| As the computer technology evolves rapidly in recent years, cloud computing has become an essential part of people's life and work, especially, the cloud storage service which provides massive storage space. Since cloud storage service is economical, easy to use, ubiquitously accessible, it is widely adopted by diverse users, like small and mid-sized corporations, academic organizations and individuals. Moreover, the development of cloud computing also makes application-as-a-service business model more and more prevalent, and lots of users are outsourcing their data to the cloud. However, even though the infrastructure of cloud is generally more powerful, secure and reliable than personal workstations, it is still bothered by existing security threats. Once the secure shelter of the cloud is cracked down, user data may get corrupted or lost. Because user does not physically possess data, user cannot know the incident in time. This paper researches on the integrity auditing for data in cloud storage, points out several new problems in current cloud data auditing schemes, and proposes corresponding solutions:1. In the auditing schemes for shared data in cloud storage, the absolute privacy of member identity causes the problem that a dishonest member cannot be found out after he maliciously modified shared data. This paper proposes a solution in which group manager is introduced to help group member generate authenticators. In this way, the identity privacy of members is preserved and malicious modification is effectively prevented. The security and correctness of proposed solution are proved, and the efficiency of the solution is tested via experimental results2. For some data on the Internet, it becomes valid once owner signs a signature on it. Since the authenticator in data auditing schemes can be regarded as signature on this data, other entities can use these data arbitrarily which may lead to financial or reputational losses. This paper proposes a novel authenticator that supports integrity checking while the content of authenticator is unknowable to the cloud. The invisible authenticator cannot be used as signature anymore and thus protects the outsourced data. This paper also proves that this solution is secure and the extra computation for authenticator privacy is negligible.3. In current public auditing schemes for cloud storage, anyone can challenge the cloud for integrity checking. Thus malicious entity can launch denial of service attack by sending massive challenges to the cloud, which makes other users unable to use the services normally. To prevent this attack, this paper proposes to provide constraints on challenge messages. The cloud only responds to valid challenges, while the number of valid challenges an authenticated auditor can make is limited. This solution is proved to be secure via detailed proof and efficient through practical experiments. |
PDF Full Text Request