Yuan Zhang,Chunxiang Xu,Jining Zhao,Xiaojun Zhang,Junwei Wen

DOI: https://doi.org/10.1016/j.jisa.2015.05.001

IF: 4.96

2015-01-01

Journal of Information Security and Applications

Abstract:Cloud storage provides an efficient way for users to work together as a group by sharing data with each other. However, since shared data can be accessed and modified by multiple users and group membership may be changed frequently, this new paradigm poses many challenges for keeping integrity of shared data. Recently, Yuan et al. proposed an efficient integrity checking scheme (IEEE INFOCOM 2014, doi: 10.1109/INFOCOM.2014.6848154) for cloud data sharing with multi-user modification, which had many appealing features. They claimed that the scheme is secure and efficient, and they also provided the formal security proof and the performance evaluation. Regretfully, existing two security flaws in Yuan et al.'s scheme are pointed out in this letter. Specifically, by fooling the third-party auditor (TPA) into trusting that the data is well maintained by the cloud server, an adversary can process the following two deceiving methods. Firstly, the adversary can modify the shared data and tamper with the interaction messages between the cloud server and the TPA, thus invalidating shared data integrity checking. Secondly, an adversary, who records a fraction of the cloud-stored data, can overwrite the vast majority of the shared data by using the recorded data and passing shared data integrity verification. Furthermore, we suggest a solution to the two security flaws while retaining all the desirable features of the original scheme.

Xiong Li,Shanpeng Liu,Rongxing Lu

DOI: https://doi.org/10.1109/tifs.2020.2978592

IF: 7.231

2020-01-01

IEEE Transactions on Information Forensics and Security

Abstract:In this paper, we discuss a security weakness of Shen et al.'s public auditing protocol for cloud data [IEEE Transactions on Information Forensics and Security, 12(10): 2402-2415, 2017.]. Specifically, we point out their protocol is vulnerable to a data privacy breach attack, i.e., an adversary, once he compromises the third-party auditor latently, can also obtain all data owners' outsourced data by constructing appropriate challenges. As a result, it breaks the property of "privacy preserving". We hope that by identifying this design flaw, similar weaknesses can be avoided in future designs.

Hongyu Liu,Leiting Chen,Zahra Davar,Mohammad Ramezanian Pour

2015-01-01

JUCS - Journal of Universal Computer Science

Abstract:Cloud storage has a long string of merits but at the same time, poses many challenges on data integrity and privacy. A cloud data auditing protocol, which enables a cloud server to prove the integrity of stored files to a verifier, is a powerful tool for secure cloud storage. Wang et al. proposed a privacy-preserving public auditing protocol, however, Worku et al. found the protocol is seriously insecure and proposed an improvement to remedy the weakness. In this paper, unfortunately, we demonstrate that the new protocol due to Worku et al. fails to achieve soundness and obtains merely limited privacy. Specifically, we show even deleting all the files of a data owner, a malicious cloud server is able to generate a response to a challenge without being caught by TPA in their enhanced but unrealistic security model. Worse still, the protocol is insecure even in a correct security model. For privacy, a dishonest verifier can tell which file is stored on the cloud. Solutions to efficient public auditing mechanisms with perfect privacy protection are still worth exploring.

Chunxiang Xu,Yuan Zhang,Yong Yu,Xiaojun Zhang,Junwei Wen

DOI: https://doi.org/10.3837/tiis.2014.11.032

2014-01-01

KSII Transactions on Internet and Information Systems

Abstract:Cloud storage provides an easy, cost-effective and reliable way of data management for users without the burden of local data storage and maintenance. Whereas, this new paradigm poses many challenges on integrity and privacy of users' data, since users losing grip on their data after outsourcing the data to the cloud server. In order to address these problems, recently, Worku et al. have proposed an efficient privacy-preserving public auditing scheme for cloud storage. However, in this paper, we point out the security flaw existing in the scheme. An adversary, who is on-line and active, is capable of modifying the outsourced data arbitrarily and avoiding the detection by exploiting the security flaw. To fix this security flaw, we further propose a secure and efficient privacy-preserving public auditing scheme, which makes up the security flaw of Worku et al.'s scheme while retaining all the features. Finally, we give a formal security proof and the performance analysis, they show the proposed scheme has much more advantages over the Worku et al.'s scheme.

Solomon Guadie Worku,Chunxiang Xu,Jining Zhao,Xiaohu He

DOI: https://doi.org/10.1016/j.compeleceng.2013.10.004

2014-01-01

Abstract:Cloud computing poses many challenges on integrity and privacy of users' data though it brings an easy, cost-effective and reliable way of data management. Hence, secure and efficient methods are needed to ensure integrity and privacy of data stored at the cloud. Wang et al. proposed a privacy-preserving public auditing protocol in 2010 but it is seriously insecure. Their scheme is vulnerable to attacks from malicious cloud server and outside attackers regarding to storage correctness. So they proposed a scheme in 2011 with an improved security guarantee but it is not efficient. Thus, in this paper, we proposed a scheme which is secure and with better efficiency. It is a public auditing scheme with third party auditor (TPA), who performs data auditing on behalf of user(s). With detail security analysis, our scheme is proved secure in the random oracle model and our performance analysis shows the scheme is efficient.

Yang Zhen,Wang Wenyu,Huang Yongfeng,Li Xing

DOI: https://doi.org/10.1049/cje.2018.02.017

IF: 1.019

2019-01-01

Chinese Journal of Electronics

Abstract:Cloud data confidentiality need to be audited for the data owner’s concern. Confidentiality auditing is usually based on logging schemes, whereas cloud data dynamics and sharing group dynamics result in massive logs, which makes confidentiality auditing a formidable task for user with limited resources. So we propose a public auditing scheme for data confidentiality,in which user resorts to a Third-party auditor（TPA）for auditing. Our scheme design a special log called attestation in which hash user pseudonym is used to preserve user privacy. Attestation-based data access identifying is presented in our scheme which brings no new vulnerabilities toward data confidentiality and no extra online burden for user. We further support accountability of responsible user for data leakage based on user pseudonym. Extensive security and performance analysis compare our scheme with existing auditing schemes.Results indicate that the proposed scheme is provably secure and highly efficient.

Chunxiang Xu,Xiaohu He,Daniel Abraha-Weldemariam

DOI: https://doi.org/10.1007/978-3-642-34041-3_59

2012-01-01

Abstract:Cloud Computing as the on-demand and remote provision of computational resources has been eagerly waited for a long time as a computing utility. It helps users to store their data in the cloud and enjoy the high quality service. However, users do not have physical possession on their own data, hence it is indispensable to create mechanisms on how to protect the security of the data stored. Thus, some auditing protocols are introduced to ensure authenticity and integrity of the outsourced data. Wang et al. proposed a public auditing protocol in 2010 and argued that it can resist against various known attacks. However, serious security flaws are found by analyzing their protocol. The above analysis shows that the public auditing protocol proposed by Wang et al. can not resist against existential forgery using a known message attack. Moreover, the protocol is vulnerable to attacks by a malicious cloud server and an outside attacker through four specific attacking schemes. The results show that the protocol can not provide secure data storage for users.

Hui Tian,Yuxiang Chen,Chin-Chen Chang,Hong Jiang,Yongfeng Huang,Yonghong Chen,Jin Liu

DOI: https://doi.org/10.1109/tsc.2015.2512589

IF: 11.019

2017-01-01

IEEE Transactions on Services Computing

Abstract:Cloud storage is an increasingly popular application of cloud computing, which can provide on-demand outsourcing data services for both organizations and individuals. However, users may not fully trust the cloud service providers (CSPs) in that it is difficult to determine whether the CSPs meet their legal expectations for data security. Therefore, it is critical to develop efficient auditing techniques to strengthen data owners’ trust and confidence in cloud storage. In this paper, we present a novel public auditing scheme for secure cloud storage based on dynamic hash table (DHT), which is a new two-dimensional data structure located at a third parity auditor (TPA) to record the data property information for dynamic auditing. Differing from the existing works, the proposed scheme migrates the authorized information from the CSP to the TPA, and thereby significantly reduces the computational cost and communication overhead. Meanwhile, exploiting the structural advantages of the DHT, our scheme can also achieve higher updating efficiency than the state-of-the-art schemes. In addition, we extend our scheme to support privacy preservation by combining the homomorphic authenticator based on the public key with the random masking generated by the TPA, and achieve batch auditing by employing the aggregate BLS signature technique. We formally prove the security of the proposed scheme, and evaluate the auditing performance by detailed experiments and comparisons with the existing ones. The results demonstrate that the proposed scheme can effectively achieve secure auditing for cloud storage, and outperforms the previous schemes in computation complexity, storage costs and communication overhead.

Jianghua Liu,Jingyu Hou,Wenjie Yang,Yang Xiang,Wanlei Zhou,Wei Wu,Xinyi Huang

DOI: https://doi.org/10.1109/tc.2020.3006835

IF: 3.183

2021-07-01

IEEE Transactions on Computers

Abstract:With the increasing development of cloud computing, a number of users choose to outsource their data to a remote database service provider and enjoy flexible data sharing with multiple parties. However, the integrity and confidentiality of outsourced data in a remote cloud server are the main threats users are concerned about. The tree structure is one of the most widely used data organization structures. It is crucial to guarantee the integrity and privacy not only for the content but also for the structure if sensitive information is organized in this structure. At present, despite some solutions have been put forward, none of these considers the additional redaction attack on tree-structured data from attackers while sharing data with others. In this article, we provide a construction of secure redactable signature scheme for tree-structured data which features a multi-party control on the redaction of vertexes in a tree while the authenticity and privacy are assured. Then, we prove that our scheme is unforgeable, private, and transparent. Furthermore, extensive theoretical and experimental analyses are conducted to assess the efficiency of our scheme. The results demonstrate our scheme achieves multi-party redaction control without sacrificing sensible resources especially when a tree has a larger number of vertexes and siblings per vertex.

engineering, electrical & electronic,computer science, hardware & architecture

Tao Wang,Bo Yang,Hongyu Liu,Yong Yu,Guoyong Qiu,Zhe Xia

DOI: https://doi.org/10.1007/s00500-018-3155-4

IF: 3.732

2018-01-01

Soft Computing

Abstract:Public cloud data auditing allows a user to delegate an auditing job to a third party who is responsible for verifying whether a cloud server has faithfully stored a file or not. Proof of retrievability (PoR) is a widely used protocol for this kind of job. To the best of our knowledge, in the publicly verifiable setting with supporting data dynamics, all known PoR schemes are either rely on the random oracles or are built in the standard model but require nonstandard assumptions. In this paper, we present a scheme which explores the linear homomorphic signature and the sequence Merkle hash tree to construct the homomorphic linear authenticator for the PoR. The security of our proposed scheme can be proved in the standard model, assuming the hash function is collision resilient and the computational Diffie–Hellman assumption holds. The scheme also supports data modification, data insertion and data deletion. Furthermore, our technique can also be regarded as a novel paradigm by combining the homomorphic signature and authenticated data structure (with certain properties) to construct the homomorphic linear authenticator for the PoR protocols.

Yong Yu,Yannan Li,Jianbing Ni,Guomin Yang,Yi Mu,Willy Susilo

DOI: https://doi.org/10.1109/tifs.2015.2501728

IF: 7.231

2016-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Recently, a practical public integrity auditing scheme supporting multiuser data modification (IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, DOI 10.1109/TIFS.2015.2423264) was proposed. Although the protocol was claimed secure, in this paper, we show that the proposal fails to achieve soundness, the most essential property that an auditing scheme should provide. Specifically, we show that a cloud server can collude with a revoked user to deceive a third-party auditor (TPA) that a stored file keeps virgin even when the entire file has been deleted.

Xiaojun Zhang,Chunxiang Xu

DOI: https://doi.org/10.1109/CSE.2014.334

2014-01-01

Abstract:In this paper, we propose a post-quantum secure cloud storage system supporting privacy-preserving public auditing scheme from lattice assumption. In our public auditing scheme, we introduce a third party auditor (TPA), which can efficiently audit the cloud storage data, bringing no additional on-line burden to the users. We utilize preimage sample able functions to realize our lattice-based signature, thus can be considered as random masking to make sure the TPA can not recover the primitive data blocks of the users. Based on the inhomogeneous small integer solution assumption (ISIS), our public auditing scheme is proved secure against the data lost attacks and tamper attacks from the cloud service providers. To the best of our knowledge, we construct the first identity-based public auditing for secure cloud storage from lattice assumption, which is an interesting stepping stone in the post-quantum cryptographic communication.

Xiuguang Li,Ruifeng Li,Xu An Wang,Ke Niu,Hui Li,Xiaoyuan Yang

DOI: https://doi.org/10.1155/2022/7302767

IF: 1.968

2022-09-01

Security and Communication Networks

Abstract:Cloud storage technology is evolving at a high speed; effectively auditing the cloud data's integrity has become a focal point. Recently, Ming and Shi proposed a certificateless integrity auditing scheme with a privacy protection function. The scheme used the certificateless cryptosystem to solve the certificate management problem of the auditing schemes based on public key infrastructure and the key escrow problem of the identity-based auditing schemes. Although their scheme is novel and efficient, we found that their scheme was not secure and could not achieve integrity auditing of cloud data. The malicious cloud server can generate the proof through the blocks and tags sent by the user. On the basis of the original scheme, we propose an improved auditing scheme; our new scheme is more secure and effective. In addition, for the problem of idle tags in the existing cloud data integrity auditing scheme, we propose the idea of intermediate tags and we applied the idea to the improved scheme to improve audit efficiency.

computer science, information systems,telecommunications

Yiteng Feng,Yi Mu,Guomin Yang,Joseph K. Liu

DOI: https://doi.org/10.1007/978-3-319-19962-7_22

2015-01-01

Abstract:With a cloud storage, users can store their data files on a remote cloud server with a high quality on-demand cloud service and are able to share their data with other users. Since cloud servers are not usually regarded as fully trusted and the cloud data can be shared amongst users, the integrity checking of the remote files has become an important issue. A number of remote data integrity checking protocols have been proposed in the literature to allow public auditing of cloud data by a third party auditor (TPA). However, user privacy is not taken into account in most of the existing protocols. We believe that preserving the anonymity (i.e., identity privacy) of the data owner is also very importa nt in many applications. In this paper, we propose a new remote integrity checking scheme which allows the cloud server to protect the identity information of the data owner against the TPA. We also define a formal security model to capture the requirement of user anonymity, and prove the anonymity as well as the soundness of the proposed scheme.

Yubo Zhao,Jinyong Chang

DOI: https://doi.org/10.1016/j.comnet.2022.109270

IF: 5.493

2022-10-24

Computer Networks

Abstract:In recent years, cloud storage has become an attractive service for data owners to store their personal data. Since they lose physical control of their data, it is necessary to regularly audit its integrity. The public auditing technique is very popular because it is suitable to outsource the auditing task to any third-party auditor, who has professional knowledge on auditing. However in many practical scenarios, the data owner may expect some designated verifier (instead of any) to audit its data. Thus, the public auditing scheme with designated verifier was proposed. In order to further reduce the cost of managing certificates, and to avoid the dependence on public key infrastructure, identity-based auditing scheme with designated verifier was recently proposed. Nevertheless, the proposed identity-based auditing scheme still suffers from the key escrow attack the risk of privacy leakage. In this paper, for the first time, we propose a certificateless public auditing protocol with designated verifier privacy-preserving property. More concretely, it can not only protect the privacy of the stored data against the designated verifier, but also resolve key escrow problem existed in identity-based technique. Its security is based on the Computational Diffie–Hellman and Weil Diffie–Hellman assumptions. Finally, the performance analysis experimental results of the proposed protocol show that our auditing scheme is efficient feasible to applications in real life.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Jianhong Zhang,Hongxin Meng,Yong Yu

DOI: https://doi.org/10.1007/s10586-017-0804-9

2017-01-01

Cluster Computing

Abstract:As an important cloud service, cloud storage can provide flexible data outsourcing services for data users. After the data are outsourced to the cloud, data user no longer physical controls over the stored data. To ensure these data to be kept intact at the cloud servers, many different solutions have been proposed. Whereas most of existing solutions can only deal with static data. To support dynamic data, some schemes solve it by adopting authenticated data structure. To the best of our knowledge, these schemes may exist the following flaws: (1) they bring heavy communication/computation burdens to the auditor; (2) they exist some security attack; (3) they are only proven to be secure in the random orale model; (4) data may be leaked in the auditing. Motivated by the above problems, we propose two novel public auditing schemes by introducing rb23Tree data structure. They can not only achieve public verification, but also support dynamics data updating. Furthermore, our second scheme also supports data privacy. As for the auditor, to reduce its computational cost and communication cost, our scheme migrates the partial auditing metadata from the cloud server to the auditor, it makes that communication overhead between the auditor and cloud server is constant. Finally, we show that our schemes are proven to be secure in the standard model, and evaluate the auditing performance by simulation experiment and comparison with Wang et al.’s scheme. The results demonstrate that our schemes outperforms Wang et al.’s scheme in terms of computation costs and communication overhead.

Cong Wang,Qian Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tc.2011.245

2013-01-01

Abstract:Cloud Computing is the long dreamed vision of computing as a utility, where users can remotely store their data into the cloud so as to enjoy the on-demand high quality applications and services from a shared pool of configurable computing resources. By data outsourcing, users can be relieved from the burden of local data storage and maintenance. However, the fact that users no longer have physical possession of the possibly large size of outsourced data makes the data integrity protection in Cloud Computing a very challenging and potentially formidable task, especially for users with constrained computing resources and capabilities. Thus, enabling public auditability for cloud data storage security is of critical importance so that users can resort to an external audit party to check the integrity of outsourced data when needed. To securely introduce an effective third party auditor (TPA), the following two fundamental requirements have to be met: 1) TPA should be able to efficiently audit the cloud data storage without demanding the local copy of data, and introduce no additional on-line burden to the cloud user; 2) The third party auditing process should bring in no new vulnerabilities towards user data privacy. In this paper, we utilize and uniquely combine the public key based homomorphic authenticator with random masking to achieve the privacy-preserving public cloud data auditing system, which meets all above requirements. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multi-user setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis shows the proposed schemes are provably secure and highly efficient.

Faen Zhang,Xinyu Fan,Pengcheng Zhou,Wenfeng Zhou

DOI: https://doi.org/10.48550/arXiv.1912.02089

2019-12-01

Cryptography and Security

Abstract:Data security and privacy is an important but challenging problem in cloud computing. One of the security concerns from cloud users is how to efficiently verify the integrity of their data stored on the cloud server. Third Party Auditing (TPA) is a new technique proposed in recent years to achieve this goal. In a recent paper (IEEE Transactions on Computers 62(2): 362-375 (2013)), Wang et al. proposed a highly efficient and scalable TPA protocol and also a Zero Knowledge Public Auditing protocol which can prevent offline guessing attacks. However, in this paper, we point out several security weaknesses in Wang et al's protocols: first, we show that an attacker can arbitrarily modify the cloud data without being detected by the auditor in the integrity checking process, and the attacker can achieve this goal even without knowing the content of the cloud data or any verification metadata maintained by the cloud server; secondly, we show that the Zero Knowledge Public Auditing protocol cannot achieve its design goal, that is to prevent offline guessing attacks.

Ying Miao,Yapeng Miao,Xuexue Miao

DOI: https://doi.org/10.1007/s10619-024-07446-4

IF: 0.974

2024-11-09

Distributed and Parallel Databases

Abstract:To improve the data security and integrity of the outsourced data, storing multiple copies of data on multiple cloud servers is a good way. Many public Provable Data Possession (PDP) schemes in multiple cloud servers have been proposed in recent years. However, in some scenarios, the Data Owner (DO) may not want anyone (e.g. a stranger) to check the integrity of their data. Nevertheless, few schemes consider the fault's location function when the data auditing fails. Another problem is that anyone can make a challenge for the Cloud Server (CS) in the PDP schemes. Some access control strategies are necessary to reduce the waste of computation power resources of the CS. To solve these problems, we propose a certificateless and designed-verifier auditing scheme in multi-cloud storage environments. In our scheme, we utilize certificateless signature combined with a delegation key to achieve designed-verifier auditing. We design a secret Merkle Hash Tree (MHT) to locate the faults of CSs and data blocks. We utilize Zero-Knowledge Proof (ZKP) to achieve access control. Theoretical and experimental evaluation show that the proposed scheme is efficient and practical.

computer science, information systems, theory & methods

Henan Institute of Technology,Xu Chunxiang,Zhang Yuan,Chen Kefei

DOI: https://doi.org/10.1007/s10207-020-00486-8

2020-01-01

International Journal of Information Security

Abstract:Cloud storage services allow users to outsource their data to remote cloud servers to relieve from the burden of local data storage and maintenance. Despite the benefits, data outsourcing has also made the data integrity protection in cloud storage a very challenging issue. Plenty of public auditing schemes have been proposed, which allow a third-party auditor to check the data integrity on behalf of users. However, most of these schemes are constructed on homomorphic authenticators, which require strong computation capability on the user side and incur high storage overhead. In this paper, a novel public data integrity auditing scheme is proposed from indistinguishability obfuscation. In our scheme, each user processes the entire data to be outsourced by using only symmetric key primitives, and the server only needs to store the outsourced data. In comparison with existing works, the proposed scheme frees users from the heavy burden on calculating the authenticators and reduces the storage overhead significantly. Moreover, we show the security of the proposed scheme with rigorous proofs. Finally, the performance analysis and comparison with existing works demonstrate the proposed scheme achieves better performance in terms of data processing cost on the user side and storage overhead.