Elsevier

Ad Hoc Networks

Volume 117, 1 June 2021, 102494
Ad Hoc Networks

Robust and auditable distributed data storage with scalability in edge computing

https://doi.org/10.1016/j.adhoc.2021.102494Get rights and content

Abstract

With the widespread use of Internet-of-Things (IoT) devices, edge computing is becoming a popular technology for processing and storing data distributed at the edge of the networks. However, the new paradigm also faces a major security challenge: how to ensure the reliability and integrity of data in distributed edge storage servers? In this paper, we propose a robust and auditable distributed data storage (Radds) scheme to support a secure and dependable edge storage in edge computing. Firstly, based on homomorphic verifiable authenticator and regenerating code technique, the proposed scheme allows to check the integrity of data in distributed edge storage servers and guarantees data repairability in case of data corruption. Moreover, the server with corrupted data also can be deduced from integrity proofs, and a proxy is introduced for data reparation to release edge nodes from online burden and computation costs. Secondly, the proposed scheme can protect the privacy of original data from the third party auditor by blinding the encoding coefficients with a keyed pseudorandom function. Thirdly, the proposed scheme supports flexible scalability, i.e., dynamic joining and exiting of the edge nodes. Moreover, even if some data are not collected temporarily, they still can be supplemented to the encoded data file by an efficient way and the integrity checking and data reparation can be performed normally. Finally, security analysis and performance evaluation demonstrate that the proposed scheme is secure and highly efficient.

Introduction

With the explosive growth of Internet-of-Things (IoT) devices in various industrial fields, edge computing has attracted extensive attention from academia and industry [1], [2]. Distributed edge computing is a new computing paradigm which allows data produced by edge nodes (terminal devices) to be processed on geographically distributed edge servers. It can provide convenient data storage service to support high-speed and low-latency data access for edge nodes [3], [4], [5].

The IoT-created data provides indispensable information for system decision-making and system optimization, and these data are accessed frequently at a low latency and a high reliability [6]. When the amount of IoT-created data is huge, it becomes a great burden to store these data for edge nodes. Conventionally, the data are uploaded to the centralized cloud server and downloaded as needed. However, this may lead to latency when data are uploaded and downloaded because of the long distance between the edge nodes and the central cloud. To save transmission time, edge storage emerges as a new data storage mode, which stores data on geographically distributed edge servers near terminal devices. However, it still faces many security challenges. Since the edge servers are not as stable as centralized cloud servers, it has a risk of data unavailability or data loss because of all kinds of reasons such as hardware failure. More importantly, the system cannot detect data corruption in a timely manner [7], [8]. Research over the past decade has well addressed the reliability and integrity of data stored in a centralized cloud, but distributed edge storage has yet to be developed. Thus, it is significant to develop efficient techniques to ensure the reliability and integrity of data in distributed edge storage servers.

This work first focuses on the reliability of data in distributed edge storage servers. Up to now, a few schemes have been proposed to ensure the reliability of edge storage under different systems and security models [3]. These schemes use different redundancy methods to realize fault tolerance and failure reparation, such as replication, erasure codes, regenerating codes and so on. Recently, regenerating code has gained popularity due to its lower repair bandwidth [9], [10], [11]. Thus, in this paper, we use the regenerating code to ensure the reliability of distributed edge storage.

Secondly, we also consider the integrity of data in distributed edge storage servers. So far, a large number of integrity auditing schemes have been proposed for centralized cloud storage [12], [13], [14], [15], [16], [17], [18], [19], [20], [21], [22], [23]. However, they cannot be directly applied to IoT-based distributed edge storage. One principal reason is that most of the existing traditional cloud auditing schemes are proposed for the single-server scenario, and only a few of integrity auditing schemes are suitable for multi-server setting. The second reason is that the IoT data are generated by various IoT devices, which is different from traditional cloud data outsourced by data owners. In this case, it is apparently inadvisable for the data owners to first retrieve these data from IoT devices and generate corresponding authenticators prior to outsourcing [7]. Several recent works [24], [25], [26] has proposed new methods to check the integrity of data in distributed edge storage, such as blockchains and variable Merkle hash tree (VMHT). However, these schemes do not guarantee the reliability of distributed edge storage. In this case, this paper presents a novel robust and auditable distributed data storage scheme to ensure both the reliability and integrity of distributed edge storage.

Furthermore, we also considers two important practical requirements for robust and auditable distributed edge storage: privacy protection and scalability. Firstly, data privacy protection has always been an important topic in data outsourcing storage and auditing [27]. In the public integrity auditing, the core of privacy protection is how to protect data privacy against the third party auditor (TPA). In this paper, we aim to prevent TPA from obtaining the original data files for privacy protection. Secondly, flexible scalability is an important practical requirement for a distributed system. Our scheme will support the dynamic joining and exiting of the edge nodes without affecting the integrity checking and data reparation. Even if some data are not collected temporarily, it still can be supplemented to the encoded data file by an efficient way or it can be naturally processed as the next batch of data, which will greatly increase the flexibility and scalability of distributed edge storage.

In this paper, we propose a robust and auditable distributed data storage (Radds) scheme with scalability in edge computing. Specifically, our contributions can be summarized as follows (Below we will refer to an edge server with corrupted data as the corrupted server, while other edge servers as normal servers):

  • 1.

    Based on homomorphic verifiable authenticator and regenerating code, our scheme achieves integrity auditing and data reparation for distributed edge storage. In addition, the corrupted servers can be deduced from integrity proofs and a proxy is introduced to release edge nodes from online burden and computation costs of regenerating encoded blocks and authenticators.

  • 2.

    To preserve the privacy of original data, a keyed pseudorandom function is used to blind the encoding coefficients, which prevents the third party auditor from deriving the original data content.

  • 3.

    Considering the actual requirement of edge storage, our proposed scheme further supports flexible scalability, i.e., allowing new edge nodes to join the system and old edge nodes to be offline temporarily or exit permanently without affecting the integrity checking and data reparation. Moreover, even if some data are not collected temporarily, they still can be supplemented to edge servers by an efficient way or be naturally processed in the next data collection.

  • 4.

    The security of our proposed scheme is formally proven. The performance is evaluated by numerical analysis and experimental simulation and the results demonstrate that our proposed scheme is highly efficient.

The rest of this paper is organized as follows. In Section 2, a brief review of the related work is presented. In Section 3, the system model and security model are described. In Section 4, the preliminaries are presented. In Section 5, the detail of our scheme is introduced. The security analysis and performance evaluation are conducted in Section 6 and Section 7, respectively. Finally, our conclusions are drawn in Section 8.

Section snippets

Related work

In recent years, edge computing has caught the interest of many researchers. Zhou et al. [28] and Wang et al. [29] both consider how to improve the reliability of storage in edge (fog) computing by encoding the data with erasure codes. However, in both schemes, the data still need to be uploaded to a centralized cloud server, which is not an effective way to solve the latency and bandwidth resource waste. Tian et al. [7] design a privacy-preserving public auditing scheme for secure data storage

Problem statement

In this section, the system model and the security model are described.

Preliminaries

In this section, some cryptographic preliminaries involved in our proposed scheme are given.

The proposed scheme

In this section, a robust and auditable distributed data storage (Radds) scheme in edge computing will be presented in Section 5.1, the privacy protection will be demonstrated in Section 5.2, and the scalability will be analyzed in Section 5.3.

Security analysis

In this section, the correctness and security of our proposed scheme are analyzed. The security analysis consists of the unforgeability of the authenticators and proofs and the resistant to replacing attack and reply attack.

Performance evaluation

In this section, the performance of our Radds scheme is numerically analyzed in terms of storage, communication and computation costs and compared with PPA scheme [16] and PIA scheme [17]. Specially, we provide the experimental evaluation of our scheme about computation costs. For simplicity, the notations used in the following are given in Table 2.

Conclusion

With increasing popularity of smart IoT and edge computing, the distributed edge storage, as a new branch of edge computing, has been attracting more and more attention. Its security and reliability have become a new hot topic. Although many schemes are proposed to ensure the reliability and integrity of outsourced data on the centralized cloud, few of them can be directly applied to distributed edge storage. Therefore, we are motivated to present a robust and auditable distributed data storage

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Jiaojiao Wu received the B.S. degree and M.S. degree from Shaanxi Normal University in 2016 and 2020, respectively. She is currently pursuing the Ph.D. degree from Xidian University, Xi’an, China. Her research interests include cryptography and its applications.

References (37)

  • A.G. Dimakis, P.B. Godfrey, W.J. Wainwright, K. Ramchandran, Network coding for distributed storage systems, in:...
  • DimakisA.G. et al.

    Network coding for distributed storage systems

    IEEE Trans. Inform. Theory

    (2010)
  • G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, D. Song, Provable data possession at untrusted...
  • A. Juels, J.B.S. Kaliski, PORs: Proofs of retrievability for large files, in: Proceedings of the 14th ACM Conference on...
  • R. Curtmola, O. Khan, R. Burns, G. Ateniese, Mr-pdp: Multiplereplica provable data possession, in: Proceedings of the...
  • WangC. et al.

    Toward secure and dependable storage services in cloud computing

    IEEE Trans. Serv. Comput.

    (2012)
  • LiuJ. et al.

    Privacy-preserving public auditing for regenerating-code-based cloud storage

    IEEE Trans. Inf. Forensics Secur.

    (2015)
  • K. He, C. Huang, J. Shi, J. Wang, Public integrity auditing for dynamic regenerating code based cloud storage, in:...
  • Cited by (0)

    Jiaojiao Wu received the B.S. degree and M.S. degree from Shaanxi Normal University in 2016 and 2020, respectively. She is currently pursuing the Ph.D. degree from Xidian University, Xi’an, China. Her research interests include cryptography and its applications.

    Yanping Li received the M.S. degree from Shaanxi Normal University in 2004 and the Ph.D. degree from Xidian University in 2009. She is currently an associate professor of Shaanxi Normal University, Xi’an, China. Her research interests include cryptography and its applications.

    Fang Ren received the M.S. degree and the Ph.D. degree from Shaanxi Normal University in 2001 and 2005, respectively. She is currently an associate professor in the School of Mathematics and Information Science, Shaanxi Normal University at Xi’an, China. Her research interests include cryptography and its applications.

    Bo Yang received the Ph.D. degree in cryptography from Xidian University, Xi’an, China, in 1999. He is currently a Professor with the School of Computer Science, Shaanxi Normal University, Xi’an, China. His research interests include information security and cryptography.

    This work are partly supported by the National Natural Science Foundation of China [61802243, 61772326]; the Key Research and Development Program in industry field of Shaanxi Province [2019GY-013]; the Open Foundation of State key Laboratory of Networking and Switching Technology (Beijing University of Posts and Telecommunications) [SKLNST-2020-1-03].

    View full text