Strong Key-Exposure Resilient Auditing for Secure Cloud Storage

Key exposure is one serious security problem for cloud storage auditing. In order to deal with this problem, cloud storage auditing scheme with key-exposure resilience has been proposed. However, in such a scheme, the malicious cloud might still forge valid authenticators later than the key-exposure time period if it obtains the current secret key of data owner. In this paper, we innovatively propose a paradigm named strong key-exposure resilient auditing for secure cloud storage, in which the security of cloud storage auditing not only earlier than but also later than the key exposure can be preserved. We formalize the definition and the security model of this new kind of cloud storage auditing and design a concrete scheme. In our proposed scheme, the key exposure in one time period doesn’t affect the security of cloud storage auditing in other time periods. The rigorous security proof and the experimental results demonstrate that our proposed scheme achieves desirable security and efficiency.

[1]  A. Ashik Hussain,et al.  Identity-Based Proxy-Oriented Data Uploading and Remote Data Integrity Checking in Public Cloud , 2019, International Journal of Computer Sciences and Engineering.

[2]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[3]  Cong Wang,et al.  Toward publicly auditable secure cloud data storage services , 2010, IEEE Network.

[4]  Xiaohua Jia,et al.  Data storage auditing service in cloud computing: challenges, methods and opportunities , 2011, World Wide Web.

[5]  Prof. C. M. Jadhav,et al.  Privacy-Preserving Public Auditing for Shared Data in the Cloud , 2015 .

[6]  Cong Wang,et al.  Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing , 2011, IEEE Transactions on Parallel and Distributed Systems.

[7]  Alptekin Küpçü,et al.  Transparent, Distributed, and Replicated Dynamic Provable Data Possession , 2013, ACNS.

[8]  V. Goutham,et al.  Enabling Cloud Storage Auditing with Key Exposure Resistance , 2016 .

[9]  David Cash,et al.  Dynamic Proofs of Retrievability Via Oblivious RAM , 2013, Journal of Cryptology.

[10]  Baochun Li,et al.  Oruta: Privacy-Preserving Public Auditingfor Shared Data in the Cloud , 2014, IEEE Trans. Cloud Comput..

[11]  Wenting Shen,et al.  Light-weight and privacy-preserving secure cloud auditing scheme for group users via the third party medium , 2017, J. Netw. Comput. Appl..

[12]  Elaine Shi,et al.  Practical dynamic proofs of retrievability , 2013, CCS.

[13]  K.J.Jagdish Devi Parvathy Mohan Dynamic Audit Services for Outsourced Storages in Clouds , 2014 .

[14]  Roberto Di Pietro,et al.  Scalable and efficient provable data possession , 2008, IACR Cryptol. ePrint Arch..

[15]  Wenting Shen,et al.  Enabling public auditing for shared data in cloud storage supporting identity privacy and traceability , 2016, J. Syst. Softw..

[16]  Xingming Sun,et al.  Toward Efficient Multi-Keyword Fuzzy Search Over Encrypted Outsourced Data With Accuracy Improvement , 2016, IEEE Transactions on Information Forensics and Security.

[17]  M. Bhaskar,et al.  Public Auditing For Shared Data With Efficient User Revocation In The Cloud , 2015 .

[18]  Xiaohua Jia,et al.  An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing , 2013, IEEE Transactions on Parallel and Distributed Systems.

[19]  Yevgeniy Dodis,et al.  Proofs of Retrievability via Hardness Amplification , 2009, IACR Cryptol. ePrint Arch..

[20]  Florian Kerschbaum,et al.  Symmetric-Key Based Proofs of Retrievability Supporting Public Verification , 2015, ESORICS.

[21]  M. Kalpana,et al.  Public Integrity Auditing For Dynamic Data Sharing With Multiuser Modification , 2018 .

[22]  Josep Domingo-Ferrer,et al.  Identity-based remote data possession checking in public clouds , 2014, IET Inf. Secur..

[23]  Reza Curtmola,et al.  MR-PDP: Multiple-Replica Provable Data Possession , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[24]  Josep Domingo-Ferrer,et al.  Efficient Remote Data Possession Checking in Critical Information Infrastructures , 2008, IEEE Transactions on Knowledge and Data Engineering.

[25]  Jia Yu,et al.  Enabling efficient and verifiable multi-keyword ranked search over encrypted cloud data , 2017, Inf. Sci..

[26]  Cong Wang,et al.  Dynamic Data Operations with Deduplication in Privacy-Preserving Public Auditing for Secure Cloud Storage , 2017, 22017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC).

[27]  Stephen S. Yau,et al.  Efficient provable data possession for hybrid clouds , 2010, CCS '10.

[28]  Karen S. Phillips,et al.  Enabling Cloud Storage Auditing With Verifiable Outsourcing of Key Updates , 2018 .

[29]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[30]  Gail-Joon Ahn,et al.  Cooperative Provable Data Possession for Integrity Verification in Multicloud Storage , 2012, IEEE Transactions on Parallel and Distributed Systems.

[31]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[32]  M. Anwar Hasan,et al.  Provable Multicopy Dynamic Data Possession in Cloud Computing Systems , 2015, IEEE Transactions on Information Forensics and Security.

[33]  Xingming Sun,et al.  Enabling Personalized Search over Encrypted Outsourced Data with Efficiency Improvement , 2016, IEEE Transactions on Parallel and Distributed Systems.