Identity-based public auditing for cloud storage systems against malicious auditors via blockchain

Cloud storage systems provide users with convenient data storage services, which allow users to access and update outsourced data remotely. However, these cloud storage services do not guarantee the integrity of the data that users store in the cloud. Thus, public auditing is necessary, in which a third-party auditor (TPA) is delegated to audit the integrity of the outsourced data. This system allows users to enjoy on-demand cloud storage services without the burden of continually auditing their data integrity. However, certain TPAs might deviate from the public auditing protocol and/or collude with the cloud servers. In this article, we propose an identity-based public auditing (IBPA) scheme for cloud storage systems. In IBPA, the nonces in a blockchain are employed to construct unpredictable and easily verified challenge messages, thereby preventing the forging of auditing results by malicious TPAs to deceive users. Users need only to verify the TPAs’ auditing results in batches to ensure the integrity of their data that are stored in the cloud. A detailed security analysis shows that IBPA can preserve data integrity against various attacks. In addition, a comprehensive performance evaluation demonstrates that IBPA is feasible and efficient.

[1]  Huaqun Wang,et al.  Identity-Based Proxy-Oriented Data Uploading and Remote Data Integrity Checking in Public Cloud , 2016, IEEE Transactions on Information Forensics and Security.

[2]  Fagen Li,et al.  Identity-Based Public Verification with Privacy-Preserving for Data Storage Security in Cloud Computing , 2013, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[3]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[4]  Cong Wang,et al.  Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[5]  Jiankun Hu,et al.  Identity-Based Data Outsourcing With Comprehensive Auditing in Clouds , 2017, IEEE Transactions on Information Forensics and Security.

[6]  Kim-Kwang Raymond Choo,et al.  Fuzzy Identity-Based Data Integrity Auditing for Reliable Cloud Storage Systems , 2019, IEEE Transactions on Dependable and Secure Computing.

[7]  Baochun Li,et al.  Oruta: Privacy-Preserving Public Auditingfor Shared Data in the Cloud , 2014, IEEE Trans. Cloud Comput..

[8]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[9]  Jianfeng Ma,et al.  Efficient Data Integrity Verification Using Attribute Based Multi-signature Scheme in Wireless Network , 2013, 2013 5th International Conference on Intelligent Networking and Collaborative Systems.

[10]  Yi Mu,et al.  Efficient Public Verification of Data Integrity for Cloud Storage Systems from Indistinguishability Obfuscation , 2017, IEEE Transactions on Information Forensics and Security.

[11]  Hui Li,et al.  Panda: Public Auditing for Shared Data with Efficient User Revocation in the Cloud , 2015, IEEE Transactions on Services Computing.

[12]  Hui Li,et al.  Oruta: Privacy-Preserving Public Auditing for Shared Data in the Cloud , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[13]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[14]  Jianfeng Ma,et al.  Personal Health Records Integrity Verification Using Attribute Based Proxy Signature in Cloud Computing , 2013, IDCS.

[15]  G. K. Kamalam,et al.  SECURE AND EFFICIENT PRIVACY-PRESERVING PUBLIC AUDITING SCHEME FOR CLOUD STORAGE , 2015 .

[16]  Ghassan O. Karame,et al.  Outsourced Proofs of Retrievability , 2014, CCS.

[17]  Chunxiang Xu,et al.  Secure and efficient privacy-preserving public auditing scheme for cloud storage , 2014, Comput. Electr. Eng..

[18]  Zoe L. Jiang,et al.  Privacy-Preserving Public Auditing for Secure Cloud Storage , 2013, IEEE Transactions on Computers.

[19]  Tao Jiang,et al.  Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revocation , 2016, IEEE Transactions on Computers.

[20]  Cong Wang,et al.  Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing , 2009, ESORICS.

[21]  Jianhong Zhang,et al.  Efficient ID-based public auditing for the outsourced data in cloud storage , 2016, Inf. Sci..

[22]  Hui Li,et al.  Panda: Public Auditing for Shared Data with Efficient User Revocation in the Cloud , 2015, IEEE Transactions on Services Computing.

[23]  Jian Shen,et al.  An Efficient Public Auditing Protocol With Novel Dynamic Structure for Cloud Data , 2017, IEEE Transactions on Information Forensics and Security.

[24]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[25]  Albert Y. Zomaya,et al.  Remote Data Auditing in Cloud Computing Environments , 2015, ACM Comput. Surv..

[26]  Xiaodong Lin,et al.  HealthDep: An Efficient and Secure Deduplication Scheme for Cloud-Assisted eHealth Systems , 2018, IEEE Transactions on Industrial Informatics.

[27]  Shucheng Yu,et al.  Public Integrity Auditing for Dynamic Data Sharing With Multiuser Modification , 2015, IEEE Trans. Inf. Forensics Secur..

[28]  Xiaojun Zhang,et al.  SCLPV: Secure Certificateless Public Verification for Cloud-Based Cyber-Physical-Social Systems Against Malicious Auditors , 2015, IEEE Transactions on Computational Social Systems.

[29]  Xiaohui Liang,et al.  Cryptographic Public Verification of Data Integrity for Cloud Storage Systems , 2016, IEEE Cloud Computing.

[30]  Yong Yu,et al.  Identity-Based Remote Data Integrity Checking With Perfect Data Privacy Preserving for Cloud Storage , 2017, IEEE Transactions on Information Forensics and Security.

[31]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[32]  Yi Mu,et al.  On the Security of an Efficient Dynamic Auditing Protocol in Cloud Storage , 2014, IEEE Transactions on Parallel and Distributed Systems.

[33]  Jinjun Chen,et al.  Authorized Public Auditing of Dynamic Big Data Storage on Cloud with Efficient Verifiable Fine-Grained Updates , 2014, IEEE Transactions on Parallel and Distributed Systems.

[34]  Marc Pilkington,et al.  Blockchain Technology: Principles and Applications , 2015 .

[35]  Yi Mu,et al.  Public Integrity Auditing for Dynamic Data Sharing With Multiuser Modification , 2015, IEEE Transactions on Information Forensics and Security.

[36]  Chunxiang Xu,et al.  Cloud data auditing with designated verifier , 2013, Frontiers of Computer Science.