Enabling public auditability for operation behaviors in cloud storage

In this paper, we focus on auditing for users’ operation behaviors, which is significant for the avoidance of potential crimes in the cloud and equitable accountability determination in the forensic. We first present a public model for operation behaviors in cloud storage, in which a trusted third party is introduced to verify the integrity of operation behavior logs to enhance the credibility of forensic results as well as alleviate the burden of the forensic investigator. Further, we design a block-based logging approach to support selective verification and a hash-chain-based structure for each log block to ensure the forward security and append-only properties for log entries. Moreover, to achieve the tamper resistance of log blocks and non-repudiation of auditing proofs, we employ Merkle hash tree (MHT) to record the hash values of the aggregation authentication block tags sequentially and publish the root of MHT to the public once a block has been appended. Meanwhile, using the authentication property of MHT, our scheme can provide log-less verification with privacy preservation. We formally prove the security of the proposed scheme and evaluate its performance on entry appending and verification by concrete experiments and comparisons with the state-of-the-art schemes. The results demonstrate that the proposed scheme can effectively achieve secure auditing for log files of operation behaviors in cloud storage and outperforms the previous ones in computation complexity and communication overhead.

[1]  Bruce Schneier,et al.  Secure audit logs to support computer forensics , 1999, TSEC.

[2]  Panayiotis Kotzanikolaou,et al.  A Framework for Secure and Verifiable Logging in Public Communication Networks , 2006, CRITIS.

[3]  Xiaohua Jia,et al.  An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing , 2013, IEEE Transactions on Parallel and Distributed Systems.

[4]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[5]  Leonid Reyzin,et al.  A New Forward-Secure Digital Signature Scheme , 2000, ASIACRYPT.

[6]  Cong Wang,et al.  Dynamic Data Operations with Deduplication in Privacy-Preserving Public Auditing for Secure Cloud Storage , 2017, 22017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC).

[7]  Elaine Shi,et al.  Practical dynamic proofs of retrievability , 2013, CCS.

[8]  Jian Liu,et al.  Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage , 2015, IEEE Transactions on Information Forensics and Security.

[9]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, ASIACRYPT.

[10]  Shucheng Yu,et al.  Proofs of retrievability with public verifiability and constant communication cost in cloud , 2013, Cloud Computing '13.

[11]  Vijay Varadharajan,et al.  Trust Enhanced Cryptographic Role-Based Access Control for Secure Cloud Data Storage , 2015, IEEE Transactions on Information Forensics and Security.

[12]  Han-Chieh Chao,et al.  Proof of ownership in deduplicated cloud storage with mobile device efficiency , 2015, IEEE Network.

[13]  Thomas Shrimpton,et al.  Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance , 2004, FSE.

[14]  Michael Szydlo,et al.  Merkle Tree Traversal in Log Space and Time , 2004, EUROCRYPT.

[15]  Rafael Accorsi,et al.  Safe-Keeping Digital Evidence with Secure Logging Protocols: State of the Art and Challenges , 2009, 2009 Fifth International Conference on IT Security Incident Management and IT Forensics.

[16]  Jungwoo Ryoo,et al.  Cloud Security Auditing: Challenges and Emerging Approaches , 2014, IEEE Security & Privacy.

[17]  Ragib Hasan,et al.  Towards Building Forensics Enabled Cloud Through Secure Logging-as-a-Service , 2016, IEEE Transactions on Dependable and Secure Computing.

[18]  Mihir Bellare,et al.  A Forward-Secure Digital Signature Scheme , 1999, CRYPTO.

[19]  Gene Tsudik,et al.  A new approach to secure logging , 2008, TOS.

[20]  Teng Li,et al.  A position-aware Merkle tree for dynamic cloud data integrity verification , 2015, Soft Computing.

[21]  Shouhuai Xu,et al.  Secure and efficient proof of storage with deduplication , 2012, CODASPY '12.

[22]  Xiaohua Jia,et al.  DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems , 2013 .

[23]  Dan S. Wallach,et al.  Efficient Data Structures For Tamper-Evident Logging , 2009, USENIX Security Symposium.

[24]  Yih-Farn Robin Chen,et al.  The Growing Pains of Cloud Storage , 2015, IEEE Internet Comput..

[25]  Xuan Li,et al.  A secure cloud storage system supporting privacy-preserving fuzzy deduplication , 2016, Soft Comput..

[26]  Cong Wang,et al.  Toward publicly auditable secure cloud data storage services , 2010, IEEE Network.

[27]  Lanxiang Chen,et al.  Using algebraic signatures to check data possession in cloud storage , 2013, Future Gener. Comput. Syst..

[28]  Jin Liu,et al.  Dynamic-Hash-Table Based Public Auditing for Secure Cloud Storage , 2017, IEEE Transactions on Services Computing.

[29]  Kent E. Seamons,et al.  Logcrypt: Forward Security and Public Verification for Secure Audit Logs , 2005, IACR Cryptol. ePrint Arch..

[30]  Hyokyung Bahn,et al.  P/PA-SPTF: Parallelism-aware request scheduling algorithms for MEMS-based storage devices , 2009, TOS.

[31]  Christoph Wegener,et al.  Technical Issues of Forensic Investigations in Cloud Computing Environments , 2011, 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering.

[32]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[33]  Victor C. M. Leung,et al.  EMC: Emotion-aware mobile cloud computing in 5G , 2015, IEEE Network.

[34]  Cong Wang,et al.  Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing , 2011, IEEE Transactions on Parallel and Distributed Systems.

[35]  Yong Yu,et al.  Remote data possession checking with enhanced security for cloud storage , 2015, Future Gener. Comput. Syst..

[36]  Indrajit Ray,et al.  Towards a Forensic-Based Service Oriented Architecture Framework for Auditing of Cloud Logs , 2013, 2013 IEEE Ninth World Congress on Services.

[37]  Jie Wu,et al.  Hierarchical attribute-based encryption for fine-grained access control in cloud storage services , 2010, CCS '10.

[38]  R. C. Hansdah,et al.  A Survey of Cloud Storage Facilities , 2011, 2011 IEEE World Congress on Services.

[39]  Benny Pinkas,et al.  Proofs of ownership in remote storage systems , 2011, CCS '11.

[40]  Michael S. Greenberg,et al.  Network Forensics Analysis , 2002, IEEE Internet Comput..

[41]  Douglas R. Stinson,et al.  Some Observations on the Theory of Cryptographic Hash Functions , 2006, Des. Codes Cryptogr..

[42]  Cong Wang,et al.  Security Challenges for the Public Cloud , 2012, IEEE Internet Computing.

[43]  Xiaohua Jia,et al.  Data storage auditing service in cloud computing: challenges, methods and opportunities , 2011, World Wide Web.

[44]  Morris J. Dworkin,et al.  SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions , 2015 .

[45]  Hui Li,et al.  Panda: Public Auditing for Shared Data with Efficient User Revocation in the Cloud , 2015, IEEE Transactions on Services Computing.

[46]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[47]  Jia Xu,et al.  Towards efficient proofs of retrievability , 2012, ASIACCS '12.

[48]  Anthony Skjellum,et al.  OCF: An Open Cloud Forensics Model for Reliable Digital Forensics , 2015, 2015 IEEE 8th International Conference on Cloud Computing.

[49]  Ejaz Ahmed,et al.  A review on remote data auditing in single cloud server: Taxonomy and open issues , 2014, J. Netw. Comput. Appl..

[50]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[51]  Albert Y. Zomaya,et al.  Remote Data Auditing in Cloud Computing Environments , 2015, ACM Comput. Surv..

[52]  Ragib Hasan,et al.  SecLaaS: secure logging-as-a-service for cloud forensics , 2013, ASIA CCS '13.

[53]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[54]  P.D. Dixon,et al.  An overview of computer forensics , 2005, IEEE Potentials.

[55]  Kim-Kwang Raymond Choo,et al.  An integrated conceptual digital forensic framework for cloud computing , 2012, Digit. Investig..

[56]  Peng Ning,et al.  Efficient, Compromise Resilient and Append-Only Cryptographic Schemes for Secure Audit Logging , 2012, Financial Cryptography.