The Study Of Public Auditing For Shared Data In The Cloud

With the development of cloud computing, users can enjoy cloud data services witha much lower cost than traditional approaches. By leveraging these data services inthe cloud, such as Dropbox, Google Drive, iCloud and etc., users are able to not onlyeasily outsource their data to the cloud but also able to efciently share data with oth-ers. However, the outsourcing and sharing of users’ data with the cloud also introducesignifcant security challenges in the aspect of data integrity. Specifcally, due to thehardware/software failures and human errors, the cloud service providers may acciden-tally modify or remove users’ data. To make this matter even worse, since users no longerphysically possess their own data on local devices while cloud service providers (who areeconomically-driven in general) may be reluctant to report data failures to users in or-der to maximize profts, users have a huge concern about whether the service providerspossess their data correctly in the cloud.Traditional methods for checking the integrity of data (e.g., signatures or messageauthentication codes) require users to retrieve the entire data from the cloud. which wouldbe inefcient due to the large size of cloud data. Using approaches with hash trees wouldbe efcient solutions (without the need of downloading the whole data), but they can onlyprove that the cloud service providers possess correct hash values but not the possessionof the entire data. Therefore, how to verify the correctness of cloud data stored in thecloud without downloading the entire data from the cloud is an interesting and necessarytask. Many schemes have been proposed to ensure the integrity of cloud data efcientlywithout retrieving the entire data from the cloud. Unfortunately, most of these previousworks only focus on protecting the possession of personal data while few of them considerthe case of shared data in the cloud. Auditing the integrity of shared data will bring newchallenges in several aspects, such as identity privacy and dynamic groups.In this dissertation, we design several schemes to efciently audit the integrity ofshared data in the cloud while solving several diferent challenges. The main contributionsof our works can be summarized as follows:(1) We propose a new public auditing scheme, named Panda [4], which is able to checkthe integrity of shared data stored in the cloud while supporting efcient user revo-cation. By leveraging the idea of proxy re-signatures, users can outsource the hugeamount of revocation cost to the cloud, which can essentially improve the efciencyof user revocation. Security analyses show that this proposed scheme is secure, andexperimental results demonstrate the efciency of this scheme during user revocationcompared with previous solutions. (2) We design a privacy-preserving public auditing scheme (named Oruta)[9] for shareddata in the cloud. Compared to the straightforward solutions based on previouswork, the proposed scheme is able to preserve the identity privacy of group membersfrom a public verifer by using a ring-signature-based approach. In addition, theproposed scheme is able to support batch auditing, which can improve the efciencyof multiple auditing tasks by performing multiple auditing tasks simultaneously.(3) We build a privacy-preserving auditing scheme (named Knox)[10] for protecting theintegrity of shared data. Besides preserving identity privacy of group members asour previous design Oruta, Knox can also be efciently performed on groups with alarge number of users. In addition, Knox can support traceability while Oruta failsto achieve. Security analyses and experimental results show the efciency of thisscheme in auditing the correctness of shared data for large groups.(4) Be leveraging the combination of dynamic broadcast encryption and proxy re-signatures, we design a privacy-preserving public auditing scheme [8] for shared data,which only introduces very small cost compared to previous solutions. Besides, it caneasily support dynamic groups.(5) We propose a public auditing scheme [5] by introducing a security mediator in thesystem model. With the help of this security mediator and the technique of blindsignatures, group users can preserve their identity privacy from a public verifer.Compared to our two previous solutions, the storage cost for maintaining verifcationmetadata is constant and much smaller.