The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.02 - Feb. (2013 vol.62)
pp: 362-375
Cong Wang , Illinois Institute of Technology, Chicago
Sherman S.M. Chow , University of Waterloo, Waterloo
Qian Wang , Illinois Institute of Technology, Chicago
Kui Ren , Illinois Institute of Technology, Chicago
Wenjing Lou , Virginia Polytechnic Institute and State University, Falls Church
ABSTRACT
Using cloud storage, users can remotely store their data and enjoy the on-demand high-quality applications and services from a shared pool of configurable computing resources, without the burden of local data storage and maintenance. However, the fact that users no longer have physical possession of the outsourced data makes the data integrity protection in cloud computing a formidable task, especially for users with constrained computing resources. Moreover, users should be able to just use the cloud storage as if it is local, without worrying about the need to verify its integrity. Thus, enabling public auditability for cloud storage is of critical importance so that users can resort to a third-party auditor (TPA) to check the integrity of outsourced data and be worry free. To securely introduce an effective TPA, the auditing process should bring in no new vulnerabilities toward user data privacy, and introduce no additional online burden to user. In this paper, we propose a secure cloud storage system supporting privacy-preserving public auditing. We further extend our result to enable the TPA to perform audits for multiple users simultaneously and efficiently. Extensive security and performance analysis show the proposed schemes are provably secure and highly efficient. Our preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.
INDEX TERMS
Cloud computing, Servers, Protocols, Memory, Outsourcing, Cryptography, zero knowledge, Data storage, privacy preserving, public auditability, cloud computing, delegation, batch verification
CITATION
Cong Wang, Sherman S.M. Chow, Qian Wang, Kui Ren, Wenjing Lou, "Privacy-Preserving Public Auditing for Secure Cloud Storage", IEEE Transactions on Computers, vol.62, no. 2, pp. 362-375, Feb. 2013, doi:10.1109/TC.2011.245
REFERENCES
[1] C. Wang, Q. Wang, K. Ren, and W. Lou, “Privacy-Preserving Public Auditing for Storage Security in Cloud Computing,” Proc. IEEE INFOCOM '10, Mar. 2010.
[2] P. Mell and T. Grance, “Draft NIST Working Definition of Cloud Computing,” http://csrc.nist.gov/groups/SNS/cloud-computing index.html, June 2009.
[3] M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, R.H. Katz, A. Konwinski, G. Lee, D.A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “Above the Clouds: A Berkeley View of Cloud Computing,” Technical Report UCB-EECS-2009-28, Univ. of California, Berkeley, Feb. 2009.
[4] Cloud Security Alliance, “Top Threats to Cloud Computing,” http:/www.cloudsecurityalliance.org, 2010.
[5] M. Arrington, “Gmail Disaster: Reports of Mass Email Deletions,” http://www.techcrunch.com/2006/12/28gmail-disasterreports-of-mass-email-deletions /, 2006.
[6] J. Kincaid, “MediaMax/TheLinkup Closes Its Doors,” http://www.techcrunch.com/2008/07/10mediamaxthelinkup-closes-its-doors /, July 2008.
[7] Amazon.com, “Amazon s3 Availability Event: July 20, 2008,” http://status.aws.amazon.coms3-20080720.html , July 2008.
[8] Q. Wang, C. Wang, K. Ren, W. Lou, and J. Li, “Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing,” IEEE Trans. Parallel and Distributed Systems, vol. 22, no. 5, pp. 847-859, May 2011.
[9] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, “Provable Data Possession at Untrusted Stores,” Proc. 14th ACM Conf. Computer and Comm. Security (CCS '07), pp. 598-609, 2007.
[10] M.A. Shah, R. Swaminathan, and M. Baker, “Privacy-Preserving Audit and Extraction of Digital Contents,” Cryptology ePrint Archive, Report 2008/186, 2008.
[11] A. Juels and J. Burton, S. Kaliski, “PORs: Proofs of Retrievability for Large Files,” Proc. ACM Conf. Computer and Comm. Security (CCS '07), pp. 584-597, Oct. 2007.
[12] Cloud Security Alliance, “Security Guidance for Critical Areas of Focus in Cloud Computing,” http:/www.cloudsecurityalliance. org, 2009.
[13] H. Shacham and B. Waters, “Compact Proofs of Retrievability,” Proc. Int'l Conf. Theory and Application of Cryptology and Information Security: Advances in Cryptology (Asiacrypt), vol. 5350, pp. 90-107, Dec. 2008.
[14] C. Wang, K. Ren, W. Lou, and J. Li, “Towards Publicly Auditable Secure Cloud Data Storage Services,” IEEE Network Magazine, vol. 24, no. 4, pp. 19-24, July/Aug. 2010.
[15] M.A. Shah, M. Baker, J.C. Mogul, and R. Swaminathan, “Auditing to Keep Online Storage Services Honest,” Proc. 11th USENIX Workshop Hot Topics in Operating Systems (HotOS '07), pp. 1-6, 2007.
[16] 104th United States Congress, “Health Insurance Portability and Accountability Act of 1996 (HIPPA),” http://aspe.hhs.gov/ admnsimppl104191.htm , 1996.
[17] R. Curtmola, O. Khan, and R. Burns, “Robust Remote Data Checking,” Proc. Fourth ACM Int'l Workshop Storage Security and Survivability (StorageSS '08), pp. 63-68, 2008.
[18] K.D. Bowers, A. Juels, and A. Oprea, “Proofs of Retrievability: Theory and Implementation,” Proc. ACM Workshop Cloud Computing Security (CCSW '09), pp. 43-54, 2009.
[19] D. Boneh, B. Lynn, and H. Shacham, “Short Signatures from the Weil Pairing,” J. Cryptology, vol. 17, no. 4, pp. 297-319, 2004.
[20] A.L. Ferrara, M. Green, S. Hohenberger, and M. Pedersen, “Practical Short Signature Batch Verification,” Proc. Cryptographers' Track at the RSA Conf. 2009 on Topics in Cryptology (CT-RSA), pp. 309-324, 2009.
[21] G. Ateniese, R.D. Pietro, L.V. Mancini, and G. Tsudik, “Scalable and Efficient Provable Data Possession,” Proc. Int'l Conf. Security and Privacy in Comm. Networks (SecureComm '08), pp. 1-10, 2008.
[22] C. Wang, Q. Wang, K. Ren, and W. Lou, “Towards Secure and Dependable Storage Services in Cloud Computing,” IEEE Trans. Service Computing, vol. 5, no. 2, 220-232, Apr.-June 2012.
[23] C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia, “Dynamic Provable Data Possession,” Proc. ACM Conf. Computer and Comm. Security (CCS '09), pp. 213-222, 2009.
[24] R.C. Merkle, “Protocols for Public Key Cryptosystems,” Proc. IEEE Symp. Security and Privacy, 1980.
[25] G. Ateniese, S. Kamara, and J. Katz, “Proofs of Storage from Homomorphic Identification Protocols,” Proc. 15th Int'l Conf. Theory and Application of Cryptology and Information Security: Advances in Cryptology (ASIACRYPT), pp. 319-333, 2009.
[26] M. Bellare and G. Neven, “Multi-Signatures in the Plain Public-Key Model and a General Forking Lemma,” Proc. ACM Conf. Computer and Comm. Security (CCS), pp. 390-399, 2006.
[27] Amazon.com, “Amazon Elastic Compute Cloud,” http://aws. amazon.comec2/, 2009.
[28] Y. Zhu, H. Wang, Z. Hu, G.-J. Ahn, H. Hu, and S. Yau, “Efficient Provable Data Possession for Hybrid Clouds,” Cryptology ePrint Archive, Report 2010/234, 2010.
[29] Y. Dodis, S.P. Vadhan, and D. Wichs, “Proofs of Retrievability via Hardness Amplification,” Proc. Theory of Cryptography Conf. Theory of Cryptography (TCC), pp. 109-127, 2009.
[30] F. Sebe, J. Domingo-Ferrer, A. Martínez-Balleste, Y. Deswarte, and J.-J. Quisquater, “Efficient Remote Data Possession Checking in Critical Information Infrastructures,” IEEE Trans. Knowledge and Data Eng., vol. 20, no. 8, pp. 1034-1038, Aug. 2008.
[31] T. Schwarz and E.L. Miller, “Store, Forget, and Check: Using Algebraic Signatures to Check Remotely Administered Storage,” Proc. IEEE Int'l Conf. Distributed Computing Systems (ICDCS '06), 2006.
[32] R. Curtmola, O. Khan, R. Burns, and G. Ateniese, “MR-PDP: Multiple-Replica Provable Data Possession,” Proc. IEEE Int'l Conf. Distributed Computing Systems (ICDCS '08), pp. 411-420, 2008.
[33] K.D. Bowers, A. Juels, and A. Oprea, “HAIL: A High-Availability and Integrity Layer for Cloud Storage,” Proc. ACM Conf. Computer and Comm. Security (CCS '09), pp. 187-198, 2009.
8 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool