Improved security of a dynamic remote data possession checking protocol for cloud storage
Introduction
Cloud storage provides a novel service model (Wu, 2011) in which data are maintained, managed and backed up remotely and accessed by cloud users over the network at anytime and from anywhere (Jula, Sundararajan, & Othman, 2014). Nowadays, an increasing number of organizations and individuals would like to outsource their data to cloud to enjoy appealing advantages of cloud storage. However, once a data owner uploads his/her data to cloud and delete the local copy of the files, the owner loses physical control over the outsourced data.
Naturally, integrity and confidentiality of the data are of prime concern in this scenario. Indeed, in the white paper entitled “Cloud Computing Vulnerability Incidents: A Statistical Overview”1 by the Cloud Vulnerabilities Working Group of the cloud security alliance (CSA), Data Loss & Leakage is the second most frequent incident types in the seven threat types defined by CSA. Some examples are from the prominent providers (e.g. Amazon,2 Evernote3). The same white paper stated that “…the data collected is the result of a best effort attempt.” since it is not mandatory for the providers to report these incidents. On the contrary, the cloud providers are not fully trusted (Wang, Zeng, & Yao, 2012) and it might be of their interest to hide data loss incidents in order to maintain their reputation.
To improve accountability of the cloud server, it is therefore desirable to have the cloud server provide evidence to convince its users that their data are not tempered with nor discarded periodically (Lin & Chang, 2011). The major research problem in this setting is that the users do not have a local copy of the data, meaning that traditional integrity mechanism (e.g. digital signature) is not suitable as it requires the user to download the data from the cloud, which is costly or sometimes infeasible.
To check the integrity of remote data, in 2007, Ateniese et al., 2007, Ateniese et al., 2011 presented the notion of provable data possession (PDP) and constructed two efficient and provably secure PDP schemes based on homomorphic verifiable tags. In their protocols, cloud users are allowed to verify data integrity (Kamel, 1995) without retrieving the entire file. At the same time, Juels, Burton, and Kaliski (2007) defined the model of proof of retrievability (PoR) which allows the server to construct a concise proof to convice the cloud user that their data can be retrieved, and proposed a sentinel-based PoR construction utilizing error-correcting code. In 2008, Shacham and Waters, 2008, Shacham and Waters, 2013 described two efficient and compact PoR schemes. The first one is a public verifiable PoR scheme built from the signature algorithm due to Boneh, Lynn and Shacham (referred to as BLS signature hereafter) (Boneh, Lynn, & Shacham, 2001), and the other one is a private verifiable PoR scheme based on the pseudo-random function. In 2009, Ateniese, Kamara, and Katz (2009) put forward a framework for building publicly-verifiable PDP scheme with an unbounded number of verifications from public-key homomorphic linear authenticator which can be generated from any identification protocol. In the following, we use the term remote data possession checking (RDPC) protocol to refer to any protocol (including PDP and PoR) that aims to solve the integrity of remote data.
With the proliferation of cloud storage, a number of data auditing protocols such as Chen, 2013, Wang et al., 2010, Wang et al., 2013 and Zhu et al., 2012a, Zhu and Hu et al., 2012b, Zhu and Wang et al., 2012 were proposed to ensure the integrity of the outsourced data. The aforementioned research focus on static data in which the outsourced data are not going to be modified. Recently, several PDP or PoR schemes (Ateniese et al., 2008, Erway et al., 2009, Wang et al., 2009, Wang et al., 2012, Yang and Jia, 2013) supporting dynamic data operations were proposed as well. In particular, a recent scheme by Chen, Zhou, Huang, and Xu (2013) supports the most general forms of data operation, such as block modification, insertion and deletion. This protocol is based on a homomorphic hash algorithm, in which the hash value of the sum of two blocks is equal to the product of two hash values. To support data updating, the Merkle Hash Tree (MHT) is employed to record the location for each data operation. Chen et al. also demonstrated their proposal compares favourbly with the state-of-the-art protocols and they concluded that the performance is limited by network bandwidth rather than cryptographic operations.
Our contribution. The contributions of this paper are threefold.
- (1)
We identify several security flaws in the dynamic RDPC protocol in Chen et al. (2013). As long as the authenticated data structure, Merkle Hash Tree, is well maintained, the server can always generate a valid proof by using forgery attack or replace attack to cheat the user that the data are well accommodated in cloud, while actually some data blocks may have been corrupted. This means the protocol cannot achieve its design goals and cannot be adopted in real-world applications.
- (2)
We propose an improved dynamic RDPC protocol to mend these security weaknesses by making use of some techniques including modifying the homomorphic hash functions to be cryptographically secure, involving the hash value of the data block in generating each tag, and the random sampling trick to improve the efficiency of the protocol.
- (3)
We prove the security of the fixed protocol in the well-known security model due to Ateniese et al. (2007), and show the improvement maintains all the desirable features of the original protocol.
Organization: The rest of the paper is organized in the following way. Section 2 gives some preliminaries used in this paper. Section 3 reviews the dynamic RDPC protocol in Chen et al. (2013) and presents our security analysis on the protocol. Section 4 comes up with our improved protocol and its performance. Section 5 describes the security proof of the new protocol, and Section 6 concludes the paper.
Section snippets
Preliminaries
In this section, we review some preliminary knowledge used in this paper, including the homomorphic hash functions and Merkle Hash Tree.
Security analysis of the dynamic RDPC protocols
In this section, we review the components, security requirements and the construction of the dynamic RDPC protocol in Chen et al. (2013) and show that it is vulnerable to forgery attack and replace attack.
Our dynamic RDPC protocol
In this section, we firstly describe our enhanced dynamic RDPC protocol and show how to update data blocks stored in the cloud server. Then, we report the performance assessment of the improved protocol.
Security proofs
In this section, we prove the new RDPC protocol is secure under the security model due to Ateniese et al. (2007) by employing the proof tricks described by Shacham and Waters, 2008, Shacham and Waters, 2013. Intuitively, an adversary is unable to generate a valid response to a challenge without possessing the entire file, at least the challenged file blocks. That is, we will prove that the ProofVerify algorithm will output FLASE except when the prover’s are computed correctly, i.e. are such
Conclusion
Currently, an increasing number of individuals and organizations prefer to outsource their data to remote cloud servers to relieve the local burden of data management and maintenance. In this paper, we investigated the techniques of validating the data integrity over the cloud servers, the security issue and designing methods of remote data possession checking protocol.
We demonstrated that the RDPC protocol in Chen et al. (2013) is vulnerable to forgery attack and replace attack. Concretely,
Acknowledgement
This work is supported by the NSFC under Grant No. 61370203.
References (29)
Using algebraic signatures to check data possession in cloud storage
Future Generation Computer Systems
(2013)- et al.
Data dynamics for remote data possession checking in cloud storage
Computers and Electrical Engineering
(2013) - et al.
Cloud computing service composition: A systematic literature review review article
Expert Systems with Applications
(2014) A prototype rule-based front end expert system for integrity enforcement in relational data bases: An application to the naval aircraft flight records data base
Expert Systems with Applications
(1995)- et al.
Maintenance reliability estimation for a cloud computing network with nodes failure
Expert Systems with Applications
(2011) - et al.
Cloud-DLS: Dynamic trusted scheduling for cloud computing original research article
Expert Systems with Applications
(2012) Developing an explorative model for SaaS adoption
Expert Systems with Applications
(2011)- et al.
Efficient audit service outsourcing for data integrity in clouds
Journal of Systems and Software
(2012) - et al.
Remote data checking using provable data possession
ACM Transactions on Information and System Security
(2011) - et al.
Provable data possession at untrusted stores