Research On Data Integrity And Reliability Protection In The Cloud

In the digital age,huge amount of data is produced by people every day.The volume of data is growing in a rapid way,requiring massive resources to store and manage data.For ordinary users,such large amount data has far ex-ceeded their storage capacity.Cloud computing is a new service model that can provide almost unlimited storage and computing resources in a pay-as-you-go way.Therefore,users can outsource their data to cloud servers only by paying a relatively low fee,without spending high costs to establish infrastructure such as software,hardware,etc.Although cloud storage has the advantages of flexible storage space alloca-tion,ubiquitous network access,reduced storage costs,etc.,users lose physical control over their data after these data are outsourced to the cloud,this transfer of control over the data poses new challenges to the security of users'data.To ensure data integrity,users hope that cloud service providers can offer proof of data possession or proof of retrievability,by which users are able to check whether their data are intact on cloud servers.In addition,to ensure high data re-liability in the event of server failure,users often require cloud service providers to store multiple replicas of their data on multiple servers across different data centers.Therefore,users hope that cloud service providers can offer integrity proof for multiple replicas,by which users are able to verify whether multi-ple replicas are correctly stored on the cloud.In this dissertation,we study the problem of how to protect data integrity and reliability in the cloud,the main contributions are summarized as follows:1.We propose an outsourced dynamic provable data possession(ODPDP)scheme that supports batch update.Targeting at the problem of using the one-by-one solution to process multiple update operations is not efficient for the implicitly-indexed authenticated binary tree,we present a multiple leaves au-thentication solution,and further design a batch update algorithm that can exe-cute and verify multiple updates all together.To satisfy the requirement of out-sourced verification,we present an efficient homomorphic verifiable tag based on BLS signature,and further design a log audit mechanism.By means of this mechanism,the user can check the auditor's verification work to prevent collu-sion between the auditor and the cloud service provider;the auditor can prove that he correctly performed the verification work to prevent the collusion of the user and the cloud service provider.Security analysis proves that ODPDP scheme is secure,and experiment results show that ODPDP scheme is efficient.2.Two improved multi-replica proof of retrievability(IMPOR)schemes are proposed.We find that the multi-replica verification scheme Mirror pre-sented in USENIX Security 2016 is easily subject to a storage saving attack,a substitution attack and a forgery attack,which can compromise the integrity of the user's data.To resist the storage saving attack,we present two effective countermeasures,i.e.,selecting a random subset from all sectors to check or verifying all sectors for each challenged replica block.To protect against the substitution attack and forgery attack,a secure authentication tag is designed by binding the index of data block,this tag maintains the advantage of effi-cient verification at the user side.Security analysis proves that both IMPOR schemes achieve security goals.Experiment results show that IMPOR-I scheme keeps the performance of Mirror,but the probability of misbehavior detection is slightly decreased;whereas IMPOR-? scheme keeps the detection probability of Mirror,and achieves the Mirror's verification performance by using a merge strategy.3.We propose a multi-replica dynamic provable data possession(MD-PDP)scheme that supports tree sharing and batch verification.In multi-replica scenario,the storage cost caused by authenticated data structures will increase linearly with the number of replicas.We present a novel tag construction,which uses the hash values of the original data blocks and a replica identifier to com-pute verification tags of the corresponding replica,thus only one set of hash values needs to be stored into the implicitly-indexed authenticated 2-3 tree,so its storage cost is independent of the number of replicas.Given that the one-by-one verification solution consumes extra bandwidth and computing resources,we propose a batch leaves verification solution,which can verify the values and indices of multiple leaf nodes at once.In addition,we exploit the homomorphic property to aggregate the integrity proofs of multiple replicas into one proof,thus reducing the bandwidth consumption and achieving batch verification of multiple replicas.Security analysis proves that MDPDP scheme is secure,and experimental evaluation shows that MDPDP scheme is efficient.4.An improved provable multi-replica dynamic data possession(IPMDDP)scheme is proposed.We find that the multi-replica verification scheme MB-PMDDP presented in TIFS 2015 is vulnerable to a replica-summation attack and a single-replica attack,by which the cloud service provider only needs to invest the storage of one replica,but can still pass the auditor's check.There-fore,the two attacks can compromise the integrity and reliability of the user's data.To prevent the replica-summation attack,we propose a random coefficient should be chosen for each replica,and the cloud service provider should mul-tiply this coefficient by the corresponding replica blocks.To resist the single-replica attack,a secure multi-replica verification tag is designed by binding the replica index.Security analysis proves that IPMDDP scheme achieves the expected security goals.The performance comparison shows that IPMDDP scheme reduces the bandwidth cost of each verification,but its computational performance decreases slightly.