16-08-2013, 04:58 PM
Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing
Abstract
—Cloud Computing has been envisioned as the next-generatio
n architecture of IT Enterprise. It moves the application
software and databases to the centralized large data center
s, where the management of the data and services may not be ful
ly
trustworthy. This unique paradigm brings about many new sec
urity challenges, which have not been well understood. This
work studies
the problem of ensuring the integrity of data storage in Clou
d Computing. In particular, we consider the task of allowing
a third party
auditor (TPA), on behalf of the cloud client, to verify the in
tegrity of the dynamic data stored in the cloud. The introduc
tion of TPA
eliminates the involvement of the client through the auditi
ng of whether his data stored in the cloud is indeed intact, wh
ich can be
important in achieving economies of scale for Cloud Computi
ng. The support for data dynamics via the most general forms o
f data
operation, such as block modification, insertion and deleti
on, is also a significant step toward practicality, since ser
vices in Cloud
Computing are not limited to archive or backup data only. Whi
le prior works on ensuring remote data integrity often lacks
the support
of either public auditability or dynamic data operations, t
his paper achieves both. We first identify the difficulties an
d potential security
problems of direct extensions with fully dynamic data updat
es from prior works and then show how to construct an elegant v
erification
scheme for the seamless integration of these two salient fea
tures in our protocol design. In particular, to achieve effic
ient data dynamics,
we improve the existing proof of storage models by manipulat
ing the classic Merkle Hash Tree construction for block tag a
uthentication.
To support efficient handling of multiple auditing tasks, we
further explore the technique of bilinear aggregate signat
ure to extend our
main result into a multi-user setting, where TPA can perform
multiple auditing tasks simultaneously. Extensive securi
ty and performance
analysis show that the proposed schemes are highly efficient
and provably secure.