Cloud Data Auditing Using Proofs of Retrievability

Cloud servers offer data outsourcing facility to their clients. A client outsources her data without having any copy at her end. Therefore, she needs a guarantee that her data are not modified by the server which may be malicious. Data auditing is performed on the outsourced data to resolve this issue. Moreover, the client may want all her data to be stored untampered. In this chapter, we describe proofs of retrievability (POR) that convince the client about the integrity of all her data.Comment: A version has been published as a book chapter in Guide to Security Assurance for Cloud Computing (Springer International Publishing Switzerland 2015

Dynamic Provable Data Possession Protocols with Public Verifiability and Data Privacy

Cloud storage services have become accessible and used by everyone. Nevertheless, stored data are dependable on the behavior of the cloud servers, and losses and damages often occur. One solution is to regularly audit the cloud servers in order to check the integrity of the stored data. The Dynamic Provable Data Possession scheme with Public Verifiability and Data Privacy presented in ACISP'15 is a straightforward design of such solution. However, this scheme is threatened by several attacks. In this paper, we carefully recall the definition of this scheme as well as explain how its security is dramatically menaced. Moreover, we proposed two new constructions for Dynamic Provable Data Possession scheme with Public Verifiability and Data Privacy based on the scheme presented in ACISP'15, one using Index Hash Tables and one based on Merkle Hash Trees. We show that the two schemes are secure and privacy-preserving in the random oracle model.Comment: ISPEC 201

State of The Art and Hot Aspects in Cloud Data Storage Security

Along with the evolution of cloud computing and cloud storage towards matu- rity, researchers have analyzed an increasing range of cloud computing security aspects, data security being an important topic in this area. In this paper, we examine the state of the art in cloud storage security through an overview of selected peer reviewed publications. We address the question of defining cloud storage security and its different aspects, as well as enumerate the main vec- tors of attack on cloud storage. The reviewed papers present techniques for key management and controlled disclosure of encrypted data in cloud storage, while novel ideas regarding secure operations on encrypted data and methods for pro- tection of data in fully virtualized environments provide a glimpse of the toolbox available for securing cloud storage. Finally, new challenges such as emergent government regulation call for solutions to problems that did not receive enough attention in earlier stages of cloud computing, such as for example geographical location of data. The methods presented in the papers selected for this review represent only a small fraction of the wide research effort within cloud storage security. Nevertheless, they serve as an indication of the diversity of problems that are being addressed

Entangled cloud storage

Entangled cloud storage (Aspnes et al., ESORICS 2004) enables a set of clients to “entangle” their files into a single clew to be stored by a (potentially malicious) cloud provider. The entanglement makes it impossible to modify or delete significant part of the clew without affecting all files encoded in the clew. A clew keeps the files in it private but still lets each client recover his own data by interacting with the cloud provider; no cooperation from other clients is needed. At the same time, the cloud provider is discouraged from altering or overwriting any significant part of the clew as this will imply that none of the clients can recover their files. We put forward the first simulation-based security definition for entangled cloud storage, in the framework of universal composability (Canetti, 2001). We then construct a protocol satisfying our security definition, relying on an entangled encoding scheme based on privacy-preserving polynomial interpolation; entangled encodings were originally proposed by Aspnes et al. as useful tools for the purpose of data entanglement. As a contribution of independent interest we revisit the security notions for entangled encodings, putting forward stronger definitions than previous work (that for instance did not consider collusion between clients and the cloud provider). Protocols for entangled cloud storage find application in the cloud setting, where clients store their files on a remote server and need to be ensured that the cloud provider will not modify or delete their data illegitimately. Current solutions, e.g., based on Provable Data Possession and Proof of Retrievability, require the server to be challenged regularly to provide evidence that the clients’ files are stored at a given time. Entangled cloud storage provides an alternative approach where any single client operates implicitly on behalf of all others, i.e., as long as one client's files are intact, the entire remote database continues to be safe and unblemishe

A Framework for Protecting Cloud Users from Third Party Auditors

Cloud computing has merged to be a now computing paradigm that lets public to access shared pool of resources without capital investment. The users of cloud need to access resources through Internet in pay per use fashion. Thus there is increased use of storage services of cloud in the real world. This service is known as Infrastructure as a Service (IaaS). However, there are security concerns as this service runs in entrusted environment. To ensure data integrity many public verification or auditing schemes came into existence. Nevertheless, there is a concern when the so called Third Party Auditor (TPA) has malicious intentions. In such cases, protection is required against malicious TPAs. Towards this end, recently, Huang et al. proposed a scheme in which users can directly check the integrity of stored data using a feedback based audit scheme. TPA takes process proof from cloud server and gives feedback to cloud user. The feedback is unforgivable and the TPA cannot make any malicious attacks. Based on this scheme, in this paper, we implemented a prototype application that demonstrates the proof of concept. The empirical results are encouraging. DOI: 10.17762/ijritcc2321-8169.15065

A Novel Scheme For Preserving Owner Privacy And Verifying Data Integrity Of Shared Data In Public Cloud Storage

With the emergence of cloud Technologies, it is important review the integrity of the information that is saved on the public cloud storage systems. When critical and private information which is very sensitive in nature is saved and shared with many uses, it is very much important to safeguard the details of the data owner from the auditor. It means that the auditor should not be able to get any details about the data owner while he is auditing are reviewing the cloud data. Many schemes were proposed that safeguard the user privacy while incorporating the confirmable information possession technique. However, the issue with these schemes is that they have heavy computational cost and they increase the load on the systems and in turn bring down the efficiency. To address all the above mentioned problems, we propose a novel and unique technique to up all the data owner's privacy while auditing the data. The architecture of our proposed scheme is based on identity supported encryption and hence it overcomes the problem of management of certificates and ensures the relation between the data owner and the uploaded data are not exposed to the auditor by encrypting the data  in the proof generation phase but not in the auditing phase. The encryption is also done at block level to safeguard the data from untrusted Cloud Service Provider. In this manner, our scheme provides maximum security from the Cloud Service Provider and the auditor and hence the privacy and anonymity of data is preserved in this mechanism. Experimental results show that our mechanism is effective, efficient and implementable when compared to to the existing systems