• 정보보호학회논문지
• /
• 제25권1호
• /
• pp.75-82
• /
• 2015

최근 클라우드에 원격 저장된 데이터의 무결성 검증을 위해 제 3의 감사자에게 감사 임무를 위탁할 수 있는 다양한 공공 감사 기법이 제안되었으며, 검증 효율성을 높이기 위해 위탁받은 다중 감사 임무를 한 번에 수행할 수 있는 일괄 감사 기법 또한 제안되었다. 하지만 하나의 데이터라도 손상된 경우 일괄 감사의 검증은 실패하게 되고 포함된 모든 감사 임무를 다시 개별적으로 수행해야 한다는 문제점을 가진다. 일괄 감사는 여러 사용자의 데이터 인증자들이 복잡하게 합쳐져 있으므로 일괄 감사가 실패하는 경우 손상된 데이터를 식별하는 것은 매우 어려운 문제이다. 본 논문에서는 프라이버시 보존 가능한 공공 감사 기법인 Wang 등의 기법을 다중 클라우드의 다중 사용자에 대한 일괄 감사가 가능하도록 확장하고, 다중 클라우드 중에서 단일 클라우드의 데이터만 손상된 경우 해당 클라우드를 식별할 수 있는 기법을 제안한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권2호
• /
• pp.1043-1063
• /
• 2019

With delegating proxy to process data before outsourcing, data owners in restricted access could enjoy flexible and powerful cloud storage service for productivity, but still confront with data integrity breach. Identity-based data auditing as a critical technology, could address this security concern efficiently and eliminate complicated owners' public key certificates management issue. Recently, Yu et al. proposed an Identity-Based Public Auditing for Dynamic Outsourced Data with Proxy Processing (https://doi.org/10.3837/tiis.2017.10.019). It aims to offer identity-based, privacy-preserving and batch auditing for multiple owners' data on different clouds, while allowing proxy processing. In this article, we first demonstrate this scheme is insecure in the sense that malicious cloud could pass integrity auditing without original data. Additionally, clouds and owners are able to recover proxy's private key and thus impersonate it to forge tags for any data. Secondly, we propose an improved scheme with provable security in the random oracle model, to achieve desirable secure identity based privacy-preserving batch public auditing with proxy processing. Thirdly, based on theoretical analysis and performance simulation, our scheme shows better efficiency over existing identity-based auditing scheme with proxy processing on single owner and single cloud effort, which will benefit secure big data storage if extrapolating in real application.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권10호
• /
• pp.5039-5061
• /
• 2017

Cloud storage becomes a new trend that more and more users move their data to cloud storage servers (CSSs). To ensure the security of cloud storage, many cloud auditing schemes are proposed to check the integrity of users' cloud data. However, most of them are based on public key infrastructure, which leads to complex certificates management and verification. Besides, most existing auditing schemes are inefficient when user uploads a large amount of data or a third party auditor (TPA) performs auditing for multiple users' data on different CSSs. To overcome these problems, in this paper, we propose an efficient and secure auditing scheme based on identity-based cryptography. To relieve user's computation burden, we introduce a proxy, which is delegated to generate and upload homomorphic verifiable tags for user. We extend our auditing scheme to support auditing for dynamic data operations. We further extend it to support batch auditing in multiple users and multiple CSSs setting, which is practical and efficient in large scale cloud storage system. Extensive security analysis shows that our scheme is provably secure in random oracle model. Performance analysis demonstrates that our scheme is highly efficient, especially reducing the computation cost of proxy and TPA.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제15권9호
• /
• pp.3322-3347
• /
• 2021

Cloud Storage is the primary component of many businesses on cloud. Majority of the enterprises today are adopting a multicloud strategy to keep away from vendor lock-in and to optimize cost. Auditing schemes are used to ascertain the integrity of cloud data. Of these schemes, only the Provable Data Possession schemes (PDP) are resilient to key-exposure. These PDP schemes are devised using Public Key Infrastructure (PKI-) based cryptography, Identity-based cryptography, etc. PKI-based systems suffer from certificate-related communication/computational complexities. The Identity-based schemes deal with the exposure of only the auditing secret key (audit key). But with the exposure of both the audit key and the secret key used to update the audit key, the auditing process itself becomes a complete failure. So, an Identity-based PDP scheme with Parallel Key-Insulation is proposed for multiple cloud storage. It reduces the risk of exposure of both the audit key and the secret key used to update the audit key. It preserves the data privacy from the Third Party Auditor, secure against malicious Cloud Service Providers and facilitates batch auditing. The resilience to key-exposure is proved using the CDH assumption. Compared to the existing Identity-based multicloud schemes, it is efficient in integrity verification.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권7호
• /
• pp.3319-3338
• /
• 2016

Cloud storage is becoming more and more popular because of its elasticity and pay-as-you-go storage service manner. In some cloud storage scenarios, the data that are stored in the cloud may be shared by a group of users. To verify the integrity of cloud data in this kind of applications, many auditing schemes for shared cloud data have been proposed. However, all of these schemes do not consider the access authorization problem for users, which makes the revoked users still able to access the shared cloud data belonging to the group. In order to deal with this problem, we propose a novel public auditing scheme for shared cloud data in this paper. Different from previous work, in our scheme, the user in a group cannot any longer access the shared cloud data belonging to this group once this user is revoked. In addition, we propose a new random masking technique to make our scheme preserve both data privacy and identity privacy. Furthermore, our scheme supports to enroll a new user in a group and revoke an old user from a group. We analyze the security of the proposed scheme and justify its performance by concrete implementations.