Skip to main content
SpringerLink
Log in

Privacy-Preserving Certificateless Cloud Auditing with Multiple Users

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Cloud auditing is one of the important processes to ensure the security and integrity of data in cloud storage. Implementing cloud auditing requires various cryptographic tools such as identity-based cryptography and its variant: certificateless cryptography which solves the inherent key escrow problem in identity-based cryptography. Applying certificateless cryptography to cloud auditing has shown many merits. However, in a multi-user setting, certificateless cloud auditing (CLCA) schemes require additional security requirements. For instance, the identity privacy becomes an important issue that should be taken into consideration in some applications. In this paper, we concentrate on the identity privacy of CLCA schemes. We define the security models of privacy-preserving CLCA schemes, namely the uncheatability and anonymity and propose an efficient CLCA scheme, which is secure in the security models. As a feature of our scheme, the tag of a message is compact, which consists of only one group element. The uncheatability is based on variants of bilinear Diffie–Hellman assumption in the random oracle model. The identity privacy of the user is information-theoretically guaranteed against the third party auditor.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

Notes

  1. In practice, the challenge is normally composed of a set of indexes (which is a subset of \([1, \dots , i_\mathsf{max}]\)) selected by \({\mathcal {A}}\). For simplicity, we assume that \({\mathcal {A}}\) chooses only one index and one message.

References

  1. Al-Riyami, S. S., & Paterson, K. G. (2003). Certificateless public key cryptography. In Advances in cryptology-ASIACRYPT 2003 (pp. 452–473). Springer.

  2. Ateniese, G., Burns, R. C., Curtmola, R., Herring, J., Kissner, L., Peterson, Z. N. J., & Song, D. X. (2007). Provable data possession at untrusted stores. In ACM conference on computer and communications security-CCS 2007 (pp. 598–609). ACM.

  3. Ateniese, G., Kamara, S., & Katz, J. (2009). Proofs of storage from homomorphic identification protocols. In Advances in cryptology-ASIACRYPT 2009 (pp. 319–333). Springer.

  4. Bao, F., Deng, R. H., & Zhu, H. (2003). Variations of Diffie–Hellman problem. In International conference on information and communications security-ICICS 2003 (pp. 301–312). Springer.

  5. Feng, Y., Mu, Y., Yang, G., & Liu, J. K. (2015). A new public remote integrity checking scheme with user privacy. In: Australasian conference on information security and privacy-ACISP 2015 (pp. 377–394). Springer.

  6. Gu, K., Wang, L., Wu, N., & Liao, N. (2018). Traceable certificateless ring signature scheme for no full anonymous applications. International Journal of Network Security, 20(4), 762–773.

    Google Scholar 

  7. He, D., Kumar, N., Wang, H., Wang, L., & Choo, K. R. (2017). Privacy-preserving certificateless provable data possession scheme for big data storage on cloud. Applied Mathematics and Computation, 314, 31–43.

    Article  MathSciNet  Google Scholar 

  8. He, D., Kumar, N., Zeadally, S., & Wang, H. (2018). Certificateless provable data possession scheme for cloud-based smart grid data management systems. IEEE Transactions on Industrial Informatics, 14(3), 1232–1241.

    Article  Google Scholar 

  9. He, D., Zeadally, S., & Wu, L. (2018). Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Systems Journal, 12(1), 64–73.

    Article  Google Scholar 

  10. Huang, L., Zhang, G., & Fu, A. (2017). Certificateless public verification scheme with privacy-preserving and message recovery for dynamic group. In Australasian computer science week-ACSW 2017 (pp. 76:1–76:6). ACM.

  11. Huang, L., Zhang, G., & Fu, A. (2018). Privacy-preserving public auditing for non-manager group shared data. Wireless Personal Communications, 100(4), 1277–1294.

    Article  Google Scholar 

  12. Huang, L., Zhou, J., Zhang, G., Sun, J., Wang, T., & Vajdi, A. (2018). Certificateless public verification for the outsourced data integrity in cloud storage. Journal of Circuits, Systems, and Computers, 27(11), 1–17.

    Article  Google Scholar 

  13. Huang, X., Mu, Y., Susilo, W., Wong, D. S., & Wu, W. (2007). Certificateless signature revisited. In Australasian conference on information security and privacy-ACISP 2007 (pp. 308–322). Springer.

  14. Juels, A., & Kaliski, B. S., Jr. (2007). PORs: Proofs of retrievability for large files. In ACM conference on computer and communications security-CCS 2007 (pp. 584–597). ACM.

  15. Kang, B., Wang, J., & Shao, D. (2017). Certificateless public auditing with privacy preserving for cloud-assisted wireless body area networks. Mobile Information Systems, 2017, 2925465:1–2925465:5.

    Article  Google Scholar 

  16. Kim, D., & Jeong, I. R. (2017). Certificateless public auditing protocol with constant verification time. Security and Communication Networks, 2017, 6758618:1–6758618:14.

    Google Scholar 

  17. Loheswaran, K., & Premalatha, J. (2016). Renaissance system model improving security and third party auditing in cloud computing. Wireless Personal Communications, 90(2), 1051–1066.

    Article  Google Scholar 

  18. Rawal, B. S., Vijayakumar, V., Manogaran, G., Varatharajan, R., & Chilamkurti, N. (2018). Secure disintegration protocol for privacy preserving cloud storage. Wireless Personal Communications, 103(2), 1161–1177.

    Article  Google Scholar 

  19. Tian, H., Nan, F., Chang, C., Huang, Y., Lu, J., & Du, Y. (2019). Privacy-preserving public auditing for secure data storage in fog-to-cloud computing. Journal of Network and Computer Applications, 127, 59–69.

    Article  Google Scholar 

  20. Wang, B., Li, B., & Li, H. (2012). Knox: Privacy-preserving auditing for shared data with large groups in the cloud. In International conference on applied cryptography and network security-ACNS 2012 (pp. 507–525). Springer.

  21. Wang, B., Li, B., & Li, H. (2014). Oruta: Privacy-preserving public auditing for shared data in the cloud. IEEE Transactions on Cloud Computing, 2(1), 43–56.

    Article  MathSciNet  Google Scholar 

  22. Wang, B., Li, B., Li, H., & Li, F. (2013). Certificateless public auditing for data integrity in the cloud. In IEEE conference on communications and network security-CNS 2013 (pp. 136–144). IEEE.

  23. Wang, B., Li, H., & Li, M. (2013). Privacy-preserving public auditing for shared cloud data supporting group dynamics. In IEEE international conference on communications-ICC 2013 (pp. 1946–1950). IEEE.

  24. Wang, C., Wang, Q., Ren, K., & Lou, W. (2010). Privacy-preserving public auditing for data storage security in cloud computing. In IEEE international conference on computer communications-INFOCOM 2010 (pp. 525–533). IEEE.

  25. Waters, B. (2005). Efficient identity-based encryption without random oracles. In Advances in cryptology - EUROCRYPT, 2005 (pp. 114–127).

  26. Wu, G., Mu, Y., Susilo, W., & Guo, F. (2016). Privacy-preserving cloud auditing with multiple uploaders. In International conference on information security practice and experience-ISPEC 2016 (pp. 224–237). Springer.

  27. Wu, L., Wang, J., Zeadally, S., & He, D. (2018). Privacy-preserving auditing scheme for shared data in public clouds. The Journal of Supercomputing, 74(11), 6156–6183.

    Article  Google Scholar 

  28. Yang, H., Jiang, S., Shen, W., & Lei, Z. (2018). Certificateless provable group shared data possession with comprehensive privacy preservation for cloud storage. Future Internet, 10(6), 49.

    Article  Google Scholar 

  29. Yu, Y., Mu, Y., Ni, J., Deng, J., & Huang, K. (2014). Identity privacy-preserving public auditing with dynamic group for secure mobile cloud storage. In International conference on network and system security-NSS 2014 (pp. 28–40). Springer.

  30. Zhang, G., & Wang, S. (2008). A certificateless signature and group signature schemes against malicious PKG. In International conference on advanced information networking and applications-AINA 2008, 334–341.

  31. Zhang, L., Zhang, F., & Wu, W. (2017). A provably secure ring signature scheme in certificateless cryptography. CoRR. arXiv:1712.09145.

  32. Zhang, Y., Xu, C., Yu, S., Li, H., & Zhang, X. (2015). SCLPV: Secure certificateless public verification for cloud-based cyber-physical-social systems against malicious auditors. IEEE Transactions on Computational Social Systems, 2(4), 159–170.

    Article  Google Scholar 

Download references

Acknowledgements

This work is supported by the following foundations. Australian Research Council DP Grant (180100665) and National Natural Science Foundation of China (61672289, 61822202, 61872087, 61872089).

Author information

Authors and Affiliations

  1. Institute of Cybersecurity and Cryptology, School of Computing and Information Technology, University of Wollongong, Wollongong, Australia

    Ge Wu, Willy Susilo & Fuchun Guo

  2. Fujian Provincial Key Laboratory of Network Security and Cryptography, Fujian Normal University, Fuzhou, China

    Yi Mu

  3. School of Computer Science and Technology, Nanjing Normal University, Nanjing, China

    Futai Zhang

Authors
  1. Ge Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yi Mu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Willy Susilo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Fuchun Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Futai Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yi Mu.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wu, G., Mu, Y., Susilo, W. et al. Privacy-Preserving Certificateless Cloud Auditing with Multiple Users. Wireless Pers Commun 106, 1161–1182 (2019). https://doi.org/10.1007/s11277-019-06208-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-019-06208-1

Keywords

Search

Navigation