Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/tnet.2021.3058130

2021-01-01

Abstract:With the widespread application of cloud storage, ensuring the integrity of user outsourced data catches more and more attention. To remotely check the integrity of cloud storage, plenty of protocols have been proposed, implemented by checking the equation constructed by the aggregated blocks, tags, and indices. However, the verifier only has the knowledge of the indices of the audited blocks and tags, which thus requires the cloud to store both data blocks and tags for integrity verification. In this article, we present a compressive secure cloud storage protocol inspired by Goldreich-Goldwasser-Halevi (GGH) cryptosystem. Since the aggregated blocks can be reconstructed from the aggregated tags without the help of data indices, the cloud can only store data tags for providing the verifiable integrity proof. In this way, communication and storage costs can be hugely reduced and user private information can be hidden from the cloud. Furthermore, the proposed protocol only contains a few basic algebraic operations, making it highly efficient. We also provide formal security proof of the proposed protocol regarding forge, replay and replace attacks. In addition, we explore a new technique to support data dynamics. Furthermore, we establish a generic framework of compressive secure cloud storage protocols. Finally, we provide the theoretical analysis and experimental results, which further validate the effectiveness of the proposed protocol.

Hemalata A. Gosavi,Manish R. Umale

DOI: https://doi.org/10.14445/22315381/IJETT-V11P235

2014-05-24

Abstract:Cloud computing has been envisioned as the next generation architecture of IT Enterprise. Using Cloud Storage,users can remotely store their data and enjoy the on demand high quality applications and services from a shared pool of configurable computing resources, without the burden local copy data storage and maintenance. It moves the application of software data stored to the centralized large data centers, where the management of the data stored services may not be completely trusted. There are many new security challenges and the problems taken into account for ensuring the integrity of data storage in Cloud Computing. In particular, we consider the task of allowing a third party auditor (TPA) to perform verifies the integrity of the dynamic data stored in the cloud.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Qian Wang,Cong Wang,Kui Ren,Wenjing Lou,Jin Li

DOI: https://doi.org/10.1109/tpds.2010.183

IF: 5.3

2010-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Cloud Computing has been envisioned as the next-generation architecture of IT Enterprise. It moves the application software and databases to the centralized large data centers, where the management of the data and services may not be fully trustworthy. This unique paradigm brings about many new security challenges, which have not been well understood. This work studies the problem of ensuring the integrity of data storage in Cloud Computing. In particular, we consider the task of allowing a third party auditor (TPA), on behalf of the cloud client, to verify the integrity of the dynamic data stored in the cloud. The introduction of TPA eliminates the involvement of the client through the auditing of whether his data stored in the cloud are indeed intact, which can be important in achieving economies of scale for Cloud Computing. The support for data dynamics via the most general forms of data operation, such as block modification, insertion, and deletion, is also a significant step toward practicality, since services in Cloud Computing are not limited to archive or backup data only. While prior works on ensuring remote data integrity often lacks the support of either public auditability or dynamic data operations, this paper achieves both. We first identify the difficulties and potential security problems of direct extensions with fully dynamic data updates from prior works and then show how to construct an elegant verification scheme for the seamless integration of these two salient features in our protocol design. In particular, to achieve efficient data dynamics, we improve the existing proof of storage models by manipulating the classic Merkle Hash Tree construction for block tag authentication. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multiuser setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis show that the proposed schemes are highly efficient and provably secure.

K. B. Aruna,C. Arunachalaperumal

DOI: https://doi.org/10.1002/ett.4937

IF: 3.6

2024-01-25

Transactions on Emerging Telecommunications Technologies

Abstract:Abstract Cloud computing is performed by hosting the data of data owners on cloud servers, where the data consumers (users) are able to get the data over servers. Though, several security aspects are raised during cloud storage regarding the data availability and data integrity. On the other hand, a novel scheme of data hosting services is introduced owing to data outsourcing which also raises additional security problems. In addition, several methods are presented by taking either “identity‐based cryptography (IBC) or public key infrastructure (PKI).” Hence, a secure and effective dynamic data auditing scheme is preferable for convincing data owners to ensure precise data storage in the cloud. This paper focuses on implementing a new hybrid heuristic‐assisted strategy for managing cloud storage with the help of efficient auditing schemes. This paper tries to optimize the data structures in the cloud storage with a new improved hybrid differential evolution‐teamwork optimization algorithm (HED‐TOA) with the integration of the teamwork optimization algorithm (TOA) and differential evolution (DE) algorithms. It aims to alleviate the problems raised during the dynamic data update operations including “insert, modify, delete, and append.” This improved HED‐TOA help in performing the data auditing. This model overcomes the problem of modifications occurring in the data structure while doing the dynamic data update operations and thus, it ensures efficient data auditing and data management in cloud computing. This work considers the aim of reducing computation as well as communication costs during the data storage process in the cloud. The performance estimation demonstrates that there is considerable contrast between the traditional methods and the proposed technique in terms of the communication and computation cost on the cloud and auditor.

telecommunications

Tariqul Islam,Faisal Haque Bappy,Md Nafis Ul Haque Shifat,Farhan Ahmad,Kamrul Hasan,Tarannum Shaila Zaman

2024-01-17

Abstract:An efficient, scalable, and provably secure dynamic auditing scheme is highly desirable in the cloud storage environment for verifying the integrity of the outsourced data. Most of the existing work on remote integrity checking focuses on static archival data and therefore cannot be applied to cases where dynamic data updates are more common. Additionally, existing auditing schemes suffer from performance bottlenecks and scalability issues. To address these issues, in this paper, we present a novel dynamic auditing scheme for centralized cloud environments leveraging an enhanced version of the B-tree. Our proposed scheme achieves the immutable characteristic of a decentralized system (i.e., blockchain technology) while effectively addressing the synchronization and performance challenges of such systems. Unlike other static auditing schemes, our scheme supports dynamic insert, update, and delete operations. Also, by leveraging an enhanced B-tree, our scheme maintains a balanced tree after any alteration to a certain file, improving performance significantly. Experimental results show that our scheme outperforms both traditional Merkle Hash Tree-based centralized auditing and decentralized blockchain-based auditing schemes in terms of block modifications (e.g., insert, delete, update), block retrieval, and data verification time.

Cryptography and Security,Data Structures and Algorithms

Yong Yu,Yannan Li,Man Ho Au,Willy Susilo,Kim-Kwang Raymond Choo,Xinpeng Zhang

DOI: https://doi.org/10.1007/978-3-319-40253-6_24

2016-01-01

Abstract:Data integrity is extremely important for cloud based storage services, where cloud users no longer have physical possession of their outsourced files. A number of data auditing mechanisms have been proposed to solve this problem. However, how to update a cloud user's private auditing key as well as the authenticators those keys are associated with without the user's re-possession of the data remains an open problem. In this paper, we propose a key-updating and authenticator-evolving mechanism with zero-knowledge privacy of the stored files for secure cloud data auditing, which incorporates zero knowledge proof systems, proxy re-signatures and homomorphic linear authenticators. We instantiate our proposal with the state-of-the-art Shacham-Waters auditing scheme. When the cloud user needs to update his key, instead of downloading the entire file and re-generating all the authenticators, the user can just download and update the authenticators. This approach dramatically reduces the communication and computation cost while maintaining the desirable security. We formalize the security model of zero knowledge data privacy for auditing schemes in the key-updating context and prove the soundness and zero-knowledge privacy of the proposed construction. Finally, we analyze the complexity of communication, computation and storage costs of the improved protocol which demonstrates the practicality of the proposal.

Faisal Haque Bappy,Saklain Zaman,Tariqul Islam,Redwan Ahmed Rizvee,Joon S. Park,Kamrul Hasan

2023-08-05

Abstract:Although wide-scale integration of cloud services with myriad applications increases quality of services (QoS) for enterprise users, verifying the existence and manipulation of stored cloud information remains an open research problem. Decentralized blockchain-based solutions are becoming more appealing for cloud auditing environments because of the immutable nature of blockchain. However, the decentralized structure of blockchain results in considerable synchronization and communication overhead, which increases maintenance costs for cloud service providers (CSP). This paper proposes a Merkle Hash Tree based architecture named Entangled Merkle Forest to support version control and dynamic auditing of information in centralized cloud environments. We utilized a semi-trusted third-party auditor to conduct the auditing tasks with minimal privacy-preserving file metadata. To the best of our knowledge, we are the first to design a node sharing Merkle Forest to offer a cost-effective auditing framework for centralized cloud infrastructures while achieving the immutable feature of blockchain, mitigating the synchronization and performance challenges of the decentralized architectures. Our proposed scheme outperforms it's equivalent Blockchain-based schemes by ensuring time and storage efficiency with minimum overhead as evidenced by performance analysis.

Cryptography and Security

Yan Zhu,Gail-Joon Ahn,Hongxin Hu,Stephen S. Yau,Ho G. An,Chang-Jun Hu

DOI: https://doi.org/10.1109/tsc.2011.51

IF: 11.019

2011-01-01

IEEE Transactions on Services Computing

Abstract:In this paper, we propose a dynamic audit service for verifying the integrity of an untrusted and outsourced storage. Our audit service is constructed based on the techniques, fragment structure, random sampling, and index-hash table, supporting provable updates to outsourced data and timely anomaly detection. In addition, we propose a method based on probabilistic query and periodic verification for improving the performance of audit services. Our experimental results not only validate the effectiveness of our approaches, but also show our audit system verifies the integrity with lower computation overhead and requiring less extra storage for audit metadata.

Jianhong Zhang,Hongxin Meng,Yong Yu

DOI: https://doi.org/10.1007/s10586-017-0804-9

2017-01-01

Cluster Computing

Abstract:As an important cloud service, cloud storage can provide flexible data outsourcing services for data users. After the data are outsourced to the cloud, data user no longer physical controls over the stored data. To ensure these data to be kept intact at the cloud servers, many different solutions have been proposed. Whereas most of existing solutions can only deal with static data. To support dynamic data, some schemes solve it by adopting authenticated data structure. To the best of our knowledge, these schemes may exist the following flaws: (1) they bring heavy communication/computation burdens to the auditor; (2) they exist some security attack; (3) they are only proven to be secure in the random orale model; (4) data may be leaked in the auditing. Motivated by the above problems, we propose two novel public auditing schemes by introducing rb23Tree data structure. They can not only achieve public verification, but also support dynamics data updating. Furthermore, our second scheme also supports data privacy. As for the auditor, to reduce its computational cost and communication cost, our scheme migrates the partial auditing metadata from the cloud server to the auditor, it makes that communication overhead between the auditor and cloud server is constant. Finally, we show that our schemes are proven to be secure in the standard model, and evaluate the auditing performance by simulation experiment and comparison with Wang et al.’s scheme. The results demonstrate that our schemes outperforms Wang et al.’s scheme in terms of computation costs and communication overhead.

Nikolaos Doukas,Oleksandr P. Markovskyi,Nikolaos G. Bardis

DOI: https://doi.org/10.1016/j.tcs.2019.10.015

IF: 1.002

2019-12-01

Theoretical Computer Science

Abstract:Cloud based storage is being widely used as a viable solution to the problem of data storage in contexts where financial and practical considerations prohibit the use of locally based hardware and software resources. User reservations and legal constraints however have given rise to questions about the verifiability of the integrity of the stored data, especially in the case of public cloud infrastructure. A new problem has hence arisen, that of auditing stored files in order to obtain Proof of Retrievability. Secure cloud storage systems are limited by the overheads they require in order to provide the required security levels. Combined use of cloud and local computational resources is necessary in order to enable the desirable user experiences. With increasing local processing capacities, the most significant relevance is encountered in the Big Data Processing paradigm. The volumes of data that need to be processed are overwhelming to such an extent that approaches which use unlimited amounts of power, for processing and storage are not feasible. This paper focuses on a recent study of hash function requirements for big data applications and an associated key – based hash function design technique that makes the real – time collection, summarization, analysis and decision making based on streaming data. A file auditing technique is proposed that uses fundamental big data mass processing operations in order to develop an efficient and reliable proof of recoverability algorithm.

computer science, theory & methods

S. M. Udhaya Sankar,D. Selvaraj,G.K. Monica,Jeevaa Katiravan

DOI: https://doi.org/10.14445/22315381/IJETT-V71I3P204

2023-04-24

Abstract:With the help of a shared pool of reconfigurable computing resources, clients of the cloud-based model can keep sensitive data remotely and access the apps and services it offers on-demand without having to worry about maintaining and storing it locally. To protect the privacy of the public auditing system that supports the cloud data exchange system. The data's owner has the ability to change it using the private key and publishes it in the cloud. The RSA Technique is used to produce key codes for the cloud services atmosphere's privacy utilizing the system's baseboard number, disc number, and client passcode for validation. The method is based on a cutting-edge User End Generated (UEG) privacy technique that minimizes the involvement of a third party and improves security checks by automatically documenting destructive activities. To strengthen extensibility, various authorization-assigning modalities and block access patterns were established together with current operational design approaches. In order to meet the demands for decentralization, fine-grained auditability, extensibility, flexibility, and privacy protection for multilevel data access in networked environments, the suggested approach makes use of blockchain technology. According to a thorough performance and security assessment, the current proposal is exceptionally safe and effective.

Cryptography and Security

Paromita Goswami,Neetu Faujdar,Ghanshyam Singh,Kanta Prasad Sharma,Ajoy Kumar Khan,Somen Debnath

DOI: https://doi.org/10.1109/access.2024.3389076

IF: 3.9

2024-04-30

IEEE Access

Abstract:Online cloud data storage is a rapidly growing pillar of the IT industry that offers data owners an array of attractive developments in highly sought-after online scalable storage services. Cloud users can easily access these services and have the flexibility to manage their process data effectively without worrying about the deployment or maintenance of personal storage devices. As a result, the number of cloud users has increased to purchase these convenient and cost-effective services, while Cloud Service Providers (CSP) are also rising to meet this demand for appealing cloud solutions.However, there is one major security issue related to outsourced data on shared cloud storage: its privacy and accuracy cannot be guaranteed as it may be vulnerable to unauthorized access by malicious insiders or hackers from outside sources. To address these issues, we suggest proposing a partial signature-based data auditing system so that both privacy and accuracy can be fortified while reducing the computational cost associated with auditing processes significantly. This system would involve using cryptographic techniques such as homomorphic encryption and hash functions, which would enable secure sharing between multiple parties while ensuring integrity checks on stored files at regular intervals for any potential tampering attempts made by external attackers or malicious insiders who may try to gain unauthorized access into confidential user information stored within cloud sites. Another benefit of the plan is that it supports dynamic operation on outsourced data. This research work may achieve the desired security qualities, according to the security analysis, and it is effective for real-world applications, as demonstrated by simulation outcomes of dynamic operations on various numbers of data blocks and sub-blocks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jian Zhang,Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/iwqos.2017.7969107

2017-01-01

Abstract:With the development of cloud storage, data owners no longer physically possess their data and thus how to ensure the integrity of their outsourced data becomes a challenging task. Several protocols have been proposed to audit cloud storage, all of which rely mainly on data block tags to check data integrity. However, their block tag constructions employ cryptographic operations, which makes them computationally complex. In this paper, we investigate a secure cloud storage protocol based on the classic discrete logarithm problem. Our protocol generates data block tags with only basic algebraic operations, which brings substantial computation savings compared with previous work. We also strictly prove that the proposed protocol is secure under a definition which captures the real-world uses of cloud storage. In order to fit more application scenarios, we extend the proposed protocol to support data dynamics by employing an index vector and third-party public auditing by using a random masking number, both of which are efficient and provably secure. At last, theoretical analysis and experimental evaluation are provided to validate the superiority of the proposed protocol.

Fei Chen,Fengming Meng,Zhipeng Li,Li Li,Tao Xiang

DOI: https://doi.org/10.1016/j.jpdc.2024.104870

IF: 4.542

2024-07-01

Journal of Parallel and Distributed Computing

Abstract:Cloud storage auditing is a technique that enables a user to remotely check the integrity of the outsourced data in the cloud storage. Although researchers have proposed various protocols for cloud storage auditing, the proposed schemes are theoretical in nature, which are not fit for existing mainstream cloud storage service practices. To bridge this gap, this paper proposes a cloud storage auditing system that works for current mainstream cloud object storage services. We design the proposed system over existing proof of data possession (PDP) schemes and make them practical as well as usable in the real world. Specifically, we propose an architecture that separates the compute and storage functionalities of a storage auditing scheme. Because cloud object storage only provides read and write interfaces, we leverage a cloud virtual machine to implement the user-defined computations that are needed in a PDP scheme. We store the authentication tags of the outsourced data as an independent object to allow existing popular cloud storage applications, e.g., file online previewing. We also present a cost model to analyze the economic cost of a cloud storage auditing scheme. The cost model allows a user to balance security, efficiency, and economic cost by tuning various system parameters. We implemented, open-sourced the proposed system over a mainstream cloud object storage service. Experimental analysis shows that the proposed system is pretty efficient and promising for a production environment usage. Specifically, for a 40 GB sized data, the proposed system only incurs 1.66% additional storage cost, 3796 bytes communication cost, 2.9 seconds maximum auditing time cost, and 0.9 CNY per auditing monetary cost.

computer science, theory & methods

DOI: https://doi.org/10.1007/s11277-024-11023-4

IF: 2.017

2024-05-08

Wireless Personal Communications

Abstract:Data auditing in the cloud, along with files and authentication server Deduplication, may protect the integrity of cloud storage and substantially decrease the cloud stored data. With the rise of Smart Cities, the sector has offered plenty of potential problems. The failure in single point, Although, Cloud computing is standard in modern enterprise networks, and cloud security is a significant concern in the Cloud Integrated Smart City (CISC). However, to deal with large amounts of data created by different intelligent devices, storing and uploading all that information to the cloud servers is necessary. Therefore, cloud servers must protect the data against integrity as well as ensuring it is private. Over the last year, Cloud servers had suggested several cloud security auditing plans. Because of this, they were verifying data integrity using a third-party auditor (TPA) is crucial. Bi-linear pairing procedures are the most often used operation in the audit phase, and they require substantial effort and expense. Additionally, such approaches will not secure users' data privacy. Thus, we proposed a Artificial Bee colony and SHA algorithm for public cloud auditing system for CISC that preserves integrity and confidentiality. Security can be improved by using this proposed strategy, although the associated communication and computational costs are low National cyber security authorities may use CISC as security and privacy for auditing/scoring. A batch audit is used, as well as dynamic process data. In addition, the suggested method protects smart cities from unauthorized TPA. CISC auditing in TPA assessed the proposed system's security and performance to be strong.

telecommunications

Hui Tian,Yuxiang Chen,Hong Jiang,Yongfeng Huang,Fulin Nan,Yonghong Chen

DOI: https://doi.org/10.1109/msec.2018.2875880

IF: 3.105

2019-01-01

IEEE Security & Privacy

Abstract:Cloud storage can provide on-demand outsourcing of data services for organizations and individuals. However, because customers may not fully trust that cloud service providers meet their legal expectations for data security, techniques for auditing the cloud have attracted increasing attention. Here, we present an architecture of public data auditing, review existing methods or mechanisms for various auditing objectives, and discuss trends and possible future developments.

Cong Wang,Kui Ren,Wenjing Lou,Jin Li

DOI: https://doi.org/10.1109/mnet.2010.5510914

IF: 10.294

2010-01-01

IEEE Network

Abstract:Cloud computing is the long dreamed vision of computing as a utility, where data owners can remotely store their data in the cloud to enjoy on-demand high-quality applications and services from a shared pool of configurable computing resources. While data outsourcing relieves the owners of the burden of local data storage and maintenance, it also eliminates their physical control of storage dependability and security, which traditionally has been expected by both enterprises and individuals with high service-level requirements. In order to facilitate rapid deployment of cloud data storage service and regain security assurances with outsourced data dependability, efficient methods that enable on-demand data correctness verification on behalf of cloud data owners have to be designed. In this article we propose that publicly auditable cloud data storage is able to help this nascent cloud economy become fully established. With public auditability, a trusted entity with expertise and capabilities data owners do not possess can be delegated as an external audit party to assess the risk of outsourced data when needed. Such an auditing service not only helps save data owners' computation resources but also provides a transparent yet cost-effective method for data owners to gain trust in the cloud. We describe approaches and system requirements that should be brought into consideration, and outline challenges that need to be resolved for such a publicly auditable secure cloud storage service to become a reality.

Cong Wang,Qian Wang,Kui Ren,Ning Cao,Wenjing Lou

DOI: https://doi.org/10.1109/tsc.2011.24

IF: 11.019

2011-01-01

IEEE Transactions on Services Computing

Abstract:Cloud storage enables users to remotely store their data and enjoy the on-demand high quality cloud applications without the burden of local hardware and software management. Though the benefits are clear, such a service is also relinquishing users' physical possession of their outsourced data, which inevitably poses new security risks toward the correctness of the data in cloud. In order to address this new problem and further achieve a secure and dependable cloud storage service, we propose in this paper a flexible distributed storage integrity auditing mechanism, utilizing the homomorphic token and distributed erasure-coded data. The proposed design allows users to audit the cloud storage with very lightweight communication and computation cost. The auditing result not only ensures strong cloud storage correctness guarantee, but also simultaneously achieves fast data error localization, i.e., the identification of misbehaving server. Considering the cloud data are dynamic in nature, the proposed design further supports secure and efficient dynamic operations on outsourced data, including block modification, deletion, and append. Analysis shows the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks.

C. Dinesh

DOI: https://doi.org/10.48550/arXiv.1111.2418

2011-11-10

Abstract:It is not an easy task to securely maintain all essential data where it has the need in many applications for clients in cloud. To maintain our data in cloud, it may not be fully trustworthy because client doesn't have copy of all stored data. But any authors don't tell us data integrity through its user and CSP level by comparison before and after the data update in cloud. So we have to establish new proposed system for this using our data reading protocol algorithm to check the integrity of data before and after the data insertion in cloud. Here the security of data before and after is checked by client with the help of CSP using our "effective automatic data reading protocol from user as well as cloud level into the cloud" with truthfulness. Also we have proposed the multi-server data comparison algorithm with the calculation of overall data in each update before its outsourced level for server restore access point for future data recovery from cloud data server. Our proposed scheme efficiently checks integrity in efficient manner so that data integrity as well as security can be maintained in all cases by considering drawbacks of existing methods.

Distributed, Parallel, and Cluster Computing

Cong Wang,Qian Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tc.2011.245

2013-01-01

Abstract:Cloud Computing is the long dreamed vision of computing as a utility, where users can remotely store their data into the cloud so as to enjoy the on-demand high quality applications and services from a shared pool of configurable computing resources. By data outsourcing, users can be relieved from the burden of local data storage and maintenance. However, the fact that users no longer have physical possession of the possibly large size of outsourced data makes the data integrity protection in Cloud Computing a very challenging and potentially formidable task, especially for users with constrained computing resources and capabilities. Thus, enabling public auditability for cloud data storage security is of critical importance so that users can resort to an external audit party to check the integrity of outsourced data when needed. To securely introduce an effective third party auditor (TPA), the following two fundamental requirements have to be met: 1) TPA should be able to efficiently audit the cloud data storage without demanding the local copy of data, and introduce no additional on-line burden to the cloud user; 2) The third party auditing process should bring in no new vulnerabilities towards user data privacy. In this paper, we utilize and uniquely combine the public key based homomorphic authenticator with random masking to achieve the privacy-preserving public cloud data auditing system, which meets all above requirements. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multi-user setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis shows the proposed schemes are provably secure and highly efficient.