Privacy-Preserving Public Auditing for Secure Cloud Storage
IEEE 2013 Transaction, Computers,ÃƒÆ’Ã¢â‚¬Å¡Ãƒâ€šÃ‚Â Feb 2013
Technology Used: Java/J2EE
Using cloud storage, users can remotely store their data and enjoy the on-demand high-quality applications and services from a shared pool of configurable computing resources, without the burden of local data storage and maintenance. However, the fact that users no longer have physical possession of the outsourced data makes the data integrity protection in cloud computing a formidable task, especially for users with constrained computing resources. Moreover, users should be able to just use the cloud storage as if it is local, without worrying about the need to verify its integrity. Thus, enabling public auditability for cloud storage is of critical importance so that users can resort to a third-party auditor (TPA) to check the integrity of outsourced data and be worry free. To securely introduce an effective TPA, the auditing process should bring in no new vulnerabilities toward user data privacy, and introduce no additional online burden to user. In this paper, we propose a secure cloud storage system supporting privacy-preserving public auditing. We further extend our result to enable the TPA to perform audits for multiple users simultaneously and efficiently. Extensive security and performance analysis show the proposed schemes are provably secure and highly efficient. Our preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.
Public auditability has been proposed in the context of ensuring remotely stored data integrity under different system and security models. Public auditability allows an external party, in addition to the user himself, to verify the correctness of remotely stored data.
ÃƒÂ¯Ã‚ÂÃ‚Â¶ Public auditability do not consider the privacy protection of usersÃƒÂ¢Ã¢â€šÂ¬Ã¢â€žÂ¢ data against external auditors.
ÃƒÂ¯Ã‚ÂÃ‚Â¶ They may potentially reveal user data information to the auditors.
ÃƒÂ¯Ã‚ÂÃ‚Â¶ This severe drawback greatly affects the security of these protocols in Cloud Computing.
Exploiting data encryption before outsourcing is one way to mitigate this privacy concern, but it is only complementary to the privacy preserving public auditing scheme.
ÃƒÂ¯Ã‚ÂÃ‚Â¶ Without a properly designed auditing protocol, encryption itself cannot prevent data from ÃƒÂ¢Ã¢â€šÂ¬Ã…â€œflowing awayÃƒÂ¢Ã¢â€šÂ¬Ã‚Â towards external parties during the auditing process. Thus, it does not completely solve the problem of protecting data privacy but just reduces it to the key management.
ÃƒÂ¯Ã‚ÂÃ‚Â¶ Unauthorized data leakage still remains a problem due to the potential exposure of decryption keys.
The technique of public key based homomorphic linear authenticator (HLA), which enables TPA to perform the auditing without demanding the local copy of data and thus drastically reduces the communication and computation overhead as compared to the straightforward data auditing approaches.
By integrating the HLA with random masking, the proposed protocol guarantees that the TPA could not learn any knowledge about the data content stored in the cloud server during the efficient auditing process.
ÃƒÂ¯Ã‚ÂÃ‚Â¶ Public auditing system of data storage security in Cloud Computing and provide a privacy-preserving auditing protocol, i.e., this scheme enables an external auditor to audit userÃƒÂ¢Ã¢â€šÂ¬Ã¢â€žÂ¢s outsourced data in the cloud without learning the data content.
ÃƒÂ¯Ã‚ÂÃ‚Â¶ Support scalable and efficient public auditing in the Cloud Computing. Specifically, achieves batch auditing where multiple delegated auditing tasks from different users can be performed simultaneously by the TPA.
ÃƒÂ¯Ã‚ÂÃ‚Â¶ Provides the security
ÃƒÂ¯Ã‚ÂÃ‚Â¶ Public auditability: to allow TPA to verify the correctness of the cloud data on demand without retrieving a copy of the whole data or introducing additional online burden to the cloud users.
ÃƒÂ¯Ã‚ÂÃ‚Â¶ Storage correctness: to ensure that there exists no cheating cloud server that can pass the TPAÃƒÂ¢Ã¢â€šÂ¬Ã¢â€žÂ¢s audit without indeed storing usersÃƒÂ¢Ã¢â€šÂ¬Ã¢â€žÂ¢ data intact.
ÃƒÂ¯Ã‚ÂÃ‚Â¶ Privacy-preserving: to ensure that the TPA cannot derive usersÃƒÂ¢Ã¢â€šÂ¬Ã¢â€žÂ¢ data content from the information collected during the auditing process.
ÃƒÂ¯Ã‚ÂÃ‚Â¶ Batch auditing: to enable TPA with secure and efficient auditing capability to cope with multiple auditing delegations from possibly large number of different users simultaneously.
ÃƒÂ¯Ã‚ÂÃ‚Â¶ Lightweight: to allow TPA to perform auditing with minimum communication and computation overhead.