A secure and efficient public auditing scheme using RSA algorithm for cloud storage

Cloud storage is widely used by both individual and organizational users due to the many benefits, such as scalability, ubiquitous access, and low maintenance cost (and generally free for individual users). However, there are known security and privacy issues in migrating data to the cloud. To ensure or verify data integrity, a number of cloud data integrity checking schemes with different properties have been presented in the literature. Most existing schemes were subsequently found to be insecure or have high computation and communication costs. More recently in 2016, Yu et al. (Future Gener Comput Syst 62:85–91, 2016) proposed an identity-based auditing scheme for checking the integrity of cloud data. However, in this paper, we reveal that the scheme is vulnerable to data recovery attack. We also present a new identity-based public auditing scheme and formally prove the security of the scheme under the RSA assumption with large public exponents in the random oracle model. We then evaluate the performance of our proposed scheme and demonstrate that in comparison with Yu et al.’s scheme, our proposal is more practical in real-world applications.

[1]  M. Mrinalni Vaknishadh,et al.  Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing , 2012 .

[2]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[3]  Xingming Sun,et al.  Toward Efficient Multi-Keyword Fuzzy Search Over Encrypted Outsourced Data With Accuracy Improvement , 2016, IEEE Transactions on Information Forensics and Security.

[4]  Peng Ning,et al.  BAF: An Efficient Publicly Verifiable Secure Audit Logging Scheme for Distributed Systems , 2009, 2009 Annual Computer Security Applications Conference.

[5]  Kim-Kwang Raymond Choo,et al.  Impacts of increasing volume of digital forensic data: A survey and future research challenges , 2014, Digit. Investig..

[6]  Reza Curtmola,et al.  Remote data checking using provable data possession , 2011, TSEC.

[7]  Xingming Sun,et al.  Achieving Efficient Cloud Search Services: Multi-Keyword Ranked Search over Encrypted Cloud Data Supporting Parallel Computing , 2015, IEICE Trans. Commun..

[8]  Kim-Kwang Raymond Choo,et al.  On cloud security attacks: A taxonomy and intrusion detection and prevention as a service , 2016, J. Netw. Comput. Appl..

[9]  Kim-Kwang Raymond Choo,et al.  Distributed denial of service (DDoS) resilience in cloud: Review and conceptual cloud DDoS mitigation framework , 2016, J. Netw. Comput. Appl..

[10]  Yong Wang,et al.  Provable multiple replication data possession with full dynamics for secure cloud storage , 2016, Concurr. Comput. Pract. Exp..

[11]  M. Phil,et al.  PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTING , 2015 .

[12]  Roberto Di Pietro,et al.  Scalable and efficient provable data possession , 2008, IACR Cryptol. ePrint Arch..

[13]  Kim-Kwang Raymond Choo Legal Issues in the Cloud , 2014, IEEE Cloud Computing.

[14]  李爱平,et al.  A method for achieving provable data integrity in cloud computing , 2016 .

[15]  Elaine Shi,et al.  Cloud Data Protection for the Masses , 2012, Computer.

[16]  Salve Bhagyashri Salve Bhagyashri,et al.  Privacy-Preserving Public Auditing For Secure Cloud Storage , 2014 .

[17]  Xiaohua Jia,et al.  An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing , 2013, IEEE Transactions on Parallel and Distributed Systems.

[18]  Chunxiang Xu,et al.  Secure and efficient privacy-preserving public auditing scheme for cloud storage , 2014, Comput. Electr. Eng..

[19]  Fagen Li,et al.  Identity-Based Public Verification with Privacy-Preserving for Data Storage Security in Cloud Computing , 2013, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[20]  Xiao-jun Zhang,et al.  A new publicly verifiable data possession on remote storage , 2015, The Journal of Supercomputing.

[21]  Yi Mu,et al.  Provably Secure Identity Based Provable Data Possession , 2015, ProvSec.

[22]  Huaqun Wang,et al.  Identity-Based Distributed Provable Data Possession in Multicloud Storage , 2015, IEEE Transactions on Services Computing.

[23]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[24]  Zhihua Xia,et al.  A Privacy-Preserving and Copy-Deterrence Content-Based Image Retrieval Scheme in Cloud Computing , 2016, IEEE Transactions on Information Forensics and Security.

[25]  Yan Jia,et al.  A method for achieving provable data integrity in cloud computing , 2015, The Journal of Supercomputing.

[26]  Cong Wang,et al.  Security Challenges for the Public Cloud , 2012, IEEE Internet Computing.

[27]  Kim-Kwang Raymond Choo,et al.  Enhanced Network Support for Federated Cloud Infrastructures , 2016, IEEE Cloud Computing.

[28]  Reza Curtmola,et al.  Robust Dynamic Provable Data Possession , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[29]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[30]  Xiaodong Liu,et al.  A speculative approach to spatial-temporal efficiency with multi-objective optimization in a heterogeneous cloud environment , 2016, Secur. Commun. Networks.

[31]  Kim-Kwang Raymond Choo,et al.  Cloud Manufacturing: Security, Privacy, and Forensic Concerns , 2016, IEEE Cloud Computing.

[32]  Jacques Stern,et al.  Security Arguments for Digital Signatures and Blind Signatures , 2015, Journal of Cryptology.

[33]  Zhihua Xia,et al.  A Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encrypted Cloud Data , 2016, IEEE Transactions on Parallel and Distributed Systems.

[34]  Athanasios V. Vasilakos,et al.  Cloud data integrity checking with an identity-based auditing mechanism from RSA , 2016, Future Gener. Comput. Syst..

[35]  Veeraiah Kanchanpally,et al.  An Enhanced Trust Model For User Authorization , 2016 .

[36]  Roopa Vishwanathan,et al.  Multi-user dynamic proofs of data possession using trusted hardware , 2013, CODASPY.

[37]  Xingming Sun,et al.  Enabling Semantic Search Based on Conceptual Graphs over Encrypted Outsourced Data , 2019, IEEE Transactions on Services Computing.