522 research outputs found
Efficient integrity verification of replicated data in cloud
The cloud computing is an emerging model in which computing infrastructure resources are provided as a service over the Internet. Data owners can outsource their data by remotely storing them in the cloud and enjoy on-demand high quality services from a shared pool of configurable computing resources. By using these data storage services, the data owners can relieve the burden of local data storage and maintenance. However, since data owners and the cloud servers are not in the same trusted domain, the outsourced data may be at risk as the cloud server may no longer be fully trusted. Therefore, data integrity is of critical importance in such a scenario. Cloud should let the owners or a trusted third party to check for the integrity of their data storage without demanding a local copy of the data. Owners often replicate their data on the cloud servers across multiple data centers to provide a higher level of scalability, availability, and durability. When the data owners ask the Cloud Service Provider (CSP) to replicate data, they are charged a higher storage fee by the CSP. Therefore, the data owners need to be strongly convinced that the CSP is storing data copies agreed on in the service level contract, and data-updates have been correctly executed on all the remotely stored copies. In this thesis, a Dynamic Multi-Replica Provable Data Possession scheme (DMR-PDP) is proposed that prevents the CSP from cheating; for example, by maintaining fewer copies than paid for and/or tampering data. In addition, we also extended the scheme to support a basic file versioning system where only the difference between the original file and the updated file is propagated rather than the propagation of operations for privacy reasons. DMR-PDP also supports efficient dynamic operations like block modification, insertion and deletion on replicas over the cloud servers --Abstract, page iii
Function-specific schemes for verifiable computation
An integral component of modern computing is the ability to outsource data and computation to powerful remote servers, for instance, in the context of cloud computing or remote file storage. While participants can benefit from this interaction, a fundamental security issue that arises is that of integrity of computation: How can the end-user be certain that the result of a computation over the outsourced data has not been tampered with (not even by a compromised or adversarial server)?
Cryptographic schemes for verifiable computation address this problem by accompanying each result with a proof that can be used to check the correctness of the performed computation. Recent advances in the field have led to the first implementations of schemes that can verify arbitrary computations. However, in practice the overhead of these general-purpose constructions remains prohibitive for most applications, with proof computation times (at the server) in the order of minutes or even hours for real-world problem instances. A different approach for designing such schemes targets specific types of computation and builds custom-made protocols, sacrificing generality for efficiency. An important representative of this function-specific approach is an authenticated data structure (ADS), where a specialized protocol is designed that supports query types associated with a particular outsourced dataset.
This thesis presents three novel ADS constructions for the important query types of set operations, multi-dimensional range search, and pattern matching, and proves their security under cryptographic assumptions over bilinear groups. The scheme for set operations can support nested queries (e.g., two unions followed by an intersection of the results), extending previous works that only accommodate a single operation. The range search ADS provides an exponential (in the number of attributes in the dataset) asymptotic improvement from previous schemes for storage and computation costs. Finally, the pattern matching ADS supports text pattern and XML path queries with minimal cost, e.g., the overhead at the server is less than 4% compared to simply computing the result, for all our tested settings. The experimental evaluation of all three constructions shows significant improvements in proof-computation time over general-purpose schemes
Verifiable Outsourced Database Model: A Game-Theoretic Approach
In the verifiable database (VDB) model, a computationally weak client (database owner) delegates
his database management to a database service provider on the cloud, which is considered
untrusted third party, while users can query the data and verify the integrity of query results. Since
the process can be computationally costly and has a limited support for sophisticated query types
such as aggregated queries, we propose in this research a framework that helps bridge the gap between
security and practicality. The proposed framework remodels the verifiable database problem
using Stackelberg security game. In the new model, the database owner creates and uploads to
the database service provider the database and its authentication structure (AS). Next, the game is
played between the defender (verifier), who is a trusted party to the database owner and runs scheduled
randomized verifications using Stackelberg mixed strategy, and the database service provider.
The idea is to randomize the verification schedule in an optimized way that grants the optimal payoff
for the verifier while making it extremely hard for the database service provider or any attacker
to figure out which part of the database is being verified next.
We have implemented and compared the proposed model performance with a uniform randomization
model. Simulation results show that the proposed model outperforms the uniform randomization
model. Furthermore, we have evaluated the efficiency of the proposed model against
different cost metrics
Survey on securing data storage in the cloud
Cloud Computing has become a well-known primitive nowadays; many researchers and companies are embracing this fascinating technology with feverish haste. In the meantime, security and privacy challenges are brought forward while the number of cloud storage user increases expeditiously. In this work, we conduct an in-depth survey on recent research activities of cloud storage security in association with cloud computing. After an overview of the cloud storage system and its security problem, we focus on the key security requirement triad, i.e., data integrity, data confidentiality, and availability. For each of the three security objectives, we discuss the new unique challenges faced by the cloud storage services, summarize key issues discussed in the current literature, examine, and compare the existing and emerging approaches proposed to meet those new challenges, and point out possible extensions and futuristic research opportunities. The goal of our paper is to provide a state-of-the-art knowledge to new researchers who would like to join this exciting new field
Data Auditing and Security in Cloud Computing: Issues, Challenges and Future Directions
Cloud computing is one of the significant development that utilizes progressive computational power and upgrades data distribution and data storing facilities. With cloud information services, it is essential for information to be saved in the cloud and also distributed across numerous customers. Cloud information repository is involved with issues of information integrity, data security and information access by unapproved users. Hence, an autonomous reviewing and auditing facility is necessary to guarantee that the information is effectively accommodated and used in the cloud. In this paper, a comprehensive survey on the state-of-art techniques in data auditing and security are discussed. Challenging problems in information repository auditing and security are presented. Finally, directions for future research in data auditing and security have been discussed
Data auditing and security in cloud computing: issues, challenges and future directions
Cloud computing is one of the significant development that utilizes progressive computational power and
upgrades data distribution and data storing facilities. With cloud information services, it is essential for
information to be saved in the cloud and also distributed across numerous customers. Cloud information
repository is involved with issues of information integrity, data security and information access by unapproved
users. Hence, an autonomous reviewing and auditing facility is necessary to guarantee that the information is
effectively accommodated and used in the cloud. In this paper, a comprehensive survey on the state-of-art
techniques in data auditing and security are discussed. Challenging problems in information repository auditing
and security are presented. Finally, directions for future research in data auditing and security have been
discusse
Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage
This is the author accepted manuscript. The final version is available from the publisher via the DOI in this record.Remote data integrity checking (RDIC) enables a
data storage server, such as a cloud server, to prove to a
verifier that it is actually storing a data owner’s data honestly.
To date, a number of RDIC protocols have been proposed in
the literature, but almost all the constructions suffer from the
issue of a complex key management, that is, they rely on the
expensive public key infrastructure (PKI), which might hinder
the deployment of RDIC in practice. In this paper, we propose
a new construction of identity-based (ID-based) RDIC protocol
by making use of key-homomorphic cryptographic primitive
to reduce the system complexity and the cost for establishing
and managing the public key authentication framework in PKI
based RDIC schemes. We formalize ID-based RDIC and its
security model including security against a malicious cloud server
and zero knowledge privacy against a third party verifier. We
then provide a concrete construction of ID-based RDIC scheme
which leaks no information of the stored files to the verifier
during the RDIC process. The new construction is proven secure
against the malicious server in the generic group model and
achieves zero knowledge privacy against a verifier. Extensive
security analysis and implementation results demonstrate that
the proposed new protocol is provably secure and practical in
the real-world applications.This work is supported by
the National Natural Science Foundation of China
(61501333,61300213,61272436,61472083), Fok Ying Tung
Education Foundation (141065), Program for New Century
Excellent Talents in Fujian University (JA1406
Enable Tpa To Perform Audits For Multiple Users Efficiently For Securing Cloud Storage
The concept of public audit capability has been planned in the conditions of make certain remotely stored data reliability under different system and security models. To fully make sure the data honesty and save the cloud users’ calculation possessions as well as online burden it is of significant consequence to help public auditing service for cloud data storage so that users may alternative to an independent third-party auditor (TPA) to re-evaluate the outsourced data when needed. The TPA who has know-how and potential that users do not can intermittently check the integrity of all the data stored in the cloud on behalf of the users which provides a much more easier and sensible way for the users to make sure their storage correctness in the cloud. Furthermore in addition to help users to assess the danger of their subscribed cloud data services the audit results from TPA would also be beneficial for the cloud service providers to recover their cloud-based service platform and even serve up for independent negotiation purposes.
- …