New group user based privacy preserving cloud auditing protocol

doi:10.1016/j.future.2020.01.029

Future Generation Computer Systems

Volume 106, May 2020, Pages 585-594

https://doi.org/10.1016/j.future.2020.01.029 Get rights and content

Highlights

•
Cloud storage is now very popular. However how to ensure the integrity of the outsourced data is a very challenge problem. Recently, Shen et al. (2017) proposed a light-weight and privacy-preserving secure cloud auditing scheme for group users. However in this paper, we show their proposal is not secure.
•
We give a new privacy-preserving secure cloud auditing protocol for group users and analysis its security. The performance analysis results show our proposal is very practical and can be used in many applications.

Abstract

Cloud storage is now a very popular service for many enterprises and their users. However, ensuring the integrity of the outsourced data is a very challenging problem. The concept of provable data possession is very effective for solving this problem. Based on this concept, in this paper we propose a new group-user-based privacy-preserving secure cloud auditing protocol for enterprise users and analyse its security. This protocol is also constructed on a recently proposed lightweight and privacy-preserving secure cloud auditing scheme for group users via a third-party medium. We point out that scheme is not secure and that the authenticators corresponding to the outsourced data blocks can be easily forged, that means the cloud servers can delete all the outsourced data but can still give correct proof for the possession of outsourced data, while our protocol has no such shortcoming. The performance analysis results demonstrate that our proposal is very practical and can have large-scale applications.

Introduction

For many enterprises and their users, cloud storage with high scalability and large-scale storage capability is becoming more and more popular these days. Cloud servers can be used to conveniently store pictures, files, and videos. Cloud storage is critical for most enterprises because they can use this service to reduce their heavy data management burden. Furthermore, it is very inexpensive to use the cloud storage, whereas locally maintaining their massive data needs special employees, hardware, and knowledge. However, the security of the outsourced data on the cloud servers cannot be easily ensured for these enterprises. Therefore, it is critical to design mechanisms to ensure the integrity, confidentially, and access control of the outsourced data. There are many ways to implement such mechanisms. In this study we concentrate on cryptographic solutions. Until now, towards this goal, many interesting cryptographic protocols have been designed and implemented; these include provable data possession, cloud auditing, searchable encryption, and attribute-based encryption.

Herein, we mainly study the cloud storage auditing protocol. In 2007, motivated by the often-invoked requirement on data integrity checking for data owners, Atenesis et al. [1] proposed a new cryptographic primitive named provable data possession. By using this primitive, cloud storage can be audited without data owner downloading all the outsourced data; the cloud server only needs to compute compact proof to show the possession of data. Later, Shacham and Waters [2] extended their work by proposing the concept of proof of retrievability. Since then, researchers have proposed many interesting cloud auditing protocols with various additional properties [1], [2], [3], [4], [5], [6], [7], [8], [9], [10], [11], [12], [13], [14], [15], [16], [17], [18], [19], [20], [21], [22], [23], [24], [25], [26], [27], [28], [29], [30], [31], [32], [33], [34], [35].

Roughly, the running of a typical cloud storage auditing protocol entails the following:

•
First, in the uploading phase, the data owner divides the file into blocks and even further into sectors before encoding the blocks with some coding technique. After the coding, the data owner signs on the blocks by using his or her private key and gets the block’s authenticator. Finally, all the blocks and the corresponding authenticators are outsourced to the remote cloud servers. Note that, after the data are uploaded successfully, the data owners delete all the locally stored files and authenticators. Therefore, data owners only need to store their private key locally.
•
Then, in the challenge phase, the data owner or auditor challenges the cloud server with randomly selected indexes $(i, v_{i})$ and blocks $(i, m_{i})$ (where $i$ is the index of the challenged block, $v_{i}$ is a randomly selected number, and $m_{i}$ is the challenged block). After receiving the challenge, the cloud server needs to return the correct $p r o o f$ to the data owner or auditor, which contains the aggregated messages $\sum v_{i} m_{i}$ and aggregated authenticators $A g g a u t h e n t i c a t o r s$ .
•
Finally, in the checking stage, the $p r o o f$ ’s validity can be checked by the data owner or the auditor by checking whether or not the $p r o o f$ satisfies the verification equation. In some cases, the data owner’s secret key is needed, while in other cases it is not needed.

Nowadays, group-user-based cloud auditing protocols have been receiving great attention from researchers because of their practical use in enterprise-based cloud storage systems. Recently, a lightweight, privacy-preserving secure cloud auditing scheme for group users via a third-party medium (TPM) has been proposed by Shen et al. [36]. Their scheme can achieve many interesting properties such as light weight and privacy preservation for the data owners. However, we find that a malicious cloud server can forge the outsourced data blocks’ authenticators. In this way, the malicious cloud server can give forged proof for the possession of outsourced data even if it deletes all the outsourced data. Based on Shen et al.’s scheme, we give an improved privacy-preserving secure cloud auditing protocol for enterprise users. This new protocol can resist the attack and is efficient.

In Section 2, we give the definition and security model of the privacy-preserving secure cloud auditing protocol for enterprise users. In Section 3, we review Shen et al.’s lightweight, privacy-preserving secure cloud auditing scheme for mobile group users. In Section 4, we present our attacks to their AuthGen algorithm and their cloud auditing protocol. In Section 5, we give our improved privacy-preserving secure cloud auditing protocol for enterprise users and roughly analyse its security. In Section 6, we conclude our paper.

Section snippets

System model, definition, design goal, and security model

Here we give the definition and security model of the lightweight, privacy-preserving secure cloud auditing scheme for enterprise users [36].

Review of Shen et al. ’s scheme

In this section, we review Shen et al.’s specific scheme.

First, we review the concept of a bilinear map, which is the following: Denote $G_{1}$ and $G_{2}$ as two cyclic groups, both having prime order $p$ , and denote $G_{1}$ ’s generator as $g$ . If $e : G_{1} \times G_{1} \to G_{2}$ satisfies the following properties, we say $e$ is a bilinear map:

1.
Computability: $e : G_{1} \times G_{1} \to G_{2}$ can be efficiently computed.
2.
Bilinearity: $e (u^{a}, v^{b}) = e {(u, v)}^{a b}$ for all $u, v \in G_{1}$ and $a, b \in Z_{p}^{*}$ .
3.
Nondegeneracy: $e (g, g) \neq 1$ .

Shen et al.’s algorithm uses the following notation: Denote

Attack on AuthGen algorithm

We first show that the authenticator can be easily forged for any data block, as shown in Fig. 2. Specifically, the attack proceeds as follows:

1.
The adversary (which can be the malicious cloud) can obtain $p k_{T P M} = (g^{β_{0}}, u_{1}^{β_{0}}, u_{2}^{β_{0}}, \dots, u_{s}^{β_{0}})$ , which is the public key of the TPM.
2.
After obtaining $σ_{i}^{'} = {(H_{2} (i) \cdot \prod_{j = 1}^{s} u_{j}^{m_{i, j}^{'}})}^{β_{0}},$ the adversary computes
3.
With $A$ , the adversary can easily forge an authenticator for any data block $m_{i}^{^{''}} = (m_{i, 1}^{''}, m_{i, 2}^{^{''}}, \dots, m_{i, s}^{^{''}})$ as follows: $σ_{i}^{″} = A \cdot {(u_{1}^{β_{0}})}^{m_{i, 1}^{″}} {(u_{2}^{β_{0}})}^{m_{i, 2}^{″}} \dots {(u_{s}^{β_{0}})}^{m_{i, s}^{″}} = (H_{2} (i) \cdot \prod$

Our improved privacy-preserving secure cloud auditing scheme

In this section, we give our improved privacy-preserving secure cloud auditing protocol based on Shen et al.’s proposal. We use the same notation as in their proposal. Specifically, our protocol is as follows:

1.
Setup( $1^{k}$ ): This algorithm is run by the enterprise manager. The TPM’s public–private key pair, the enterprise’s public–private key pair, the secret seed, and the authorisation are all generated by this algorithm.
- (a)
  A random value $x \in Z_{p}^{*}$ is chosen by the enterprise manager as the

Performance analysis

In this section, we give the performance analysis of our proposal and compare it with related work.

First, we compare the features with the closely related work on group-based cloud auditing protocols in Table 1. From the comparison results, only the methods in [34] and our proposal are secure while those of [30], [35] and Shen et al.’s proposal [36] suffer from the forging authenticator/tag attack. Furthermore, our proposal and Shen et al.’s proposal share some interesting properties such as

Conclusion

Cloud auditing is a very important protocol to solve the challenging problem of ensuring the integrity of outsourced data on cloud servers. Although there are many interesting cloud auditing protocols with additional properties having been designed, many of them have been broken. Therefore, designing a secure and efficient cloud auditing protocol is still very difficult. In this study, we showed that one recent lightweight, privacy-preserving secure cloud auditing scheme for group users via the

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Acknowledgements

The second author is the corresponding author. The first and second authors are supported by the National Key R&D Program of China under Grant No. 2017YFB0802000, the National Natural Science Foundation of China under Grant Nos. U19B2021, U1736111, the National Cryptography Development Fund, China under Grant No. MMJJ20180111. The third author is supported by the National Cryptography Development Fund of China under Grant No. MMJJ20170112, the Natural Science Basic Research Plan in Shaanxi

Jindan Zhang now is a lecturer in Xianyang Vocational Technique College and a phd student in Xidian University, her main research interests include public key cryptography and cloud security. She has published about 15 papers in the field of information security.

References (37)

YuYong et al.
On the security of auditing mechanisms for secure cloud storage
Future Gener. Comput. Syst.
(2014)
ZhangJianhong et al.
Efficient ID-based public auditing for the outsourced data in cloud storage
Inform. Sci.
(2016)
YuYong et al.
Cloud data integrity checking with an identity-based auditing mechanism from RSA
Future Gener. Comput. Syst.
(2016)
HeDebiao et al.
Insecurity of an identity-based public auditing protocol for the outsourced data in cloud storage
Inform. Sci.
(2017)
TianHui et al.
Public auditing for shared cloud data with efficient and secure group management
Inform. Sci.
(2019)
ShenWenting et al.
Light-weight and privacy-preserving secure cloud auditing scheme for group users via the third party medium
J. Netw. Comput. Appl.
(2017)
AtenieseGiuseppe et al.
Provable data possession at untrusted stores
ShachamHovav et al.
Compact proofs of retrievability
YangKan et al.
Data storage auditing service in cloud computing: challenges, methods and opportunities
World Wide Web
(2012)
WangCong et al.
Privacy-preserving public auditing for data storage security in cloud computing

WangBoyang et al.

Oruta: Privacy-preserving public auditing for shared data in the cloud

WangBoyang et al.

Public auditing for shared data with efficient user revocation in the cloud

CashDavid et al.

Dynamic proofs of retrievability via oblivious RAM

YuanJiawei et al.

Secure and constant cost public cloud storage auditing with deduplication

IACR Cryptol. ePrint Arch.

(2013)

YuanJiawei et al.

Secure and constant cost public cloud storage auditing with deduplication

WangBoyang et al.

Certificateless public auditing for data integrity in the cloud

WangCong et al.

Privacy-preserving public auditing for secure cloud storage

IEEE Trans. Comput.

(2013)

WangBoyang et al.

Oruta: Privacy-preserving public auditingfor shared data in the cloud

IEEE Trans. Cloud Comput.

(2014)

Cited by (0)

Baocang Wang now is a professor in Xidian University, his main research interests are public key cryptography and number theory. He is a principle investigator for many national projects of China, include key project of natural science foundation of China. He has published about 80 papers in the field of information security.

Xu An Wang now is a professor in Engineering University of People’s Armed Police. His main research interests include public key cryptography and cloud security. He has published about 100 papers in the field of information security.

Han Wang now is a master student in the Engineering University of People’s Armed Police. His main research interests include public key cryptography and cloud security.

Shuai Xiao now is a master student in the Engineering University of Chinese Armed Police Force. His main research interests include public key cryptography and cloud security.

View full text

New group user based privacy preserving cloud auditing protocol

Highlights

Abstract

Introduction

Section snippets

System model, definition, design goal, and security model

Review of Shen et al. ’s scheme

Attack on AuthGen algorithm

Our improved privacy-preserving secure cloud auditing scheme

Performance analysis

Conclusion

Declaration of Competing Interest

Acknowledgements

Future Gener. Comput. Syst.

Inform. Sci.

Future Gener. Comput. Syst.

Inform. Sci.

Inform. Sci.

J. Netw. Comput. Appl.

Provable data possession at untrusted stores

Compact proofs of retrievability

Data storage auditing service in cloud computing: challenges, methods and opportunities

World Wide Web

Privacy-preserving public auditing for data storage security in cloud computing

Oruta: Privacy-preserving public auditing for shared data in the cloud

Public auditing for shared data with efficient user revocation in the cloud

Dynamic proofs of retrievability via oblivious RAM

Secure and constant cost public cloud storage auditing with deduplication

IACR Cryptol. ePrint Arch.

Secure and constant cost public cloud storage auditing with deduplication

Certificateless public auditing for data integrity in the cloud

Privacy-preserving public auditing for secure cloud storage

IEEE Trans. Comput.

Oruta: Privacy-preserving public auditingfor shared data in the cloud

IEEE Trans. Cloud Comput.