PSCPAC: Post-quantum secure certificateless public auditing scheme in cloud storage

https://doi.org/10.1016/j.jisa.2021.102927Get rights and content

Abstract

To reduce the local storage burden and enjoy the conveniently ubiquitous access, an increasing number of individuals and enterprises prefer to outsource their data to the cloud server. Due to the loss of physical control over data, how to guarantee the cloud server stores user’s data honestly becomes an important security challenge. Meanwhile, most of existing public auditing schemes based on traditional public key cryptosystem either suffer from bearing the heavy burden of certificate management or possess an inherent key escrow drawback. Even worse, with the advent of powerful quantum computers, most of them could be cracked quickly by a large-scale quantum computer in polynomial time in the near future. To this end, we propose a novel post-quantum secure certificateless public auditing scheme in cloud storage (PSCPAC) from lattice assumptions. Compared with the existing schemes, our novel scheme enjoys the following promising merits: (1) removing the requirement for complicated certificate management in traditional PKI-based public auditing schemes; (2) eliminating the inherent key escrow problem in ID-based public auditing schemes; (3) providing resistance against quantum computers attacks. Correctness, security and performance analysis demonstrate that PSCPAC is provably secure, highly efficient and more practical for post-quantum security in cloud storage public auditing.

Introduction

Up to date, the exponential explosions of big data are commonly observed in various domains, ranging from natural science and social science to biology and commerce. The ever-increasing huge amount of big data, therefore, often overwhelm the local data storage capacity of many individuals and enterprises. Fortunately, the emergence of a novel cloud computing paradigm offers a promising new option for individuals and organizations because the cloud computing can provide nearly infinite storage space, powerful computing ability, conveniently ubiquitous access, rapid deployment, high reliable, elastic scalable, usage-based charging and cost-effective cloud resources and various application software as well as other charming cloud services [1]. Cloud computing has been envisioned as the next-generation architecture of Information Technology (IT). Thus, an increasing number of individuals and enterprises prefer to outsource their data to the cloud storage server, such as Amazon Simple Storage Service (Amazon S3), Microsoft Azure storage service, Google Cloud and Alibaba Cloud, and so on, for enjoying the great benefits from cloud computing.

Despite enormous appealing benefits and conveniences to data owner, the cloud paradigm is also confronted with unprecedented challenging and new security issues toward the outsourced data. These security threats may greatly hinder the wide deployment and further development of the cloud computing [2].

Once data owners migrate their local data files to the remote cloud storage server, they will lose the right of physical control over their data files and the cloud storage server will become the only actual controller. Thus, the data integrity is commonly a major concern for data owners. Although the cloud storage providers claim to own much more powerful and reliable IT infrastructure, better professional management, and richer maintenance experience than ordinary users, they still face a wide range of vulnerabilities from both internal and external threats on the integrity and availability of the outsourced data such as hardware device failure, system errors, software bugs and outside malicious hackers. For example, when an accident data corruption event happens, the cloud storage provider does not inform users of this incident in time honestly only for the sake of maintaining its reputation, thus making users miss the golden opportunity to recover his valuable data. The even worse situation is that the cloud storage provider might deliberately delete or alter the rarely accessed data files of ordinary level users so as to reclaim the storage space for maximizing its profits. Therefore, it is of utmost importance for a data owner to perform efficient verification measures on the remote stored data periodically to ensure that their data will not be tampered, deleted, or lost.

Since the physical control of data owner on their outsourced data files in the remote cloud storage is deprived [3], it is impractical (e.g., expensive communication band cost and limited local storage space) for user to download or retrieve huge amounts of entire data from the cloud server merely for integrity verification. To overcome the problem of the outsourced data integrity auditing, many researchers have investigated extensively and proposed various schemes under different settings, in which the integrity verifying of the data can be performed without downloading or retrieving data back.

In 2007, Ateniese et al. was proposed the notion of Provable Data Possession(PDP) model [4] for the first time and presented the concrete construction by adopting RSA-Based homomorphic verifiable tags and random sampling method to achieve blockless verifiability with high efficiency and high probability. However, the original PDP paradigm only supports static data, and its application scope is limited. Afterwards,  Ateniese et al. improved their initial schemes to a dynamic PDP model to support dynamic operations [5]. The dynamic PDP model can support partial dynamic operations such as data updating, deletion and append, but the data insert operation cannot be supported. After that, Erway et al. [6] put forward the first fully dynamic PDP protocol by using the data structure of rank-based authenticated skip list in 2009.

It should be noted that the above-mentioned schemes are designed based on the Public Key Infrastructure (PKI) which is widely used in public key cryptosystem. It is well recognized that the conventional PKI provides a certificate mechanism (such as an X.509 certificate) to combine a user’s public key and identity, that is, each user should first generate a public–private key pair randomly and submit the public key to the trusted Certificate Authority (CA) asking for public key certificate while keeping the private key secret. Therefore, the PKI needs to maintain the public key certificate generation, distribution, revocation, renewals, etc, in which the PKI system suffers from the complicated certificates management and becomes a bottleneck for efficiency and security. Due to the heavy certificate management burdens, the deployment of PKI is extremely cumbersome and full of challenges in practice.

In order to address the complicated certificate management problem in PKI, Shamir [7] introduced a novel public key cryptography paradigm named Identity-Based Cryptosystems in 1984.

The motivation of the Identity-Based Cryptosystems is to simplify the complicated certificate management in PKI. Compared with the traditional PKI model, in ID-based cryptosystems, the user’s public key can be derived from its identity (e.g. a user’s email address, telephone number, etc.) directly, thereby removing the requirement for explicit public key certificates. The corresponding private key is generated by a fully trusted authority called Private Key Generator (PKG) after having obtained the user’s identity information and is securely delivered to the user via a security channel.

Taking advantage of ID-based cryptography, multiple ID-based public auditing schemes have been put forward to handle the data integrity checking issue in recent years. In order to address the cumbersome certificate management and verification problem in PKI model, Wang et al. [8] proposed the first ID-based ID-RDPC model and presented an concrete construction of ID-RDPC protocol as well as security proven under the hard problem of CDH assumption. In their subsequent work, they extended the ID-RDPC protocol to ID-DPDP protocol for multi-cloud setting [9]. In 2016, Peng et al. [10] pointed out the security flaw in Wang et al.’s protocol, and offered a revised solution. Unfortunately, Lan et al. [11] demonstrated that Peng et al.’s method suffered from a security vulnerability that malicious cloud servers could generate valid proof information to pass the data integrity verification even without original user data. Accordingly, Lan et al. provided a remedy solution to the problem while preserving the security properties unchanged. There are many other similar work such as schemes [12], [13]. The aforementioned ID-based public auditing schemes have the same security vulnerability of key escrow problem. In ID-based cryptosystems users do not generate their public–private key pairs themselves as before. Notice that in ID-based cryptosystems user’s private key is completely generated by the PKG. Apparently, PKG also knows the user’s private key, i.e., key escrow problem. Therefore, PKG must be fully trusted, otherwise, PKG can impersonate the authorized user of the private key to do any malicious things.

To eliminate the natural key escrow problem, Al-Riyami et al. [14] put forward the concrete concept of certificateless public key cryptosystems(CL-PKC) for the first time. In their proposal, each user’s private key is composed of two components, one part is identity-based partial private key generated by a partially trusted authority named Key Generation Center (KGC), which can act as an implicit certificate for authenticate user and be verified while verifying the signature simultaneously, and the other part is a user self-selected random secret value. In this method, CL-PKC eliminates the inherent key escrow problem in identity-based cryptosystem.

Based on Al-Riyami et al.’s seminal work, many certificateless public auditing schemes have been developed so far. For instance, in 2013, Wang et al. [15] proposed the first certificateless public auditing scheme, which can avoid to maintain and verify the users’ certificates and eliminate the inherent key escrow problem. However, their scheme cannot resist the attack of the Type I Adversary. Zhang et al. [16] pointed out their scheme was vulnerable to public key replacement attack and failed to the desired security properties. Accordingly, as a remedy Zhang et al. proposed a SCLPV scheme. Meanwhile, Wang et al. [17] found Zhang et al.’s [16] certificateless public auditing scheme had a security loophole that the cloud server can generate valid proof to cheat the auditor by only storing one block and tag of user’s data and provided a revised solution to remedy this weakness. In addition to guaranteeing the integrity of the stored data in cloud storage, the privacy preserving problem is another serious challenge to be considered. Privacy commonly contains two aspects: identity privacy [18], [19], [20] and data privacy [21], [22], [23]. In this work, we mainly focus on data privacy preserving. He et al. [24] proposed another certificateless public auditing (CLPA) scheme using bilinear pairings. However, the CLPA scheme failed to provide data privacy-preserving as the verifier can learn the knowledge of the user’s data by solving the appropriate linear equations. Later, He et al. [25] proposed a new CLPDP scheme that could address certificate management problem as well as provide privacy protection simultaneously. He et al. [22] also investigated the data integrity verification in the cloud-based smart grid and designed an efficient certificateless provable data possession scheme based on bilinear pairing. In Li et al.’s work [26], they utilized the CL-PKC technique to bring forth a public auditing protocol for verifying the integrity of data shared among a group. In addition, their protocol also supports efficient user revocation from the group.

It also should be noted that most of existing public key cryptographic schemes, including the aforementioned PKI-based PDP schemes, ID-based PDP schemes as well as CL-based PDP schemes, are secure based on hard problems of traditional number theory, such as large integer factoring problem, discrete logarithm problem(DLP) and bilinear pairings. Nevertheless, in the presence of amazing progress in quantum computer, the powerful computing model of quantum computer, these currently conventional cryptosystems may be no longer safe because their underlying hard problem could be cracked quickly by a large-scale quantum computer in polynomial time according to the Shor’s research on quantum computers in literature [27].

The exact time when the quantum computing becomes into reality cannot be estimated precisely, but the trend is irreversible [28]. Therefore, it is necessary to enhance cryptosystem’s resistibility against quantum computer attacks. Fortunately, to achieve this goal, cryptographic researchers have found the way to build cryptographic primitives, which is called post-quantum cryptography(also called quantum-resistant cryptography), such as lattice-based cryptography, code-based cryptography, multivariate polynomial cryptography [29]. Among them, lattice-based cryptography has been envisioned as one of the most promising candidates to provide efficient quantum security, and demonstrated enormous potential to become a basic stone of the information security tomorrow’s cryptography.

Inspired by the seminal work of Ajtai [30] in 1996, an increasing number of lattice-based cryptography schemes with novel features [31], [32], [33], [34] have been designed for various applications under different settings in recent years.

The motivation of our work can be briefly described as follows. Firstly, from the perspective of data owners, how to guarantee the cloud storage server keeps user’s data intact is an urgent security issue to be addressed. Secondly, at present, public auditing technique is an effective method to guarantee the storage correctness. However, most of existing public auditing schemes or protocols are designed based on the mechanism of traditional PKI paradigm or identity-based paradigm. The former suffers from the requirement for managing and checking the certificate of user and will incur heavy burden that greatly decreases the efficiency of the system; the latter possesses the inherit key escrow issue that greatly threatens the system’s security. These two issues deserve sufficient consideration and in-depth investigation. Thirdly, in practice, to realize the goal of public auditing, it is necessary for the data user to hire a third-party auditor with professional expertise and strong computing power who periodically checks the integrity of the data outsourced to the cloud server on behalf of the data user. However, when a third-party auditor is hired, it will bring the new risk of data exposure because a third-party auditor is not commonly fully trustworthy, and he may be curious about getting the user’s data information from the audit process with his powerful computation capacity. To avoid such data leakage, great attention should be attached to preserving the privacy of user data, namely, to design supporting privacy-preserving third party auditing scheme is another important factor that should be taken into account. Last but not least, the appearance of powerful quantum computers also brings unprecedented challenges to the traditional security issues. How to securely and efficiently verify the data integrity of outsourced data still remains challenging, especially under quantum computers attacks. Hence, it is imperative to take effect precautions to meet the challenges in the age of quantum computers.

To fill the above mentioned gaps, in this paper, inspired by the idea of certificateless cryptography in the seminal work of Al-Riyami et al. [14] in 2003 and following the breakthrough in lattice technique by Ajtai [30] in 1996, we design an efficient post-quantum secure certificateless public auditing scheme in cloud storage (PSCPAC) from lattice assumptions. The major research contributions of our work can be summarized as follows.

(1) First, we present the system model and threat model of the proposed PSCPAC scheme, and identify our design goals.

(2) Second, we integrate certificateless and lattice cryptographical primitive into a public auditing scheme to achieve an efficient post-quantum security and certificateless public auditing scheme in cloud storage. To the best of our knowledge, none of the existing schemes can provide post-quantum security and certificateless public auditing scheme in cloud storage so far. Thus, it is quite essential to construct a post-quantum secure certificateless public auditing scheme to guarantee the integrity of the outsourced data in the cloud storage. Our proposed PSCPAC scheme is the first sound and secure work that can simultaneously support certificateless public auditing and provide post-quantum security. That is, our proposed PSCPAC scheme not only achieves the resistance against quantum computers attacks, but also avoids the requirement for complicated certificate management during public auditing procedure in the traditional PKI model and addresses the natural key escrow problem in identity-based model simultaneously.

(3) Finally, we present a correctness proof and security analysis of our proposed PSCPAC scheme and demonstrate its correctness and security in a random oracle model. Besides, we conduct a concrete performance evaluation of the proposed PSCPAC scheme and make a comparison with that of the two state-of-the-art related schemes.

The remainder of the paper is organized as follows. In Section 2, we briefly review some preliminaries, including the definitions and properties related to lattice, hardness assumption from lattice. In Section 3, we define the system model, the overall definition of our scheme, the security model and our design goals. In Section 4, we propose the concrete construction of our proposed PSCPAC scheme. In Section 5, we provide the correctness and security proof as well as conduct the performance evaluation of our proposal. Finally, we draw the conclusion of the whole paper in Section 6.

Section snippets

Preliminaries

In this section, we give a brief review on some preliminary knowledge used throughout this paper, including the definition of lattice, discrete Gaussian sampling, hardness assumption from lattice.

Problem statement

In this section, we discuss the system model, the overall functional definition of the proposed PSCPAC scheme, its corresponding security model and our design goals.

The concrete PSCPAC scheme

In this section, the concrete construction of our proposed PSCPAC scheme for ensuring the data integrity in cloud storage is presented in detail.

Security analysis

In this section, we first present a security model for the PSCPAC scheme. After that, we will provide an interactive security proof to exhibit that our scheme is provably secure in the random oracle model in detail. Finally, we also present a summary on the comparison of security properties between our PSCPAC scheme and other two existing schemes.

Performance analysis

In this section, we assess the performance of the proposed PSCPAC scheme as well as compare its performance with that of other two up-to-date similar schemes in terms of the computation costs and communication costs.

Conclusion

In this work, we investigate the outsourced data integrity verifying in the remote storage cloud server under quantum computer setting. To guarantee the data integrity in the cloud storage, we propose a novel post-quantum secure certificateless public auditing scheme in cloud storage from lattice assumptions. We first formalize the certificateless-based data integrity audit scheme model in which include system model and security model. Then, we present the concrete post-quantum secure

CRediT authorship contribution statement

Haifeng Li: Conceptualization, Methodology, Writing – original draft, Writing – review & editing. Yuxin Wang: Conceptualization, Resources, Supervision. Xingbing Fu: Software, Writing – review & editing. Caihui Lan: Data curation, Visualization, Investigation. Caifen Wang: Supervision, Validation. Fagen Li: Supervision, Validation. He Guo: Supervision, Validation.

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Acknowledgments

The authors are very grateful to the anonymous referees for their valuable comments and constructive suggestions to improve the quality of our paper.

This work is supported in part by National Natural Science Foundation of China under Grant No. 61602080, No. 61872058, No. 61602084; Zhejiang Provincial Natural Science Foundation of China under Grant No. LY19F020045; Guangxi Key Laboratory of Cryptography and Information Security, China under Grant No. GCIS201718; the Opening Project of Guangdong

Haifeng Li received the B.S. and M.S. degree in computer science from Hebei University and Northwest Normal University, respectively. He is currently working toward the Ph.D. degree in School of Software, Dalian University of Technology. His current research interests include applied cryptography, network security, cloud computing security and big data security.

References (37)

  • AtenieseG. et al.

    Scalable and efficient provable data possession

  • ErwayC. et al.

    Dynamic provable data possession

  • ShamirA.

    Identity-based cryptosystems and signature schemes

  • WangH. et al.

    Identity-based remote data possession checking in public clouds

    IET Inf Secur

    (2013)
  • WangH.

    Identity-based distributed provable data possession in multicloud storage

    IEEE Trans Serv Comput

    (2014)
  • PengS. et al.

    Comments on “identity-based distributed provable data possession in multicloud storage”

    IEEE Trans Serv Comput

    (2016)
  • LanC. et al.

    Analysis of the comments on “identity-based distributed provable data possession in multicloud storage”

    IEEE Trans Serv Comput

    (2017)
  • LiY. et al.

    Fuzzy identity-based data integrity auditing for reliable cloud storage systems

    IEEE Trans Dependable Secure Comput

    (2017)
  • Cited by (5)

    • Efficient certificateless public integrity auditing of cloud data with designated verifier for batch audit

      2022, Journal of King Saud University - Computer and Information Sciences
      Citation Excerpt :

      Wang et al. (2013) designed the first certificateless cloud auditing scheme, but the security issue of the scheme when dealing with adversary AI was discovered and pointed out. Li et al. (2021a) designed a certificateless cloud auditing scheme against the quantum attack based on lattice cryptography, the scheme could resist the cracking attacks of quantum computers on the basis of the advantage of certificateless cryptography system, so it had broader application scenarios. The certificateless cloud auditing scheme designed by Yuan et al. (2015) could resist malicious auditors, but it did not have the process of data dynamic update or realize data privacy protection.

    • Secure fuzzy identity-based public verification for cloud storage

      2022, Journal of Systems Architecture
      Citation Excerpt :

      In contrast, introducing external and independent third-party auditors (TPA) to regularly check the integrity of remote data on behalf of users removes the onerous verification burden for users. Recently, many public verification schemes have been proposed [19–23]. Most of these schemes discussed above rely on public key infrastructure (PKI), where data owner has a key pair (private key, public key).

    • A Methodical Literature Survey on Block Chain-based Public Auditing in Cloud: Analysis on Performance and Door towards Future Scope

      2022, Proceedings - International Conference on Applied Artificial Intelligence and Computing, ICAAIC 2022

    Haifeng Li received the B.S. and M.S. degree in computer science from Hebei University and Northwest Normal University, respectively. He is currently working toward the Ph.D. degree in School of Software, Dalian University of Technology. His current research interests include applied cryptography, network security, cloud computing security and big data security.

    Yuxin Wang received the B.S., M.S., and Ph.D. degrees in Computer Science and Technology from Dalian University of Technology, Dalian, China, in 1997, 2007, and 2012, respectively. He is currently an associate professor with the School of Computer Science and Technology, Dalian University of Technology. His research interests include cloud computing security, computer vision, parallel and distributed computing.

    Xingbing Fu is a lecturer, and he received the Ph.D. degree from University of Electronic Science and Technology of China (UESTC) in 2016. His research interests include cloud computing, machine learning and cryptography.

    Caihui Lan received the Ph.D. degree in basic mathematics from the School of Mathematics and Statistics, Northwest Normal University, Lanzhou, China, in 2013. He is currently an associate professor with the School of Electronics and Information Engineering, Lanzhou City University. His main research interests include cryptography and information security, in particular, cryptographic protocols.

    Caifen Wang received the Ph.D. degree in cryptography from the School of Communication Engineering, Xidian University, in 2003. She is currently a Professor with Shenzhen Technology University. She has been selected as the Director of the China Cryptography Society and a member of the Special Committee of Cryptography Algorithms. Her main research interests include cryptography and information security, in particular, applied cryptography and security in cloud computing.

    Fagen Li received the Ph.D. degree in Cryptography from Xidian University, Xi’an, P.R. China in 2007. His research interests include cryptography and network security, especially in signcryption schemes, signature schemes and key agreement protocols.

    He Guo received the B.S. degree in Computer Science and Technology from Jilin University, China, in 1982, the M.S.degree in Computer Science and Technology from Dalian University of Technology in 1988. He has been a full professor of the Software School at Dalian University of Technology since 2010. His research interests include information security, computer vision, parallel and distributed computing.

    View full text