Movatterモバイル変換

[0]ホーム
URL:

Skip to main content

Advertisement

Springer Nature Link
Log in

Public Cloud Data Auditing Revisited: Removing the Tradeoff Between Proof Size and Storage Cost

  • Conference paper
  • First Online:

Abstract

Public cloud data auditing allows any third party to check the integrity of data stored on untrusted cloud servers without retrieving the data. The challenge is how to audit the proof of storage with efficient communications. In ACM CCS 2007, Atenieseet al. described the first practical public cloud data auditing scheme based on RSA, in which the proof of storage consists of one RSA element and one hash value and the storage cost for generating the proof can be as short as\(1\%\) of the stored file. Soon after, in Asiacrypt 2008, Shacham and Waters gave another public cloud data auditing scheme based on bilinear pairing, in which the generated proof of storage can be as short as 320 bits for 80-bit security (71\(\%\) less compared to Atenieseet al.’s scheme). However, Shacham and Waters’ scheme must trade off the storage cost, where the storage overhead for generating the proof of storage must be\(100\%\) of the stored file. Surprisingly, until today, the tradeoff between the proof size (namely proof of storage) and the storage cost (namely storage overhead) in cloud data auditing remains an open problem.

In this paper, we introduce a completely new public cloud data auditing mechanism. The proof of storage is not computed from block tags directly, but from evolution tags that are still unforgeable and evolved from bunch tags. We propose a concrete public cloud data auditing scheme based on this mechanism, in which the proof size is 240 bits for 80-bit security (25\(\%\) less compared to Shacham and Waters’ scheme) and the storage cost can be as efficient as Atenieseet al.’s scheme. The core of our technique is the feasibility of tag aggregations within this new mechanism. Our scheme is provably secure in the random oracle model.

This is a preview of subscription content,log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide -see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Similar content being viewed by others

Notes

  1. 1.

    The parametern is related to the number of tags that will be aggregated into a constant one.

  2. 2.

    A secure signature scheme is needed forf stored on the cloud server. This part is omit to make the scheme neat. The techniques to generate the signature on the file can be referred to [22].

References

  1. Armknecht, F., Barman, L., Bohli, J.M., Karame, G.O.: Mirror: enabling proofs of data replication and retrievability in the cloud. In: Holz, T., Savage, S. (eds.) USENIX Security Symposium 2016, pp. 1051–1068. USENIX Association (2016)

    Google Scholar 

  2. Armknecht, F., Bohli, J.M., Karame, G.O., Liu, Z., Reuter, C.A.: Outsourced proofs of retrievability. In: Ahn, G., Yung, M., Li, N. (eds.) CCS 2014, pp. 831–843. ACM (2014)

    Google Scholar 

  3. Ateniese, G., et al.: Provable data possession at untrusted stores. In: Ning, P., di Vimercati, S.D.C., Syverson, P.F. (eds.) CCS 2007, pp. 598–609. ACM (2007)

    Google Scholar 

  4. Ateniese, G., Di Pietro, R., Mancini, L.V., Tsudik, G.: Scalable and efficient provable data possession. In: Levi, A., Liu, P., Molva, R. (eds.) SecureComm 2008, pp. 1–10. ACM (2008)

    Google Scholar 

  5. Azraoui, M., Elkhiyaoui, K., Molva, R., Önen, M.: StealthGuard: proofs of retrievability with Hidden Watchdogs. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 239–256. Springer, Cham (2014).https://doi.org/10.1007/978-3-319-11203-9_14

    Chapter  Google Scholar 

  6. Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005).https://doi.org/10.1007/11426639_26

    Chapter  Google Scholar 

  7. Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003).https://doi.org/10.1007/3-540-39200-9_26

    Chapter  Google Scholar 

  8. Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001).https://doi.org/10.1007/3-540-45682-1_30

    Chapter  Google Scholar 

  9. Bowers, K.D., Juels, A., Oprea, A.: Proofs of retrievability: theory and implementation. In: Sion, R., Song, D. (eds.) CCSW 2009, pp. 43–54. ACM (2009)

    Google Scholar 

  10. Cash, D., Küpçü, A., Wichs, D.: Dynamic proofs of retrievability via oblivious RAM. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 279–295. Springer, Heidelberg (2013).https://doi.org/10.1007/978-3-642-38348-9_17

    Chapter  Google Scholar 

  11. Cash, D., Küpçü, A., Wichs, D.: Dynamic proofs of retrievability via oblivious ram. J. Cryptol.30(1), 22–57 (2017)

    Article MathSciNet  Google Scholar 

  12. Curtmola, R., Khan, O., Burns, R., Ateniese, G.: Mr-pdp: multiple-replica provable data possession. In: ICDCS 2008, pp. 411–420. IEEE Computer Society (2008)

    Google Scholar 

  13. Erway, C.C., Kupcu, A., Papamanthou, C., Tamassia, R.: Dynamic provable data possession. ACM Trans. Inf. Syst. Sec. (TISSEC)17(4), 1–29 (2015)

    Article  Google Scholar 

  14. Erway, C., Küpçü, A., Papamanthou, C., Tamassia, R.: Dynamic provable data possession. In: Al-Shaer, E., Jha, S., Keromytis, A.D. (eds.) CCS 2009, pp. 213–222. ACM (2009)

    Google Scholar 

  15. Gudeme, J.R., Pasupuleti, S.K., Kandukuri, R.: Attribute-based public integrity auditing for shared data with efficient user revocation in cloud storage. J. Ambient. Intell. Humaniz. Comput.12(2), 2019–2032 (2020).https://doi.org/10.1007/s12652-020-02302-6

    Article  Google Scholar 

  16. Juels, A., Kaliski Jr, B.S.: Pors: proofs of retrievability for large files. In: Ning, P., di Vimercati, S.D.C., Syverson, P.F. (eds.) CCS 2007, pp. 584–597. ACM (2007)

    Google Scholar 

  17. Katz, J.: Digital signatures. Springer Science & Business Media (2010)

    Google Scholar 

  18. Li, H., Liu, L., Lan, C., Wang, C., Guo, H.: Lattice-based privacy-preserving and forward-secure cloud storage public auditing scheme. IEEE Access8, 86797–86809 (2020)

    Article  Google Scholar 

  19. Li, Y., Yu, Y., Min, G., Susilo, W., Ni, J., Choo, K.K.R.: Fuzzy identity-based data integrity auditing for reliable cloud storage systems. IEEE Trans. Dependable Secure Comput.16(1), 72–83 (2017)

    Article  Google Scholar 

  20. Liu, Z., Liao, Y., Yang, X., He, Y., Zhao, K.: Identity-based remote data integrity checking of cloud storage from lattices. In: BigCom 2017, pp. 128–135. IEEE Computer Society (2017)

    Google Scholar 

  21. Ni, J., Yu, Y., Mu, Y., Xia, Q.: On the security of an efficient dynamic auditing protocol in cloud storage. IEEE Trans. Parallel Distrib. Syst.25(10), 2760–2761 (2013)

    Article  Google Scholar 

  22. Shacham, H., Waters, B.: Compact proofs of retrievability. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 90–107. Springer, Heidelberg (2008).https://doi.org/10.1007/978-3-540-89255-7_7

    Chapter  Google Scholar 

  23. Shen, S.-T., Tzeng, W.-G.: Delegable provable data possession for remote data in the clouds. In: Qing, S., Susilo, W., Wang, G., Liu, D. (eds.) ICICS 2011. LNCS, vol. 7043, pp. 93–111. Springer, Heidelberg (2011).https://doi.org/10.1007/978-3-642-25243-3_8

    Chapter  Google Scholar 

  24. Shen, W., Qin, J., Yu, J., Hao, R., Hu, J.: Enabling identity-based integrity auditing and data sharing with sensitive information hiding for secure cloud storage. IEEE Trans. Inf. Forensics Secur.14(2), 331–346 (2018)

    Article  Google Scholar 

  25. Stefanov, E., van Dijk, M., Juels, A., Oprea, A.: Iris: A scalable cloud file system with efficient integrity checks. In: Zakon, R.H. (ed.) ACSAC 2012, pp. 229–238. ACM (2012)

    Google Scholar 

  26. Wang, C., Chow, S.S., Wang, Q., Ren, K., Lou, W.: Privacy-preserving public auditing for secure cloud storage. IEEE Trans. Comput.62(2), 362–375 (2011)

    Article MathSciNet  Google Scholar 

  27. Wang, C., Wang, Q., Ren, K., Lou, W.: Privacy-preserving public auditing for data storage security in cloud computing. In: INFOCOM 2010, pp. 525–533. IEEE (2010)

    Google Scholar 

  28. Wang, Y., Wu, Q., Qin, B., Shi, W., Deng, R.H., Hu, J.: Identity-based data outsourcing with comprehensive auditing in clouds. IEEE Trans. Inf. Forensics Secur.12(4), 940–952 (2016)

    Article  Google Scholar 

  29. Wang, Y., Wu, Q., Qin, B., Tang, S., Susilo, W.: Online/offline provable data possession. IEEE Trans. Inf. Forensics Secur.12(5), 1182–1194 (2017)

    Article  Google Scholar 

  30. Xu, J., Yang, A., Zhou, J., Wong, D.S.: Lightweight delegatable proofs of storage. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9878, pp. 324–343. Springer, Cham (2016).https://doi.org/10.1007/978-3-319-45744-4_16

    Chapter  Google Scholar 

  31. Yang, A., Xu, J., Weng, J., Zhou, J., Wong, D.S.: Lightweight and privacy-preserving delegatable proofs of storage with data dynamics in cloud storage. IEEE Trans. Cloud Comput.9(1), 212–225 (2018)

    Article  Google Scholar 

  32. Yang, K., Jia, X.: An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE Trans. Parallel Distrib. Syst.24(9), 1717–1726 (2012)

    Article  Google Scholar 

  33. Yu, Y., et al.: Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage. IEEE Trans. Inf. Forensics Secur.12(4), 767–778 (2016)

    Article  Google Scholar 

  34. Yu, Y., Li, Y., Yang, B., Susilo, W., Yang, G., Bai, J.: Attribute-based cloud data integrity auditing for secure outsourced storage. IEEE Trans. Emerg. Top. Comput.8(2), 377–390 (2017)

    Article  Google Scholar 

  35. Yu, Y.: Cloud data integrity checking with an identity-based auditing mechanism from rsa. Futur. Gener. Comput. Syst.62, 85–91 (2016)

    Article  Google Scholar 

  36. Yuan, J., Yu, S.: Proofs of retrievability with public verifiability and constant communication cost in cloud. In: Sun, X., Shi, E., Ren, K. (eds.) SCC@ASIACCS 2013, pp. 19–26. ACM (2013)

    Google Scholar 

  37. Yuan, J., Yu, S.: Pcpor: public and constant-cost proofs of retrievability in cloud1. J. Comput. Secur.23(3), 403–425 (2015)

    Article  Google Scholar 

  38. Zhang, J.H., Tang, W.J.: Security analysis on a public por scheme in cloud storage. Appli. Mech. Mater.556–562, 5395–5399 (2014)

    Article  Google Scholar 

  39. Zhang, Y., Sang, Y., Xi, Z., Zhong, H.: Lattice based multi-replica remote data integrity checking for data storage on cloud. In: Shen, H., Sang, Y. (eds.) PAAP 2019. CCIS, vol. 1163, pp. 440–451. Springer, Singapore (2020).https://doi.org/10.1007/978-981-15-2767-8_39

    Chapter  Google Scholar 

Download references

Acknowledgment

This paper is partially supported by National Natural Science Foundation of China (No. 61902191, No. 62002058) and Natural Science Foundation of Jiangsu Province (No. BK20200391).

Author information

Authors and Affiliations

  1. Institute of Cybersecurity and Cryptology, School of Computing and Information Technology, University of Wollongong, Wollongong, NSW, 2522, Australia

    Willy Susilo, Yannan Li & Fuchun Guo

  2. School of Cyber Science and Engineering, Southeast University, Nanjing, China

    Jianchang Lai & Ge Wu

Authors
  1. Willy Susilo

    You can also search for this author inPubMed Google Scholar

  2. Yannan Li

    You can also search for this author inPubMed Google Scholar

  3. Fuchun Guo

    You can also search for this author inPubMed Google Scholar

  4. Jianchang Lai

    You can also search for this author inPubMed Google Scholar

  5. Ge Wu

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence toYannan Li.

Editor information

Editors and Affiliations

  1. Rutgers University, Newark, NJ, USA

    Vijayalakshmi Atluri

  2. Hamad Bin Khalifa University, Doha, Qatar

    Roberto Di Pietro

  3. Technical University of Denmark, Kongens Lyngby, Denmark

    Christian D. Jensen

  4. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

Appendix A

Appendix A

Theorem 2

Then-GDHE problem fulfils the intractability analysis stated in [6].

Proof. Then-GDHE problem is to compute\(e(h_1, h_2)^{a^{n+1}bc}\) from the following given instance

$$\begin{aligned}&h_1, h_1^c \in G_1\\&h_2, h_2^b \in G_2\\&h_1^a, h_1^{a^2},\cdots , h_1^{a^n} \in G_1\\&h_2^{a^1}, ~h_2^{a^2},~\cdots ,h_2^{a^n}, h_2^{a^{n+1}},~ h_2^{a^{n+2}},\cdots , ~h_2^{a^{2n}} \in G_2\\&h_2^{a^1b}, h_2^{a^2b},\cdots ,h_2^{a^nb},~~~~~~~, h_2^{a^{n+2}b},\cdots , h_2^{a^{2n}b} \in G_2. \end{aligned}$$

Then-GDHE problem instance can be reformulated as

$$\begin{aligned} P_1= & {} \left( \begin{array}{lcl} 1, ~c, &{} &{}\\ a, ~a^2, &{} \cdots , &{} ~a^n, \\ \end{array}\right) , \\ P_2= & {} \left( \begin{array}{l} ~1 ,~b\\ ~a, ~~ \cdots , ~a^n,~~ a^{n+1},~~ a^{n+2},~\cdots , ~~~ a^{2n}\\ ~ ab, \cdots , ~ ~ a^nb,~~~~~~~~~~~~ a^{n+2}b,~\cdots , ~~ a^{2n}b\\ \end{array}\right) , \\ Q= & {} 1,\\ F= & {} a^{n+1}bc. \end{aligned}$$

Here,\(P_1\) refers to the set of exponents with\(h_1\) as the base in all group elements in\(G_1\) in the problem instance.\(P_2\) refers to the set of exponents with\(h_2\) as the base in all group elements in\(G_2\) in the problem instance.Q refers to the set of exponents with\(e(h_1, h_2)\) as the base in all group elements in\(G_T\) in the problem instance.

We need to show thatF is independent of\((P_1,P_2,Q)\), i.e. that no coefficients\(x_i,y_j\) andz exist such that\( a^{n+1}bc=F=\sum x_{i}d_iy_jd_j+z,\) where\(d_i \in P_1 ,d_j \in P_2\). In order to satisfy this equation, the multiplication of any element from\(P_1\) and any element from\(P_2\) must containabc only. By making all possible multiplications listed in\(F'\) as follows

$$\begin{aligned} F'= & {} \left( \begin{array}{rcl} ab \cdot c, ~ a^2b \cdot c, &{} \cdots ,&{} ~ a^nb \cdot c,\\ ~ a^{n+2}b \cdot c,&{}~\cdots ,&{} ~ a^{2n}b \cdot c\\ \end{array}\right) . \end{aligned}$$

we want to prove that no linear combination among the polynomials from the list\(F'\) below leads toF.

Any such linear combination associated withabc can be written as\( a^{n+1}bc=A(a) abc+B(a) a^{n+2}bc, \) whereA(a) andB(a) are polynomials with\( 0\le deg A(a) \le n-1\) and\( 0\le deg B(a) \le n-2\). By cancelling outabc in both sides, we can simplify the above equation as

$$\begin{aligned} a^{n}(1-aB(a))=A(a). \end{aligned}$$

SinceA(a) has the degree less thann and\(a^n| A(a)\), we have\(1-aB(a)=A(a)=0\). That is,\(aB(a)=1\) for anya. On the other hand, we have\(0\cdot B(0)=0\). Therefore, there does not exist coefficients\({x_{i}},y_j\) andz such that\(F=\sum x_{i}d_iy_jd_j+z\) holds. Hence, the definedn-GDHE problem is one of the intractable GDHE problems. This completes the proof.\(\Box \)

Rights and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Susilo, W., Li, Y., Guo, F., Lai, J., Wu, G. (2022). Public Cloud Data Auditing Revisited: Removing the Tradeoff Between Proof Size and Storage Cost. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds) Computer Security – ESORICS 2022. ESORICS 2022. Lecture Notes in Computer Science, vol 13555. Springer, Cham. https://doi.org/10.1007/978-3-031-17146-8_4

Download citation

Publish with us

Access this chapter

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide -see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

[8]ページ先頭
©2009-2025 Movatter.jp