Public auditing for shared cloud data with efficient and secure group management
Introduction
Cloud storage has attracted extensive attention from academic and industrial communities for its huge advantages of costs, performance and management over traditional local storage. As a result, a growing number of organizations and individuals have been migrating their data to the cloud storage that is managed and maintained by professional cloud service providers (CSPs) [6], [16], [21]. Despite its considerable advantages, there is no denying that the cloud storage also faces a series of security challenges, especially in terms of security and privacy [4], [9], [15], [23], [34]. One of the significant concerns is how to determine whether the CSP meets the legal expectations of users for data integrity [14], [17], [26], for which the reasons are twofold. First, due to losing local control of data, cloud users (data owners) can no longer verify the integrity of their data via traditional techniques popularly employed in local storage. Second, although the infrastructures of cloud storage are much more powerful and reliable than personal computing devices, they are more vulnerable to both internal and external security threats due to the open and shared nature of the cloud. More severe still is that some dishonest CSPs, having suffered Byzantine failures occasionally that corrupt data, may try to conceal the fact of data corruptions for their own self-interest. To address this concern, the cloud storage auditing technique, also called the cloud data auditing, whose purpose is to verify the integrity of the outsourced data remotely, is popularly employed [5], [14], [26]. Generally, there are two models for cloud data auditing, i.e., private auditing [8], [25] and public auditing [1], [28], [33]. In the former, the verification is carried out between cloud users and CSPs, while in the latter an authorized third-party auditor (TPA) is introduced to perform the verification. In comparison, the latter can provide more dependable auditing results and remarkably reduce the users’ burden [27], [29], [32]. Thus, it is believed to be more reasonable and practical, and has been popularly employed for cloud data auditing [14], [21], [26]. In this work, therefore, we focus on public auditing.
So far, many novel solutions for different cloud auditing requirements, such as, privacy-preserving auditing [10], [32], [38], dynamic data auditing [33], [37], [42] and multi-replica auditing [3], [7], [20], have been proposed. More recently, with the increasing popularity of collaboration and teamwork in the cloud, shared data auditing has become a new hot topic in the cloud data auditing field [12], [31], [41]. Differing from the personal cloud data possessed by only a single user, shared cloud data can be accessed and modified by all authorized users in a group, e.g., staff of an organization and collaborators working in a team. The collaborative and sharing nature of shared cloud data places greater demands on the desirable integrity auditing scheme. Besides privacy-preserving, support for data dynamics and batching verification, the shared-data auditing should also achieve the following security and function requirements:
- •
Identity-privacy preservation: The TPA, who is usually considered to be trusted but curious, might collect users’ identity information in the auditing process to obtain some significant privacy information, such as the users who play pivotal roles and the data blocks that contain high-value data. Thus, it is indispensable to protect the identity privacy of users in the shared-data auditing [12], [30], [36].
- •
Support for group dynamics: In a data-sharing group, it is common for either some new users to join at some point or some existing users to leave (or be removed) at any time. Thus, in the shared-data auditing, it is important to support group dynamics, including user enrollment (i.e., adding a new user) [30], [36], [39] and user revocation (i.e., removing an existing user) [30], [39], [41]. To be specific, the user enrollment should be easily achieved without regenerating any audit metadata (e.g. block tags); and the user revocation should ensure that the data blocks signed by the revoked user and their audit metadata cannot be tampered with.
- •
Identity traceability: In practical applications, a few users of granted group membership might maliciously modify certain shared data for their own self-interest, which would largely destroy the usability of the shared data and even result in social and economic losses. Thus, it is significant to enable identity traceability in the shared-data auditing [12], [36]. That is, the data owner (or group manager) should be able to trace all the modification operations in the collaborative work, and reveal the identities of misbehaved users if necessary.
As shown in Table 1, there have been some fruitful auditing schemes for shared data. However, none of the existing schemes could fully achieve all the security and performance requirements mentioned above. Particularly, they have varying degrees of performance and security issues in achieving group dynamics. For example, in Oruta [30], as a result of adopting the ring signature technique to generate block tags, when a user is added into or revoked from a group, all users’ keys and all block tags have to be regenerated; in SDIVIP2 [39], each user adopts a key combined with the personal keys of all the users to generate block tags, so during both the user enrollment and revocation, the shared key should be recomputed by each user, and all block tags need to be re-signed by himself or with a delegated user as the proxy; in the schemes reported in Refs. [11], [31], [36], [40], [41] where each user adopts his/her own key for generating block tags, during the user revocation the block tags related to the revoked user must be re-signed with the CSP as the proxy [31], [40], [41]. In addition, some existing schemes (such as, [11], [31], [36], [41]) can potentially suffer from collusion attacks, since the revoked user might share his/her private key with the CSP. In this case, the CSP could tamper with the data blocks previously signed by the revoked user. Things can get even worse if the CSP-based proxy re-signature technique is used to re-computed block tags during the user revocation [31], [41]. The CSP would even obtain the private key of the delegated user, and can tamper with the data blocks related to both the revoked user and delegated user (Table 2).
In view of the above shortcomings of the existing shared-data auditing schemes, in this paper, we seek to present an effective public auditing scheme to meet all the indispensable functional and security requirements mentioned above. Particularly, we propose an efficient and secure group management mechanism to support group dynamics. Specifically, in a data-sharing group, each valid user adopts his/her personal key to generate block tags, which enables new users to join the group expediently without affecting any other users or any existing shared data; to achieve efficient user revocation, we design a lazy-revocation strategy, which involves two operations. First, when a user is revoked, to prevent data blocks related to the revoked user (RU-blocks for short) from unauthorized modifications, a signature of the group manager on the aggregate value of all the RU-blocks’ tags (called post-revocation authenticator) is introduced. Note that, thanks to the post-revocation authenticator, even if the revoked user shares the private key with the CSP, the CSP will not be able to tamper with any data blocks, suggesting that our strategy can resist the collusion attack effectively. Second, when the RU-blocks are modified by the other valid users, their tags would be regenerated accordingly. In other words, our lazy-revocation strategy does not need to do anything other than generating a post-revocation authenticator during the user revocation to protect RU-blocks, and postpones the tag regeneration of RU-blocks until they are modified by other users. Thus, compared with the existing schemes [12], [30], [31], [39], [40], [41], our strategy can effectively reduce the computational overhead during the user revocation.
In addition, to preserve the identity privacy in the auditing process, we exploit the properties of bilinear maps to convert the signatures of different users on the challenged blocks to the ones signed by the group manager prior to generating the tag proof. To support identity traceability, we introduce a modification record table to record the operator, operation content, and operating time for each modified data block. Moreover, we further extend the dynamic hash table [27] to support shared-data dynamics, employ a random masking to protect data privacy in the auditing process, and achieve batch auditing by taking advantage of the aggregate signature technique.
In general, our contributions in this work can be summarized as follows:
- 1.
We present a novel public auditing scheme for shared data, which can fully achieve all the necessary functional and security requirements, including data and identity privacy protection, data dynamics, group dynamics, identity traceability and batch verification.
- 2.
We propose an efficient and secure group management mechanism to support group dynamics. Particularly, we present a lazy-revocation strategy to achieve user revocation in a secure and cost-effective manner.
- 3.
We formally prove the security of the proposed scheme, and evaluate its performance by theoretical analysis and experimental comparisons with the state-of-the-art schemes. The experimental results demonstrate that the proposed scheme can efficiently achieve secure auditing for shared cloud data, and outperforms the previous ones in computational overhead while maintaining relatively low communication costs.
The rest of the paper is organized as follows: In Section 2, we review the related work concerning cloud data auditing, especially regarding the shared-data auditing. We introduce background and necessary preliminaries for our work in Section 3, and present our scheme in detail in Section 4. We formally prove and analyze the security of our scheme in Section 5, and conduct comprehensive performance evaluations by theoretical analysis and experimental comparisons with the state-of-the-art schemes in Section 6. Finally, Section 7 concludes the outcome of this work.
Section snippets
Related work
Nowadays, the cloud data auditing has been witnessed as the indispensable technique for remote integrity verification of cloud data. One of the earliest work is proof of retrievability (PoR) proposed by Juels et al. [13], where the data owner can not only verify the integrity of outsourced data but also ensure the retrievability using error-correcting codes. However, PoR is a typical private auditing scheme, and cannot support the verification conducted by a third party. At the same time,
Background and preliminaries
In this section, we describe the necessary background and preliminaries for our work. Specifically, we first present the public auditing model for shared cloud data and its design goals in Section 3.1, and introduce some cryptographic preliminaries in Section 3.2. Furthermore, we propose an extended dynamic hash table in Section 3.3 to support shared-data dynamics, and a modification record table in Section 3.4 to support identity traceability. Finally, the security assumptions are given in
The proposed scheme
In this section, we will present our public auditing scheme for shared data, which consists of the dynamic verification protocol with privacy protection described in Section 4.1, the group management mechanism detailed in Section 4.2, and the batch verification protocol introduced in Section 4.3.
Security analysis
Theorem 1 Unforgeability of the post-revocation authenticator In the proposed scheme, it is computationally infeasible for the CSP to forge a valid post-revocation authenticator. Proof As mentioned in the lazy revocation strategy, if a user ux has been revoked, the group manager should generate the post-revocation authenticator as
where ρ is unknown to the CSP. If the CSP wants to forge a post-revocation authenticator, he/she should first know ρ. However, according to the DL assumption, it is computationally intractable to compute the
Performance evaluation
In this section, we will evaluate the performance of our scheme (PASCD) and compare it with the state-of-the-art schemes [11], [31], [36], [41] using individual signature keys.
Conclusion
The cloud storage auditing, as an indispensable technique for cloud storage security, has been attracting more and more attention. More recently, with the increasing popularity of collaboration and teamwork in the cloud, shared data auditing has become a new hot topic in this field. Although there have been some fruitful auditing schemes for shared data, none could fully achieve all the security and performance requirements. Therefore, in this paper, we are motivated to present a new public
Acknowledgments
This work was supported in part by National Natural Science Foundation of China under Grant Nos. U1405254 and U1536115, Natural Science Foundation of Fujian Province of China under Grant No. 2018J01093, Program for New Century Excellent Talents in Fujian Province University under Grant No. MJK2016-23, and Program for Outstanding Youth Scientific and Technological Talents in Fujian Province University under Grant No. MJK2015-54.
References (42)
- et al.
Multi-authority fine-grained access control with accountability and its application in cloud
J. Netw. Comput. Appl.
(2018) - et al.
L-EncDB: a lightweight framework for privacy-Preserving data queries in cloud computing
Knowl. Based Syst.
(2015) - et al.
Differentially private naive bayes learning over multiple data sources
Inf. Sci.
(2018) - et al.
External integrity verification for outsourced big data in cloud and IoT: a big picture
Future Gener. Comput. Syst.
(2015) - et al.
Divoram: towards a practical oblivious RAM with variable block size
Inf. Sci.
(2018) - et al.
Generating stable biometric keys for flexible cloud computing authentication using finger vein
Inf. Sci.
(2018) - et al.
Dynamic fully homomorphic encryption-Based merkle tree for lightweight streaming authenticated data structures
J. Netw. Comput. Appl.
(2018) - et al.
Enabling public auditing for shared data in cloud storage supporting identity privacy and traceability
J. Syst. Softw.
(2016) - et al.
Provable data possession at untrusted stores
Proceedings of 14th ACM Conference on Computer and Communications (ACM CCS ’07), Alexandria, Virginia, USA
(2007) - et al.
Lazy revocation in cryptographic file systems
Proceedings of the 3rd IEEE International Security in Storage Workshop (SISW ’05)
(2005)
Provable multicopy dynamic data possession in cloud computing systems
IEEE Trans. Inf. Forensics Secur.
Towards secure and flexible EHR sharing in mobile health cloud under static assumptions
Cluster Comput.
New publicly verifiable databases with efficient updates
IEEE Trans. Dependable Secure Comput.
Verifiable computation over large database with incremental updates
IEEE Trans. Comput.
MR-PDP: multiple-replica provable data possession
Proceedings of the 28th International Conference on Distributed Computing Systems
Dynamic provable data possession
Proceedings of the 16th ACM Conference on Computer and Communications (ACM CCS ’09), New York, NY, USA
M-SSE: an effective searchable symmetric encryption with enhanced security for mobile devices
IEEE Access
A privacy-preserving remote data integrity checking protocol with data dynamics and public verifiability
IEEE Trans. Knowl. Data Eng.
Identity-preserving public auditing for shared cloud data
Proceedings of the 23rd IEEE International Symposium on Quality of Service (IWQoS ’15)
Public integrity auditing for shared dynamic cloud data with group user revocation
IEEE Trans. Comput.
Pors: proofs of retrievability for large files
Proceedings of the 14th ACM Conference on Computer and Communications Security (ACM CCS ’07), Alexandria, Virginia, USA
Cited by (70)
RDIMM: Revocable and dynamic identity-based multi-copy data auditing for multi-cloud storage
2023, Journal of Systems ArchitectureA secure and efficient public auditing system of cloud storage based on BLS signature and automatic blocker protocol
2022, Journal of King Saud University - Computer and Information SciencesCitation Excerpt :Due to this important development, providing information technology (IT) services has become extremely costly to individuals and businesses. In this regard, Cloud computing is an efficient and good environment in terms of providing necessary IT services due to its economic advantages (Tian et al., 2019). The cloud computing paradigm is the next development of an organization's IT because it provides many unmatched services in IT include self-service on request, access to the network from anywhere, fast resource adaptability, location independence, payment based on usage, and risk management (Garg et al., 2020).
Cloud Dynamic and Public Auditing Scheme for Secure Data by using RSA with Modified Dynamic Hash Table
2024, International Journal of Intelligent Systems and Applications in EngineeringSecure and efficient public auditing system of user data using hybrid AES-ECC crypto system with Merkle hash tree in blockchain
2024, Multimedia Tools and ApplicationsAn Efficient Secure and Privacy Cloud Auditing in Winternitz Signature Scheme
2024, International Journal of Intelligent Systems and Applications in Engineering