ReviewA review on remote data auditing in single cloud server: Taxonomy and open issues
Introduction
Cloud computing is a new model of computing in contrast to conventional desktop computing. Today׳s, this new paradigm became popular and received increasing attention by researchers (academia) and industry. According to The National Institute of Standards and Technology (NIST) Cloud Computing is
“a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (network, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort” (Mell and Grance, 2011).
This technology allows users to outsource their data to a remote server operated by a third party called cloud service provider (CSP) (Zhibin and Dijiang, 2012). In addition, computing resources such as memory, disk storage, processor, and bandwidth are virtualized and clients are able to access them using the Internet (Kumar and Yung-Hsiang, 2010). The term cloud refers to a thousand of virtualized servers distributed over a set of data centers with different geographical locations connected together through telecommunication links. The services on the cloud are delivered to the users as pay-as-you-go pricing model. This means users are only charged for the amount of service they have used similar to water and electricity bills.
Adopting cloud computing offers various advantages to both end users and CSP. For end users the advantages include rapid elasticity, measured service, minimal capital investment, lower maintenance cost, and location-independent access to the services (Kumar and Yung-Hsiang, 2010, Wang et al., 2010). On the other hand, CSP achieves a higher level of resource utilization and thus saves energy consumption.
Despite several benefits, some security concerns inhibit users to fully adopt this new technology and shift from traditional computing to cloud computing (Zhibin and Dijiang, 2012). By storing data to a remote server, user loses his physical control over data and instead delegates management of data to an un-trusted party (Cong et al., 2010, Wei et al., 2013). Even though cloud resources are very powerful and reliable comparing to that of client, the data on the cloud is still vulnerable to many threats from inside or outside the cloud (Wang et al., 2010). These threats might compromise confidentiality, integrity, and availability of data. An unfaithful provider might delete less frequently accessed data to free up disk space or hide data loss to protect his reputation (Yang and Jia, 2012a). In addition, security attacks, Byzantine failure, server failure and power outage are likely to happen. Amazon S3 breakdown (Team, 2008), Gmail email mass deletion (Arrington, 2006), Sidekick Cloud Disaster (Cellan-Jones, 2009) Breakdown of Amazon EC2 2010 (Miller, 2010) are example of such events.
Cloud users need to make sure their data remain intact after uploading to the remote server. Traditional integrity checking techniques such as hash functions and signatures require a local copy of the entire data. Unfortunately, these techniques are not well suited for the cloud environment because downloading possibly large files is impractical due to its high communication cost. This even becomes worse in case of mobile computing devices with limited power, storage capacity, and connectivity. As a result, devising a proper audit service which can remotely check the integrity of outsourced data in the cloud is deemed as a crucial need.
Remote data auditing (RDA) refers to a group of protocols to securely, frequently, and efficiently verify the correctness of the data over a cloud managed by untrustworthy provider without having to retrieve the data (Ateniese et al., 2008). The RDA protocols are able to check a small fraction of entire data, called spot checking, and give a probabilistic guarantee for the data integrity. To design a remote data audit mechanism the following important criteria must be taken into account: (1) Efficiency: audit the data with the minimum computational cost over the server and particular client. The auditing service is also reasonable for the communication overhead between client and server, (2) Public verifiability: delegate the audit task to a trusted third party auditor rather than a client in order to reduce the computation cost over the client, (3) Frequency: number of times that user is able to verify the integrity of outsourced data by generating a challenge message, (4) Probability of detection: probability by which a protocol detects data corruption, (5) Recovery: ability to recover data in case of data corruption, and (6) Dynamic update: enabling the cloud user to update the outsourced data by using insert, delete, modify, and append operation without requiring to download the whole data.
This paper reviews the state-of-the-art remote data auditing efforts that are used to check the integrity of outsourced data in a single cloud server. We study and classify the characteristics of remote data auditing approaches by thematic taxonomy into five groups, namely security requirements, security objective, performance metrics, auditing mode, and update mode. The impacts of RDA in cloud and mobile cloud computing are also presented. The main contribution of the paper is to review the state-of-the-art RDA methods, categorize current RDA mechanisms into three classes of provable data possession, proof of retrievability, and proof of ownership based on the implications, requirements, and critical characteristics. To the best of our knowledge, this is the first effort to categorize data storage strategies applied in single cloud computing. Furthermore, we identify the issues in existing solutions for data auditing and challenges to cloud based application processing and mobile device limitations. This paper lists some challenges and open issues to guide researchers to choose the appropriate domain for future research and acquire ideas for further investigations.
The rest of the paper is organized as follows. Section 2 presents the fundamental concepts of cloud computing and mobile cloud computing. It also explains data auditing and its requirements. Section 3 discusses the concept of RDA, presents our proposed taxonomy of RDA. Section 4 presents and taxonomizes a comprehensive survey of the state-of-the-art RDA approaches. Section 5 compares current RDAs by comparing the similarities and deviations by using significant parameters presented in the taxonomy. Section 6 focuses on the issues and challenges in current RDCs. Finally, Section 7 concludes the paper with future directives.
Section snippets
Background
This section explains the concept of mobile cloud computing and data auditing, respectively. Then, it illustrates a general architecture of remote data checking protocols and the requirements of the data auditing system.
Remote data auditing technique
Today׳s cloud users are motivated to store their data in the cloud and take advantage of the on-demand applications without the need to install them on their devices. Figure 2 shows general comparison between the traditional systems and cloud and mobile cloud computing. It indicates that in contrast to the traditional systems, the storage service in the cloud (in SaaS, PaaS and IaaS layers) is managed by cloud service providers (CSP) and the users are unable to manage the data stored in the
The state-of-the-art remote data auditing approaches: taxonomy
RDA is a crucial technique that concerns data integrity verification and public or private auditing services in the cloud and mobile cloud computing. According to identified security requirements in the previous Section, we analyze and taxonomize the state-of-the-art remote data auditing approaches into three models, namely provable data possession-based (PDP-based), proof of retrievability-based (POR-based), and proof of ownership-based (POW-based) which are depicted in Figure 5. We describe
Comparison of remote data auditing protocols
This section compares the current remote data auditing protocols on the basis of the taxonomy presented in Figure 4. The commonalities and differences in such protocols are compared based on the presented parameters in such taxonomy. The comparison parameters considered are: Scheme Nature (SN), Protocol Type (PT), security pattern, cryptography model, batch auditing, public auditing, dependability, and data recovery. Table 1 shows a comparison of remote data auditing protocols based on such
Open issues and challenges
In this section, we highlight some of the most important issues and challenges in deploying and utilizing the remote data storage auditing approaches as the future research directions.
Conclusion
Auditing outsourced data in cloud computing is an emerging research area, which has been getting more attention in recent years. Current RDA approaches accomplish data checking process in diverse modes. Several approaches only audit the integrity of outsourced data, while a number of these approaches focus on error recovery and the rest of approaches are able to check the data ownership as well. Two different types of verification pattern are used, in private verification only the data owner is
Acknowledgments
This work was carried out as part of the mobile cloud computing research project funded by the Malaysian Ministry of Higher Education under the University of Malaya High Impact Research Grant, Reference no. UM.C/HIR/MOHE/FCSIT/03.
This work was partly supported by the National Natural Science Foundation of China under Grant no. 61300220.
References (114)
- et al.
Cloud monitoring: a survey
Comput Netw
(2013) - et al.
Cloud computing and emerging IT platforms: vision, hype, and reality for delivering computing as the 5th utility
Future Gene Comput Syst
(2009) Using algebraic signatures to check data possession in cloud storage
Future Gener Comput Syst
(2013)- et al.
Pairing-based cryptography: A survey
(2004) - et al.
Mobile cloud computing: a survey
Future Gener Comput Syst
(2013) - et al.
Secure and efficient data retrieval over encrypted data using attribute-based encryption in cloud storage
Comput Electr Eng
(2013) - et al.
Beyond lightning: a survey on security challenges in cloud computing.
Comput Electr Eng
(2013) A combined approach to ensure data security in cloud computing
J Netw Computer Appl
(2012)- et al.
A survey on security issues in service delivery models of cloud computing
J Netw Comput Appl
(2011) Proxy provable data possession in public clouds
IEEE Trans Serv Comput
(2012)
Multiple-file remote data checking for cloud storage
Comput Secur
From cloud computing to cloud manufacturing
Robot Comput-Integr Manuf
An efficient and secure approach for a cloud collaborative editing
J Netw Comput Appl
Data security in cloud computing. Handbook on securing cyber-physical critical infrastructure
Mobile cloud applications: Widgets and the apps dilemma for smartphones, netbooks, media tablets, and connected mobile devices
Mobile cloud computing solution brief (white paper)
A view of cloud computing
Commun ACM
Remote data checking using provable data possession
ACM Trans Inf Syst Secur
Variations of Diffie–Hellman problem
Symmetric binary B-Trees: data structure and maintenance algorithms
Acta Inform
Aggregate and verifiably encrypted signatures from bilinear maps
Short signatures from the weil pairing
J Cryptol
The random oracle methodology, revisited
J ACM
Dynamic proofs of retrievability via oblivious RAM
IACR Cryptol ePrint Arch
Practical byzantine fault tolerance and proactive recovery
ACM Trans Comput Syst
Error-correction coding for digital communications
Toward publicly auditable secure cloud data storage services
Netw IEEE
Symmetric-key encryption. Introduction to cryptography
A survey of mobile cloud computing: architecture, applications, and approaches
Wirel Commun Mob Comput
Proofs of retrievability via hardness amplification
FlexList: optimized skip list for secure cloud storage
Calling the cloud: enabling mobile phones as interfaces to cloud applications
A sample of samplers – a computational perspective on sampling (survey)
Electron Colloq Comput Complex
Software protection and simulation on oblivious RAMs
J ACM
Cited by (121)
A verifiable data integrity scheme for distributed data sharing in fog computing architecture
2024, Future Generation Computer SystemsDistributed auditing protocol for untraceable transactions
2023, Journal of Information Security and ApplicationsA survey on blockchain-based integrity auditing for cloud data
2022, Digital Communications and NetworksSecure Virtual Machine Image Storage Process into a Trusted Zone-based Cloud Storage
2022, Computers and SecurityThreats and vulnerabilities of wireless sensor networks in smart cities
2022, The Rise of Smart Cities: Advanced Structural Sensing and Monitoring SystemsCertificateless multi-replica public integrity auditing scheme for dynamic shared data in cloud storage
2021, Computers and Security