Aggregated Privacy-preserving Auditing For Data Integrity In Cloud Storage

As an important cloud service, cloud storage enables data owners remotely store their data in the cloud and provides data access through the network. With data outsourcing service, cloud storage appeals to users with a number of benefits:1) Relief of the burden of storage management; 2) Avoidance of capital expenditure on hardware, software maintenances, and personnel maintenances; 3) Universal data access with location and time independence. Meanwhile, cloud storage also brings new and challenging security threats toward users' outsourced data. Once data are stored in the cloud, the security highly depends on cloud service providers. In fact, the cloud service providers can not be fully trusted. Firstly, objective factors inevitably lead to the loss of data, such as natural disasters, hardware failure, software failure and hacker attack. Secondly, cloud service providers may take untrusted behavior on owner's data. They may discard the data which has not been accessed or rarely accessed, or even hide data loss incidents so as to maintain a reputation. It thus can be seen, cloud storage does not guarantee the integrity of outsourced data.Traditional methods based on signatures or message authentication codes for checking the integrity of data require users to retrieve the entire data from the cloud, which are inefficient because of the large amount of cloud data. To check the integrity of cloud data securely and efficiently, third party auditing has caught researchers'attention in recent years. In the public auditing schemes, data owners divide the file into multiple blocks and compute a data tag for each block. Data blocks and tags are both stored in the cloud, the integrity of data relies on the correctness of these tags by sampling auditing. Public auditing has several advantages:1) Without downloading the entire data.2) Reducing data owners' burden by delegating the auditing task to the auditor.3) Providing unbiased and fair verification result for data owners and cloud service providers. In the public auditing, the auditor must conduct preserve-privacy auditing without obtaining the data content. Otherwise, it may bring new security towards owners' data.When considering group users can access and modify the same cloud data files, public auditing for shared data faces several new challenges, such as identity privacy and user revocation. On the one hand, data owners concerns about the data integrity. On the other hand, the cloud service provider also cares about storage efficiency. When considering these two different aspects together, public auditing for deduplicated data faces several new challenges, such as client-side deduplication of encrypted data, deduplication of data tags and auditing method for deduplicated and encrypted data. Once the cloud data is corrupted, data owners may worry about whether the corrupted data can be repaired or not. Public auditing for regenerating code based cloud data faces several new challenges, such as distributed auditing for redundant data together with error location, pollution attacks during repair process and dynamic auditing for coded data.In this dissertation, several auditing schemes for data integrity under different situation while solving different challenges are proposed. The main work includes as follows:(1) This dissertation proposes a privacy-preserving integrity auditing method for personal data.Firstly, the auditing framework for personal data is designed and the corresponding definition of scheme consisted of 5 algorithms is proposed. To preserve data privacy against the auditor, data proof and tag proof are encrypted and combined by using the bilinearity property of the bilinear pairing on the cloud server. Secondly, an efficient index mechanism was designed to support dynamic auditing, which can ensure that data update operations do not lead to high additional computation or communication cost. The theoretical analysis and experimental results show that the proposed scheme is provably secure. Compared with existing auditing schemes, the efficacy of the proposed individual auditing and batch auditing is improved.(2) This dissertation proposes a privacy-preserving integrity auditing method based on proxy re-signature for shared data.The auditing framework for shared data is designed and the corresponding definition of scheme consisted of 6 algorithms is proposed. To preserve data and identity privacy against the auditor, signatures computed by different users are converted into signatures computed by the challenge user with proxy re-signature, and then encrypt the data proof and signature proof with the bilinearity property of the bilinear pairing on the server side, such that the auditor cannot decrypt it but can verify the correctness of the proofs. The scheme also supports user revocation without re-signing signatures computed by revoked users, while the integrity of shared data can still be correctly checked. Moreover, the auditing is efficient in the sense that the number of pairing operations during auditing is independent of the number of challenged blocks and users. Security analysis demonstrates that our scheme is provably secure. Numeric analysis and simulation results show that both computation and communication costs of our scheme are lower than that of existing schemes.(3) This dissertation proposes a privacy-preserving integrity auditing method based on proxy re-encryption for encrypted data with client-side deduplication.The auditing framework for deduplicated and encrypted data is designed and the corresponding definition of scheme consisted of 7 algorithms is proposed. Deduplication of encrypted data and data integrity checking can be achieved within the same framework. The cloud server can correctly check the ownership for new owners and the auditor can correctly check the integrity of deduplicated data. The proposed scheme supports deduplication of encrypted data by using the method of proxy re-encryption and also achieves deduplication of data tags by aggregating the tags from different owners. The analysis and experiment results show that our scheme is provably secure and efficient.(4) This dissertation proposes a privacy-preserving integrity auditing method based on update matrix for regenerating code based cloud storage.The auditing framework for regenerating coded data is designed and the corresponding definition of scheme consisted of 10 algorithms is proposed. The proposed scheme allows the auditor to check the integrity of data redundantly stored acrossmultiple servers and identify the location of corrupted data when data corruption is detected within one round. To support data dynamics, a novel update method based on matrix and index mechanism is design. The update method supports multiple update requests performed in batch way without downloading and recoding the data file and re-computing the data tags, such that the communication and computation cost can be greatly reduced. Theoretic analysis and experimental results show the security and efficiency of the proposed scheme.