A provably secure and public auditing protocol based on the bell triangle for cloud data

Abstract

With the rapid development of cloud computing, cloud storage has been accepted as a convenient service by an increasing number of organizations and individuals. However, when users lose control of their data, ensuring that the uploaded data are securely stored by the cloud becomes a critical requirement. A key research challenge associated with existing designs of data auditing protocols is the limitation of application scenarios due to low auditing efficiency. In order to address this problem, we propose a provably secure and public auditing protocol based on Bell triangle for cloud data with blockless verification and batch auditing. We introduce the associative property of Bell triangle; design an index conversion algorithm to convert the one-dimensional index to a two-dimensional index ensuring that the block signature satisfies the Bell triangle requirements, and develop a recursive association algorithm to ensure relevance between the signatures of adjacent file blocks. This protocol offers significant advantages over existing protocols in terms of auditing efficiency and security in a multi-user and high-volume environment. In addition, the security analysis and the results of the experiment indicate that the protocol is secure and efficient.

Introduction

Big data is a collection of information characterized by high capacity, multiple types and high application value, and has played an important role in key areas such as economic development, social management and medical education. However, big data is a ”double-edged sword”[1]. On the one hand, big data technology digs deep into different dimensions of data, such as traffic data, communication data and e-commerce consumption data, to provide valuable reference for relevant decision-making departments and help scientific prevention and control and precise policy-making[2]. On the other hand, in the collection, aggregation, sharing and disclosure of information, there are cases of data leakage, loss and misuse. While Big Data provides a convenient and user-friendly experience, its high information value and difficulty in supervision can cause serious problems in the event of information corruption and leakage. Therefore, how to ensure the secure storage of big data has become a key challenge for the development of big data. Cloud storage technology allows users to upload data to the cloud for long-term storage and analysis and is considered a universal solution[3]. Due to the convenience of cloud storage services, many individuals and organizations choose to store their data in the cloud [4].

Despite the many benefits of cloud storage, there are also many security risks and even attacks [5]. First, hackers may retrieve and steal data from cloud users, or even destroy and delete data, which compromises its confidentiality, integrity and availability[6]. Second, outsourced data can be subject to unauthorized practices by cloud service providers (CSPs)[7]. In particular, CSPs may illegally delete some of their stored data without authorization to conserve storage space. In addition, when data owners outsource their data to the cloud, they lose control of their data and users do not even know where their data are physically stored or who has access to their data [8]. After a data owner uploads files to the cloud, the CSP actually controls the data. Since CSPs are untrusted entities, data loss or corruption incidents are inevitable. Data show that 43% of respondents have had to use backups to restore data due to the loss or corruption of outsourced data. Data loss events occur frequently and are considered one of the major security issues of cloud storage. Therefore, cloud data integrity has become a key research in the field of cloud storage security[9].

To address the cloud data integrity issue, some researchers have proposed a cloud data integrity auditing protocol to ensure the integrity of user data [10]. However, as the amount of data uploaded by users continues to increase and application scenarios continue to be refined, existing protocols are not able to satisfy certain specific needs. Furthermore, existing protocols focus more on reducing the computing and communication overheads of users and less on the computing and communication overheads of cloud servers, and an increase in the number of users and the amount of data stored by CSPs has caused an increase in the amount of data stored by CSPs, which are trends that will likely cause a new bottleneck in the performance of cloud servers. The signature association algorithm is designed to improve auditing efficiency and reduce the overhead of auditing proof generation and verification by introducing the property of element association in Bell’s triangle. Furthermore, the correlation between data block signatures makes it more difficult to forge the correct collection of signatures and reduces the impact of security issues caused by signature leakage.

$\mathbf{Our}\mathbf{Contributions.}$ In this paper, we attempt to simultaneously improve the efficiency of the proof generation and proof verification phase, reduce the computation and communication overheads, and reduce the various security risks caused by partial signature leakage. There are three main contributions discussed in this paper.

• We propose a Provably Secure and Public Auditing Protocol Based on the Bell triangle for Cloud Data.

• We then propose a novel signature association method. The signature has relevance. When some signatures are leaked, the correctness of an auditing can still be ensured and therefore he protocol security is improved.

• Finally, we propose an auditing proof generation method, which significantly reduces the computational costs of auditing proof generation.

The remainder of this paper is organized as follows: In Section 2, we introduce some preliminary works to allow the reader to obtain a better understanding of the topic. In Section 3, we present the system model and security objectives of the proposed protocol. In Section 4, we introduce details of the protocol proposed in Section 3. In Section 5, we present the correctness analysis and security analysis. In Section 6, we present the performance evaluation. We conclude this paper in Section 7.

In recent years, cloud storage has become a controversial issue in cloud computing and has been extensively investigated [11]. Many branches of cloud storage, such as data auditing, privacy protection, and dynamic updates, have been actively discussed[12].

In the past few years, researchers have proposed many cloud data audit protocols[13], [14], [15], [16], [17], [18], [19], [20], which can be divided into public audits and private audits[21]. In private audits, the participating entities are mainly users and CSPs, and the entire process is performed by users[22]. However, this kind of agreement has higher requirements for the user’s computing power, which increases the user’s burden to a certain extent. Furthermore, because the user and the CSP do not trust each other and the user’s verification result is not recognized by the CSP, the audit results are not convincing[23]. To solve this situation of mutual distrust between the two parties, a third-party audit agency was introduced in the agreement. In 2007, Atenese et al. [8] proposed the idea of public auditing. By dividing files into blocks and generating signatures for each file block, users only need to verify their signature without directly accessing an uploaded file. This idea is widely accepted by researchers. An increasing number of audit protocols have been designed based on the “challenge-proof-verify” mechanism. In 2013, Wang et al. [24] suggested that the public audit protocol proposed in [8] may leak data information. Therefore, the auditing protocol in [24] is designed as a privacy protection protocol via the combination of a homomorphic linear authenticator (HLA) and random mask technology and is extended to support multiple users. Worku et al. [25] proposed another auditing protocol based on random mask technology to better support privacy protection. In 2017, Shen et al. [26] proposed an audit protocol that supports dynamic updates. For the first time, an audit protocol fully supports the dynamic update of uploaded data. To simplify the management and maintenance of the private key, Li [27] proposed a cloud auditing protocol based on fuzzy identities in 2019. In the same year, Shen et al. [28] proposed an auditing protocol with information hiding that encrypted the sensitive information in the file instead of a protocol that lacks encryption and shares information with other users. In 2020, Xu et al. [29] proposed an intrusion-resilient public cloud auditing scheme to solve the problem that cloud service providers may maliciously tamper with user files during the key exposure period. Hu et al. [30] also proposed enabling cloud storage auditing with key exposure resilience and continual key leakage. This protocol focuses on preventing private key leakage and reducing users’ overheads. However, signature leakage may also cause serious security problems[31]. Furthermore, the rapid increase in the number of users of third-party arbiter (TPA) and CSP services and the rapid increase in the amount of data uploaded by users have led to excessive computing and communication overheads for TPAs and CSPs, which has become a new bottleneck that hinders the efficiency of the protocol.

In response to signature leaks and excessive overheads for TPAs and CSPs, we propose a cloud auditing protocol based on the Bell triangle. The security of the protocol is improved by making the signatures relevant using two methods: signature preprocessing and file block signature relevance. Even if some signatures are compromised, due to the special relevance of the signatures, this part of the signature cannot be utilized to generate proofs that can pass the verification. In addition, the relevance of the signatures reduces the overhead of auditing proof generation and verification.