20-12-2012, 05:02 PM
Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing
1Enabling Public Auditability.pdf (Size: 1.2 MB / Downloads: 23)
Abstract
Cloud Computing has been envisioned as the next-generation architecture of IT Enterprise. It moves the application
software and databases to the centralized large data centers, where the management of the data and services may not be fully
trustworthy. This unique paradigm brings about many new security challenges, which have not been well understood. This work
studies the problem of ensuring the integrity of data storage in Cloud Computing. In particular, we consider the task of allowing a third
party auditor (TPA), on behalf of the cloud client, to verify the integrity of the dynamic data stored in the cloud. The introduction of TPA
eliminates the involvement of the client through the auditing of whether his data stored in the cloud are indeed intact, which can be
important in achieving economies of scale for Cloud Computing. The support for data dynamics via the most general forms of data
operation, such as block modification, insertion, and deletion, is also a significant step toward practicality, since services in Cloud
Computing are not limited to archive or backup data only. While prior works on ensuring remote data integrity often lacks the support of
either public auditability or dynamic data operations, this paper achieves both. We first identify the difficulties and potential security
problems of direct extensions with fully dynamic data updates from prior works and then show how to construct an elegant verification
scheme for the seamless integration of these two salient features in our protocol design. In particular, to achieve efficient data
dynamics, we improve the existing proof of storage models by manipulating the classic Merkle Hash Tree construction for block tag
authentication.
INTRODUCTION
SEVERAL trends are opening up the era of Cloud Computing,
which is an Internet-based development and use of
computer technology. The ever cheaper and more powerful
processors, together with the “software as a service” (SaaS)
computing architecture, are transforming data centers into
pools of computing service on a huge scale. Meanwhile, the
increasing network bandwidth and reliable yet flexible
network connections make it even possible that clients can
now subscribe high-quality services from data and software
that reside solely on remote data centers.
Although envisioned as a promising service platform for
the Internet, this new data storage paradigm in “Cloud”
brings about many challenging design issues which have
profound influence on the security and performance of the
overall system.
Related Work
Recently, much of growing interest has been pursued in the
context of remotely stored data verification [2], [3], [4], [5],
[6], [7], [8], [9], [10], [12], [13], [14], [15]. Ateniese et al. [2] are
the first to consider public auditability in their defined
“provable data possession” model for ensuring possession
of files on untrusted storages. In their scheme, they utilize
RSA-based homomorphic tags for auditing outsourced
data, thus public auditability is achieved. However,
Ateniese et al. do not consider the case of dynamic data
storage, and the direct extension of their scheme from static
data storage to dynamic case may suffer design and security
problems. In their subsequent work [12], Ateniese et al.
propose a dynamic version of the prior PDP scheme.
However, the system imposes a priori bound on the number
of queries and does not support fully dynamic data
operations, i.e., it only allows very basic block operations
with limited functionality, and block insertions cannot be
supported. In [13], Wang et al. consider dynamic data
storage in a distributed scenario, and the proposed
challenge-response protocol can both determine the data
correctness and locate possible errors. Similar to [12], they
only consider partial support for dynamic data operation.
Juels and Kaliski [3] describe a “proof of retrievability”
model, where spot-checking and error-correcting codes are
used to ensure both “possession” and “retrievability” of
data files on archive service systems.
Security Model
Following the security model defined in [4], we say that the
checking scheme is secure if 1) there exists no polynomialtime
algorithm that can cheat the verifier with nonnegligible
probability; and 2) there exists a polynomialtime
extractor that can recover the original data files by
carrying out multiple challenges-responses. The client or
TPA can periodically challenge the storage server to ensure
the correctness of the cloud data, and the original files can
be recovered by interacting with the server. The authors in
[4] also define the correctness and soundness of their
scheme: the scheme is correct if the verification algorithm
accepts when interacting with the valid prover (e.g., the
server returns a valid response) and it is sound if any
cheating server that convinces the client it is storing the data
file is actually storing that file. Note that in the “game”
between the adversary and the client, the adversary has full
access to the information stored in the server, i.e., the
adversary can play the part of the prover (server). The goal
of the adversary is to cheat the verifier successfully, i.e.,
trying to generate valid responses and pass the data
verification without being detected.
Our Construction
To effectively support public auditability without having to
retrieve the data blocks themselves, we resort to the
homomorphic authenticator technique [2], [4]. Homomorphic
authenticators are unforgeable metadata generated
from individual data blocks, which can be securely
aggregated in such a way to assure a verifier that a linear
combination of data blocks is correctly computed by
verifying only the aggregated authenticator. In our design,
we propose to use PKC-based homomorphic authenticator
(e.g., BLS signature [4] or RSA signature-based authenticator
[2]) to equip the verification protocol with public
auditability. In the following description, we present the
BLS-based scheme to illustrate our design with data
dynamics support. As will be shown, the schemes designed
under BLS construction can also be implemented in RSA
construction. In the discussion of Section 3.4, we show that
direct extensions of previous work [2], [4] have security
problems, and we believe that protocol design for supporting
dynamic data operation is a major challenging task for
cloud storage systems.
Discussion on Design Considerations
Instantiations based on BLS and RSA. As discussed above,
we present a BLS-based construction that offers both public
auditability and data dynamics. In fact, our proposed scheme
can also be constructed based on RSA signatures. Compared
with RSA construction [2], [14], as a desirable benefit, the BLS
construction can offer shorter homomorphic signatures (e.g.,
160 bits) than those that use RSA techniques (e.g., 1,024 bits).
In addition, the BLS construction has the shortest query and
response (we does not consider AAI here): 20 and 40 bytes
[4]. However, while BLS construction is not suitable to
use variable sized blocks (e.g., for security parameter
¼ 80;mi 2 ZZp, where p is a 160-bit prime), the RSA
construction can support variable sized blocks.
CONCLUSION
To ensure cloud data storage security, it is critical to enable a
TPA to evaluate the service quality from an objective and
independent perspective. Public auditability also allows
clients to delegate the integrity verification tasks to TPA
while they themselves can be unreliable or not be able to
commit necessary computation resources performing continuous
verifications. Another major concern is how to
construct verification protocols that can accommodate
dynamic data files. In this paper, we explored the problem
of providing simultaneous public auditability and data
dynamics for remote data integrity check in Cloud Computing.
Our construction is deliberately designed to meet these
two important goals while efficiency being kept closely in
mind. To achieve efficient data dynamics, we improve the
existing proof of storage models by manipulating the classic
Merkle Hash Tree construction for block tag authentication.