Abstract
Sensitive data is usually encrypted to protect against data leakage and unauthorized access for cloud storage services. Generally, the remote user has no knowledge of the actual data format stored in the cloud, even though a cloud server promises to store the data with encryption. Although a few works utilize data encapsulation and remote data checking to detect whether the sensitive data is protected securely in the cloud, they still suffer from a number of limitations, such as heavy computational cost at the user side and poor practicality, that would hinder their adoptions. In this paper, we propose a practical verification scheme to allow users to remotely evaluate the actually deployed data encryption protection in the cloud. We employ the pseudo-random number generator and present a data encapsulation solution, which can benefit users with significant cost savings. By imposing monetary rewards or penalties, our proposed scheme can help ensure that the cloud server stores data encrypted at rest honestly. Extensive experiments are conducted to further demonstrate the efficiency and practicality of the proposed scheme.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Suppose that the size of \(G_i\) is a multiple of \(l_{k}\). If not, we may add some padding to the last piece.
- 2.
Because \(G_{i,j}\) has \(l_k\) bits, \(0 \le G_{i,j} \le 2^{l_k}-1\).
References
Alibaba Cloud. https://www.alibabacloud.com/help/doc-detail/67829.htm?spm=a2c63.p38356.a1.3.3f341fecRxYbAx
Amazon S3. https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html
Microsoft Azure. https://docs.microsoft.com/zh-cn/azure/security/security-azure-encryption-overview
OpenSSL. https://www.openssl.org/
RedLock: Cloud security trends, May 2018 Edition. https://info.redlock.io/cloud-security-trends-may2018?utm_source=website%20direct&utm_medium=feb2018
Alkhojandi, N., Miri, A.: Privacy-preserving public auditing in cloud computing with data deduplication. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 35–48. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17040-4_3
Armknecht, F., Barman, L., Bohli, J.M., et al.: Mirror: enabling proofs of data replication and retrievability in the cloud. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 1051–1068. USENIX Association, Austin (2016)
Armknecht, F., Bohli, J.M., Froelicher, D., et al.: Sport: Sharing proofs of retrievability across tenants. Cryptology ePrint Archive, Report 2016/724 (2016)
Ateniese, G., Burns, R., Curtmola, R., et al.: Provable data possession at untrusted stores. In: ACM Conference on Computer and Communications Security, pp. 598–609 (2007)
Benson, K., Dowsley, R., Shacham, H.: Do you know where your cloud files are? In: ACM Cloud Computing Security Workshop, Ccsw 2011, Chicago, IL, USA, pp. 73–82, October 2011
Bowers, K.D., Dijk, M.V., Juels, A., et al.: How to tell if your cloud files are vulnerable to drive crashes. In: ACM Conference on Computer and Communications Security, CCS 2011, Chicago, Illinois, USA, pp. 501–514, October 2011
van Dijk, M., Juels, A., Oprea, A., et al.: Hourglass schemes: how to prove that cloud files are encrypted, pp. 265–280 (2012)
Fu, A., Yu, S., Zhang, Y., et al.: NPP: a new privacy-aware public auditing scheme for cloud data sharing with group users. IEEE Trans. Big Data 1 (2017)
Gorke, C.A., Janson, C., Armknecht, F., et al.: Cloud storage file recoverability. In: ACM International Workshop on Security in Cloud Computing (2017)
Hu, K., Zhang, W.: Efficient verification of data encryption on cloud servers. In: Twelfth International Conference on Privacy, Security and Trust, pp. 314–321 (2014)
Hur, J., Koo, D., Shin, Y., et al.: Secure data deduplication with dynamic ownership management in cloud storage. IEEE Trans. Knowl. Data Eng. 28(11), 3113–3125 (2016)
Juels, A.: PORs: proofs of retrievability for large files. In: ACM Conference on Computer and Communications Security, pp. 584–597 (2007)
Li, D., Chen, J., Guo, C., et al.: IP-geolocation mapping for moderately connected internet regions. IEEE Trans. Parallel Distrib. Syst. 24(2), 381–391 (2013)
Li, J., Li, J., Xie, D., et al.: Secure auditing and deduplicating data in cloud. IEEE Trans. Comput. 65(8), 2386–2396 (2016)
Long, M., Li, Y., Peng, F.: Dynamic provable data possession of multiple copies in cloud storage based on full-node of AVL tree. Int. J. Digit. Crime Forensics 11(1), 126–137 (2019)
Shen, W., Qin, J., Yu, J., et al.: Enabling identity-based integrity auditing and data sharing with sensitive information hiding for secure cloud storage. IEEE Trans. Inf. Forensics Secur. 14(2), 331–346 (2019)
Wang, B., Li, B., Li, H.: Panda: public auditing for shared data with efficient user revocation in the cloud. IEEE Trans. Serv. Comput. 8(1), 92–106 (2015)
Wang, Q., Ren, K., Lou, W., et al.: Dependable and secure sensor data storage with dynamic integrity assurance. In: INFOCOM, pp. 954–962 (2009)
Wang, Q., Wang, C., Ren, K., et al.: Enabling public auditability and data dynamics for storage security in cloud computing. IEEE Trans. Parallel Distrib. Syst. 22(5), 847–859 (2011)
Wang, Z., Sun, K., Jing, J., et al.: Verification of data redundancy in cloud storage. In: Proceedings of the 2013 international workshop on Security in cloud computing, pp. 11–18 (2013)
Wu, Y., Jiang, Z.L., Wang, X., et al.: Dynamic data operations with deduplication in privacy-preserving public auditing for secure cloud storage. In: IEEE International Conference on Computational Science and Engineering, pp. 562–567 (2017)
Yang, G., Yu, J., Shen, W., et al.: Enabling public auditing for shared data in cloud storage supporting identity privacy and traceability. J. Syst. Softw. 113, 130–139 (2016)
Acknowledgments
This research was supported by National Key Research and Development Program of China (Grant No. 2017YFB0802404) and partially supported by National Natural Science Foundation of China (Award No. 61772518).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Fang, J., Liu, L., Lin, J. (2019). Practical Verification of Data Encryption for Cloud Storage Services. In: Ferreira, J., Musaev, A., Zhang, LJ. (eds) Services Computing – SCC 2019. SCC 2019. Lecture Notes in Computer Science(), vol 11515. Springer, Cham. https://doi.org/10.1007/978-3-030-23554-3_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-23554-3_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-23553-6
Online ISBN: 978-3-030-23554-3
eBook Packages: Computer ScienceComputer Science (R0)