KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Provably-Secure Public Auditing with Deduplication

  • Kim, Dongmin (CIST (Center for Information Security Technologies), Korea University) ;
  • Jeong, Ik Rae (CIST (Center for Information Security Technologies), Korea University)
  • Received : 2016.08.29
  • Accepted : 2017.02.14
  • Published : 2017.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

With cloud storage services, users can handle an enormous amount of data in an efficient manner. However, due to the widespread popularization of cloud storage, users have raised concerns about the integrity of outsourced data, since they no longer possess the data locally. To address these concerns, many auditing schemes have been proposed that allow users to check the integrity of their outsourced data without retrieving it in full. Yuan and Yu proposed a public auditing scheme with a deduplication property where the cloud server does not store the duplicated data between users. In this paper, we analyze the weakness of the Yuan and Yu's scheme as well as present modifications which could improve the security of the scheme. We also define two types of adversaries and prove that our proposed scheme is secure against these adversaries under formal security models.

Keywords

References

  1. Dropbox for Business. [Online]. Available: https://www.dropbox.com/business, accessed Jan. 14, 2016.
  2. Google Drive. [Online]. Available: https://drive.google.com/, accessed Jan. 14, 2016.
  3. iCloud. [Online]. Available: https://www.icloud.com/, accessed Jan. 14, 2016.
  4. G. Ateniese, R. Burns, R. Curtmola, H. Herring, L. Kissner, Z. Peterson, and D. Song, "Provable Data Possession at Untrusted Stores," in Proc. of the 14th ACM Conf. on Computer and Communications Security, CCS 2007, pp.598-609, 2007.
  5. A. Juels and B.S. Kaliski, "PORs: Proofs of retrievability for large files," in Proc. of the 14th ACM Conf. on Computer and Communications Security, CCS 2007, pp.584-597, 2007.
  6. G. Ateniese, R.D. Pietro, L.V. Mancini, and G. Tsudik, "Scalable and efficient provable data possession," in Proc. of the 4th Int. Conf. on Security and privacy in Communication networks, SecureComm 2008, pp.1-10, 2008.
  7. H. Shacham and B. Waters, "Compact proofs of retrievability," in Proc. of the 14th annual Int. Conf. on the theory and application of cryptology & information security, ASIACRYPT 2008, pp.90-107, 2008.
  8. C. Wang, Q. Wang, K. Ren, and W. Lou, "Ensuring data storage security in cloud computing," in Proc. of the 17th IEEE Int. Workshop on Quality of Services, IWQoS 2009, pp.1-9, 2009.
  9. Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, "Enabling Public Verifiability and Data Dynamic for Storage Security in Cloud Computing," in Proc. of the 14th European Symposium on Research in Computer Security, ESORICS 2009, pp.355-370, 2009.
  10. C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia, "Dynamic Provable Data Possession," in Proc. of the 16th ACM Conf. on Computer and Communications Security, CCS 2009, pp.213-222, 2009.
  11. C. Wang, Q. Wang, K. Ren, and W. Lou, "Privacy-preserving public auditing for data storage security in cloud computing," in Proc. of the 29th IEEE Conf. on Computer Communications, INFOCOM 2010, pp.525-533, 2010.
  12. C. Wang, Q. Wang, K. Ren, and L. Lou, "Towards Secure and Dependable Storage Services in Cloud Computing," IEEE Transactions on Services Computing, vol. 5, no. 2, pp.220-232, 2012. https://doi.org/10.1109/TSC.2011.24
  13. B. Wang, B. Li, and H. Li, "Oruta: Privacy-preserving public auditing for shared data in the cloud," in Proc. of the 5th IEEE Int. Conf. on Cloud Computing, CLOUD 2012, pp.295-302, 2012.
  14. C. Wang, S.S.M. Chow, Q. Wang, K. Ren, and W. Lou, "Privacy-preserving public auditing for secure cloud storage," IEEE Transactions on Computers, vol. 62, no.2, pp.362-375, 2013. https://doi.org/10.1109/TC.2011.245
  15. H. Wang, "Proxy provable data possession in public clouds," IEEE Transactions on Services Computing, vol. 6, no. 4, pp.551-559, 2013. https://doi.org/10.1109/TSC.2012.35
  16. B. Wang, B. Li, and H. Li, "Public auditing for shared data with efficient user revocation in the cloud," in Proc. of the 32th IEEE Int. Conf. on Computer Communications, INFOCOM 2013, pp.2904-2912, 2013.
  17. J. Yuan and S. Yu, "Proofs of Retrievability with Public Verifiability and Constant Communication Cost in Cloud," in Proc. of the 2013 Int. workshop on Security in cloud computing , AISACCS-SCC 2013, pp.19-26, 2013.
  18. S.G. Worku, C. Xu, J. Zhao, and X. He, "Secure and efficient privacy-preserving public auditing scheme for cloud storage," Computers & Electrical Engineering, vol. 40, no. 5, pp.1703-1713, 2014. https://doi.org/10.1016/j.compeleceng.2013.10.004
  19. Y. Yu, J. Ni, M.H. Au, Y. Mu, B. Wang, and H. Li, "On the Security of a Public Auditing Mechanism for Shared Cloud Data Service," IEEE Transactions on Services Computing, vol. 8, no. 6, pp.998-999, 2014. https://doi.org/10.1109/TSC.2014.2355201
  20. F. Armknecht, JM. Bohli, GO. Karame, Z. Liu, and CA. Reuter, "Outsourced Proofs of Retrievability," in Proc. of the 2014 ACM SIGSAC Conf. on Computer and Communications Security, CCS 2014, pp.831-843, 2014.
  21. T. Jiang, X. Chen, and J. Ma, "Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revocation," IEEE Transactions on Computers, vol. PP, no. 99, pp.1-12, 2015.
  22. A. F. Barsoum and M. A. Hasan, "Provable multicopy dynamic data possession in cloud computing systems," IEEE Transactions on Information Forensics and Security, vol. 10, no. 3, pp.485-497, 2015. https://doi.org/10.1109/TIFS.2014.2384391
  23. G. Yang, J. Yu, W. Shen, Q. Su, Z. Fu, and R. Hao, "Enabling public auditing for shared data in cloud storage supporting identity privacy and traceability," The Journal of Systems and Software, vol. 113, pp.130-139, 2016. https://doi.org/10.1016/j.jss.2015.11.044
  24. J. Yu, K. Ren, and C. Wang, "Enabling Cloud Storage Auditing with Verifiable Outsourcing of Key Updates," IEEE Transactions on Information Forensics and Security, vol. 11, no. 6, pp.1362-1375, 2016. https://doi.org/10.1109/TIFS.2016.2528500
  25. Y. Li, Y. Yu, B. Yang, G. Min, and H. Wu, "Privacy preserving cloud data auditing with efficient key update," Future Generation Computer Systems, available online, 2016.
  26. Q. Zheng, and S. Xu, "Secure and efficient proof of storage with deduplication," in Proc. of the 2nd ACM Conf. on Data and Application Security and Privacy, CODASPY 2012, pp.1-12, 2012.
  27. Y. Shin, D. Koo, J. Hur, and J. Yun, "Secure proof of storage with deduplication for cloud storage systems," Multimedia Tools and Application, pp.1-16, 2015.
  28. J. Yuan and S. Yu, "Secure and Constant Cost Public Cloud Storage Auditing with Deduplication," in Proc. of the IEEE Conf. on Communications and Network Security, CNS 2013, pp.145-153, 2013.
  29. J. Li, J. Li, D. Xie, and Z. Cai, "Secure Auditing and Deduplicating Data in Cloud," IEEE Transactions on Computers, vol. PP, no. 99, pp.1-11, 2015.
  30. N. Alkhojandi and A. Miri, "Privacy-Preserving Public Auditing in Cloud Computing with Data Deduplication," in Proc. of the 8th Int. Symp. on Foundations & Practice of Security, FPS 2015, pp.35-48, 2015.
  31. K. He, J. Chen, R. Du, Q. Wu, G. Xue, and X. Zhang, "DeyPoS: Duplicatable Dynamic Proof of Storage for Multi-User Environments," IEEE Transactions on Computers, Vol. 65, no. 12, 2016.
  32. F. Bao, R.H. Deng, and H. Zhu, "Variations of Diffie-Hellman Problem," in Proc. of the 5th Int. Conf. of Information and Communications Security, ICICS 2003, pp.301-312, 2003.
  33. D. Boneh, B. Lynn, and H. Shacham, "Short signatures from the Weil pairing," in Proc. of the 7th annual Int. Conf. on the theory and application of cryptology & information security, ASIACRYPT 2001, pp.514-532, 2001.

Cited by

  1. ID-Based Public Auditing Protocol for Cloud Data Integrity Checking with Privacy-Preserving and Effective Aggregation Verification vol.2018, pp.None, 2017, https://doi.org/10.1155/2018/3205898
  2. ID-Based Public Auditing Protocol for Cloud Storage Data Integrity Checking with Strengthened Authentication and Security vol.23, pp.4, 2017, https://doi.org/10.1007/s11859-018-1335-9