DIPOR: An IDA-based dynamic proof of retrievability scheme for cloud storage systems

https://doi.org/10.1016/j.jnca.2017.12.007Get rights and content

Abstract

As cloud storage has become more and more ubiquitous, there are a large number of consumers renting cloud storage services. However, as users lose direct control over the data, the integrity and availability of the outsourced data become a big concern for users. Accordingly, how to verify the integrity of stored data and retrieve the availability of the corrupted data has become an urgent problem. Moreover, in most cases, users' data is not always static, but needs to be updated. In this paper, we propose a dynamic proof of retrievability scheme for cloud storage system, named as DIPOR. The DIPOR not only can retrieve the original data of corrupted blocks by using partial healthy data stored in healthy servers, but also support for updating operations of data. Furthermore, the number of forks in our scheme is not fixed, which means we can always look for the optimal forks based on the number of data blocks. In addition, the security analysis indicates that our scheme is provably secure and the performance evaluations show the efficiency of the proposed scheme.

Introduction

In the era of big data, cloud storage system has become a focus as the continuous development of cloud computing. For big data, cloud storage system brings many benefits, such as reducing hardware cost, releasing local storage burden, supporting remote access. Nevertheless, cloud storage brings corresponding threats while providing users with conveniences. Highly centralized computing resources make the cloud storage face serious security challenges (Yu, 2016).

As users employing cloud storage system, the remote data may suffer peeping, modifying, or damaging by cloud computing providers or some other adversaries. In general, the confidentiality of data is ensured by data encryption, anonymous or other mechanisms. But when using cloud storage, users may not save any copies of remote data locally, which results in no guarantee for the security of stored data. Thus, how to assure the integrity and availability of outsourced data has become a key issue in cloud storage.

To solve that problem, a large number of methods have been proposed (Ateniese et al., 2007, Juels and Kaliski, 2007, Garg and Bawa, 2017, Curtmola et al., 2008, Yu et al., 2016, Wang, 2015, Ateniese et al., 2008, Erway et al., 2015, Wang et al., 2009a, Wang et al., 2017, Huang et al., 2016, Huang et al., 2017a, Fu et al., 2015, Fu et al., 2017, Wang et al., 2010, Huang et al., 2017b, Liu et al., 2017a, Liu et al., 2017b, Huang et al., 2017c, Shen et al., 2017, Azraoui et al., 2014, Li et al., 2017, Shacham and Waters, 2008, Liu et al., 2015, Shen et al., 2015, Mo et al., 2012, Omote and Thao, 2014, Omote and Thao, 2015). The research of cloud storage data integrity is mainly focused on Provable Data Possession (PDP) and Proof of Retrievability (POR), where the original models of these two researches are constructed by Ateniese et al. (2007) and Juels and Kaliski (2007), respectively. PDP schemes (Ateniese et al., 2007, Garg and Bawa, 2017, Curtmola et al., 2008, Yu et al., 2016, Wang, 2015, Ateniese et al., 2008, Erway et al., 2015, Wang et al., 2009a, Wang et al., 2017, Huang et al., 2016, Huang et al., 2017a, Fu et al., 2015, Fu et al., 2017, Wang et al., 2010, Huang et al., 2017b, Liu et al., 2017a, Liu et al., 2017b, Huang et al., 2017c, Shen et al., 2017) can support for the data integrity checking, but not for the retrieving of corrupted data, which can be achieved in POR schemes (Juels and Kaliski, 2007, Azraoui et al., 2014, Li et al., 2017, Shacham and Waters, 2008, Liu et al., 2015, Shen et al., 2015, Mo et al., 2012, Omote and Thao, 2014, Omote and Thao, 2015). Although some of these schemes call as POR, we cannot find a definite solution for retrieving. Some of POR schemes only carry on privacy verification, which has a fault for public verification. Only a small part of POR schemes can recover the damaged data and support for public auditing. More regrettably, fewer schemes consider data updating. But in practical, the dynamic operation is a vital point.

In this paper, we propose a new POR scheme, DIPOR, in which the corrupted data can be fully retrieved and the data can be modified dynamically. For DIPOR, if corrupted is found when the user verifies the integrity of the data, it can retrieve the corrupted blocks completely using partial healthy data still storing in the cloud servers, without any other new cloud storage servers. What's more, by constructing a Multiple Hash Tree (MPHT) with an unfixed number of forks, we can achieve dynamic modifications while minimizing the overhead. Furthermore, we validate the security of DIPOR in security analysis and reveal the efficiency of DIPOR in performance evaluation. Specifically, our contributions can be summarized as follows.

  • 1)

    We first introduce the mathematical idea of the Information Dispersal Algorithm (IDA), and process the original data before sending to cloud servers by matrix multiplication. We carry out matrix multiplication for data block matrix, which can ensure the corrupted data to be recovered by healthy data. Meanwhile, we encrypt coefficient vectors before sending to cloud servers by symmetric encryption, which can protect the privacy of our scheme.

  • 2)

    The users not only can verify and retrieve the remote data, but also can realize data modification. As the number of forks is dynamic, we can flexibly generate the MPHT. For which, we can find out the optimal fork according to the number of data blocks to minimize the overhead of the system.

  • 3)

    Compared to the state-of-the-art POR schemes, DIPOR requires less resource to audit the integrity of data and retrieve the corrupted data. Without blocks regenerating, tags regenerating or exponentiation operations, we only carry out multiplication and addition operations during the retrieval, which are much more efficient. Besides, we outsource the calculation of integrity tags to further reduce the user's burden of computing.

  • 4)

    The security analysis demonstrates that DIPOR is provably secure. The integrity tags in DIPOR are unforgettable. Moreover, the scheme can resist the replace attacks and pollution attacks.

The rest of the paper is organized as follows. In Section 2, we introduce the related works, and in Section 3 we introduce preliminaries and system model of DIPOR. Then we present DIPOR in detail in Section 4. Section 5 analyzes the security of DIPOR and Section 6 evaluates the performance of DIPOR. Finally, we summarize the paper in Section 7.

Section snippets

Related work

The integrity and availability of the remote data are two important indicators of the security of cloud storage. To ensure data integrity and availability, many research results have been put forward (Ateniese et al., 2007, Juels and Kaliski, 2007, Garg and Bawa, 2017, Curtmola et al., 2008, Yu et al., 2016, Wang, 2015, Ateniese et al., 2008, Erway et al., 2015, Wang et al., 2009a, Wang et al., 2017, Huang et al., 2016, Huang et al., 2017a, Fu et al., 2015, Fu et al., 2017, Wang et al., 2010,

Preliminaries

  • 1)

    Bilinear Map: Let G and GT be two multiplicative cyclic groups with the same prime order p. e:G×GGT is a bilinear map which satisfies the following properties.

  • Computable: There exists an efficient probabilistic polynomial time (PPT) algorithm for computing e;

  • Bilinear: g1,g2G,m,nZp,e(g1m,g2n)=e(g1,g2)mn

  • Non-degeneracy: e(g,g)1, where g is the generator of G.

  • 2)

    Information Dispersal Algorithm: IDA (Rabin, 1989) is an algorithm used to reconstruct divided data blocks. It randomly selects an n*m

The proposed scheme

In our scheme, there are five phases, Setup, Store, Audit, Retrieval and Update phase. In Setup phase, DIPOR generates parameters and keys for the system. The coefficient vectors are also obtained in this phase. Next is Store phase, the original file F is processed into coded file F, and the coefficient vectors are encrypted with the secret key κenc. Then the processed file and encrypted coefficient vectors will be sent to the outsourcer, we employ it to calculate the integrity tags of coded

Security analysis

In this section, we prove the security of DIPOR through the following theorems.

Theorem 1

(Correctness): According to data blocks Fi and corresponding tags Ψi stored in the storage server i, TPA is able to verify the integrity of these blocks correctly during Audit phase and Retrieval phase. Given server i's coefficient vectors Φi and matching tags ωi, TPA also can validate the integrity of these vectors accurately.eσi,g=ekΙσikvk,g=ekΙH1i,kυ·xicikυvk,g=ekΙH1i,k·xicikυvk,g=ekΙH1i,k·xicikvk,gυ=ekΙH

Performance evaluations

In this section, we demonstrate the efficiency of DIPOR by numerical and experimental analysis.

Conclusions

In this paper, we propose a novel dynamic POR scheme based on IDA algorithm for cloud storage systems. Unlike most existing schemes, our DIPOR not only can verify the integrity of remote data, but also can retrieve the corrupted data blocks completely. Furthermore, DIPOR greatly improves the performance of the dynamic modify operations. The user can choose the number of forks based on the size of the number of data blocks. In addition, DIPOR extremely reduces the cost of computation compared to

Acknowledgements

This work is supported by National Science Foundation of China (61572255), the Six talent peaks project of Jiangsu Province China (XYDXXJS-032), the Open Project Program of the Guizhou Provincial Key Laboratory of Public Big Data (2017BDKFJJ031).

Anmin Fu is currently an associate professor and supervisor of Ph.D. students of Nanjing University of Science and Technology, China. He received his B.S. degree in Communication Engineering from Lanzhou University of Technology, China, in 2005. He received his M.S. and Ph.D. degrees in Cryptography and Information Security from Xidian University in 2008 and 2011, respectively. His research interests include cloud computing security and applied cryptography.

References (41)

  • A.G. Dimakis et al.

    Network coding for distributed storage systems

    IEEE Trans. Inf. Theor.

    (2010)
  • C.C. Erway et al.

    Dynamic provable data possession

    ACM Trans. Inf. Syst. Secur. (TISSEC)

    (2015)
  • A. Fu et al.

    Privacy-preserving public auditing for multiple managers shared data in the cloud

    J. Comput. Res. Dev.

    (2015)
  • A. Fu et al.

    NPP: a new privacy-aware public auditing scheme for cloud data sharing with group users

    IEEE Trans. Big Data

    (2017)
  • L. Huang et al.

    Privacy-preserving public auditing for dynamic group based on hierarchical tree

    J. Comput. Res. Dev.

    (2016)
  • L. Huang et al.

    Certificateless public verification scheme with privacy-preserving and message recovery for dynamic group

  • L. Huang et al.

    SeShare: secure cloud data sharing based on blockchain and public auditing

    Concurrency Comput. Pract. Exp.

    (2017)
  • L. Huang et al.

    Privacy-preserving public auditing for non-manager group

  • The Java Pairing Based Cryptography (JPBC) Library Benchmark....
  • A. Juels et al.

    PORs: proofs of retrievability for large files

  • Cited by (40)

    • An improved multi-copy cloud data auditing scheme and its application

      2023, Journal of King Saud University - Computer and Information Sciences
    • Secure and verifiable outsourced data dimension reduction on dynamic data

      2021, Information Sciences
      Citation Excerpt :

      At the same time, big data is often thought of as a data stream, moving at very high transmission speeds. Thus, data outsourced to the cloud in reality tend to be dynamic rather than static, which means incremental data is more common in data processing [20]. When dealing with incremental data, the conventional NMF method needs to decompose historical data and newly added data, consume a large amount of computing and storage resources, and significantly reduce the method’s efficiency.

    • Multicopy provable data possession scheme supporting data dynamics for cloud-based Electronic Medical Record system

      2021, Information Sciences
      Citation Excerpt :

      The challenge/response process in the PDP model is extended to a five-move interactive protocol, but it introduces extra computation and communication costs owning to verifying intermediate parameters and blinding the whole proof. Other aspects, key-exposure resistance [30], proxy auditing [31], eliminating certificate management [32], access control [33], and other fields [34] in public auditing for cloud data have also been extensively researched. Recently, we developed an public auditing scheme [35], where all the data versions and their corresponding tags are remain to achieve data traceability.

    • RNN-DP: A new differential privacy scheme base on Recurrent Neural Network for Dynamic trajectory privacy protection

      2020, Journal of Network and Computer Applications
      Citation Excerpt :

      We use statistical methods to publish data on the premise of protecting users' privacy, so-called privacy data publishing. However, how to balance the conflict between the quality of service and users' privacy is still a tricky issue in differential privacy schemes (Wang et al., 1109), (Fu et al., 2018b). If the users’ privacy is perfectly protected, LBS cannot provide high-quality services to users without accurate location information.

    View all citing articles on Scopus

    Anmin Fu is currently an associate professor and supervisor of Ph.D. students of Nanjing University of Science and Technology, China. He received his B.S. degree in Communication Engineering from Lanzhou University of Technology, China, in 2005. He received his M.S. and Ph.D. degrees in Cryptography and Information Security from Xidian University in 2008 and 2011, respectively. His research interests include cloud computing security and applied cryptography.

    Yuhan Li is currently a M.S. student in computer science from Nanjing University of Science and Technology, China. She received her B.S. degree in Network Engineering from Nanjing University of Science and Technology, China, in 2015. Her research interest includes cloud data security.

    Shui Yu is currently a Senior Lecturer of School of Information Technology, Deakin University. He is a Senior Member of IEEE, and a member of AAAS and ACM, the Vice Chair of Technical Committee on Big Data Processing, Analytics, and Networking of IEEE Communication Society. Dr Yu's research interest includes Cybersecurity, Networking Theory, Big Data, and Mathematical Modelling. He has published two monographs and edited two books on big data, more than 150 technical papers, including top journals and top conferences, such as IEEE TPDS, IEEE TCC, IEEE TCSS, IEEE TC, IEEE TIFS, IEEE TMC, IEEE TKDE, IEEE TETC, and IEEE INFOCOM. Dr Yu initiated the research field of Networking for Big Data in 2013. His h-index is 25. Dr Yu actively serves his research communities in various roles. He served IEEE Transactions on Parallel and Distributed Systems as an AE (2013-2015), and is currently serving the editorial boards of IEEE Communications Surveys and Tutorials (exemplary editor for 2014), IEEE Access, IEEE Internet of Thing Journal, IEEE Communications Letters (exemplary editor for 2016), and a number of other international journals. Moreover, he has organized several Special Issues either on big data or cybersecurity. He has served more than 70 international conferences as a member of organizing committee, such as publication chair for IEEE Globecom 2015 and IEEE INFOCOM 2016 and 2017, TPC co-chair for IEEE BigDataService 2015, IEEE ITNAC 2015, and General chair for ACSW 2017.

    Yan Yu is an associate professor of Nanjing University of Science and Technology, China. He received his B.S. and M.S. degrees from Nanjing University of Science and Technology, China, in 1993 and 2000, respectively. He received his Ph.D. degree in Computer Software and Theory from Nanjing University in 2007. His research interests include network and smartphone security.

    Gongxuan Zhang is a professor and supervisor of Ph.D. students of Nanjing University of Science and Technology, China. He received his M.S. and Ph.D. degrees in computer science from Nanjing University of Science and Technology, China, in 1991 and 2005, respectively. His research interests include web Service and information security.

    View full text