Abstract
To ensure the creditability of audit for operation behaviors in cloud storage scenarios, it is indispensable to verify the integrity of log files prior to forensic analysis. Thus, in this paper, we mainly focus on how to achieve effective public audits for operation behavior logs. To achieve this goal, we first propose a new block-based logging method to satisfy all necessary requirements for security and performance, i.e., tamper resistance of log files, non-repudiation of behaviors and selective verification of log blocks. Next, we give a privacy-preserving public auditing method for a single log block, which can support an unlimited number of effective auditing operations. Further, we present a binary auditing tree-based public auditing method, which can achieve error locating while supporting selective verification for multiple log blocks. The security of the proposed scheme is formally proven. Moreover, its performance for verification is evaluated by comprehensive experiments and comparisons with existing schemes. The experimental results demonstrate that our scheme can efficiently achieve public verification for operation behavior logs in the cloud storage scenario and outperforms the existing ones in computation and communication costs.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Accorsi R (2009) Safe-keeping digital evidence with secure logging protocols: state of the art and challenges. In: Proceedings of the 5th IEEE international conference on IT security incident management and IT forensic, pp 94–110
Ateniese G, Burns R, Curtmola R, Herring J, Kissner L, Peterson Z, Song D (2007) Provable data possession at untrusted stores. In: Proceedings of the 14th ACM conference on computer and communications security, pp 598–609
Barsoum A, Hasan A (2013) Enabling dynamic data and indirect mutual trust for cloud computing storage systems. IEEE Trans Parallel Distrib Syst 24(12):2375–2385
Bellare M, Yee B (1997) Forward integrity for secure audit logs. Computer science and engineering department technical report
Birk D, Wegener C (2011) Technical issues of forensic investigations in cloud computing environments. In: Proceedings of the 6th IEEE international workshop on systematic approaches to digital forensic engineering, pp 1–10
Boneh D, Lynn B, Shacham H (2001) Short signatures from the weil pairing. In: Proceedings of the 7th international conference on the theory and application of cryptology and information security (ASIACRYPT), pp 514–532
Brindha T, Shaji RS (2016) A secure transaction of cloud data using conditional source trust attributes encryption mechanism. Soft Comput. https://doi.org/10.1007/s00500-016-2405-6
Chen L, Qiu L, Li K, Shi W, Zhang N (2017) DMRS: an efficient dynamic multi-keyword ranked search over encrypted cloud data. Soft Comput 21(16):4829–4841
Corey V, Peterman C, Shearin S, Greenberg MS, Bokkele JV (2012) Network forensics analysis. IEEE Internet Comput 6(6):60–66
Dewan H, Hansdah RC (2011) A survey of cloud storage facilities. In: Proceedings of the 7th IEEE world congress on services, pp 224–231
Dixon PD (2005) An overview of computer forensics. IEEE Potentials 24(5):7–10
Fu Z, Huang F, Ren K, Wen J, Wang C (2017a) Privacy-preserving smart semantic search based on conceptual graphs over encrypted outsourced data. IEEE Trans Inf Forensics Secur 12(8):1874–1884
Fu Z, Wu X, Wang Q, Ren K (2017b) Enabling central keyword-based semantic extension search over encrypted outsourced data. IEEE Trans Inf Forensics Secur 12(12):2986–2997
Halevi S, Harnik D, Pinkas B, Peleg AS (2011) Proofs of ownership in remote storage systems. In: Proceedings of the 18th ACM conference on computer and communications security, pp 491–500
Holt JE (2006) Logcrypt: forward security and public verification for secure audit logs. In: Proceedings of the 4th Australasian workshops on grid computing and E-research, pp 203–211
Huang Z, Liu S, Mao X, Chen K, Li J (2017) Insight of the protection for data security under selective opening attacks. Inf Sci 412–413:223–241
Juels A, Kaliski BS (2007) PoRs: proofs of retrievability for large files. In: Proceedings of the 14th ACM conference on computer and communications security, pp 584–597
Kim D, Kwon H, Hahn C, Hur J (2016) Privacy-preserving public auditing for educational multimedia data in cloud computing. Multimed Tools Appl 75(21):13077–13091
Kolhar M, Abu-Alhaj MM, El-atty SMA (2017) Cloud data auditing techniques with a focus on privacy and security. IEEE Secur Priv 15(1):42–51
Kwon H, Hahn C, Kim D, Hur J (2017) Secure deduplication for multimedia data with user revocation in cloud storage. Multimed Tools Appl 76(4):5889–5903
Lan Z, Varadharajan V, Hitchens M (2015) Trust enhanced cryptographic role-based access control for secure cloud data storage. IEEE Trans Inf Forensics Secur 10(11):2381–2395
Li J, Chen X, Li J, Jia C, Ma J, Lou W (2013) Fine-grained access control system based on outsourced attribute-based encryption. In: Proceedings of the 18th European symposium on computer security (ESORICS 2013), pp 592–609
Li J, Chen X, Li M, Li J, Lee PPC, Lou W (2014a) Secure deduplication with efficient and reliable convergent key management. IEEE Trans Parallel Distrib Syst 25(6):1615–1625
Li J, Huang X, L J, Chen X, Xiang Y (2014b) Securely outsourcing attribute-based encryption with checkability. IEEE Trans Parallel Distrib Syst 25(8):2201–2210
Li J, Tan X, Chen X, Wong DS, Xhafa F (2015) OPoR: enabling proof of retrievability in cloud computing with resource-constrained devices. IEEE Trans Cloud Comput 3(2):195–205
Li X, Li J, Huang F (2016) A secure cloud storage system supporting privacy-preserving fuzzy deduplication. Soft Comput 20(4):1437–1448
Li P, Li J, Huang Z, Li T, Gao C, Yiu S, Chen K (2017a) Multi-key privacy-preserving deep learning in cloud computing. Future Gener Comput Syst 74:76–85
Li P, Li J, Huang Z, Gao C, Chen W, Chen K (2017b) Privacy-preserving outsourced classification in cloud computing. Clust Comput. https://doi.org/10.1007/s10586-017-0849-9
Li J, Zhang Y, Chen X, Xiang Y (2018) Secure attribute-based data sharing for resource-limited users in cloud computing. Comput Secur 2018(72):1–2
Liu C, Ranjian R, Zhang X, Yang C, Georgakopoulos D, Chen J (2013) Public auditing for big data storage in cloud computing—a survey. In: Proceedings 16th IEEE international conference on computational science and engineering (CSE), pp 1128–1135
Liu J, Huang K, Rong H, Wang H, Xian M (2015) Privacy-preserving public auditing for regenerating-code-based cloud storage. IEEE Trans Inf Forensic Secur 10(7):1513–1528
Ma D, Tsudik G (2009) A new approach to secure logging. ACM Trans Storage 5(1):1–21
Mao J, Zhang Y, Li P, Li T, Wu Q, Liu J (2017) A position-aware Merkle tree for dynamic cloud data integrity verification. Soft Comput 21(8):2151–2164
Martini B, Choo KKR (2012) An integrated conceptual digital forensic framework for cloud computing. Digit Investig 9(2):71–80
Mell P, Grance T (2009) The NIST definition of cloud computing. National institute of standards and technology technique report
Neuner S, Mulazzni M, Schrittwieser S, Weippl E (2015) Gradually improving the forensic process. In: Proceedings of the 10th IEEE international conference on availability, reliability and security, pp 404–410
Ren K, Wang C, Wang Q (2012) Security challenges for the public cloud. IEEE Internet Comput 16(1):69–73
Schneier B, Kelsey J (1999) Secure audit logs to support computer forensics. ACM Trans Inf Syst Secur 2(2):159–176
Shacham H, Waters B (2008) Compact proofs of retrievability. In: Proceedings of the 14th international conference on theory and application of cryptology and information security: advances in cryptology, pp 90–107
Shen J, Liu D, Shen J, Liu Q, Sun X (2017a) A secure cloud-assisted urban data sharing framework for ubiquitous-cities. Pervasive Mob Comput. https://doi.org/10.1016/j.pmcj.2017.03.013
Shen J, Zhou T, He D, Zhang Y, Sun X, Xiang Y (2017b) Block design-based key agreement for group data sharing in cloud computing. IEEE Trans Dependable Secure Comput. https://doi.org/10.1109/TDSC.2017.2725953
Shin Y, Koo D, Hur J, Yun J (2017) Secure proof of storage with deduplication for cloud storage systems. Multimed Tools Appl 76(19):19363–19378
Sookhak M, Talebain H, Ahmed E, Gani A, Khan MK (2014) A review on remote data auditing in single cloud server: taxonomy and open issues. J Netw Comput Appl 43:121–141
Sookhak M, Gani A, Talebain H, Akhunzada A, Khan S, Buyya R, Zomaya A (2015) Remote data auditing in cloud computing environments: a survey, taxonomy, and open issues. ACM Comput Surv 47(65):1–34
Stathopoulos V, Kotzanikolaou P, Magkos E (2006) A framework for secure and verifiable logging in public communication networks. In: Proceedings of 1st international workshop on critical information infrastructures security, pp 273–284
Tian H, Chen Y, Chang CC, Jiang H, Huang Y, Chen YH, Liu J (2017a) Dynamic-hash-table based public auditing for secure cloud storage. IEEE Trans Serv Comput 10(5):701–714
Tian H, Chen Z, Chang CC, Kuribayashi M, Huang Y, Cai Y, Chen Y, Wang T (2017b) Enabling public auditability for operation behaviors in cloud storage. Soft Comput 21(8):2175–2187
Wang C, Ren K, Lou W, Li J (2010a) Toward publicly auditable secure cloud data storage services. IEEE Netw 24(4):9–24
Wang G, Liu Q, Wu J (2010b) A hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In: Proceedings of the 17th ACM conference on computer and communications security, pp 735–737
Wang Q, Wang C, Ren K, Lou W, Li J (2011) Enabling public auditability and data dynamics for storage security in cloud computing. IEEE Trans Parallel Distrib Syst 22(5):847–859
Wang C, Chow SM, Wang Q, Ren K, Lou W (2013) Privacy-preserving public auditing for secure cloud storage. IEEE Trans Comput 62(2):362–375
Wang B, Li B, Li H (2015) Panda: public auditing for shared data with efficient user revocation in the cloud. IEEE Trans Serv Comput 8(1):92–106
Xia Z, Wang X, Zhang L, Zhan Qin, Sun X, Ren K (2016) A privacy-preserving and copy-deterrence content- based image retrieval scheme in cloud computing. IEEE Trans Inf Forensics Secur 11(11):2594–2608
Xu J, Chang EC (2012) Towards efficient proofs of retrievability. In: Proceedings of the 7th ACM symposium on information, computer and communications security, pp 79–80
Yahya F, Chang V, Walters R J, Wills GB (2014) Security challenges in cloud storages. In: Proceedings of the 6th IEEE international conference on cloud computing technology and science, pp 1051–1056
Yan Z, Ding W, Yu X, Zhu H, Deng RH (2016) Deduplication on encrypted big data in cloud. IEEE Trans Big Data 2(2):138–150
Yang K, Jia X (2013) An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE Trans Parallel Distrib Syst 24(9):1717–1726
Yang K, Jia X, Ren K, Zhang B (2013) DAC-MACS: effective data access control for multiauthority cloud storage systems. IEEE Trans Inf Forensics Secur 8(11):1790–1801
Yavuz AA, Ning P, Reiter MK (2012) Efficient, compromise resilient and append-only cryptographic schemes for secure audit logging. In: Proceedings of the 16th international conference on financial cryptography and data security, pp 148–163
Yuan J, Yu S (2013) Proofs of retrievability with public verifiability and constant communication cost in cloud. In: Proceedings of the 1st ACM international workshop on security in cloud computing, pp 19–26
Zawawi N, Hamdy M, Ghary R, Tolba MF (2016) Realization of a data traceability and recovery service for a trusted authority service co-ordination within a cloud environment. Soft Comput 20(12):5039–5050
Zawoad S, Dutta A K, Hasan R (2013) SecLaaS: secure logging-as-a-service for cloud forensics. In: Proceedings of the 8th ACM SIGSAC symposium on information, computer and communications security, pp 219–230
Zawoad S, Hasan R, Skjellum A (2015) OCF: an open cloud forensics model for reliable digital forensics. In: Proceedings of the 8th IEEE international conference on cloud computing, pp 437–444
Zhu Y, Ahn G-J, Hu H, Yau SS, An HG, Hu C-J (2013) Dynamic audit services for outsourced storage in clouds. IEEE Trans Serv Comput 6(2):227–238
Acknowledgements
This work was supported in part by National Natural Science Foundation of China under Grant Nos. U1405254 and U1536115, Natural Science Foundation of Fujian Province of China under Grant No. 11181067, Program for New Century Excellent Talents in Fujian Province University under Grant No. MJK2016-23, Program for Outstanding Youth Scientific and Technological Talents in Fujian Province University under Grant No. MJK2015-54, Opening Project of Shanghai Key Laboratory of Integrated Administration Technologies for Information Security under Grant No. AGK201710, Research Project for Young Teachers in Fujian Province (Program for High-Education Informationization) under Grant No. JAT170055, Promotion Program for Young and Middle-aged Teacher in Science and Technology Research of Huaqiao University under Grant No. ZQN-PY115 and Program for Science and Technology Innovation Teams and Leading Talents of Huaqiao University under Grant No. 2014KJTD13.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
All authors declare that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Communicated by V. Loia.
Rights and permissions
About this article
Cite this article
Tian, H., Chen, Z., Chang, CC. et al. Public audit for operation behavior logs with error locating in cloud storage. Soft Comput 23, 3779–3792 (2019). https://doi.org/10.1007/s00500-018-3038-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-018-3038-8