Public Integrity Auditing Techniques For Enterprise-oriented Cloud Storage

As an important part of cloud computing,cloud storage has attracted more and more enterprises and organizations to migrate their own data to the cloud for its huge advantages including pay-as-you-go and cost-efficiency.However,due to the continuous data leakage incidents of cloud storage in recent years,it is unlikely for the users to trust the guarantee of cloud service providers that they would maintain the data integrally.To bridge the deep trust gap between users and cloud service providers,cloud storage security auditing technique has been proposed to promote the further development of cloud storage.Among them,there have been extensive auditing schemes for personal data,but only few are devoted into enterprise-oriented cloud storage integrity auditing.Compared to the cloud storage services for individual users,cloud storage services for enterprise applications address more severe secure and functional challenges to the design of corresponding auditing schemes for its large volumes of data,multiple types of data,and complex auditing scenarios.In view of above concerns,this paper conducts the following researches:First,with the rapid development of collaborative office within companies and departments,sharing data has become one of the most important branches of enterprise cloud data.To address the concerns for efficient auditing,secure user group management,and identity privacy of users,we present a comprehensive public auditing scheme for shared data with efficient and secure support for group dynamics.To achieve efficient and secure group dynamics,a novel group management mechanism is proposed.In particular,a lazy-revocation-based user revocation strategy is introduced to avoid collusion attacks and can greatly reduce the communication and computational overheads.By the properties of bilinear maps,a tag transforming strategy is presented to convert the signers of tags uniformly into the group manager,thereby protecting the user's identity privacy;a modification record table is designed to record the user's operations on the data blocks,aiming at preventing some dishonest users from tempering with the data blocks.Strict security proof of the proposed scheme ensures the resistance of adversarial threats,including collusion attacks and forge attacks.The theoretical and experimental evaluation results show that the proposed scheme has relatively low computational and communication overhead compared to the state-of-the-art schemes.Second,multi-version data,which is witnessed as an emerging new branch of cloud data,allows users to roll back data changes and withdraw the undesirable modifications.To achieve the efficient auditing for multi-version data and the dynamic support of data versions,we presents a novel public auditing scheme for multi-version data in the cloud,which can achieve secure and efficient verification for all versions of the cloud data all at once.Specifically,we first propose an incremental storage structure to store all the versions in an efficient and low-cost manner;we then design a custom-built tag-generation method for multi-version data that can achieve the authentication for the all versions of a data block with only one tag;moreover,we extend the Dynamic Hash Table to support the effective updating for the multiple versions of cloud data.We formally prove the security of the proposed scheme and evaluate its performance by comprehensive experiments and comparisons with the state-of-the-art scheme.The results demonstrate that the proposed scheme can effectively achieve the public auditing for multi-version data while providing excellent security,and outperforms the previous one in the computation and communication overheads.Third,with the continuous connections of devices and the widespread of fogto-cloud applications,the security and privacy of Io T data have immediately attracted more and more attentions.To realize the auditing in Internet of Things scenarios,this paper presents a tailor-made public auditing scheme for data storage in fog-to-cloud based Io T scenarios,which can achieve all indispensable performance and security requirements.Particularly,we design a tag-transforming strategy based on the bilinear mapping technique to convert the tags generated by mobile sinks to the ones created by the fog node in the phase of proof generation,which cannot only effectively protect the identity privacy,but also reduce the communication and computational costs in the verification phase;moreover,we present a zero-knowledge proof mechanism to verify the integrity of Io T data from various generators(e.g.,mobile sinks and fog nodes)while achieving perfect dataprivacy preserving.We formally prove the security of our scheme,and evaluate its performance by theoretical analysis and comprehensive experiments.The results demonstrate that our scheme can efficiently achieve secure auditing for data storage in fog-to-cloud based Io T scenarios,and outperforms the straight-forward solution in communication and computational costs for verification.