Elsevier

Information Sciences

Volume 472, January 2019, Pages 107-125
Information Sciences

Public auditing for shared cloud data with efficient and secure group management

https://doi.org/10.1016/j.ins.2018.09.009Get rights and content

Highlights

  • A full scheme aiming to achieve all necessary demands for shared-data public auditing.

  • A novel lazy-revocation strategy for efficient and secure user revocation.

  • Enable identity traceability of malicious users using a modification record table.

  • Enable dynamic operations of shared data using an extended dynamic hash table.

  • The scheme outperforms the state-of-the-art ones in computational costs.

Abstract

With increasing popularity of collaboration in clouds, shared data auditing has become an important issue in cloud auditing field, and attracted extensive attention from the research community. However, none of the state of the arts can fully achieve all indispensable functional and security requirements. Thus, in this paper, we present a comprehensive public auditing scheme for shared data. Specifically, to preserve users’ identity privacy, signatures on the challenged blocks are converted to the ones signed by the group manager during proof generation; to protect data privacy, a random masking is adopted to blind data proof; a modification record table is designed to record operation information to support identity traceability; we further extend the dynamic hash table to support shared-data dynamics, and present a batch auditing strategy. Moreover, we design a lazy-revocation based group management mechanism to achieve efficient group dynamics, which can resist collusion attacks while significantly reducing computational costs. We formally prove the security of our scheme, and evaluate its performance by comprehensive experiments and comparisons with the state-of-the-art ones. The results demonstrate that our scheme can effectively achieve secure auditing and outperforms the previous ones in computational overhead while maintaining relatively low communication costs.

Introduction

Cloud storage has attracted extensive attention from academic and industrial communities for its huge advantages of costs, performance and management over traditional local storage. As a result, a growing number of organizations and individuals have been migrating their data to the cloud storage that is managed and maintained by professional cloud service providers (CSPs) [6], [16], [21]. Despite its considerable advantages, there is no denying that the cloud storage also faces a series of security challenges, especially in terms of security and privacy [4], [9], [15], [23], [34]. One of the significant concerns is how to determine whether the CSP meets the legal expectations of users for data integrity [14], [17], [26], for which the reasons are twofold. First, due to losing local control of data, cloud users (data owners) can no longer verify the integrity of their data via traditional techniques popularly employed in local storage. Second, although the infrastructures of cloud storage are much more powerful and reliable than personal computing devices, they are more vulnerable to both internal and external security threats due to the open and shared nature of the cloud. More severe still is that some dishonest CSPs, having suffered Byzantine failures occasionally that corrupt data, may try to conceal the fact of data corruptions for their own self-interest. To address this concern, the cloud storage auditing technique, also called the cloud data auditing, whose purpose is to verify the integrity of the outsourced data remotely, is popularly employed [5], [14], [26]. Generally, there are two models for cloud data auditing, i.e., private auditing [8], [25] and public auditing [1], [28], [33]. In the former, the verification is carried out between cloud users and CSPs, while in the latter an authorized third-party auditor (TPA) is introduced to perform the verification. In comparison, the latter can provide more dependable auditing results and remarkably reduce the users’ burden [27], [29], [32]. Thus, it is believed to be more reasonable and practical, and has been popularly employed for cloud data auditing [14], [21], [26]. In this work, therefore, we focus on public auditing.

So far, many novel solutions for different cloud auditing requirements, such as, privacy-preserving auditing [10], [32], [38], dynamic data auditing [33], [37], [42] and multi-replica auditing [3], [7], [20], have been proposed. More recently, with the increasing popularity of collaboration and teamwork in the cloud, shared data auditing has become a new hot topic in the cloud data auditing field [12], [31], [41]. Differing from the personal cloud data possessed by only a single user, shared cloud data can be accessed and modified by all authorized users in a group, e.g., staff of an organization and collaborators working in a team. The collaborative and sharing nature of shared cloud data places greater demands on the desirable integrity auditing scheme. Besides privacy-preserving, support for data dynamics and batching verification, the shared-data auditing should also achieve the following security and function requirements:

  • Identity-privacy preservation: The TPA, who is usually considered to be trusted but curious, might collect users’ identity information in the auditing process to obtain some significant privacy information, such as the users who play pivotal roles and the data blocks that contain high-value data. Thus, it is indispensable to protect the identity privacy of users in the shared-data auditing [12], [30], [36].

  • Support for group dynamics: In a data-sharing group, it is common for either some new users to join at some point or some existing users to leave (or be removed) at any time. Thus, in the shared-data auditing, it is important to support group dynamics, including user enrollment (i.e., adding a new user) [30], [36], [39] and user revocation (i.e., removing an existing user) [30], [39], [41]. To be specific, the user enrollment should be easily achieved without regenerating any audit metadata (e.g. block tags); and the user revocation should ensure that the data blocks signed by the revoked user and their audit metadata cannot be tampered with.

  • Identity traceability: In practical applications, a few users of granted group membership might maliciously modify certain shared data for their own self-interest, which would largely destroy the usability of the shared data and even result in social and economic losses. Thus, it is significant to enable identity traceability in the shared-data auditing [12], [36]. That is, the data owner (or group manager) should be able to trace all the modification operations in the collaborative work, and reveal the identities of misbehaved users if necessary.

As shown in Table 1, there have been some fruitful auditing schemes for shared data. However, none of the existing schemes could fully achieve all the security and performance requirements mentioned above. Particularly, they have varying degrees of performance and security issues in achieving group dynamics. For example, in Oruta [30], as a result of adopting the ring signature technique to generate block tags, when a user is added into or revoked from a group, all users’ keys and all block tags have to be regenerated; in SDIVIP2 [39], each user adopts a key combined with the personal keys of all the users to generate block tags, so during both the user enrollment and revocation, the shared key should be recomputed by each user, and all block tags need to be re-signed by himself or with a delegated user as the proxy; in the schemes reported in Refs. [11], [31], [36], [40], [41] where each user adopts his/her own key for generating block tags, during the user revocation the block tags related to the revoked user must be re-signed with the CSP as the proxy [31], [40], [41]. In addition, some existing schemes (such as, [11], [31], [36], [41]) can potentially suffer from collusion attacks, since the revoked user might share his/her private key with the CSP. In this case, the CSP could tamper with the data blocks previously signed by the revoked user. Things can get even worse if the CSP-based proxy re-signature technique is used to re-computed block tags during the user revocation [31], [41]. The CSP would even obtain the private key of the delegated user, and can tamper with the data blocks related to both the revoked user and delegated user (Table 2).

In view of the above shortcomings of the existing shared-data auditing schemes, in this paper, we seek to present an effective public auditing scheme to meet all the indispensable functional and security requirements mentioned above. Particularly, we propose an efficient and secure group management mechanism to support group dynamics. Specifically, in a data-sharing group, each valid user adopts his/her personal key to generate block tags, which enables new users to join the group expediently without affecting any other users or any existing shared data; to achieve efficient user revocation, we design a lazy-revocation strategy, which involves two operations. First, when a user is revoked, to prevent data blocks related to the revoked user (RU-blocks for short) from unauthorized modifications, a signature of the group manager on the aggregate value of all the RU-blocks’ tags (called post-revocation authenticator) is introduced. Note that, thanks to the post-revocation authenticator, even if the revoked user shares the private key with the CSP, the CSP will not be able to tamper with any data blocks, suggesting that our strategy can resist the collusion attack effectively. Second, when the RU-blocks are modified by the other valid users, their tags would be regenerated accordingly. In other words, our lazy-revocation strategy does not need to do anything other than generating a post-revocation authenticator during the user revocation to protect RU-blocks, and postpones the tag regeneration of RU-blocks until they are modified by other users. Thus, compared with the existing schemes [12], [30], [31], [39], [40], [41], our strategy can effectively reduce the computational overhead during the user revocation.

In addition, to preserve the identity privacy in the auditing process, we exploit the properties of bilinear maps to convert the signatures of different users on the challenged blocks to the ones signed by the group manager prior to generating the tag proof. To support identity traceability, we introduce a modification record table to record the operator, operation content, and operating time for each modified data block. Moreover, we further extend the dynamic hash table [27] to support shared-data dynamics, employ a random masking to protect data privacy in the auditing process, and achieve batch auditing by taking advantage of the aggregate signature technique.

In general, our contributions in this work can be summarized as follows:

  • 1.

    We present a novel public auditing scheme for shared data, which can fully achieve all the necessary functional and security requirements, including data and identity privacy protection, data dynamics, group dynamics, identity traceability and batch verification.

  • 2.

    We propose an efficient and secure group management mechanism to support group dynamics. Particularly, we present a lazy-revocation strategy to achieve user revocation in a secure and cost-effective manner.

  • 3.

    We formally prove the security of the proposed scheme, and evaluate its performance by theoretical analysis and experimental comparisons with the state-of-the-art schemes. The experimental results demonstrate that the proposed scheme can efficiently achieve secure auditing for shared cloud data, and outperforms the previous ones in computational overhead while maintaining relatively low communication costs.

The rest of the paper is organized as follows: In Section 2, we review the related work concerning cloud data auditing, especially regarding the shared-data auditing. We introduce background and necessary preliminaries for our work in Section 3, and present our scheme in detail in Section 4. We formally prove and analyze the security of our scheme in Section 5, and conduct comprehensive performance evaluations by theoretical analysis and experimental comparisons with the state-of-the-art schemes in Section 6. Finally, Section 7 concludes the outcome of this work.

Section snippets

Related work

Nowadays, the cloud data auditing has been witnessed as the indispensable technique for remote integrity verification of cloud data. One of the earliest work is proof of retrievability (PoR) proposed by Juels et al. [13], where the data owner can not only verify the integrity of outsourced data but also ensure the retrievability using error-correcting codes. However, PoR is a typical private auditing scheme, and cannot support the verification conducted by a third party. At the same time,

Background and preliminaries

In this section, we describe the necessary background and preliminaries for our work. Specifically, we first present the public auditing model for shared cloud data and its design goals in Section 3.1, and introduce some cryptographic preliminaries in Section 3.2. Furthermore, we propose an extended dynamic hash table in Section 3.3 to support shared-data dynamics, and a modification record table in Section 3.4 to support identity traceability. Finally, the security assumptions are given in

The proposed scheme

In this section, we will present our public auditing scheme for shared data, which consists of the dynamic verification protocol with privacy protection described in Section 4.1, the group management mechanism detailed in Section 4.2, and the batch verification protocol introduced in Section 4.3.

Security analysis

Theorem 1 Unforgeability of the post-revocation authenticator

In the proposed scheme, it is computationally infeasible for the CSP to forge a valid post-revocation authenticator.

Proof

As mentioned in the lazy revocation strategy, if a user ux has been revoked, the group manager should generate the post-revocation authenticator as Λ=Λρ=(iDe(σi,yxq)θi)ρ,where ρ is unknown to the CSP. If the CSP wants to forge a post-revocation authenticator, he/she should first know ρ. However, according to the DL assumption, it is computationally intractable to compute the

Performance evaluation

In this section, we will evaluate the performance of our scheme (PASCD) and compare it with the state-of-the-art schemes [11], [31], [36], [41] using individual signature keys.

Conclusion

The cloud storage auditing, as an indispensable technique for cloud storage security, has been attracting more and more attention. More recently, with the increasing popularity of collaboration and teamwork in the cloud, shared data auditing has become a new hot topic in this field. Although there have been some fruitful auditing schemes for shared data, none could fully achieve all the security and performance requirements. Therefore, in this paper, we are motivated to present a new public

Acknowledgments

This work was supported in part by National Natural Science Foundation of China under Grant Nos. U1405254 and U1536115, Natural Science Foundation of Fujian Province of China under Grant No. 2018J01093, Program for New Century Excellent Talents in Fujian Province University under Grant No. MJK2016-23, and Program for Outstanding Youth Scientific and Technological Talents in Fujian Province University under Grant No. MJK2015-54.

References (42)

  • A.F. Barsoum et al.

    Provable multicopy dynamic data possession in cloud computing systems

    IEEE Trans. Inf. Forensics Secur.

    (2015)
  • Z. Cai et al.

    Towards secure and flexible EHR sharing in mobile health cloud under static assumptions

    Cluster Comput.

    (2017)
  • X. Chen et al.

    New publicly verifiable databases with efficient updates

    IEEE Trans. Dependable Secure Comput.

    (2015)
  • X. Chen et al.

    Verifiable computation over large database with incremental updates

    IEEE Trans. Comput.

    (2016)
  • R. Curtmola et al.

    MR-PDP: multiple-replica provable data possession

    Proceedings of the 28th International Conference on Distributed Computing Systems

    (2008)
  • C. Erway et al.

    Dynamic provable data possession

    Proceedings of the 16th ACM Conference on Computer and Communications (ACM CCS ’09), New York, NY, USA

    (2009)
  • C. Gao et al.

    M-SSE: an effective searchable symmetric encryption with enhanced security for mobile devices

    IEEE Access

    (2018)
  • Z. Hao et al.

    A privacy-preserving remote data integrity checking protocol with data dynamics and public verifiability

    IEEE Trans. Knowl. Data Eng.

    (2011)
  • K. He et al.

    Identity-preserving public auditing for shared cloud data

    Proceedings of the 23rd IEEE International Symposium on Quality of Service (IWQoS ’15)

    (2015)
  • T. Jiang et al.

    Public integrity auditing for shared dynamic cloud data with group user revocation

    IEEE Trans. Comput.

    (2016)
  • A. Juels et al.

    Pors: proofs of retrievability for large files

    Proceedings of the 14th ACM Conference on Computer and Communications Security (ACM CCS ’07), Alexandria, Virginia, USA

    (2007)

    • Cited by (70)

    • RDIMM: Revocable and dynamic identity-based multi-copy data auditing for multi-cloud storage

      2023, Journal of Systems Architecture

    • A secure and efficient public auditing system of cloud storage based on BLS signature and automatic blocker protocol

      2022, Journal of King Saud University - Computer and Information Sciences
      Citation Excerpt :

      Due to this important development, providing information technology (IT) services has become extremely costly to individuals and businesses. In this regard, Cloud computing is an efficient and good environment in terms of providing necessary IT services due to its economic advantages (Tian et al., 2019). The cloud computing paradigm is the next development of an organization's IT because it provides many unmatched services in IT include self-service on request, access to the network from anywhere, fast resource adaptability, location independence, payment based on usage, and risk management (Garg et al., 2020).

    • A collusion-resistant certificateless provable data possession scheme for shared data with user revocation

      2024, Cluster Computing

    • Cloud Dynamic and Public Auditing Scheme for Secure Data by using RSA with Modified Dynamic Hash Table

      2024, International Journal of Intelligent Systems and Applications in Engineering

    • Secure and efficient public auditing system of user data using hybrid AES-ECC crypto system with Merkle hash tree in blockchain

      2024, Multimedia Tools and Applications

    • An Efficient Secure and Privacy Cloud Auditing in Winternitz Signature Scheme

      2024, International Journal of Intelligent Systems and Applications in Engineering
    View all citing articles on Scopus
    View full text
    © 2018 Elsevier Inc. All rights reserved.