| In recent years, the rapid development of the Internet has accelerated the’cloud era’ coming footsteps. Cloud computing has been envisioned as a next-generation architecture of IT Enterprise. Cloud storage, one of the important applications of cloud computing, is a kind of data storage outsourcing services technology which is derived and developed from the concept of cloud computing. It has gained wide attention for its comparably low-cost, easy-to-use interface and high scalability. But once users delegate the storage and management of their data to the clouds, they cannot control the access and use of data by the conventional security model. This makes users throw doubt upon the security, reliability and availability of cloud storage services, which become important factors hindering the popularity and promotion of cloud storage.Researchers have done a lot of research and achieved some results for data security issues in a single public cloud. Compared to a single cloud server provider’s circumstances, the integrity auditability of data stored on multicloud is more complicated. Multicloud is composed of at least two private clouds or public clouds, who cooperatively store and maintain the user’s data. Recently, Zhu et al. firstly proposed a cooperative provable data possession scheme for such scene. But their protocol has some flaws. Based on the study of Zhu et al., this paper focuses on issues of checking the integrity and availability of data stored on multicloud, and designs a new safe and effective audit program. The main works of the paper are described as follows:(1) The paper proposes a scheme to check the integrity of outsourced data in multicloud. By designating an organizer who is responsible for communication with the third party auditor (TPA), the scheme can conceal the details of data storage from the TPA. Allowing for the organizer being incredible, at the setup phase of scheme, users will generate an additional data block which will be sent to each CSP together with the corresponding verification meta tag. At the audit phase, whichever data blocks are in the challenge request from the TPA, every CSP will send a response to the organizer, which can conceal the details of data storage from the organizer. Thus, the scheme achieves transparent verification. Based on BLS short signature technology, the scheme introduces the sequence-enforced Merkle Hash Tree (sMHT) structure. Before uploading files to the cloud, user will calculate hash value for each file data block, then he constructs a sMHT structure with these hash values as the leave nodes. Finally, the user computes the signature of root in sMHT structure, which will be stored to the organizer together with sMHT. As a result, TPA do not need to keep any information, and he can check the correctness of the data hash values only by verifying the signature of the root, which makes the scheme achieve the stateless public verification. In addition, before sending feedback to the organizer, CSP will blind the linear combination of specified data blocks by random mask technology to protect data privacy. With the introduction of sMHT structure, the scheme can effectively verify whether CSP correctly implements the corresponding data update operation. Meanwhile, the complexity of data insert and delete operations is reduced to O(log n) from O(n).(2) In order to effectively handle multiple auditing tasks, we use the technique of bilinear aggregate signature to further aggregate verification equation for auditing single cloud user’s data into a new one, which can be used to simultaneously verify multiple users’data. Thus, the proposed store audit program for multicloud is extended into a multiuser scenario, where TPA can perform multiple auditing tasks simultaneously. It greatly improve the efficiency of the program. Moreover, by the cloud servers computing intermediate values of the verification for the auditor, our method can further reduce the computing overhead of the auditor. |
PDF Full Text Request