this paper, for the first time, we propose a certificateless public auditing protocol with designated verifier privacy-preserving property. More concretely, it can not only protect the privacy of the stored data against the designated verifier, but also resolve key escrow problem existed in identity-based technique. Its security is based on the Computational Diffie–Hellman and Weil Diffie–Hellman assumptions. Finally, the performance analysis experimental results of the proposed protocol show that our auditing scheme is efficient feasible to applications in real life.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Haifeng Li,Yuxin Wang,Xingbing Fu,Caihui Lan,Caifen Wang,Fagen Li,He Guo

DOI: https://doi.org/10.1016/j.jisa.2021.102927

IF: 4.96

2021-09-01

Journal of Information Security and Applications

Abstract:To reduce the local storage burden and enjoy the conveniently ubiquitous access, an increasing number of individuals and enterprises prefer to outsource their data to the cloud server. Due to the loss of physical control over data, how to guarantee the cloud server stores user's data honestly becomes an important security challenge. Meanwhile, most of existing public auditing schemes based on traditional public key cryptosystem either suffer from bearing the heavy burden of certificate management or possess an inherent key escrow drawback. Even worse, with the advent of powerful quantum computers, most of them could be cracked quickly by a large-scale quantum computer in polynomial time in the near future. To this end, we propose a novel post-quantum secure certificateless public auditing scheme in cloud storage (PSCPAC) from lattice assumptions. Compared with the existing schemes, our novel scheme enjoys the following promising merits: (1) removing the requirement for complicated certificate management in traditional PKI-based public auditing schemes; (2) eliminating the inherent key escrow problem in ID-based public auditing schemes; (3) providing resistance against quantum computers attacks. Correctness, security and performance analysis demonstrate that PSCPAC is provably secure, highly efficient and more practical for post-quantum security in cloud storage public auditing.

computer science, information systems

Chunxiang Xu,Yuan Zhang,Yong Yu,Xiaojun Zhang,Junwei Wen

DOI: https://doi.org/10.3837/tiis.2014.11.032

2014-01-01

KSII Transactions on Internet and Information Systems

Abstract:Cloud storage provides an easy, cost-effective and reliable way of data management for users without the burden of local data storage and maintenance. Whereas, this new paradigm poses many challenges on integrity and privacy of users' data, since users losing grip on their data after outsourcing the data to the cloud server. In order to address these problems, recently, Worku et al. have proposed an efficient privacy-preserving public auditing scheme for cloud storage. However, in this paper, we point out the security flaw existing in the scheme. An adversary, who is on-line and active, is capable of modifying the outsourced data arbitrarily and avoiding the detection by exploiting the security flaw. To fix this security flaw, we further propose a secure and efficient privacy-preserving public auditing scheme, which makes up the security flaw of Worku et al.'s scheme while retaining all the features. Finally, we give a formal security proof and the performance analysis, they show the proposed scheme has much more advantages over the Worku et al.'s scheme.

Ruifeng Li,Xu An Wang,Haibin Yang,Ke Niu,Dianhua Tang,Xiaoyuan Yang

DOI: https://doi.org/10.1016/j.jksuci.2022.07.020

IF: 9.006

2022-01-01

Journal of King Saud University - Computer and Information Sciences

Abstract:In the cloud storage environment, scholars have proposed data integrity auditing schemes to ensure the integrity of data in the cloud. In some scenarios, users may need to designate an auditor to perform auditing tasks, however, most existing cloud auditing schemes are not applicable. A small number of cloud auditing schemes with designated verifiers use PKI cryptography and identity-based cryptography, which has complex certificate management and key escrow problems. Therefore, based on the certificateless signature algorithm of the specified verifier, we construct an efficient certificateless provable data possession mechanism in the cloud with a designated verifier called CL-DV-PDP. Based on of meeting the above user’s requirement, our scheme can also perform a batch audit of multi-user data at the same time. We use a dynamic hash table to dynamically update the cloud data and the scheme also supports privacy protection. We define the security model of the scheme in detail, and the security of the scheme is proved based on the CDH assumption under the random oracle model. In the efficiency analysis section, we compare the functions and computational costs of our scheme with the relevant references, the result shows that the functions of the scheme are comprehensive and our scheme is efficient.

Yang Zhen,Wang Wenyu,Huang Yongfeng,Li Xing

DOI: https://doi.org/10.1049/cje.2018.02.017

IF: 1.019

2019-01-01

Chinese Journal of Electronics

Abstract:Cloud data confidentiality need to be audited for the data owner’s concern. Confidentiality auditing is usually based on logging schemes, whereas cloud data dynamics and sharing group dynamics result in massive logs, which makes confidentiality auditing a formidable task for user with limited resources. So we propose a public auditing scheme for data confidentiality,in which user resorts to a Third-party auditor（TPA）for auditing. Our scheme design a special log called attestation in which hash user pseudonym is used to preserve user privacy. Attestation-based data access identifying is presented in our scheme which brings no new vulnerabilities toward data confidentiality and no extra online burden for user. We further support accountability of responsible user for data leakage based on user pseudonym. Extensive security and performance analysis compare our scheme with existing auditing schemes.Results indicate that the proposed scheme is provably secure and highly efficient.

Shuang Tan,Yan Jia

DOI: https://doi.org/10.1631/jzus.c1400045

2014-01-01

Journal of Zhejiang University SCIENCE C

Abstract:Cloud computing is deemed the next-generation information technology（IT） platform, in which a data center is crucial for providing a large amount of computing and storage resources for various service applications with high quality guaranteed. However, cloud users no longer possess their data in a local data storage infrastructure,which would result in auditing for the integrity of outsourced data being a challenging problem, especially for users with constrained computing resources. Therefore, how to help the users complete the verification of the integrity of the outsourced data has become a key issue. Public verification is a critical technique to solve this problem, from which the users can resort to a third-party auditor（TPA） to check the integrity of outsourced data. Moreover,an identity-based（ID-based） public key cryptosystem would be an efficient key management scheme for certificatebased public key setting. In this paper, we combine ID-based aggregate signature and public verification to construct the protocol of provable data integrity. With the proposed mechanism, the TPA not only verifies the integrity of outsourced data on behalf of cloud users, but also alleviates the burden of checking tasks with the help of users’ identity. Compared to previous research, the proposed scheme greatly reduces the time of auditing a single task on the TPA side. Security analysis and performance evaluation results show the high efficiency and security of the proposed scheme.

Guangyang Yang,Hui Xia,Wenting Shen,Xiuxiu Jiang,Jia Yu

DOI: https://doi.org/10.14257/ijsia.2015.9.9.03

2015-01-01

International Journal of Security and Its Applications

Abstract:As the popularity and the proliferation of cloud storage increase, data security is becoming one of the biggest concerns for users of cloud storage. How to preserve the data integrity, as one of the most important security aspects, has been a research hotspot in the field of cloud security. Many data auditing schemes for checking the data integrity have been presented, however; these schemes are based on the assumption that the third party auditor (TPA) is secure and trustworthy. If TPA becomes wicked, these schemes are easy to make cloud server suffer distributed denial-of-service (DDOS) attack. In order to deal with this problem, we propose an authorized auditing scheme with constrained auditing number in this paper In our scheme, only authorized TPA can make valid challenges to cloud for data integrity checking. Moreover; the total auditing number that an authorized TPA can make is decided by the user In our construction, a constrained auditing number is integrated into the authorization generated by user to achieve this property. Once the number of a TPA's auditing reaches the constraint, cloud server will not respond to this TPA's challenges, which literally rules out the threat of DDOS attack. Analysis and experimental results show the proposed scheme is secure and efficient.

Cong Wang,Qian Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tc.2011.245

2013-01-01

Abstract:Cloud Computing is the long dreamed vision of computing as a utility, where users can remotely store their data into the cloud so as to enjoy the on-demand high quality applications and services from a shared pool of configurable computing resources. By data outsourcing, users can be relieved from the burden of local data storage and maintenance. However, the fact that users no longer have physical possession of the possibly large size of outsourced data makes the data integrity protection in Cloud Computing a very challenging and potentially formidable task, especially for users with constrained computing resources and capabilities. Thus, enabling public auditability for cloud data storage security is of critical importance so that users can resort to an external audit party to check the integrity of outsourced data when needed. To securely introduce an effective third party auditor (TPA), the following two fundamental requirements have to be met: 1) TPA should be able to efficiently audit the cloud data storage without demanding the local copy of data, and introduce no additional on-line burden to the cloud user; 2) The third party auditing process should bring in no new vulnerabilities towards user data privacy. In this paper, we utilize and uniquely combine the public key based homomorphic authenticator with random masking to achieve the privacy-preserving public cloud data auditing system, which meets all above requirements. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multi-user setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis shows the proposed schemes are provably secure and highly efficient.

Hui Tian,Yuxiang Chen,Chin-Chen Chang,Hong Jiang,Yongfeng Huang,Yonghong Chen,Jin Liu

DOI: https://doi.org/10.1109/tsc.2015.2512589

IF: 11.019

2017-01-01

IEEE Transactions on Services Computing

Abstract:Cloud storage is an increasingly popular application of cloud computing, which can provide on-demand outsourcing data services for both organizations and individuals. However, users may not fully trust the cloud service providers (CSPs) in that it is difficult to determine whether the CSPs meet their legal expectations for data security. Therefore, it is critical to develop efficient auditing techniques to strengthen data owners’ trust and confidence in cloud storage. In this paper, we present a novel public auditing scheme for secure cloud storage based on dynamic hash table (DHT), which is a new two-dimensional data structure located at a third parity auditor (TPA) to record the data property information for dynamic auditing. Differing from the existing works, the proposed scheme migrates the authorized information from the CSP to the TPA, and thereby significantly reduces the computational cost and communication overhead. Meanwhile, exploiting the structural advantages of the DHT, our scheme can also achieve higher updating efficiency than the state-of-the-art schemes. In addition, we extend our scheme to support privacy preservation by combining the homomorphic authenticator based on the public key with the random masking generated by the TPA, and achieve batch auditing by employing the aggregate BLS signature technique. We formally prove the security of the proposed scheme, and evaluate the auditing performance by detailed experiments and comparisons with the existing ones. The results demonstrate that the proposed scheme can effectively achieve secure auditing for cloud storage, and outperforms the previous schemes in computation complexity, storage costs and communication overhead.

Jaya Rao Gudeme,Syamkumar Pasupuleti,Ramesh Kandukuri

DOI: https://doi.org/10.1016/j.jpdc.2021.06.001

IF: 4.542

2021-10-01

Journal of Parallel and Distributed Computing

Abstract:With the increasing popularity of data sharing among users of a group in clouds, shared data auditing has become an important issue in the cloud auditing field. To address this issue, many shared data auditing schemes have been proposed in the literature based on either public key infrastructure (PKI) or identity-based cryptography (IBC). However, these schemes suffer from issues of complex certificate management or key escrow problem. To address these problems, recently, a certificateless shared auditing scheme was put forward. However, it cannot support data dynamics and does not protect data privacy against a verifier, i.e., the verifier can derive data content when verifying the data integrity, which affects the scheme's security. This paper proposes certificateless privacy preserving public auditing scheme for dynamic shared data with group user revocation in cloud storage (CLPPPA). CLPPPA protects the privacy of data from the verifier by leveraging a random masking technique. Further, CLPPPA also supports shared data dynamics and group user revocation. We formally prove the security of CLPPPA under computational Diffie-Hellman (CDH) and discrete logarithm (DL) assumptions in the Random Oracle Model (ROM). The performance of CLPPPA is evaluated by theoretical analysis, experimental results, and compared with the state-of-the-art ones. The results demonstrate that CLPPPA achieves desirable efficiency.

computer science, theory & methods

Ying Wang,Conghao Ruan,Chunqiang Hu

DOI: https://doi.org/10.1007/978-3-030-59016-1_40

2022-01-01

Wireless Communications and Mobile Computing

Abstract:The cloud storage service has brought great convenience to the customer, which can save massive storage and computation resources via outsourcing the data to cloud service provider (CSP). However, the security issues are the biggest challenge such as data integrity. The user can verify the integrity of outsourced data through a remote data auditing solution without retrieving original data from cloud, however, the auditing procedure has heavy computational overhead, which employs third party auditor (TPA) to conduct auditing task on behalf of users. In this paper, we propose a decentralized public auditing scheme for cloud storage based on blockchain, which removes TPA and increases the number of CSP, the auditing task was assigned to multiple CSPs, and the blockchain technology was used to record the audit process. Meanwhile, the structure of e-voting system is utilized to realize the audit result statistics of multiple CSPs via smart contract, which enhanced the credibility and stability of final auditing result. The theoretical analysis and experimental results demonstrate that proposed scheme is secure and efficient.

Hongyu Liu,Leiting Chen,Zahra Davar,Mohammad Ramezanian Pour

2015-01-01

JUCS - Journal of Universal Computer Science

Abstract:Cloud storage has a long string of merits but at the same time, poses many challenges on data integrity and privacy. A cloud data auditing protocol, which enables a cloud server to prove the integrity of stored files to a verifier, is a powerful tool for secure cloud storage. Wang et al. proposed a privacy-preserving public auditing protocol, however, Worku et al. found the protocol is seriously insecure and proposed an improvement to remedy the weakness. In this paper, unfortunately, we demonstrate that the new protocol due to Worku et al. fails to achieve soundness and obtains merely limited privacy. Specifically, we show even deleting all the files of a data owner, a malicious cloud server is able to generate a response to a challenge without being caught by TPA in their enhanced but unrealistic security model. Worse still, the protocol is insecure even in a correct security model. For privacy, a dishonest verifier can tell which file is stored on the cloud. Solutions to efficient public auditing mechanisms with perfect privacy protection are still worth exploring.

Jiasen Liu,Xu An Wang,Zhiquan Liu,Han Wang,Xiaoyuan Yang

DOI: https://doi.org/10.1109/access.2020.2991033

IF: 3.9

2020-01-01

IEEE Access

Abstract:As one of the most popular applications in recent years, cloud storage has been gradually integrated into all walks of life. In the field of communication techniques for the unmanned aerial vehicles (UAVs), UAVs use sensors to upload collected data to cloud servers during various exploration activities, but UAVs can only store and calculate valid information currently collected due to the limited storage and computing performance. In the actual exploration, UAVs need not only to upload complete data to the cloud server, but also to support the data dynamic update efficiently. Moreover, due to security requirements, the privacy of data uploaded by UAVs must be protected. However, the existing auditing schemes for dynamic data and integrity have many problems, such as high computation cost, low efficiency of dynamic update, low privacy and security. For this reason, we propose a public cloud audit scheme that supports dynamic data and privacy protection based on distributed string equality check protocol and Merkle-hash tree multi-level index structure. First of all, a third-party server (TPS) is set between the cloud service provider and users, which complete digital signature, integrity auditing, and data dynamic operations significantly in place of users to reduce the local computing cost. Users then locally upload data which has been encrypted to the TPS. Secondly, to further improve the security of the scheme, TPS implement signature for encrypted data based on the distributed string equality check protocol. By designing authorizations with time constraints, it is guaranteed that only the legitimate TPS with time constraints can operate with cloud servers. Finally, we implement dynamic data operation efficiently based on MHT multi-level index structure. The security proof and performance analysis show that our proposed scheme is safe and effective.

Zaid Alaa Hussien,Hai Jin,Zaid Ameen Abduljabbar,Ali A. Yassin,Mohammed Abdulridha Hussain,Salah H. Abbdal,Deqing Zou

DOI: https://doi.org/10.1109/ISIAS.2015.7492748

2015-01-01

Abstract:Outsourced data in cloud and computation results are not always trustworthy because data owners lack physical possession and control over the data as a result of virtualization, replication, and migration techniques. Protecting outsourced data from security threats has become a challenging and potentially formidable task in cloud computing; hence, many schemes have focused on ameliorating this problem and on enabling public auditability for cloud data storage security. These schemes drop into two categories: total computation cost and burden on client side. Researchers have used bilinear map technology with public key cryptography. Although this technology is highly efficient, computation time is long and overhead cost is high. The client needs to perform numerous computations to ensure the integrity of data storage. To reduce auditing cost, we propose an efficient and robust scheme to maintain data integrity in cases that involve public auditing. Our scheme adopts modern cipher cryptography with a cryptographic hash function. We consider allowing a third party auditor to preprocess data on behalf of cloud users before uploading them to cloud service providers and then verifying data integrity afterward. Our proposed scheme has important security characteristics, such as privacy, key management, low cost computation, key exchange, low overhead cost, no burden on client side, inability of cloud service providers to create correct verifier respond without data, and one-time key. Finally, efficiency analysis shows that our scheme is faster and more cost-efficient than the bilinear map-based scheme.

Ying Miao,Yapeng Miao,Xuexue Miao

DOI: https://doi.org/10.1007/s10619-024-07446-4

IF: 0.974

2024-11-09

Distributed and Parallel Databases

Abstract:To improve the data security and integrity of the outsourced data, storing multiple copies of data on multiple cloud servers is a good way. Many public Provable Data Possession (PDP) schemes in multiple cloud servers have been proposed in recent years. However, in some scenarios, the Data Owner (DO) may not want anyone (e.g. a stranger) to check the integrity of their data. Nevertheless, few schemes consider the fault's location function when the data auditing fails. Another problem is that anyone can make a challenge for the Cloud Server (CS) in the PDP schemes. Some access control strategies are necessary to reduce the waste of computation power resources of the CS. To solve these problems, we propose a certificateless and designed-verifier auditing scheme in multi-cloud storage environments. In our scheme, we utilize certificateless signature combined with a delegation key to achieve designed-verifier auditing. We design a secret Merkle Hash Tree (MHT) to locate the faults of CSs and data blocks. We utilize Zero-Knowledge Proof (ZKP) to achieve access control. Theoretical and experimental evaluation show that the proposed scheme is efficient and practical.

computer science, information systems, theory & methods

Wang Huifeng,Li Zhanhuai,Zhang Xiao,Sun Jian,Zhao Xiaonan

DOI: https://doi.org/10.7544/issn1000-1239.2017.20150900

2017-01-01

Journal of Computer Research and Development

Abstract:As an important issue of cloud storage security ,data integrity checking has attracted a lot of attention from academia and industry .In order to verify data integrity in the cloud ,the researchers have proposed many public audit schemes for data integrity .However ,most of the existing schemes are inefficient and waste much computing resource because they adopt fixed parameters for auditing all the files .In other words ,they have not considered the issue of coordinating and auditing the large-scale files .In order to improve the audit efficiency of the system ,we propose a self-adaptive provable data possession (SA-PDP) ,which uses a self-adaptive algorithm to adjust the audit tasks for different files and manage the tasks by the audit queues .By the quantitative analysis of the audit requirements of files ,it can dynamically adjust the audit plans ,which guarantees the dynamic matching between the audit requirements of files and the execution strength of audit plans .In order to enhance the flexibility of updating audit plans ,SA-PDP designs two different update algorithms of audit plans on the basis of different initiators .The active update algorithm ensures that the audit system has high coverage rate while the lazy update algorithm can make the audit system timely meet the audit requirements of files . Experimental results show that SA-PDP can reduce more than 50% of the total audit time than the traditional method .And SA-PDP effectively increases the number of audit files in the audit system . Compared with the traditional audit method ,SA-PDP can improve the standard-reaching rate of audit plans by more than 30% .