01-08-2012, 11:04 AM
Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing
Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing.ppt (Size: 410.5 KB / Downloads: 37)
Cloud Computing
With cloud computing, users can remotely store their data into the cloud and use on-demand high-quality applications
Using a shared pool of configurable computing resources
Data outsourcing: users are relieved from the burden of data storage and maintenance
When users put their data (of large size) on the cloud, the data integrity protection is challenging
Enabling public audit for cloud data storage security is important
Users can ask an external audit party to check the integrity of their outsourced data
Third Party Auditor (TPA)
External audit party is called TPA
TPA helps the user to audit the data
To allow TPA securely:
1) TPA should audit the data from the cloud, not ask for a copy
2) TPA should not create new vulnerability to user data privacy
This paper presents a privacy-preserving public auditing system for cloud data storage
Outline
Introduction
System and threat model
Proposed scheme
Security analysis & performance evaluation
Introduction
Cloud computing gives flexibility to users
Users pay as much as they use
Users don’t need to set up the large computers
But the operation is managed by the Cloud Service Provider (CSP)
The user give their data to CSP; CSP has control on the data
The user needs to make sure the data is correct on the cloud
Internal (some employee at CSP) and external (hackers) threats for data integrity
CSP might behave unfaithfully
For money reasons, CSP might delete data that’s rarely accessed
CSP might hide data loss to protect their reputation
Introduction
How to efficiently verify the correctness of outsourced data?
Simply downloading the data by the user is not practical
TPA can do it and provide an audit report
TPA should not read the data content
Legal regulations: US Health Insurance Portability and Accountability Act (HIPAA)
This paper presents how to enable privacy-preserving third-party auditing protocol
First work in the literature to do this
System and Threat Model
U: cloud user has a large amount of data files to store in the cloud
CS: cloud server which is managed by the CSP and has significant data storage and computing power (CS and CSP are the same in this paper)
TPA: third party auditor has expertise and capabilities that U and CSP don’t have. TPA is trusted to assess the CSP’s storage security upon request from U
A note on auditing
What’ is auditing?
A Public Auditing Scheme
Consists of four algorithms (KeyGen, SigGen, GenProof, VerifyProof)
KeyGen: key generation algorithm that is run by the user to setup the scheme
SigGen: used by the user to generate verification metadata, which may consist of MAC, signatures or other information used for auditing
GenProof: run by the cloud server to generate a proof of data storage correctness
VerifyProof: run by the TPA to audit the proof from the cloud server
Privacy-Preserving Public Auditing Scheme
Uses homomorphic authenticator
Also uses a random mask achieved by a Pseudo Random Function (PRF)
Properties
The data sent from CSP to TPA is independent of the data size
Linear combination with mask
Previous work has shown that if the server is missing 1% of the data
We need 300 or 460 blocks to detect that with a probability larger than 95% or 99%, respectively
More Possible Extensions
Batch auditing
There are K users having K files on the same cloud
They have the same TPA
Then, the TPA can combine their queries and save in computation time
The comparison function that compares the aggregate authenticators has a property that allows checking multiple messages in one equation
Instead of 2K operation, K+1 are possible
Data dynamics
The data on the cloud may change according to applications
This is achieved by using the data structure Merkle Hash Tree (MHT)
With MHT, data changes in a certain way; new data is added in some places
There is more overhead involved ; user sends the tree root to TPA
This scheme is not evaluated in the paper
Batch Auditing
Number of auditing tasks increased from 1 to 200 in multiple of 8
Auditing time per task: total auditing time / number of tasks
Performance with Invalid Responses
In batch auditing, true means that all of the messages are correct
False means at least one is wrong
Divide batch in half, repeat for left- and right parts
Binary search