Research On The Key Technologies Of Data Integrity Protection In Cloud Storage

As cloud computing is now achieving worldwide popularity, a new trend of information technology is ever approaching to us. Cloud storage is an important form of Infrastructure as a Service (IaaS) in cloud computing, and brings ever growing convenience to data accessing. However, data security stands as un-evadable challenge as it does in other traditional storage systems. Furthermore, some inherent features, like contract based service model and un-trustworthy servers, make data integrity in cloud storage much more complicated than that of other storages. Hence, security has become one the biggest obstacle between cloud storage and a much bigger user groups.This paper focuses on cloud storage’s data integrity, which is one of the three core factors of data security. On the basis of state of art achievements on data integrity protection in storage systems, this paper makes subtle analysis on the security environment of cloud storage, and presents several research achievements by the author on the key technologies of data integrity protection. The main contents of the paper are as follow:(1) This paper promotes L-POR, a light-weight algorithm for proofs of retrievability (PORs) in cloud storage of archives. After setting up a Byzantine adversary model with limited corrupting capability, L-POR adopts a trusted third party (TTP) for executing data possession checking (DPC) on behalf of the user, and executes data recovery when the severity of corruption reaches a threshold. By adding authentication information of the user directly to the redundancy data generated by error correcting codes, storage overheads for additional authentication metadata are avoided. This algorithm trades some communication performance for efficiency of storage and computations.(2) In order to fix the function or efficiency defects in the now-existing schemes of data possession checking, this paper promotes AITTP, a framework for data possession audit based on implicit TTP. AITTP takes a trusted hardware as an implicit TTP which executes DPC on behalf of the user, and generates trustworthy tamper-evident audit logs, which are stored on the cloud storage servers and whose integrity is guaranteed through cryptographic designs and triple party interactions. A trusted hardware integrated with a cloud server can fulfill cryptographic computations independently and without being intervened by others, which helps solve the problem that a trustworthy third party is hard to implement on-premise. The combination of trusted hardware and audit logs provides AITTP with inherent supports for public audit, privacy-preserving and off-line audit, thus leaving the design of DPC algorithms free of those reckonings.(3) This paper promotes an accountability scheme for data integrity in cloud storage based on a TTP. In the scheme, every write operation carried out between a user and a provider is assigned with an attestation authenticated by TTP, thus holding accountable both the provider and the user. The attestations are stored in the cloud servers in order to reduce users’burdens, and this paper designs an algorithm for ensuring the integrity of the attestation chains on the basis of Merkel Hash Trees (MHTs), which ensures that the providers cannot tamper or discard any of the attestations without being detected. Moreover, the paper provides designs of feasible protocols for generating attestations and auditing through them. Simulation results show that the attestation generating protocol brings little effect on the efficiency of operations.(4) A prototype cloud storage system, CS-IPA, supporting data integrity protection and accounting is designed and implemented with the adoption of a TTP. CS-IPA organically integrates a POR algorithm and a data integrity accounting scheme which both could be validated by the system, and provides references for actual deployment. The paper also provides collaborating mechanism between POR and data integrity accounting in cloud storage scenario.