07-02-2013, 03:35 PM
An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing
1An Efficient and Secure.pdf (Size: 357.33 KB / Downloads: 79)
Abstract
In cloud computing, data owners host their data on cloud servers and users (data consumers) can access the data
from cloud servers. Due to the data outsourcing, however, this new paradigm of data hosting service also introduces new security
challenges, which requires an independent auditing service to check the data integrity in the cloud. Some existing remote integrity
checking methods can only serve for static archive data and thus cannot be applied to the auditing service since the data in the
cloud can be dynamically updated. Thus, an efficient and secure dynamic auditing protocol is desired to convince data owners
that the data are correctly stored in the cloud. In this paper, we first design an auditing framework for cloud storage systems
and propose an efficient and privacy-preserving auditing protocol. Then, we extend our auditing protocol to support the data
dynamic operations, which is efficient and provably secure in the random oracle model. We further extend our auditing protocol
to support batch auditing for both multiple owners and multiple clouds, without using any trusted organizer. The analysis and
simulation results show that our proposed auditing protocols are secure and efficient, especially it reduce the computation cost
of the auditor.
INTRODUCTION
Cloud storage is an important service of cloud computing
[1], which allows data owners (owners) to move data from
their local computing systems to the cloud. More and more
owners start to store the data in the cloud [2]. However,
this new paradigm of data hosting service also introduces
new security challenges [3]. Owners would worry that the
data could be lost in the cloud. This is because data loss
could happen in any infrastructure, no matter what high
degree of reliable measures cloud service providers would
take [4]–[8]. Sometimes, cloud service providers might be
dishonest. They could discard the data which has not been
accessed or rarely accessed to save the storage space and
claim that the data are still correctly stored in the cloud.
Therefore, owners need to be convinced that the data are
correctly stored in the cloud.
EFFICIENT AND PRIVACY-PRESERVING
AUDITING PROTOCOL
In this section, we first present some techniques we applied
in the design of our efficient and privacy-preserving
auditing protocol. Then, we describe the algorithms and
the detailed construction of our auditing protocol for cloud
storage systems. The correctness proof will be shown in
the supplemental file.
Overview of Our Solution
The main challenge in the design of data storage auditing
protocol is the data privacy problem (i.e., the auditing protocol
should protect the data privacy against the auditor.).
This is because: 1) For public data, the auditor may obtain
the data information by recovering the data blocks from the
data proof. 2) For encrypted data, the auditor may obtain
content keys somehow through any special channels and
could be able to decrypt the data. To solve the data privacy
problem, our method is to generate an encrypted proof with
the challenge stamp by using the Bilinearity property of the
bilinear pairing, such that the auditor cannot decrypt it. But
the auditor can verify the correctness of the proof without
decrypting it.
BATCH AUDITING FOR MULTI-OWNER
AND MULTI-CLOUD
Data storage auditing is a significant service in cloud
computing which helps the owners check the data integrity
on the cloud servers. Due to the large number of data
owners, the auditor may receive many auditing requests
from multiple data owners. In this situation, it would greatly
improve the system performance, if the auditor could
combine these auditing requests together and only conduct
the batch auditing for multiple owners simultaneously. The
previous work [25] cannot support the batch auditing for
multiple owners. That is because parameters for generating
the data tags used by each owner are different and thus the
auditor cannot combine the data tags from multiple owners
to conduct the batch auditing.
On the other hand, some data owners may store their data
on more than one cloud servers. To ensure the owner’s data
integrity in all the clouds, the auditor will send the auditing
challenges to each cloud server which hosts the owner’s
data, and verify all the proofs from them. To reduce the
computation cost of the auditor, it is desirable to combine
all these responses together and do the batch verification.
CONCLUSION
In this paper, we proposed an efficient and inherently secure
dynamic auditing protocol. It protects the data privacy
against the auditor by combining the cryptography method
with the bilinearity property of bilinear paring, rather than
using the mask technique. Thus, our multi-cloud batch
auditing protocol does not require any additional organizer.
Our batch auditing protocol can also support the batch
auditing for multiple owners. Furthermore, our auditing
scheme incurs less communication cost and less computation
cost of the auditor by moving the computing loads
of auditing from the auditor to the server, which greatly
improves the auditing performance and can be applied to
large scale cloud storage systems.