29-08-2014, 04:35 PM
Data Integrity Proofs in Cloud Storage
Data Integrity Proofs.pdf (Size: 148.78 KB / Downloads: 32)
Abstract
Cloud computing has been envisioned as the de-facto
solution to the rising storage costs of IT Enterprises. With the
high costs of data storage devices as well as the rapid rate at
which data is being generated it proves costly for enterprises
or individual users to frequently update their hardware. Apart
from reduction in storage costs data outsourcing to the cloud
also helps in reducing the maintenance. Cloud storage moves the
user’s data to large data centers, which are remotely located,
on which user does not have any control. However, this unique
feature of the cloud poses many new security challenges which
need to be clearly understood and resolved.
One of the important concerns that need to be addressed is to
assure the customer of the integrity i.e. correctness of his data in
the cloud. As the data is physically not accessible to the user the
cloud should provide a way for the user to check if the integrity
of his data is maintained or is compromised. In this paper we
provide a scheme which gives a proof of data integrity in the cloud
which the customer can employ to check the correctness of his
data in the cloud. This proof can be agreed upon by both the
cloud and the customer and can be incorporated in the Service
level agreement (SLA). This scheme ensures that the storage at
the client side is minimal which will be beneficial for thin clients.
RELATED WORK
The simplest Proof of retrivability (POR) scheme can be
made using a keyed hash function hk(F). In this scheme the
verifier, before archiving the data file F in the cloud storage,
pre-computes the cryptographic hash of F using hk(F) and
stores this hash as well as the secret key K. To check if the
integrity of the file F is lost the verifier releases the secret key
K to the cloud archive and asks it to compute and return the
value of hk(F). By storing multiple hash values for different
keys the verifier can check for the integrity of the file F for
multiple times, each one being an independent proof
OUR CONTRIBUTION
We present a scheme which does not involve the encryption
of the whole data. We encrypt only few bits of data per data
block thus reducing the computational overhead on the clients.The client storage overhead is also minimized as it does not
store any data with it. Hence our scheme suits well for thin
clients
A DATA INTEGRITY PROOF IN CLOUD BASED ON SELECTING RANDOM BITS IN DATA BLOCKS
The client before storing its data file F at the client should
process it and create suitable meta data which is used in the
later stage of verification the data integrity at the cloud storage.
When checking for data integrity the client queries the cloud
storage for suitable replies based on which it concludes the
integrity of its data stored in the client.
Setup phase
Let the verifier V wishes to the store the file F with the
archive. Let this file F consist of n file blocks. We initially
preprocess the file and create metadata to be appended to the
file. Let each of the n data blocks have m bits in them. A
typical data file F which the client wishes to store in the
cloud is shown in Figure 2. The initial setup phase can be
described in the following steps
Verification phase
Let the verifier V want to verify the integrity of the file F.
It throws a challenge to the archive and asks it to respond.
The challenge and the response are compared and the verifier
accepts or rejects the integrity proof.
Suppose the verifier wishes to check the integrity of n
th
block. The verifier challenges the cloud storage server by
CONCLUSION AND FUTURE WORKS
In this paper we have worked to facilitate the client in
getting a proof of integrity of the data which he wishes
to store in the cloud storage servers with bare minimum
costs and efforts. Our scheme was developed to reduce the
computational and storage overhead of the client as well as
to minimize the computational overhead of the cloud storage
server. We also minimized the size of the proof of data
integrity so as to reduce the network bandwidth consumption.
At the client we only store two functions, the bit generator
function g, and the function h which is used for encrypting
the data. Hence the storage at the client is very much minimal
compared to all other schemes [4] that were developed. Hence
this scheme proves advantageous to thin clients like PDAs and
mobile phones.