561 research outputs found
Cloud Data Auditing Using Proofs of Retrievability
Cloud servers offer data outsourcing facility to their clients. A client
outsources her data without having any copy at her end. Therefore, she needs a
guarantee that her data are not modified by the server which may be malicious.
Data auditing is performed on the outsourced data to resolve this issue.
Moreover, the client may want all her data to be stored untampered. In this
chapter, we describe proofs of retrievability (POR) that convince the client
about the integrity of all her data.Comment: A version has been published as a book chapter in Guide to Security
Assurance for Cloud Computing (Springer International Publishing Switzerland
2015
Keyword-Based Delegable Proofs of Storage
Cloud users (clients) with limited storage capacity at their end can
outsource bulk data to the cloud storage server. A client can later access her
data by downloading the required data files. However, a large fraction of the
data files the client outsources to the server is often archival in nature that
the client uses for backup purposes and accesses less frequently. An untrusted
server can thus delete some of these archival data files in order to save some
space (and allocate the same to other clients) without being detected by the
client (data owner). Proofs of storage enable the client to audit her data
files uploaded to the server in order to ensure the integrity of those files.
In this work, we introduce one type of (selective) proofs of storage that we
call keyword-based delegable proofs of storage, where the client wants to audit
all her data files containing a specific keyword (e.g., "important"). Moreover,
it satisfies the notion of public verifiability where the client can delegate
the auditing task to a third-party auditor who audits the set of files
corresponding to the keyword on behalf of the client. We formally define the
security of a keyword-based delegable proof-of-storage protocol. We construct
such a protocol based on an existing proof-of-storage scheme and analyze the
security of our protocol. We argue that the techniques we use can be applied
atop any existing publicly verifiable proof-of-storage scheme for static data.
Finally, we discuss the efficiency of our construction.Comment: A preliminary version of this work has been published in
International Conference on Information Security Practice and Experience
(ISPEC 2018
Entangled cloud storage
Entangled cloud storage (Aspnes et al., ESORICS 2004) enables a set of clients to “entangle” their files into a single clew to be stored by a (potentially malicious) cloud provider. The entanglement makes it impossible to modify or delete significant part of the clew without affecting all files encoded in the clew. A clew keeps the files in it private but still lets each client recover his own data by interacting with the cloud provider; no cooperation from other clients is needed. At the same time, the cloud provider is discouraged from altering or overwriting any significant part of the clew as this will imply that none of the clients can recover their files. We put forward the first simulation-based security definition for entangled cloud storage, in the framework of universal composability (Canetti, 2001). We then construct a protocol satisfying our security definition, relying on an entangled encoding scheme based on privacy-preserving polynomial interpolation; entangled encodings were originally proposed by Aspnes et al. as useful tools for the purpose of data entanglement. As a contribution of independent interest we revisit the security notions for entangled encodings, putting forward stronger definitions than previous work (that for instance did not consider collusion between clients and the cloud provider). Protocols for entangled cloud storage find application in the cloud setting, where clients store their files on a remote server and need to be ensured that the cloud provider will not modify or delete their data illegitimately. Current solutions, e.g., based on Provable Data Possession and Proof of Retrievability, require the server to be challenged regularly to provide evidence that the clients’ files are stored at a given time. Entangled cloud storage provides an alternative approach where any single client operates implicitly on behalf of all others, i.e., as long as one client's files are intact, the entire remote database continues to be safe and unblemishe
Dynamic Provable Data Possession Protocols with Public Verifiability and Data Privacy
Cloud storage services have become accessible and used by everyone.
Nevertheless, stored data are dependable on the behavior of the cloud servers,
and losses and damages often occur. One solution is to regularly audit the
cloud servers in order to check the integrity of the stored data. The Dynamic
Provable Data Possession scheme with Public Verifiability and Data Privacy
presented in ACISP'15 is a straightforward design of such solution. However,
this scheme is threatened by several attacks. In this paper, we carefully
recall the definition of this scheme as well as explain how its security is
dramatically menaced. Moreover, we proposed two new constructions for Dynamic
Provable Data Possession scheme with Public Verifiability and Data Privacy
based on the scheme presented in ACISP'15, one using Index Hash Tables and one
based on Merkle Hash Trees. We show that the two schemes are secure and
privacy-preserving in the random oracle model.Comment: ISPEC 201
- …