Enabling Efficient User Revocation in Identity-Based Cloud Storage Auditing for Shared Big Data

Cloud storage auditing schemes for shared data refer to checking the integrity of cloud data shared by a group of users. User revocation is commonly supported in such schemes, as users may be subject to group membership changes for various reasons. Previously, the computational overhead for user revocation in such schemes is linear with the total number of file blocks possessed by a revoked user. The overhead, however, may become a heavy burden because of the sheer amount of the shared cloud data. Thus, how to reduce the computational overhead caused by user revocations becomes a key research challenge for achieving practical cloud data auditing. In this paper, we propose a novel storage auditing scheme that achieves highly-efficient user revocation independent of the total number of file blocks possessed by the revoked user in the cloud. This is achieved by exploring a novel strategy for key generation and a new private key update technique. Using this strategy and the technique, we realize user revocation by just updating the non-revoked group users’ private keys rather than authenticators of the revoked user. The integrity auditing of the revoked user's data can still be correctly performed when the authenticators are not updated. Meanwhile, the proposed scheme is based on identity-base cryptography, which eliminates the complicated certificate management in traditional Public Key Infrastructure (PKI) systems. The security and efficiency of the proposed scheme are validated via both analysis and experimental results.

[1]  Cong Wang,et al.  Enabling Cloud Storage Auditing With Verifiable Outsourcing of Key Updates , 2016, IEEE Transactions on Information Forensics and Security.

[2]  Xiaohua Jia,et al.  An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing , 2013, IEEE Transactions on Parallel and Distributed Systems.

[3]  Tengfei Tu,et al.  Dynamic Outsourced Auditing Services for Cloud Storage Based on Batch-Leaves-Authenticated Merkle Hash Tree , 2020, IEEE Transactions on Services Computing.

[4]  Cong Wang,et al.  Security Challenges for the Public Cloud , 2012, IEEE Internet Computing.

[5]  Wenting Shen,et al.  Light-weight and privacy-preserving secure cloud auditing scheme for group users via the third party medium , 2017, J. Netw. Comput. Appl..

[6]  Ming Xu,et al.  Efficient Integrity Auditing for Shared Data in the Cloud with Secure User Revocation , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[7]  Hui Li,et al.  Oruta: Privacy-Preserving Public Auditing for Shared Data in the Cloud , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[8]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[9]  Stephen S. Yau,et al.  Dynamic Audit Services for Outsourced Storages in Clouds , 2013, IEEE Transactions on Services Computing.

[10]  Yi Mu,et al.  Public Integrity Auditing for Dynamic Data Sharing With Multiuser Modification , 2015, IEEE Transactions on Information Forensics and Security.

[11]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[12]  David Cash,et al.  Dynamic Proofs of Retrievability Via Oblivious RAM , 2013, Journal of Cryptology.

[13]  Hanlin Zhang,et al.  Intrusion-resilient identity-based signatures: Concrete scheme in the standard model and generic construction , 2018, Inf. Sci..

[14]  Josep Domingo-Ferrer,et al.  Identity-based remote data possession checking in public clouds , 2014, IET Inf. Secur..

[15]  Shucheng Yu,et al.  Proofs of retrievability with public verifiability and constant communication cost in cloud , 2013, Cloud Computing '13.

[16]  Hui Li,et al.  Knox: Privacy-Preserving Auditing for Shared Data with Large Groups in the Cloud , 2012, ACNS.

[17]  Minglei Shu,et al.  IRIBE: Intrusion-resilient identity-based encryption , 2016, Inf. Sci..

[18]  Roberto Di Pietro,et al.  Scalable and efficient provable data possession , 2008, IACR Cryptol. ePrint Arch..

[19]  Wenting Shen,et al.  Enabling public auditing for shared data in cloud storage supporting identity privacy and traceability , 2016, J. Syst. Softw..

[20]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[21]  Ari Juels,et al.  Proofs of retrievability: theory and implementation , 2009, CCSW '09.

[22]  Rajkumar Buyya,et al.  Dynamic remote data auditing for securing big data storage in cloud computing , 2017, Inf. Sci..

[23]  Tao Jiang,et al.  Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revocation , 2016, IEEE Transactions on Computers.

[24]  Cong Wang,et al.  Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing , 2009, ESORICS.

[25]  Cong Wang,et al.  Enabling Cloud Storage Auditing With Key-Exposure Resistance , 2015, IEEE Transactions on Information Forensics and Security.

[26]  Hui Li,et al.  Panda: Public Auditing for Shared Data with Efficient User Revocation in the Cloud , 2015, IEEE Transactions on Services Computing.

[27]  Huaqun Wang,et al.  Incentive and Unconditionally Anonymous Identity-Based Public Provable Data Possession , 2019, IEEE Transactions on Services Computing.

[28]  Sachin K. Korde,et al.  Identity-Based Encryption with Cloud Revocation Authority and its Applications , 2016 .

[29]  Jia Yu,et al.  Strong Key-Exposure Resilient Auditing for Secure Cloud Storage , 2017, IEEE Transactions on Information Forensics and Security.

[30]  Wenting Shen,et al.  Remote data possession checking with privacy-preserving authenticators for cloud storage , 2017, Future Gener. Comput. Syst..

[31]  Cong Wang,et al.  Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing , 2011, IEEE Transactions on Parallel and Distributed Systems.

[32]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[33]  Huaqun Wang,et al.  Identity-Based Proxy-Oriented Data Uploading and Remote Data Integrity Checking in Public Cloud , 2016, IEEE Transactions on Information Forensics and Security.

[34]  Yong Yu,et al.  Identity-Based Remote Data Integrity Checking With Perfect Data Privacy Preserving for Cloud Storage , 2017, IEEE Transactions on Information Forensics and Security.