Attribute-Based User Revocable Data Integrity Audit for Internet-of-Things Devices in Cloud Storage

Mobile crowdsensing (MCS) is a sensing paradigm exploiting the capabilities of mobile devices (Internet-of-Things devices, smartphones, etc.) to gather large volume of data. MCS has been widely used in cloud storage environment. However, MCS often faces the challenge of data integrity and user revocation issues. To solve these challenges, this paper uses attribute-based revocable signature mechanisms to construct a data integrity auditing scheme for IoT devices in the cloud storage environment. Users use attribute private keys to generate attribute signatures, and limit the user’s permission to use shared data through access policy control. Only when the user attribute is included in the global attribute set, and the attribute threshold is not less than the specified number, the user can use the attribute key for the data to generate a valid signature that can be authenticated under the control of the signature strategy. At the same time, the group manager (GM) can send secret information to a third-party auditor (TPA) to track the creator of the signature, to withdraw the user’s access to data when the business changes, and realize the safe revocation of user group membership. Formal security analysis and experimental results show that the proposed data-auditing solution is suitable for IoT devices in the cloud storage environment with respect to security and performance.

Download Full-text

A New Delegation Provable Data Possession in Public Cloud Storage

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.644-650.2239 ◽

2014 ◽

Vol 644-650 ◽

pp. 2239-2244

Author(s):

Bin Li ◽

Chen Lei Cao ◽

Jian Yi Liu ◽

Jin Xia Wei

Keyword(s):

Performance Analysis ◽

Cloud Storage ◽

Security Analysis ◽

Data Integrity ◽

Public Cloud ◽

Provable Data Possession ◽

Integrity Verification ◽

And Performance ◽

Remote Data

Though Cloud storage has developed rapidly in recent years, there still exist some problems obviously. Provable Data Possession (PDP) is proposed to solve the problem of data integrity verification at untrusted cloud stores. This study built a new delegation Provable Data Possession (delegation-PDP), which solves problem when the client has no ability to check its remote data. We study the delegation-PDP and use proxy re-encryption to design it. Then we use the improved Elgamal-based algorithm to implement the scheme. Through security analysis and performance analysis, our protocol is provable secure and efficient.

Download Full-text

An effective, secure and efficient tagging method for integrity protection of outsourced data in a public cloud storage

PLoS ONE ◽

10.1371/journal.pone.0241236 ◽

2020 ◽

Vol 15 (11) ◽

pp. e0241236 ◽

Cited By ~ 1

Author(s):

Reem ALmarwani ◽

Ning Zhang ◽

James Garside

Keyword(s):

Cloud Storage ◽

Security Analysis ◽

Third Party ◽

Public Cloud ◽

Data Confidentiality ◽

Public And Private ◽

Outsourced Data ◽

Integrity Protection ◽

And Performance ◽

Constrained Devices

Data Integrity Auditing (DIA) is a security service for checking the integrity of data stored in a PCS (Public Cloud Storage), a third-party based storage service. A DIA service is provided by using integrity tags (hereafter referred to tags). This paper proposes a novel tagging method, called Tagging of Outsourced Data (TOD), for generating and verifying tags of files. TOD has a number of unique properties: (i) it supports both public and private verifiability, and achieves this property with a low level of overhead at the user end, making it particularly attractive to mobile users with resource-constrained devices, (ii) it protects data confidentiality, supports dynamic tags and is resilient against tag forgery and tag tampering (i.e. by authorised insiders) at the same time in more secure and efficient, making the method more suited to the PCS environment, (iii) it supports tags deduplication, making it more efficient, particularly for the user who has many files with data redundancy. Comprehensive security analysis and performance evaluation have been conducted to demonstrate the efficacy and efficiency of the approach taken in the design.

Download Full-text

Privacy-Preserving Outsourced Auditing Scheme for Dynamic Data Storage in Cloud

Security and Communication Networks ◽

10.1155/2017/4603237 ◽

2017 ◽

Vol 2017 ◽

pp. 1-17 ◽

Cited By ~ 5

Author(s):

Tengfei Tu ◽

Lu Rao ◽

Hua Zhang ◽

Qiaoyan Wen ◽

Jia Xiao

Keyword(s):

Data Storage ◽

Cloud Storage ◽

Data Privacy ◽

Computational Cost ◽

Security Analysis ◽

Data Encryption ◽

Third Party ◽

User Data ◽

Data Auditing ◽

User Focus

As information technology develops, cloud storage has been widely accepted for keeping volumes of data. Remote data auditing scheme enables cloud user to confirm the integrity of her outsourced file via the auditing against cloud storage, without downloading the file from cloud. In view of the significant computational cost caused by the auditing process, outsourced auditing model is proposed to make user outsource the heavy auditing task to third party auditor (TPA). Although the first outsourced auditing scheme can protect against the malicious TPA, this scheme enables TPA to have read access right over user’s outsourced data, which is a potential risk for user data privacy. In this paper, we introduce the notion of User Focus for outsourced auditing, which emphasizes the idea that lets user dominate her own data. Based on User Focus, our proposed scheme not only can prevent user’s data from leaking to TPA without depending on data encryption but also can avoid the use of additional independent random source that is very difficult to meet in practice. We also describe how to make our scheme support dynamic updates. According to the security analysis and experimental evaluations, our proposed scheme is provably secure and significantly efficient.

Download Full-text

A New Framework Approach Enhances Security to Efficient Remote Collaboration in TPA Scheme for Cloud Storage

International Journal for Research in Applied Science and Engineering Technology ◽

10.22214/ijraset.2021.39352 ◽

2021 ◽

Vol 9 (12) ◽

pp. 681-685

Author(s):

Pallapu Himavanth Reddy

Keyword(s):

Cloud Storage ◽

Data Integrity ◽

Third Party ◽

Audit Process ◽

Integrity Test ◽

Remote Collaboration ◽

Cloud Data ◽

Framework Approach ◽

Data Auditing ◽

Cloud Servers

Abstract: Cloud computing provides customers with storage as a service, allowing data to be stored, managed, and cached remotely. Users can also access it online. A major concern for users is the integrity of the data stored in the cloud, as it is possible for external invaders or criminals to attack, repair, or destroy the data stored in the cloud. Data auditing is a trending concept that involves hiring a third-party auditor to perform a data integrity test (TPA). The main purpose of this project is to provide a safe and effective testing system that combines features such as data integrity, confidentiality, and privacy protection. The cloud server is only used to store encrypted data blocks in the proposed system. It is not subject to any additional computer verification. TPA and the data owner are in charge of all the functions of the scheme. A variety of materials are used to evaluate the proposed audit process. The proposed solution meets all the processes while minimizing the load on cloud servers. Data dynamics actions such as data review, deletion, and installation will be performed in the future. Keywords: Cloud storage; Third Party Auditor; Public Auditing; Privacy Preserving; Integrity;

Download Full-text

Remote Data Possession Checking Scheme with Supporting Efficient Group User Authority Management for Shared Cloud Data

10.21203/rs.3.rs-884701/v1 ◽

2021 ◽

Author(s):

Yilin Yuan ◽

Jianbiao Zhang ◽

Wanshan Xu ◽

Xiao Wang ◽

Yanhui Liu

Keyword(s):

Security Analysis ◽

Public Auditing ◽

Cloud Data ◽

The Public ◽

Shared Data ◽

Identity Based ◽

And Performance ◽

Data Auditing ◽

Data Checking ◽

Remote Data

Abstract Under the shared big data environment, most of the existing data auditing schemes rarely consider the authorization management of group users. Meanwhile, how to deal with the shared data integrity is a problem that needs to be pondered. Thus, in this paper, we propose a novel remote data checking possession scheme which achieves group authority management while completing the public auditing. To perform authority management work, we introduce a trusted entity – group manager. We formalize a new algebraic structure operator named authorization invisible authenticator (AIA). Meanwhile, we provide two versions of AIA scheme: basic AIA scheme and standard AIA scheme. The standard AIA scheme is constructed based on the basic AIA scheme and user information table (UIT), with advanced security and wider applicable scenarios. By virtue of standard AIA scheme, the group manager can perfectly and easily carry out authority management, including enrolling, revoking, updating. On the basis of the above, we further design a public auditing scheme for non-revoked users’ shared data. The scheme is based on identity-based encryption (IBE), which greatly reduce the necessary certificate management cost. Furthermore, the detailed security analysis and performance evaluation demonstrate that the scheme is safe and feasible.

Download Full-text

Security Analysis and Improvements on a Remote Integrity Checking Scheme for Regenerating-Coding-Based Distributed Storage

Security and Communication Networks ◽

10.1155/2021/6652606 ◽

2021 ◽

Vol 2021 ◽

pp. 1-8

Author(s):

Guangjun Liu ◽

Wangmei Guo ◽

Ximeng Liu ◽

Jinbo Xiong

Keyword(s):

Distributed Storage ◽

Security Analysis ◽

Data Integrity ◽

Integrity Checking ◽

Cloud Server ◽

Data Integrity Checking ◽

Checking Scheme ◽

Data Auditing ◽

Distributed Cloud ◽

Remote Data

Enabling remote data integrity checking with failure recovery becomes exceedingly critical in distributed cloud systems. With the properties of a lower repair bandwidth while preserving fault tolerance, regenerating coding and network coding (NC) have received much attention in the coding-based storage field. Recently, an outstanding outsourced auditing scheme named NC-Audit was proposed for regenerating-coding-based distributed storage. The scheme claimed that it can effectively achieve lightweight privacy-preserving data verification remotely for these networked distributed systems. However, our algebraic analysis shows that NC-Audit can be easily broken due to a potential defect existing in its schematic design. That is, an adversarial cloud server can forge some illegal blocks to cheat the auditor with a high probability when the coding field is large. From the perspective of algebraic security, we propose a remote data integrity checking scheme RNC-Audit by resorting to hiding partial critical information to the server without compromising system performance. Our evaluation shows that the proposed scheme has significantly lower overhead compared to the state-of-the-art schemes for distributed remote data auditing.

Download Full-text

Encryption Principles and Techniques for the Internet of Things

Cryptographic Security Solutions for the Internet of Things - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-5742-5.ch002 ◽

2019 ◽

pp. 42-66

Author(s):

Kundankumar Rameshwar Saraf ◽

Malathi P. Jesudason

Keyword(s):

Internet Of Things ◽

Embedded System ◽

Security Analysis ◽

Block Size ◽

The Internet ◽

Lightweight Cryptography ◽

Execution Speed ◽

Security Algorithm ◽

Iot Devices ◽

The Internet Of Things

This chapter explores the encryption techniques used for the internet of things (IoT). The security algorithm used for IoT should follow many constraints of an embedded system. Hence, lightweight cryptography is an optimum security solution for IoT devices. This chapter mainly describes the need for security in IoT, the concept of lightweight cryptography, and various cryptographic algorithms along with their shortcomings given IoT. This chapter also describes the principle of operation of all the above algorithms along with their security analysis. Moreover, based on the algorithm size (i.e., the required number of gate equivalent, block size, key size, throughput, and execution speed of the algorithm), the chapter reports the comparative analysis of their performance. The chapter discusses the merits and demerits of these algorithms along with their use in the IoT system.

Download Full-text

Propagation Delays and Data Integrity of Cellular and WiFi Networks from IOT devices to cloud storage

2019 Southern African Universities Power Engineering Conference/Robotics and Mechatronics/Pattern Recognition Association of South Africa (SAUPEC/RobMech/PRASA) ◽

10.1109/robomech.2019.8704845 ◽

2019 ◽

Author(s):

William Benjamin Van Der Merwe ◽

Pierre E Hertzog ◽

Arthur J Swart

Keyword(s):

Cloud Storage ◽

Data Integrity ◽

Wifi Networks ◽

Propagation Delays ◽

Iot Devices

Download Full-text

Security Analysis on a Public POR Scheme in Cloud Storage

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.556-562.5395 ◽

2014 ◽

Vol 556-562 ◽

pp. 5395-5399

Author(s):

Jian Hong Zhang ◽

Wen Jing Tang

Keyword(s):

Data Storage ◽

Cloud Storage ◽

Security Analysis ◽

Data Integrity ◽

Data File ◽

Cloud Data ◽

Security Proof ◽

Cloud Server ◽

Cloud Data Storage ◽

Active Attack

Data integrity is one of the biggest concerns with cloud data storage for cloud user. Besides, the cloud user’s constrained computing capabilities make the task of data integrity auditing expensive and even formidable. Recently, a proof-of-retrievability scheme proposed by Yuan et al. has addressed the issue, and security proof of the scheme was provided. Unfortunately, in this work we show that the scheme is insecure. Namely, the cloud server who maliciously modifies the data file can pass the verification, and the client who executes the cloud storage auditing can recover the whole data file through the interactive process. Furthermore, we also show that the protocol is vulnerable to an efficient active attack, which means that the active attacker is able to arbitrarily modify the cloud data without being detected by the auditor in the auditing process. After giving the corresponding attacks to Yuan et al.’s scheme, we suggest a solution to fix the problems.

Download Full-text

Dynamic Outsourced Proofs of Retrievability Enabling Auditing Migration for Remote Storage Security

Wireless Communications and Mobile Computing ◽

10.1155/2018/4186243 ◽

2018 ◽

Vol 2018 ◽

pp. 1-19 ◽

Cited By ~ 2

Author(s):

Lu Rao ◽

Tengfei Tu ◽

Hua Zhang ◽

Qiaoyan Wen ◽

Jia Xiao

Keyword(s):

Third Party ◽

Mobile Client ◽

Storage Security ◽

Outsourced Data ◽

Static Data ◽

Hierarchical Storage ◽

And Performance ◽

Data Auditing ◽

Dynamic Updates ◽

Proofs Of Retrievability

Remote data auditing service is important for mobile clients to guarantee the intactness of their outsourced data stored at cloud side. To relieve mobile client from the nonnegligible burden incurred by performing the frequent data auditing, more and more literatures propose that the execution of such data auditing should be migrated from mobile client to third-party auditor (TPA). However, existing public auditing schemes always assume that TPA is reliable, which is the potential risk for outsourced data security. Although Outsourced Proofs of Retrievability (OPOR) have been proposed to further protect against the malicious TPA and collusion among any two entities, the original OPOR scheme applies only to the static data, which is the limitation that should be solved for enabling data dynamics. In this paper, we design a novel authenticated data structure called bv23Tree, which enables client to batch-verify the indices and values of any number of appointed leaves all at once for efficiency. By utilizing bv23Tree and a hierarchical storage structure, we present the first solution for Dynamic OPOR (DOPOR), which extends the OPOR model to support dynamic updates of the outsourced data. Extensive security and performance analyses show the reliability and effectiveness of our proposed scheme.

Download Full-text