A Generic Dynamic Provable Data Possession Framework

Ateniese et al. introduced the Provable Data Possession (PDP) model in 2007. Following that, Erway et al. adapted the model for dynamically updatable data, and called it the Dynamic Provable Data Possession (DPDP) model. The idea is that a client outsources her files to a server, and later on challenges the server to obtain a proof that her data is kept intact. During recent years, many schemes have been proposed for this purpose, all following a similar framework. We analyze in detail the exact requirements of dynamic data outsourcing schemes regarding security and efficiency, and propose a general framework for constructing such schemes that encompasses existing DPDP-like schemes as different instantiations. We show that a dynamic data outsourcing scheme can be constructed given black-box access to an implicitly-ordered authenticated data structure (that we define). Moreover, for blockless verification efficiency, a homomorphic verifiable tag scheme is also needed. We investigate the requirements and conditions these building blocks should satisfy, using which one can easily check applicability of a given building block for dynamic data outsourcing. Finally, we provide a comparison among different building blocks

Developing a library for proofs of data possession in Charm

Provable Data Possession (PDP) is a cryptographic tool for auditing big data on a storage server or in the cloud. The goal of PDP is to efficiently verify that the server is storing the data. PDP provides probabilistic guarantees that the server is storing the information, and it will be available when needed, without accessing the entire file. In this work, we have developed a PDP module for the Charm cryptographic framework. We wrote an application programmer interface (API) for generic PDP schemes. We implemented the simple MAC-PDP scheme with efficient subroutines for sub-linear sampling. We hope that this work will encourage further study in the rapid prototyping and evaluation of new PDP schemes in the Charm framework.http://archive.org/details/developinglibrar1094534728Civilian, Department of the NavyApproved for public release; distribution is unlimited

Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage

This is the author accepted manuscript. The final version is available from the publisher via the DOI in this record.Remote data integrity checking (RDIC) enables a data storage server, such as a cloud server, to prove to a verifier that it is actually storing a data owner’s data honestly. To date, a number of RDIC protocols have been proposed in the literature, but almost all the constructions suffer from the issue of a complex key management, that is, they rely on the expensive public key infrastructure (PKI), which might hinder the deployment of RDIC in practice. In this paper, we propose a new construction of identity-based (ID-based) RDIC protocol by making use of key-homomorphic cryptographic primitive to reduce the system complexity and the cost for establishing and managing the public key authentication framework in PKI based RDIC schemes. We formalize ID-based RDIC and its security model including security against a malicious cloud server and zero knowledge privacy against a third party verifier. We then provide a concrete construction of ID-based RDIC scheme which leaks no information of the stored files to the verifier during the RDIC process. The new construction is proven secure against the malicious server in the generic group model and achieves zero knowledge privacy against a verifier. Extensive security analysis and implementation results demonstrate that the proposed new protocol is provably secure and practical in the real-world applications.This work is supported by the National Natural Science Foundation of China (61501333,61300213,61272436,61472083), Fok Ying Tung Education Foundation (141065), Program for New Century Excellent Talents in Fujian University (JA1406

Entangled cloud storage

Entangled cloud storage (Aspnes et al., ESORICS 2004) enables a set of clients to “entangle” their files into a single clew to be stored by a (potentially malicious) cloud provider. The entanglement makes it impossible to modify or delete significant part of the clew without affecting all files encoded in the clew. A clew keeps the files in it private but still lets each client recover his own data by interacting with the cloud provider; no cooperation from other clients is needed. At the same time, the cloud provider is discouraged from altering or overwriting any significant part of the clew as this will imply that none of the clients can recover their files. We put forward the first simulation-based security definition for entangled cloud storage, in the framework of universal composability (Canetti, 2001). We then construct a protocol satisfying our security definition, relying on an entangled encoding scheme based on privacy-preserving polynomial interpolation; entangled encodings were originally proposed by Aspnes et al. as useful tools for the purpose of data entanglement. As a contribution of independent interest we revisit the security notions for entangled encodings, putting forward stronger definitions than previous work (that for instance did not consider collusion between clients and the cloud provider). Protocols for entangled cloud storage find application in the cloud setting, where clients store their files on a remote server and need to be ensured that the cloud provider will not modify or delete their data illegitimately. Current solutions, e.g., based on Provable Data Possession and Proof of Retrievability, require the server to be challenged regularly to provide evidence that the clients’ files are stored at a given time. Entangled cloud storage provides an alternative approach where any single client operates implicitly on behalf of all others, i.e., as long as one client's files are intact, the entire remote database continues to be safe and unblemishe

Data Auditing and Security in Cloud Computing: Issues, Challenges and Future Directions

Cloud computing is one of the significant development that utilizes progressive computational power and upgrades data distribution and data storing facilities. With cloud information services, it is essential for information to be saved in the cloud and also distributed across numerous customers. Cloud information repository is involved with issues of information integrity, data security and information access by unapproved users. Hence, an autonomous reviewing and auditing facility is necessary to guarantee that the information is effectively accommodated and used in the cloud. In this paper, a comprehensive survey on the state-of-art techniques in data auditing and security are discussed. Challenging problems in information repository auditing and security are presented. Finally, directions for future research in data auditing and security have been discussed

Data auditing and security in cloud computing: issues, challenges and future directions

Cloud computing is one of the significant development that utilizes progressive computational power and upgrades data distribution and data storing facilities. With cloud information services, it is essential for information to be saved in the cloud and also distributed across numerous customers. Cloud information repository is involved with issues of information integrity, data security and information access by unapproved users. Hence, an autonomous reviewing and auditing facility is necessary to guarantee that the information is effectively accommodated and used in the cloud. In this paper, a comprehensive survey on the state-of-art techniques in data auditing and security are discussed. Challenging problems in information repository auditing and security are presented. Finally, directions for future research in data auditing and security have been discusse