Similar articles

Abstract: Cloud computing is deemed the next-generation information technology (IT) platform, in which a data center is crucial for providing a large amount of computing and storage resources for various service applications with high quality guaranteed. However, cloud users no longer possess their data in a local data storage infrastructure, which would result in auditing for the integrity of outsourced data being a challenging problem, especially for users with constrained computing resources. Therefore, how to help the users complete the verification of the integrity of the outsourced data has become a key issue. public verification is a critical technique to solve this problem, from which the users can resort to a third-party auditor (TPA) to check the integrity of outsourced data. Moreover, an identity-based (ID-based) public key cryptosystem would be an efficient key management scheme for certificate-based public key setting. In this paper, we combine ID-based aggregate signature and public verification to construct the protocol of provable data integrity. With the proposed mechanism, the TPA not only verifies the integrity of outsourced data on behalf of cloud users, but also alleviates the burden of checking tasks with the help of users’ identity. Compared to previous research, the proposed scheme greatly reduces the time of auditing a single task on the TPA side. Security analysis and performance evaluation results show the high efficiency and security of the proposed scheme.

NaEPASC：一种新颖且高效的云数据公开审计机制

研究目的：随着云计算的广泛深入，越来越多用户选择云来存储数据。由于用户在本地可能不再保存任何数据副本，云中数据的完整性难以有效判定。另外，同一用户可能需要存储多份数据到云中，因此简化密钥管理也成为一个关键问题。本文尝试设计一种满足云存储环境的、基于身份的数据完整性验证机制，以检测云中数据的正确性。
创新要点：参考基于身份的签名机制，提出一种基于身份的数据完整性验证模型，包括私钥生成服务器、用户、云存储服务器及第三方审计。该机制不仅能够有效检测数据完整性，而且简化了用户密钥管理，包括密钥恢复和密钥存储。另外，协议采用的公钥为用户公开的信息，如邮件等。
重要结论：本文设计的验证机制能够有效检测云中侵犯用户数据完整性的违规行为。通过考虑用户身份信息，简化了用户的密钥管理，也减轻了第三方审计者的审计负担。安全证明和安全试验表明NaEPASC是一种安全、高效的完整性验证机制。
云计算；基于身份的；数据安全；完整性；公开审计

[1]Ateniese, G., Burns, R., Curtmola, R., et al., 2007. Provable data possession at untrusted stores. Proc. 14th ACM Conf. on Computer and Communications Security, p.598-609.

[2]Ateniese, G., di Pietro, R., Mancini, L.V., et al., 2008. Scalable and efficient provable data possession. Proc. 4th Int. Conf. on Security and Privacy in Communication Networks, Article 9.

[3]Ateniese, G., Burns, R., Curtmola, R., et al., 2011. Remote data checking using provable data possession. ACM Trans. Inform. Syst. Secur., 14(1):1-12.

[4]Boneh, D., Boyen, X., 2004. Efficient selective-ID secure identity-based encryption without random oracles. Advances in Cryptology-EUROCRYPT, p.223-238.

[5]Boneh, D., Franklin, M., 2001. Identity-based encryption from the weil pairing. Advances in Cryptology-CRYPTO, p.213-229.

[6]Boneh, D., Boyen, X., Goh, E.J., 2005. Hierarchical identity based encryption with constant size ciphertext. Advances in Cryptology-EUROCRYPT, p.440-456.

[7]Chen, B., Curtmola, R., 2012. Robust dynamic provable data possession. 32nd Int. Conf. on Distributed Computing Systems Workshops, p.515-525.

[8]Erway, C., Kupcu, A., Papamanthou, C., et al., 2009. Dynamic provable data possession. Proc. 16th ACM Conf. on Computer and Communications Security, p.213-222.

[9]Gartner, 2010. Gartner Identifies the Top 10 Strategic Technologies for 2011. Available from http://www.gartner.com/newsroom/id/1454221.

[10]Gentry, C., Ramzan, Z., 2006. Identity-based aggregate signatures. Public Key Cryptography, p.257-273.

[11]Gentry, C., Silverberg, A., 2002. Hierarchical ID-based cryptography. Advances in Cryptology-CRYPTO, p.548-566.

[12]Hao, Z., Zhong, S., Yu, N.H., 2011. A privacy-preserving remote data integrity checking protocol with data dynamics and public verifiability. IEEE Trans. Knowl. Data Eng., 23(9):1432-1437.

[13]Hashizume, K., Rosado, D.G., Fernandez-Medina, E., et al., 2013. An analysis of security issues for cloud computing. J. Internet Serv. Appl., 4:5.

[14]Hochmuth, P., Richmond, C., Hudson, S., et al., 2013. 2013 U.S. Cloud Security Survey. Technical Report No. 242836, International Data Corporation (IDC), USA. Available from http://www.idc.com/getdoc.jsp?containerId=242836.

[15]Juels, A., Kaliski, B.S.Jr., 2007. Pors: proofs of retrievability for large files. Proc. 14th ACM Conf. on Computer and Communications Security, p.584-597.

[16]Khan, A., Kiah, M.L.M., Khan, S.U., et al., 2013a. A study of incremental cryptography for security schemes in mobile cloud computing environments. IEEE Symp. on Wireless Technology and Applications, p.62-67.

[17]Khan, A., Othman, M., Madani, S.A., et al., 2013b. A survey of mobile cloud computing application models. IEEE Commun. Surv. Tutor., 16(1):393-413.

[18]Lokantas, F., Salonu, H.S., 2013. IDC’s Cloud Computing and Datacenter Roadshow 2013. Available from http://idc-cema.com/eng/events/50527-idc-s-cloud-computing-and-datacenter-roadshow-2013.

[19]Mell, P., Grance, T., 2009. The NIST Definition of Cloud Computing. Technical Report No. SP 800-145, National Institute of Standards and Techninology (NIST), USA.

[20]Ristenpart, T., Tromer, E., Shacham, H., et al., 2009. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. Proc. 16th ACM Conf. on Computer and Communications Security, p.199-212.

[21]Shacham, H., Waters, B., 2008. Compact proofs of retrievability. Advances in Cryptology-ASIACRYPT, p.90-107.

[22]Shacham, H., Waters, B., 2013. Compact proofs of retrievability. J. Cryptol., 26(3):442-483.

[23]Shamir, A., 1985. Identity-based cryptosystems and signature schemes. Advances in Cryptology-ASIACRYPT, p.47-53.

[24]Wang, C., Wang, Q., Ren, K., et al., 2009. Ensuring data storage security in cloud computing. 17th Int. Workshop on Quality of Service, p.1-9.

[25]Wang, C., Wang, Q., Ren, K., et al., 2010. Privacy-preserving public auditing for data storage security in cloud computing. Proc. IEEE INFOCOM, p.1-9.

[26]Wang, C., Wang, Q., Ren, K., et al., 2012. Toward secure and dependable storage services in cloud computing. IEEE Trans. Serv. Comput., 5(2):220-232.

[27]Wang, C., Chow, S., Wang, Q., et al., 2013. Privacy-preserving public auditing for secure cloud storage. IEEE Trans. Comput., 62(2):362-375.

[28]Wang, Q., Wang, C., Li, J., et al., 2009. Enabling public verifiability and data dynamics for storage security in cloud computing. Computer Security-ESORICS, p.355-370.

[29]Waters, B., 2005. Efficient identity-based encryption without random oracles. Advances in Cryptology-EUROCRYPT, p.114-127.

[30]Zhu, Y., Hu, H.X., Ahn, G.J., et al., 2011a. Collaborative integrity verification in hybrid clouds. 7th Int. Conf. on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), p.191-200.

[31]Zhu, Y., Wang, H.X., Hu, Z.X., et al., 2011b. Zero-knowledge proofs of retrievability. Sci. China Inform. Sci., 54(8):1608-1617.