SLGP Header

Remote Data Auditing Scheme in Secured Cloud Storage Environment

IJCSEC Front Page

Cloud data centers are used to maintain the shared data values for the data owners .Data owners and public verifiers are involved to efficiently audit cloud data integrity without retrieving the entire data from the cloud server. File and block signatures are used in the integrity verification process. Public data auditing schemes are tuned to verify the encrypted cloud storage environment. “One Ring to RUle Them All” (Oruta) scheme is used for privacy-preserving public auditing process. In oruta homomorphic authenticators are constructed using Ring Signatures. Ring signatures are used to compute verification metadata needed to audit the correctness of shared data. The identity of the signer on each block in shared data is kept private from public verifiers. Homomorphic authenticable ring signature (HARS) scheme is applied to provide identity privacy with blockless verification. Batch auditing mechanism supports to perform multiple auditing tasks simultaneously.Oruta is compatible with random masking to preserve data privacy from public verifiers. Dynamic data management process is handled with index hash tables. Traceability is not supported in oruta scheme. Data dynamism sequence is not managed by the system. The system obtains high computational overhead.Privacy preserved data verification techniques are applied on the cloud data centers to check the encrypted data values. Traceability features are provided with identity privacy. Group manager or data owner can be allowed to reveal the identity of the signer based on verification metadata. Data version management mechanism is integrated with the system.
Cloud computing has been envisioned as the next generation information technology (IT) architecture for enterprises, due to its long list of unprecedented advantages in the IT history: on-demand self-service, ubiquitous network access, location independent resource pooling, rapid resource elasticity, usage-based pricing and transference of risk [2]. As a disruptive technology with profound implications, cloud computing is transforming the very nature of how businesses use information technology. One fundamental aspect of this paradigm shifting is that data are being centralized or outsourced to the cloud. From users’ perspective, including both individuals and IT enterprises, storing data remotely to the cloud in a flexible on-demand manner brings appealing benefits: relief of the burden for storage management, universal data access with location independence and avoidance of capital expenditure on hardware, software and personnel maintenances, etc., [3]. While cloud computing makes these advantages more appealing than ever, it also brings new and challenging security threats toward users’ outsourced data. Since cloud service providers (CSP) are separate administrative entities, data outsourcing is actually relinquishing user’s ultimate control over the fate of their data. As a result, the correctness of the data in the cloud is being put at risk due to the following reasons. First of all, although the infrastructures under the cloud are much more powerful and reliable than personal computing devices, they are still facing the broad range of both internal and external threats for data integrity [4]. Examples of outages and security breaches of noteworthy cloud services appear from time to time. Second, there do exist various motivations for CSP to behave unfaithfully toward the cloud users regarding their outsourced data status. For examples, CSP might reclaim storage for monetary reasons by discarding data that have not been or are rarely accessed, or even hide data loss incidents to maintain a reputation [8]. In short, although outsourcing data to the cloud is economically attractive for long-term large-scale storage, it does not immediately offer any guarantee on data integrity and availability. This problem, if not properly addressed, may impede the success of cloud architecture.
As users no longer physically possess the storage of their data, traditional cryptographic primitives for the purpose of data security protection cannot be directly adopted. In particular, simply downloading all the data for its integrity verification is not a practical solution due to the expensiveness in I/O and transmission cost across the network. Besides, it is often insufficient to detect the data corruption only when accessing the data, as it does not give users correctness assurance for those unaccessed data and might be too late to recover the data loss or damage Considering the large size of the outsourced data and the user’s constrained resource capability, the tasks of auditing the data correctness in a cloud environment can be formidable and expensive for the cloud users [9]. Moreover, the overhead of using cloud storage should be minimized as much as possible, such that a user does not need to perform too many operations to use the data. In particular, users may not want to go through the complexity in verifying the data integrity. Besides, there may be more than one user accesses the same cloud storage, say in an enterprise setting. For easier management, it is desirable that cloud only entertains verification request from a single designated party.
To fully ensure the data integrity and save the cloud users’ computation resources as well as online burden, it is of critical importance to enable public auditing service for cloud data storage, so that users may resort to an independent third-party auditor (TPA) to audit the outsourced data when needed. The TPA, who has expertise and capabilities that users do not, can periodically check the integrity of all the data stored in the cloud on behalf of the users, which provides a much more easier and affordable way for the users to ensure their storage correctness in the cloud. Moreover, in addition to help users to evaluate the risk of their subscribed cloud data services, the audit result from TPA would also be beneficial for the cloud service providers to improve their cloud-based service platform and even serve for independent arbitration purposes. In a word, enabling public auditing services will play an important role for this nascent cloud economy to become fully established; where users will need ways to assess risk and gain trust in the cloud.
Recently, the notion of public auditability has been proposed in the context of ensuring remotely stored data integrity under different system and security models. Public auditability allows an external party, in addition to the user himself, to verify the correctness of remotely stored data. Most of these schemes do not consider the privacy protection of users’ data against external auditors. Indeed, they may potentially reveal user’s data to auditors. This severe drawback greatly affects the security of these protocols in cloud computing. From the perspective of protecting data privacy, the users, who own the data and rely on TPA just for the storage security of their data, do not want this auditing process introducing new vulnerabilities of unauthorized information leakage toward their data security [10]. Moreover, there are legal regulations, such as the US Health Insurance Portability and Accountability Act (HIPAA), further demanding the outsourced data not to be leaked to external parties. Simply exploiting data encryption before outsourcing could be one way to mitigate this privacy concern of data auditing, but it could also be overkill when employed in the case of unencrypted/public cloud data, due to the unnecessary processing burden for cloud users. Besides, encryption does not completely solve the problem of protecting data privacy against third-party auditing but just reduces it to the complex key management domain. Unauthorized data leakage still remains possible due to the potential exposure of decryption keys. Therefore, how to enable a privacy-preserving third party auditing protocol, independent to data encryption, is the problem we are going to tackle in this paper. Our work is among the first few ones to support privacy-preserving public auditing in cloud computing, with a focus on data storage. Besides, with the prevalence of cloud computing, a foreseeable increase of auditing tasks from different users may be delegated to TPA.


  1. Q. Wang, C. Wang, J. Li, K. Ren and W. Lou, “Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing,” Proc. 14th European Symp. Research in Computer Security, pp. 355-370, 2009.
  2. P. Mell and T. Grance, “Draft NIST Working Definition of Cloud Computing,”, June 2009.
  3. M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, A. Rabkin, I. Stoica and M. Zaharia, “Above the Clouds: A Berkeley View of Cloud Computing,” Technical Report UCB-EECS-2009-28, Univ. of California, Berkeley, Feb. 2009.
  4. Cloud Security Alliance, “Top Threats to Cloud Computing,”, 2010.
  5. K.D. Bowers and A. Oprea, “Hail: A High-Availability and Integrity Layer for Cloud Storage,” Proc. 16th ACM Conf. Computer and Comm. Security, 2009.
  6. C. Wang, Q. Wang, K. Ren and W. Lou, “Ensuring Data Storage Security in Cloud Computing,” Proc. 17th Int’l Workshop Quality of Service, 2009.
  7. C. Erway, A. Kupcu, C. Papamanthou and R. Tamassia, “Dynamic Provable Data Possession,” Proc. 16th ACM Conf. Computer and Comm. Security, 2009.
  8. Q. Wang, C. Wang, K. Ren and J. Li, “Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing,” IEEE Trans. Parallel and Distributed Systems, vol. 22, no. 5, pp. 847-859, May 2011.
  9. Cloud Security Alliance, “Security Guidance for Critical Areas of Focus in Cloud Computing,” http://www.cloudsecurityalliance. org, 2009.
  10. C. Wang, K. Ren, W. Lou and J. Li, “Towards Publicly Auditable Secure Cloud Data Storage Services,” IEEE Network Magazine, July/Aug. 2010.
  11. Yuan Yao and Michael J. Neely, “Power Cost Reduction in Distributed Data Centers: A Two-Time-Scale Approach for Delay Tolerant Workloads”, IEEE Transactions On Parallel And Distributed Systems, January 2014.