New group user based privacy preserving cloud auditing protocol
Introduction
For many enterprises and their users, cloud storage with high scalability and large-scale storage capability is becoming more and more popular these days. Cloud servers can be used to conveniently store pictures, files, and videos. Cloud storage is critical for most enterprises because they can use this service to reduce their heavy data management burden. Furthermore, it is very inexpensive to use the cloud storage, whereas locally maintaining their massive data needs special employees, hardware, and knowledge. However, the security of the outsourced data on the cloud servers cannot be easily ensured for these enterprises. Therefore, it is critical to design mechanisms to ensure the integrity, confidentially, and access control of the outsourced data. There are many ways to implement such mechanisms. In this study we concentrate on cryptographic solutions. Until now, towards this goal, many interesting cryptographic protocols have been designed and implemented; these include provable data possession, cloud auditing, searchable encryption, and attribute-based encryption.
Herein, we mainly study the cloud storage auditing protocol. In 2007, motivated by the often-invoked requirement on data integrity checking for data owners, Atenesis et al. [1] proposed a new cryptographic primitive named provable data possession. By using this primitive, cloud storage can be audited without data owner downloading all the outsourced data; the cloud server only needs to compute compact proof to show the possession of data. Later, Shacham and Waters [2] extended their work by proposing the concept of proof of retrievability. Since then, researchers have proposed many interesting cloud auditing protocols with various additional properties [1], [2], [3], [4], [5], [6], [7], [8], [9], [10], [11], [12], [13], [14], [15], [16], [17], [18], [19], [20], [21], [22], [23], [24], [25], [26], [27], [28], [29], [30], [31], [32], [33], [34], [35].
Roughly, the running of a typical cloud storage auditing protocol entails the following:
- •
First, in the uploading phase, the data owner divides the file into blocks and even further into sectors before encoding the blocks with some coding technique. After the coding, the data owner signs on the blocks by using his or her private key and gets the block’s authenticator. Finally, all the blocks and the corresponding authenticators are outsourced to the remote cloud servers. Note that, after the data are uploaded successfully, the data owners delete all the locally stored files and authenticators. Therefore, data owners only need to store their private key locally.
- •
Then, in the challenge phase, the data owner or auditor challenges the cloud server with randomly selected indexes and blocks (where is the index of the challenged block, is a randomly selected number, and is the challenged block). After receiving the challenge, the cloud server needs to return the correct to the data owner or auditor, which contains the aggregated messages and aggregated authenticators .
- •
Finally, in the checking stage, the ’s validity can be checked by the data owner or the auditor by checking whether or not the satisfies the verification equation. In some cases, the data owner’s secret key is needed, while in other cases it is not needed.
Nowadays, group-user-based cloud auditing protocols have been receiving great attention from researchers because of their practical use in enterprise-based cloud storage systems. Recently, a lightweight, privacy-preserving secure cloud auditing scheme for group users via a third-party medium (TPM) has been proposed by Shen et al. [36]. Their scheme can achieve many interesting properties such as light weight and privacy preservation for the data owners. However, we find that a malicious cloud server can forge the outsourced data blocks’ authenticators. In this way, the malicious cloud server can give forged proof for the possession of outsourced data even if it deletes all the outsourced data. Based on Shen et al.’s scheme, we give an improved privacy-preserving secure cloud auditing protocol for enterprise users. This new protocol can resist the attack and is efficient.
In Section 2, we give the definition and security model of the privacy-preserving secure cloud auditing protocol for enterprise users. In Section 3, we review Shen et al.’s lightweight, privacy-preserving secure cloud auditing scheme for mobile group users. In Section 4, we present our attacks to their AuthGen algorithm and their cloud auditing protocol. In Section 5, we give our improved privacy-preserving secure cloud auditing protocol for enterprise users and roughly analyse its security. In Section 6, we conclude our paper.
Section snippets
System model, definition, design goal, and security model
Here we give the definition and security model of the lightweight, privacy-preserving secure cloud auditing scheme for enterprise users [36].
Review of Shen et al. ’s scheme
In this section, we review Shen et al.’s specific scheme.
First, we review the concept of a bilinear map, which is the following: Denote and as two cyclic groups, both having prime order , and denote ’s generator as . If satisfies the following properties, we say is a bilinear map:
- 1.
Computability: can be efficiently computed.
- 2.
Bilinearity: for all and .
- 3.
Nondegeneracy: .
Shen et al.’s algorithm uses the following notation: Denote
Attack on AuthGen algorithm
We first show that the authenticator can be easily forged for any data block, as shown in Fig. 2. Specifically, the attack proceeds as follows:
- 1.
The adversary (which can be the malicious cloud) can obtain , which is the public key of the TPM.
- 2.
After obtaining the adversary computes
- 3.
With , the adversary can easily forge an authenticator for any data block as follows:
Our improved privacy-preserving secure cloud auditing scheme
In this section, we give our improved privacy-preserving secure cloud auditing protocol based on Shen et al.’s proposal. We use the same notation as in their proposal. Specifically, our protocol is as follows:
- 1.
Setup( ): This algorithm is run by the enterprise manager. The TPM’s public–private key pair, the enterprise’s public–private key pair, the secret seed, and the authorisation are all generated by this algorithm.
- (a)
A random value is chosen by the enterprise manager as the
- (a)
Performance analysis
In this section, we give the performance analysis of our proposal and compare it with related work.
First, we compare the features with the closely related work on group-based cloud auditing protocols in Table 1. From the comparison results, only the methods in [34] and our proposal are secure while those of [30], [35] and Shen et al.’s proposal [36] suffer from the forging authenticator/tag attack. Furthermore, our proposal and Shen et al.’s proposal share some interesting properties such as
Conclusion
Cloud auditing is a very important protocol to solve the challenging problem of ensuring the integrity of outsourced data on cloud servers. Although there are many interesting cloud auditing protocols with additional properties having been designed, many of them have been broken. Therefore, designing a secure and efficient cloud auditing protocol is still very difficult. In this study, we showed that one recent lightweight, privacy-preserving secure cloud auditing scheme for group users via the
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Acknowledgements
The second author is the corresponding author. The first and second authors are supported by the National Key R&D Program of China under Grant No. 2017YFB0802000, the National Natural Science Foundation of China under Grant Nos. U19B2021, U1736111, the National Cryptography Development Fund, China under Grant No. MMJJ20180111. The third author is supported by the National Cryptography Development Fund of China under Grant No. MMJJ20170112, the Natural Science Basic Research Plan in Shaanxi
Jindan Zhang now is a lecturer in Xianyang Vocational Technique College and a phd student in Xidian University, her main research interests include public key cryptography and cloud security. She has published about 15 papers in the field of information security.
References (37)
- et al.
On the security of auditing mechanisms for secure cloud storage
Future Gener. Comput. Syst.
(2014) - et al.
Efficient ID-based public auditing for the outsourced data in cloud storage
Inform. Sci.
(2016) - et al.
Cloud data integrity checking with an identity-based auditing mechanism from RSA
Future Gener. Comput. Syst.
(2016) - et al.
Insecurity of an identity-based public auditing protocol for the outsourced data in cloud storage
Inform. Sci.
(2017) - et al.
Public auditing for shared cloud data with efficient and secure group management
Inform. Sci.
(2019) - et al.
Light-weight and privacy-preserving secure cloud auditing scheme for group users via the third party medium
J. Netw. Comput. Appl.
(2017) - et al.
Provable data possession at untrusted stores
- et al.
Compact proofs of retrievability
- et al.
Data storage auditing service in cloud computing: challenges, methods and opportunities
World Wide Web
(2012) - et al.
Privacy-preserving public auditing for data storage security in cloud computing
Oruta: Privacy-preserving public auditing for shared data in the cloud
Public auditing for shared data with efficient user revocation in the cloud
Dynamic proofs of retrievability via oblivious RAM
Secure and constant cost public cloud storage auditing with deduplication
IACR Cryptol. ePrint Arch.
Secure and constant cost public cloud storage auditing with deduplication
Certificateless public auditing for data integrity in the cloud
Privacy-preserving public auditing for secure cloud storage
IEEE Trans. Comput.
Oruta: Privacy-preserving public auditingfor shared data in the cloud
IEEE Trans. Cloud Comput.
Cited by (0)
Jindan Zhang now is a lecturer in Xianyang Vocational Technique College and a phd student in Xidian University, her main research interests include public key cryptography and cloud security. She has published about 15 papers in the field of information security.
Baocang Wang now is a professor in Xidian University, his main research interests are public key cryptography and number theory. He is a principle investigator for many national projects of China, include key project of natural science foundation of China. He has published about 80 papers in the field of information security.
Xu An Wang now is a professor in Engineering University of People’s Armed Police. His main research interests include public key cryptography and cloud security. He has published about 100 papers in the field of information security.
Han Wang now is a master student in the Engineering University of People’s Armed Police. His main research interests include public key cryptography and cloud security.
Shuai Xiao now is a master student in the Engineering University of Chinese Armed Police Force. His main research interests include public key cryptography and cloud security.