Review
A review on remote data auditing in single cloud server: Taxonomy and open issues

https://doi.org/10.1016/j.jnca.2014.04.011Get rights and content

Abstract

Cloud computing has emerged as a computational paradigm and an alternative to the conventional computing with the aim of providing reliable, resilient infrastructure, and with high quality of services for cloud users in both academic and business environments. However, the outsourced data in the cloud and the computation results are not always trustworthy because of the lack of physical possession and control over the data for data owners as a result of using to virtualization, replication and migration techniques. Since that the security protection the threats to outsourced data have become a very challenging and potentially formidable task in cloud computing, many researchers have focused on ameliorating this problem and enabling public auditability for cloud data storage security using remote data auditing (RDA) techniques. This paper presents a comprehensive survey on the remote data storage auditing in single cloud server domain and presents taxonomy of RDA approaches. The objective of this paper is to highlight issues and challenges to current RDA protocols in the cloud and the mobile cloud computing. We discuss the thematic taxonomy of RDA based on significant parameters such as security requirements, security metrics, security level, auditing mode, and update mode. The state-of-the-art RDA approaches that have not received much coverage in the literature are also critically analyzed and classified into three groups of provable data possession, proof of retrievability, and proof of ownership to present a taxonomy. It also investigates similarities and differences in such framework and discusses open research issues as the future directions in RDA research.

Introduction

Cloud computing is a new model of computing in contrast to conventional desktop computing. Today׳s, this new paradigm became popular and received increasing attention by researchers (academia) and industry. According to The National Institute of Standards and Technology (NIST) Cloud Computing is

a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (network, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort” (Mell and Grance, 2011).

This technology allows users to outsource their data to a remote server operated by a third party called cloud service provider (CSP) (Zhibin and Dijiang, 2012). In addition, computing resources such as memory, disk storage, processor, and bandwidth are virtualized and clients are able to access them using the Internet (Kumar and Yung-Hsiang, 2010). The term cloud refers to a thousand of virtualized servers distributed over a set of data centers with different geographical locations connected together through telecommunication links. The services on the cloud are delivered to the users as pay-as-you-go pricing model. This means users are only charged for the amount of service they have used similar to water and electricity bills.

Adopting cloud computing offers various advantages to both end users and CSP. For end users the advantages include rapid elasticity, measured service, minimal capital investment, lower maintenance cost, and location-independent access to the services (Kumar and Yung-Hsiang, 2010, Wang et al., 2010). On the other hand, CSP achieves a higher level of resource utilization and thus saves energy consumption.

Despite several benefits, some security concerns inhibit users to fully adopt this new technology and shift from traditional computing to cloud computing (Zhibin and Dijiang, 2012). By storing data to a remote server, user loses his physical control over data and instead delegates management of data to an un-trusted party (Cong et al., 2010, Wei et al., 2013). Even though cloud resources are very powerful and reliable comparing to that of client, the data on the cloud is still vulnerable to many threats from inside or outside the cloud (Wang et al., 2010). These threats might compromise confidentiality, integrity, and availability of data. An unfaithful provider might delete less frequently accessed data to free up disk space or hide data loss to protect his reputation (Yang and Jia, 2012a). In addition, security attacks, Byzantine failure, server failure and power outage are likely to happen. Amazon S3 breakdown (Team, 2008), Gmail email mass deletion (Arrington, 2006), Sidekick Cloud Disaster (Cellan-Jones, 2009) Breakdown of Amazon EC2 2010 (Miller, 2010) are example of such events.

Cloud users need to make sure their data remain intact after uploading to the remote server. Traditional integrity checking techniques such as hash functions and signatures require a local copy of the entire data. Unfortunately, these techniques are not well suited for the cloud environment because downloading possibly large files is impractical due to its high communication cost. This even becomes worse in case of mobile computing devices with limited power, storage capacity, and connectivity. As a result, devising a proper audit service which can remotely check the integrity of outsourced data in the cloud is deemed as a crucial need.

Remote data auditing (RDA) refers to a group of protocols to securely, frequently, and efficiently verify the correctness of the data over a cloud managed by untrustworthy provider without having to retrieve the data (Ateniese et al., 2008). The RDA protocols are able to check a small fraction of entire data, called spot checking, and give a probabilistic guarantee for the data integrity. To design a remote data audit mechanism the following important criteria must be taken into account: (1) Efficiency: audit the data with the minimum computational cost over the server and particular client. The auditing service is also reasonable for the communication overhead between client and server, (2) Public verifiability: delegate the audit task to a trusted third party auditor rather than a client in order to reduce the computation cost over the client, (3) Frequency: number of times that user is able to verify the integrity of outsourced data by generating a challenge message, (4) Probability of detection: probability by which a protocol detects data corruption, (5) Recovery: ability to recover data in case of data corruption, and (6) Dynamic update: enabling the cloud user to update the outsourced data by using insert, delete, modify, and append operation without requiring to download the whole data.

This paper reviews the state-of-the-art remote data auditing efforts that are used to check the integrity of outsourced data in a single cloud server. We study and classify the characteristics of remote data auditing approaches by thematic taxonomy into five groups, namely security requirements, security objective, performance metrics, auditing mode, and update mode. The impacts of RDA in cloud and mobile cloud computing are also presented. The main contribution of the paper is to review the state-of-the-art RDA methods, categorize current RDA mechanisms into three classes of provable data possession, proof of retrievability, and proof of ownership based on the implications, requirements, and critical characteristics. To the best of our knowledge, this is the first effort to categorize data storage strategies applied in single cloud computing. Furthermore, we identify the issues in existing solutions for data auditing and challenges to cloud based application processing and mobile device limitations. This paper lists some challenges and open issues to guide researchers to choose the appropriate domain for future research and acquire ideas for further investigations.

The rest of the paper is organized as follows. Section 2 presents the fundamental concepts of cloud computing and mobile cloud computing. It also explains data auditing and its requirements. Section 3 discusses the concept of RDA, presents our proposed taxonomy of RDA. Section 4 presents and taxonomizes a comprehensive survey of the state-of-the-art RDA approaches. Section 5 compares current RDAs by comparing the similarities and deviations by using significant parameters presented in the taxonomy. Section 6 focuses on the issues and challenges in current RDCs. Finally, Section 7 concludes the paper with future directives.

Section snippets

Background

This section explains the concept of mobile cloud computing and data auditing, respectively. Then, it illustrates a general architecture of remote data checking protocols and the requirements of the data auditing system.

Remote data auditing technique

Today׳s cloud users are motivated to store their data in the cloud and take advantage of the on-demand applications without the need to install them on their devices. Figure 2 shows general comparison between the traditional systems and cloud and mobile cloud computing. It indicates that in contrast to the traditional systems, the storage service in the cloud (in SaaS, PaaS and IaaS layers) is managed by cloud service providers (CSP) and the users are unable to manage the data stored in the

The state-of-the-art remote data auditing approaches: taxonomy

RDA is a crucial technique that concerns data integrity verification and public or private auditing services in the cloud and mobile cloud computing. According to identified security requirements in the previous Section, we analyze and taxonomize the state-of-the-art remote data auditing approaches into three models, namely provable data possession-based (PDP-based), proof of retrievability-based (POR-based), and proof of ownership-based (POW-based) which are depicted in Figure 5. We describe

Comparison of remote data auditing protocols

This section compares the current remote data auditing protocols on the basis of the taxonomy presented in Figure 4. The commonalities and differences in such protocols are compared based on the presented parameters in such taxonomy. The comparison parameters considered are: Scheme Nature (SN), Protocol Type (PT), security pattern, cryptography model, batch auditing, public auditing, dependability, and data recovery. Table 1 shows a comparison of remote data auditing protocols based on such

Open issues and challenges

In this section, we highlight some of the most important issues and challenges in deploying and utilizing the remote data storage auditing approaches as the future research directions.

Conclusion

Auditing outsourced data in cloud computing is an emerging research area, which has been getting more attention in recent years. Current RDA approaches accomplish data checking process in diverse modes. Several approaches only audit the integrity of outsourced data, while a number of these approaches focus on error recovery and the rest of approaches are able to check the data ownership as well. Two different types of verification pattern are used, in private verification only the data owner is

Acknowledgments

This work was carried out as part of the mobile cloud computing research project funded by the Malaysian Ministry of Higher Education under the University of Malaya High Impact Research Grant, Reference no. UM.C/HIR/MOHE/FCSIT/03.

This work was partly supported by the National Natural Science Foundation of China under Grant no. 61300220.

References (114)

  • D. Xiao et al.

    Multiple-file remote data checking for cloud storage

    Comput Secur

    (2012)
  • X. Xu

    From cloud computing to cloud manufacturing

    Robot Comput-Integr Manuf

    (2012)
  • S.-C. Yeh et al.

    An efficient and secure approach for a cloud collaborative editing

    J Netw Comput Appl

    (2013)
  • S. Yu et al.

    Data security in cloud computing. Handbook on securing cyber-physical critical infrastructure

    (2012)
  • ABI-Research

    Mobile cloud applications: Widgets and the apps dilemma for smartphones, netbooks, media tablets, and connected mobile devices

    (2010)
  • AdelsonVelskii M, Landis EM. An algorithm for the organization of information. Proceedings of the USSR Academy of...
  • Aepona

    Mobile cloud computing solution brief (white paper)

    (2010)
  • M. Armbrust et al.

    A view of cloud computing

    Commun ACM

    (2010)
  • Arrington M. Gmail disaster: reports of mass email deletions;...
  • G. Ateniese et al.

    Remote data checking using provable data possession

    ACM Trans Inf Syst Secur

    (2011)
  • Ateniese G, Burns R, Curtmola R, Herring J, Kissner L, Peterson Z, et al. Provable data possession at untrusted stores....
  • Ateniese G, Pietro RD, Mancini LV, Tsudik G. Scalable and efficient provable data possession. In: Proceedings of the...
  • F. Bao et al.

    Variations of Diffie–Hellman problem

  • Baratto RA, Potter S, Su G, Nieh J. MobiDesk: mobile virtual desktop computing. In: Proceedings of the 10th annual...
  • R. Bayer

    Symmetric binary B-Trees: data structure and maintenance algorithms

    Acta Inform

    (1972)
  • Bellare M, Guérin R, Rogaway P. XOR MACs: new methods for message authentication using finite pseudorandom functions....
  • D. Boneh et al.

    Aggregate and verifiably encrypted signatures from bilinear maps

  • D. Boneh et al.

    Short signatures from the weil pairing

    J Cryptol

    (2004)
  • Bowers KD, Juels A, Oprea A. HAIL: a high-availability and integrity layer for cloud storage. In: Proceedings of the...
  • Cachin C. Integrity and consistency for untrusted services. In: Černá I, Gyimóthy T, Hromkovič J, Jefferey K, Králović...
  • R. Canetti et al.

    The random oracle methodology, revisited

    J ACM

    (2004)
  • D. Cash et al.

    Dynamic proofs of retrievability via oblivious RAM

    IACR Cryptol ePrint Arch

    (2012)
  • M. Castro et al.

    Practical byzantine fault tolerance and proactive recovery

    ACM Trans Comput Syst

    (2002)
  • Cellan-Jones. The sidekick cloud disaster;...
  • Chen B., Curtmola R. Robust dynamic provable data possession. In: 32nd international conference IEEE on distributed...
  • Chun B.-G., Maniatis P. Augmented smartphone applications through clone cloud execution. In: Proceedings of the 12th...
  • G.C. Clark et al.

    Error-correction coding for digital communications

    (1981)
  • W. Cong et al.

    Toward publicly auditable secure cloud data storage services

    Netw IEEE

    (2010)
  • H. Delfs et al.

    Symmetric-key encryption. Introduction to cryptography

    (2007)
  • H.T. Dinh et al.

    A survey of mobile cloud computing: architecture, applications, and approaches

    Wirel Commun Mob Comput

    (2011)
  • Y. Dodis et al.

    Proofs of retrievability via hardness amplification

  • Du W, Murugesan M, Jia J. Uncheatable grid computing. In: Mikhail JA, Marina B, editors. 24th International Conference...
  • Erway C, Küpçü A, Papamanthou C, Tamassia R. Dynamic provable data possession. In: Proceedings of the 16th ACM...
  • E. Esiner et al.

    FlexList: optimized skip list for secure cloud storage

    (2013)
  • Gantz J, Reinsel D. The digital universe decade-are you ready (white paper). External Publication of IDC (Analyze the...
  • I. Giurgiu et al.

    Calling the cloud: enabling mobile phones as interfaces to cloud applications

  • O. Goldreich

    A sample of samplers – a computational perspective on sampling (survey)

    Electron Colloq Comput Complex

    (1997)
  • O. Goldreich et al.

    Software protection and simulation on oblivious RAMs

    J ACM

    (1996)
  • Goodrich MT, Mitzenmacher M, Ohrimenko O, Tamassia R. Privacy-preserving group data access via stateless oblivious RAM...
  • Goodrich MT, Tamassia R, Schwerin A. Implementation of an authenticated dictionary with skip lists and commutative...
  • Cited by (121)

    • Distributed auditing protocol for untraceable transactions

      2023, Journal of Information Security and Applications
    • Threats and vulnerabilities of wireless sensor networks in smart cities

      2022, The Rise of Smart Cities: Advanced Structural Sensing and Monitoring Systems
    View all citing articles on Scopus
    View full text