Secure public data auditing scheme for cloud storage in smart city

In the smart city construction, massive data collected from various fields need to be outsourced to the cloud for convenience and resource saving. However, integrity and confidentiality of the data in cloud remains a challenge issue due to the loss of data possession. As a solution, some public data auditing schemes have been proposed in last several years. Most recently, Li et al. proposed an efficient public auditing scheme and claimed that it could reduce the cost of clients on generating verification metadata. In this paper, we analyze the security of Li et al.’s scheme and point out two weaknesses in it. We demonstrate that it cannot achieve the confidentiality for outsourced data and it is vulnerable to the proof forgery attack. To address these weaknesses, we propose an improved public auditing scheme, which can not only preserve the data privacy but also resist the proof forgery attack. Security analysis shows that our scheme is provably secure in a robust security model. Performance analysis shows that the proposed scheme can overcome the weaknesses in Li et al.’s scheme at the cost of increasing computation overhead slightly.

[1]  Shucheng Yu,et al.  Proofs of retrievability with public verifiability and constant communication cost in cloud , 2013, Cloud Computing '13.

[2]  Sherali Zeadally,et al.  Certificateless Public Auditing Scheme for Cloud-Assisted Wireless Body Area Networks , 2018, IEEE Systems Journal.

[3]  A. Behl,et al.  An analysis of cloud computing security issues , 2012, 2012 World Congress on Information and Communication Technologies.

[4]  Roopa Vishwanathan,et al.  Multi-user dynamic proofs of data possession using trusted hardware , 2013, CODASPY.

[5]  Cong Wang,et al.  Security Challenges for the Public Cloud , 2012, IEEE Internet Computing.

[6]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[7]  R. K. Bunkar,et al.  Data Security and Privacy Protection Issues in Cloud Computing , 2014 .

[8]  Athanasios V. Vasilakos,et al.  Cloud data integrity checking with an identity-based auditing mechanism from RSA , 2016, Future Gener. Comput. Syst..

[9]  Sherali Zeadally,et al.  Anonymous Authentication for Wireless Body Area Networks With Provable Security , 2017, IEEE Systems Journal.

[10]  R V Prasad Reddy,et al.  CLOUD DATA PROTECTION FOR THE MASSES , 2013 .

[11]  Qian Wang,et al.  A Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encrypted Cloud Data , 2016, IEEE Transactions on Parallel and Distributed Systems.

[12]  Jung Yeon Hwang,et al.  Short Dynamic Group Signature Scheme Supporting Controllable Linkability , 2015, IEEE Transactions on Information Forensics and Security.

[13]  Anna Corinna Cagliano,et al.  Current trends in Smart City initiatives: some stylised facts , 2014 .

[14]  Jianhua Chen,et al.  New certificateless short signature scheme , 2013, IET Inf. Secur..

[15]  M. Mrinalni Vaknishadh,et al.  Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing , 2012 .

[16]  Masahide Nakamura,et al.  Using cloud technologies for large-scale house data in smart city , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[17]  Yan Jia,et al.  A method for achieving provable data integrity in cloud computing , 2015, The Journal of Supercomputing.

[18]  Xingming Sun,et al.  Enabling Personalized Search over Encrypted Outsourced Data with Efficiency Improvement , 2016, IEEE Transactions on Parallel and Distributed Systems.

[19]  Meikang Qiu,et al.  Privacy Protection for Preventing Data Over-Collection in Smart City , 2016, IEEE Transactions on Computers.

[20]  Hui Li,et al.  Panda: Public Auditing for Shared Data with Efficient User Revocation in the Cloud , 2015, IEEE Transactions on Services Computing.

[21]  M. Bhaskar,et al.  Public Auditing For Shared Data With Efficient User Revocation In The Cloud , 2015 .

[22]  Zhihua Xia,et al.  A Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encrypted Cloud Data , 2016, IEEE Transactions on Parallel and Distributed Systems.

[23]  Jin Wang,et al.  A Variable Threshold-Value Authentication Architecture for Wireless Mesh Networks , 2014 .

[24]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[25]  Xingming Sun,et al.  Achieving Efficient Cloud Search Services: Multi-Keyword Ranked Search over Encrypted Cloud Data Supporting Parallel Computing , 2015, IEICE Trans. Commun..

[26]  Fenghua Li,et al.  Certificateless public auditing for data integrity in the cloud , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[27]  Ming Li,et al.  Storing Shared Data on the Cloud via Security-Mediator , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems.

[28]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[29]  Lin Tan,et al.  An efficient method for checking the integrity of data in the Cloud , 2014 .

[30]  Ming Li,et al.  Privacy-preserving public auditing for shared cloud data supporting group dynamics , 2013, 2013 IEEE International Conference on Communications (ICC).

[31]  Tan Shuang,et al.  An efficient method for checking the integrity of data in the Cloud , 2014, China Communications.

[32]  Prateep Misra,et al.  Smart city surveillance: Leveraging benefits of cloud data stores , 2012, 37th Annual IEEE Conference on Local Computer Networks - Workshops.

[33]  Zhihan Lv,et al.  Cryptanalysis and improvement of Panda - public auditing for shared data in cloud and internet of things , 2017, Multimedia Tools and Applications.

[34]  Jian Shen,et al.  A Novel Routing Protocol Providing Good Transmission Reliability in Underwater Sensor Networks , 2015 .

[35]  Xiao-jun Zhang,et al.  A new publicly verifiable data possession on remote storage , 2015, The Journal of Supercomputing.

[36]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[37]  Kim-Kwang Raymond Choo,et al.  Efficient Hierarchical Identity-Based Signature With Batch Verification for Automatic Dependent Surveillance-Broadcast System , 2017, IEEE Transactions on Information Forensics and Security.

[38]  Jin Wang,et al.  Mutual Verifiable Provable Data Auditing in Public Cloud Storage , 2015 .