Storing Shared Data on the Cloud via Security-Mediator

Nowadays, many organizations outsource data storage to the cloud such that a member (owner) of an organization can easily share data with other members (users). Due to the existence of security concerns in the cloud, both owners and users are suggested to verify the integrity of cloud data with Provable Data Possession (PDP) before further utilization on data. However, previous methods either unnecessarily reveal the identity of a data owner to the untrusted cloud or any public verifiers, or introduce significant overheads on verification metadata to preserve anonymity. In this paper, we propose a simple and efficient publicly verifiable approach to ensure cloud data integrity without sacrificing the anonymity of data owners nor requiring significant verification metadata. Specifically, we introduce a security-mediator (SEM), which is able to generate verification metadata (i.e., signatures) on outsourced data for data owners. Our approach decouples the anonymity protection mechanism from the PDP. Thus, an organization can employ its own anonymous authentication mechanism, and the cloud is oblivious to that since it only deals with typical PDP-metadata, Consequently, there is no extra storage overhead when compared with existing non-anonymous PDP solutions. The distinctive features of our scheme also include data privacy, such that the SEM does not learn anything about the data to be uploaded to the cloud at all, which is able to minimize the requirement of trust on the SEM. In addition, we can also extend our scheme to work with the multi-SEM model, which can avoid the potential single point of failure existing in the single-SEM scenario. Security analyses prove our scheme is secure, and experiment results demonstrate our scheme is efficient.

[1]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[2]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[3]  Alexandra Boldyreva,et al.  Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme , 2003, Public Key Cryptography.

[4]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[5]  D. Boneh,et al.  Short Signatures from the Weil Pairing , 2001, Journal of Cryptology.

[6]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[7]  Susan Hohenberger,et al.  Proxy re-signatures: new definitions, algorithms, and applications , 2005, CCS '05.

[8]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[9]  Charalampos Papamanthou,et al.  Dynamic provable data possession , 2009, IACR Cryptology ePrint Archive.

[10]  Raphael C.-W. Phan,et al.  Proxy Re-signatures in the Standard Model , 2008, ISC.

[11]  Cong Wang,et al.  Ensuring data storage security in Cloud Computing , 2009, 2009 17th International Workshop on Quality of Service.

[12]  Matthew Green,et al.  Practical Short Signature Batch Verification , 2009, CT-RSA.

[13]  Cong Wang,et al.  Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing , 2009, ESORICS.

[14]  Reza Curtmola,et al.  Remote data checking for network coding-based distributed storage systems , 2010, CCSW '10.

[15]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[16]  Cong Wang,et al.  Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing , 2011, IEEE Transactions on Parallel and Distributed Systems.

[17]  Robert H. Deng,et al.  Secure mobile subscription of sensor-encrypted data , 2011, ASIACCS '11.

[18]  Stephen S. Yau,et al.  Dynamic audit services for integrity verification of outsourced storages in clouds , 2011, SAC.

[19]  Ming Li,et al.  FindU: Privacy-preserving personal profile matching in mobile social networks , 2011, 2011 Proceedings IEEE INFOCOM.

[20]  Cong Wang,et al.  Security Challenges for the Public Cloud , 2012, IEEE Internet Computing.

[21]  Noen Given Knox : Privacy-Preserving Auditing for Shared Data with Large Groups in the Cloud , 2012 .

[22]  Zhenyu Yang,et al.  LT codes-based secure and reliable cloud storage service , 2012, 2012 Proceedings IEEE INFOCOM.

[23]  Siu-Ming Yiu,et al.  PE(AR)2: Privacy-Enhanced Anonymous Authentication with Reputation and Revocation , 2012, ESORICS.

[24]  Robert H. Deng,et al.  Dynamic Secure Cloud Storage with Provenance , 2012, Cryptography and Security.

[25]  Siu-Ming Yiu,et al.  SPICE - Simple Privacy-Preserving Identity-Management for Cloud Environment , 2012, ACNS.

[26]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[27]  Ming Li,et al.  Privacy-preserving public auditing for shared cloud data supporting group dynamics , 2013, 2013 IEEE International Conference on Communications (ICC).

[28]  Roopa Vishwanathan,et al.  Multi-user dynamic proofs of data possession using trusted hardware , 2013, CODASPY.

[29]  Salve Bhagyashri Salve Bhagyashri,et al.  Privacy-Preserving Public Auditing For Secure Cloud Storage , 2014 .

[30]  Hui Li,et al.  Oruta: Privacy-Preserving Public Auditing for Shared Data in the Cloud , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[31]  Hui Li,et al.  Panda: Public Auditing for Shared Data with Efficient User Revocation in the Cloud , 2015, IEEE Transactions on Services Computing.

[32]  M. Bhaskar,et al.  Public Auditing For Shared Data With Efficient User Revocation In The Cloud , 2015 .