Integrity Testing Program, Outsourced Storage Environment

In recent years, with the explosive expansion of storage needs and the high cost of the storage, outsourcing storage applications have become increasingly practical. Now, users can store large amounts of data in multiple remote servers with relatively low cost. Corporations and common consumers are increasingly turning to outsourcing resources for data storage, with security guarantee that nobody could change or delete their data, as well as file operations are correctly implemented. Some outsourcing storage systems also provide additional services to ensure data confidentiality and integrity of data transmission. However, they do not provide a solution to address the storage data and operations integrity problem (at the same time, the storage server may also be an attacker), which is precisely a very important issue in the outsourcing storage systems. Therefore, the clients should have to develop their own authentication solutions.Now despite that many integrity checking solutions are available, each of which has special scope of application, almost none of them fits well in the oustsourcing environment. The outsourcing storage is not just untrusted, but also needs to be paid for before you use it. Therefore, what outsourcing needs is not just safety, but also cost-efficiency. Thence, when checking the file integrity, not just to calculate a hash value out of the entire file, but to divide the file into blocks, then build a stateful MAC tree, as a result, the solution could support random checking of some file block. In addition to checking the integrity of the file content, the solution could still detect if the file operations are correctly implemented, so that if an operation is not correctly implemented, you do not need to check the file integrity.In this paper, a three-party authentication model (a separate server for authentication is included) is applied, for reducing the size of the trusted storage space (usually, the client's storage space). Meanwhile, in the solution, the stateful MAC tree for checking file content integrity, the skip list for checking operation sequence are used. Besides, the Poly1305-AES as the MAC option has greatly enhanced the computing efficiency. The verification process is managed by applications running in a trusted environment (usually, the client), as long as the authenticated data structure is maintained by the software running in the authentication server.