Improved secure fuzzy auditing protocol for cloud data storage | Soft Computing Skip to main content

Advertisement

Springer Nature Link
Log in

Improved secure fuzzy auditing protocol for cloud data storage

  • Methodologies and Application
  • Published:
Soft Computing Aims and scope Submit manuscript

Abstract

Nowadays, more and more people prefer to outsource their storage to the cloud; however, due to some accidents, cloud storage service providers may lose some data outsourced by the data owners. Thus a mechanism to ensure the outsourced cloud data remaining intact is needed for smoothly running the cloud storage service. Fuzzy cloud auditing protocol is such a mechanism running between data owners and cloud storage service providers. In these protocols, the data owner fuzzy challenges the cloud storage servers on the randomly chosen data blocks with random values, the servers need to response with corrected aggregated tag proof to pass through the auditing process. Until now, there are many fuzzy cloud auditing protocols with various interesting properties. In 2015, Yuan et al. proposed an auditing scheme supporting publicly integrity checking and dynamic data sharing with multi-user modification, which aims at allowing multiple cloud users to modify data while ensuring the cloud data’s integrity. Also recently Yuan et al. proposed a public proofs of retrievability (POR) in cloud with constant cost, they showed their scheme is the first POR scheme which can simultaneously achieve public verifiability, constant communication and computational costs on users, and prove the security of their scheme. However, in this paper, we show their schemes are not secure, concretely, the tags in their schemes can be easily forged. We also give an improved fuzzy cloud auditing scheme for the data owners.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Japan)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

References

  • Ateniese G, Burns RC, Curtmola R, Herring J, Kissner L, Peterson ZNJ, Song D (2007) Provable data possession at untrusted stores. In: Ning P, di Vimercati SDC, Syverson PF (eds) ACM CCS 07. ACM Press, New York, pp 598–609

    Chapter  Google Scholar 

  • Cash D, Küpçü A, Wichs D (2013) Dynamic proofs of retrievability via oblivious RAM. In: Johansson T, Nguyen PQ (eds) EUROCRYPT 2013, vol 7881. Springer, Heidelberg, LNCS, pp 279–295. https://doi.org/10.1007/978-3-642-38348-9_17

  • Cristina D, Elena A, Catalin L, Valentin C (2014) A solution for the management of multimedia sessions in hybrid clouds. Int J Space-Based Situat Comput 4(2):77–87

    Article  Google Scholar 

  • Guo S, Xu H (2015) A secure delegation scheme of large polynomial computation in multi-party cloud. Int J Grid Util Comput 6(2):1–7

    Google Scholar 

  • Halevi S, Harnik D, Pinkas B, Shulman-Peleg A (2011) Proofs of ownership in remote storage systems. In: Chen Y, Danezis G, Shmatikov V (eds) ACM CCS 11, ACM Press, pp 491–500

  • Juels A, Kaliski BS Jr (2007) PORs: proofs of retrievability for large files. In: Ning P, di Vimercati SDC, Syverson PF (eds) ACM CCS 07. ACM Press, New York, pp 584–597

    Chapter  Google Scholar 

  • Li Q, Ma J, Li R, Liu X, Xiong J (2016) Secure, efficient and revocable multi-authority access control system in cloud storage. Comput Secur 59(C):45–59

    Article  Google Scholar 

  • Ma R, Xiong J, Lin M, Ye A (2017) Privacy protection-oriented mobile crowdsensing analysis based on game theory. IEEE TrustCom 2017

  • Meriem T, Mahmoud B, Fabrice K (2014) An approach for developing an interoperability mechanism between cloud providers. Int J Space-Based Situat Comput 4(2):88–99

    Article  Google Scholar 

  • Ning P, di Vimercati SDC, Syverson PF (eds) (2007) ACM CCS 07. ACM Press, New York

    Google Scholar 

  • Shacham H, Waters B (2008) Compact proofs of retrievability. In: Pieprzyk J (ed) ASIACRYPT 2008, vol 5350. Springer, Heidelberg, LNCS, pp 90–107

  • Shi E, Stefanov E, Papamanthou C (2013) Practical dynamic proofs of retrievability. In: Sadeghi AR, Gligor VD, Yung M (eds) ACM CCS 13, ACM Press, pp 325–336

  • Wang H (2013) Proxy provable data possession in public clouds. IEEE Trans Serv Comput 6(4):551–559

    Article  Google Scholar 

  • Wang H (2015) Identity-based distributed provable data possession in multicloud storage. IEEE Trans Serv Comput 8(2):328–340

    Article  Google Scholar 

  • Wang Q, Wang C, Ren K, Lou W, Li J (2012) Enabling public auditability and data dynamics for storage security in cloud computing. IEEE Trans Parallel Distrib Syst 22(5):847–859

    Article  Google Scholar 

  • Wang B, Baochun L, Hui L (2013a) Public auditing for shared data with efficient user revocation in the cloud. In: Proceedings of the 33th conference on information communications (INFOCOM 13), IEEE, pp 2750–2758

  • Wang C, Chow S, Wang Q, Ren K, Lou W (2013b) Privacy-preserving public auditing for secure cloud storage. IEEE Trans Comput 62(2):362–375

    Article  MathSciNet  MATH  Google Scholar 

  • Wang H, He D, Tang S (2016a) Identity-based proxy-oriented data uploading and remote data integrity checking in public cloud. IEEE Trans Inf Forensics Secur 11(6):1165–1176

    Article  Google Scholar 

  • Wang H, Li K, Ota K, Shen J (2016b) Remote data integrity checking and sharing in cloud-based health internet of things. IEICE Trans Inf Syst 99(8):1966–1973

    Article  Google Scholar 

  • Wang Y, Du J, Cheng X, Liu Z, Lin K (2016c) Degradation and encryption for outsourced png images in cloud storage. Int J Grid Util Comput 7(1):22–28

    Article  Google Scholar 

  • Xiong J, Li F, Ma J, Liu X, Yao Z, Chen P (2015) A full lifecycle privacy protection scheme for sensitive data in cloud computing. Peer-to-peer Netw Appl 8(6):1025–1037

    Article  Google Scholar 

  • Xiong J, Zhang Y, Li L, Shen J, Li X, Lin M (2017) ms-PoSW: A multi-server aided proof of shared ownership scheme for secure deduplication in cloud. Concurr Comput Pract Exp. https://doi.org/10.1002/cpe.4252

    Google Scholar 

  • Yang K, Jia X (2013) An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE Trans Parallel Distrib Syst 24(9):1717–1726

    Article  Google Scholar 

  • Yu Y, Zhang Y, Ni J, Au M, Chen L, Liu H (2014) Remote data possession checking with enhanced security for cloud storage. Future Gener Comput Syst. https://doi.org/10.1016/j.future.2014.10.006

    Google Scholar 

  • Yu Y, Au MH, Ateniese G, Huang X, Susilo W, Dai Y, Min G (2016a) Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage. IEEE Trans Inf Forensics Secur. https://doi.org/10.1109/TIFS.2016.2615853

    Google Scholar 

  • Yu Y, Li Y, Ni J, Yang G, Mu Y, Susilo W (2016b) Comments on “public integrity auditing for dynamic data sharing with multi-user modification”. IEEE Trans Inf Forensics Secur 11(3):658–659

    Article  Google Scholar 

  • Yuan J, Yu S (2013) Proofs of retrievability with public verifiability and constant communication cost in cloud. In: Proceedings of the 2013 international workshop on security in cloud computing, cloud computing, pp 19–26

  • Yuan J, Yu S (2014) Efficient public integrity checking for cloud data sharing with multi-user modification. In: Proceedings of the 33rd conference on information communications (INFOCOM 14) IEEE Press, pp 2121–2129

  • Yuan J, Yu S (2015a) Pcpor: Public and constant-cost proofs of retrievability in cloud. J Comput Secur 23:403–425

    Article  Google Scholar 

  • Yuan J, Yu S (2015b) Public integrity auditing for dynamic data sharing with multi-user modification. IEEE Trans Inf Forensics Secur 10(8):1717–1726

    Article  Google Scholar 

  • Zheng Q, Xu S (2011) Secure and efficient proof of storage with deduplication. Cryptology ePrint Archive, Report 2011/529. http://eprint.iacr.org/2011/529

  • Zhu S, Yang X (2015) Protecting data in cloud environment with attribute-based encryption. Int J Grid Util Comput 6(2):91–97

    Article  Google Scholar 

  • Zhu Y, Hu H, Ahn G, Yu M (2012) Cooperative provable data possession for integrity verification in multi cloud storage. IEEE Trans Parallel Distrib Syst 23(12):2231–2244

    Article  Google Scholar 

Download references

Acknowledgements

The authors would like to thanks Yudong Liu for some help on this paper. The second author and fourth author are the corresponding authors. The first and second authors are supported by the National Key R&D Program of China under Grants No. 2017YFB0802000, the National Natural Science Foundation of China under Grant Nos. 61572390, U1736111, the Natural Science Foundation of Ningbo City under Grant No. 201601HJ-B01382, and the Open Foundation of Key Laboratory of Cognitive Radio and Information Processing, Ministry of Education (Guilin University of Electronic Technology) under Grant No. CRKL160202. The fourth author is supported by the National Cryptography Development Fund of China Under Grants No. MMJJ20170112, National Key R&D Program of China under Grants No. 2017YFB0802000, National Nature Science Foundation of China (Grant Nos. 61572521, 61772550, U1636114, 61402531), the Natural Science Basic Research Plan in Shaanxi Province of china (Grant Nos. 2016JQ6037) and Guangxi Key Laboratory of Cryptography and Information Security (No. GCIS201610).

Author information

Authors and Affiliations

  1. State Key Laboratory of Integrated Service Networks, School of Telecommunications Engineering, Xidian University, Xi’an, People’s Republic of China

    Jindan Zhang & Baocang Wang

  2. Xianyang Vocational Technique College, Xi’an, People’s Republic of China

    Jindan Zhang

  3. Key Laboratory of Information and Network Security, Engineering University of CAPF, Xi’an, People’s Republic of China

    Xu An Wang

  4. School of Computer Science, Wuhan University, Wuhan, People’s Republic of China

    Debiao He

  5. Guangxi Key Laboratory of Cryptography and Information Security, Guilin University of Electronic Technology, Guilin, People’s Republic of China

    Jindan Zhang & Xu An Wang

Authors
  1. Jindan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Baocang Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Debiao He
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xu An Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Baocang Wang.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Informed consent

N/A.

Additional information

Communicated by V. Loia.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhang, J., Wang, B., He, D. et al. Improved secure fuzzy auditing protocol for cloud data storage. Soft Comput 23, 3411–3422 (2019). https://doi.org/10.1007/s00500-017-3000-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00500-017-3000-1

Keywords

Search

Navigation