SoK: A Practical Cost Comparison Among Provable Data Possession Schemes

Provable Data Possession (PDP) schemes provide users with the ability to efficiently audit and verify the integrity of data stored with potentially unreliable third-parties, such as cloud storage service providers. While dozens of PDP schemes have been developed, no PDP schemes have been practically implemented with an existing cloud service. This work attempts to provide a starting point for the integration of PDP schemes with cloud storage service providers by providing a cost analysis of PDP schemes. This cost analysis is performed by implementing and analyzing five PDP schemes representative of the dozens of various PDP approaches. This paper provides analysis of the overhead and performance of each of these schemes to generate a comparable cost for each scheme using real-world cloud pricing models. Results show that the total cost of each scheme is comparable for smaller file sizes, but for larger files this cost can vary across schemes by an order of magnitude. Ultimately, the difference in cost between the simple MAC-based PDP scheme and the most efficient PDP scheme is negligible. While the MAC-PDP scheme may not be the most efficient, no other scheme improving upon it\u27s complexity can be implemented without the use of additional services or APIs leading to the conclusion that the simplest, storage only PDP scheme is the most practical to implement. Furthermore, the findings in this paper suggest that, in general, PDP schemes optimize on an inaccurate cost model and that future schemes should consider the existing economic realities of cloud services

Cost-effective Data Upkeep in Decentralized Storage Systems

Decentralized storage systems split files into chunks and distribute the chunks across a network of peers. Each peer may only store a few chunks per file. To later reconstruct a file, all its chunks must be downloaded. Chunks can disappear from the network at any time as peers are untrusted and may misbehave, fail or leave the network. Current systems lack a secure and cost-effective mechanism for discovering missing chunks. Hence, a client must periodically re-upload all of the file's chunks to keep it available, even if only a few are missing from the network. Needlessly re-uploading chunks waste significant amounts of the network's bandwidth, takes additional time to complete, and forces the client to pay for unwarranted resources. To address the above problem, we propose SUP, a novel protocol that utilizes proof-of-storage queries to detect missing chunks. We have evaluated SUP on a large cluster of 1000 peers running a recent version of Ethereum Swarm. Our contributions include the design and implementation of SUP and a study of Swarm's redundancy characteristics. Our evaluation shows that SUP significantly improves bandwidth utilization and time spent on data upkeep compared to the existing solution. In common scenarios, SUP can save as much as 94 % bandwidth and reduce the time spent re-uploading by up to 82 %. While dependent on the storage network's bandwidth pricing policy, using SUP may also reduce the overall monetary costs of data upkeep.acceptedVersio

Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage

This is the author accepted manuscript. The final version is available from the publisher via the DOI in this record.Remote data integrity checking (RDIC) enables a data storage server, such as a cloud server, to prove to a verifier that it is actually storing a data owner’s data honestly. To date, a number of RDIC protocols have been proposed in the literature, but almost all the constructions suffer from the issue of a complex key management, that is, they rely on the expensive public key infrastructure (PKI), which might hinder the deployment of RDIC in practice. In this paper, we propose a new construction of identity-based (ID-based) RDIC protocol by making use of key-homomorphic cryptographic primitive to reduce the system complexity and the cost for establishing and managing the public key authentication framework in PKI based RDIC schemes. We formalize ID-based RDIC and its security model including security against a malicious cloud server and zero knowledge privacy against a third party verifier. We then provide a concrete construction of ID-based RDIC scheme which leaks no information of the stored files to the verifier during the RDIC process. The new construction is proven secure against the malicious server in the generic group model and achieves zero knowledge privacy against a verifier. Extensive security analysis and implementation results demonstrate that the proposed new protocol is provably secure and practical in the real-world applications.This work is supported by the National Natural Science Foundation of China (61501333,61300213,61272436,61472083), Fok Ying Tung Education Foundation (141065), Program for New Century Excellent Talents in Fujian University (JA1406