Cryptanalysis and improvement of Panda - public auditing for shared data in cloud and internet of things

Cloud computing and internet of things have gained remarkable popularity by a wide spectrum of users recently. Despite of the convenience of cloud storage, security challenges have risen upon the fact that users do not physically possess their data any more. Thus, some auditing schemes are introduced to ensure integrity of the outsourced data. And among them Panda is a public auditing scheme for shared data with efficient and secure user revocation proposed by Wang et al. It argued that it could verify the integrity of shared data with storage correctness and public auditing. In this paper, we analyze this scheme and find some security drawbacks. Firstly, Panda cannot preserve shared data privacy in cloud storage. Furthermore, our analysis shows that Panda is vulnerable to integrity forgery attack, which can be performed by malicious cloud servers to forge a valid auditing proof against any auditing challenge even without correct data storage. Then we pinpoint that the primary cause of the insecurity is the linear combinations of sampled data blocks without random masking properly. Finally, we propose an improvement of Panda together with data privacy preserving and sound public auditing while incurring optimal communication and computation overhead.     

全生命周期的云外包数据安全审计协议

海量数据的产生给用户带来了极大的存储和计算负担,云服务器的出现很好地解决了这一问题,但数据外包给用户带来便利的同时,也引起了一些的安全问题。针对数据在外包过程中的安全性问题,结合经典的字符串相等检测协议和基于等级的默克尔哈希树（RMHT）算法,设计并实现了一种理论更简化、效率更高的全生命周期的云外包数据安全审计协议。该协议不仅可以保证外包存储数据的完整性,用户可以定期对数据的完整性进行审计;而且可以保证数据的安全迁移;此外,还可以防止恶意的云服务器保留迁移数据的副本,更好地保护用户的隐私。安全性分析和效率分析显示,该协议足够安全并较为高效,外包数据在整个生命周期的安全性将得到较好的保护。     

Secure and efficient privacy-preserving public auditing scheme for cloud storage

Cloud computing poses many challenges on integrity and privacy of users’ data though it brings an easy, cost-effective and reliable way of data management. Hence, secure and efficient methods are needed to ensure integrity and privacy of data stored at the cloud. Wang et al. proposed a privacy-preserving public auditing protocol in 2010 but it is seriously insecure. Their scheme is vulnerable to attacks from malicious cloud server and outside attackers regarding to storage correctness. So they proposed a scheme in 2011 with an improved security guarantee but it is not efficient. Thus, in this paper, we proposed a scheme which is secure and with better efficiency. It is a public auditing scheme with third party auditor (TPA), who performs data auditing on behalf of user(s). With detail security analysis, our scheme is proved secure in the random oracle model and our performance analysis shows the scheme is efficient.     

云存储服务中数据完整性审计方案综述

云存储是由云计算提供的一个重要服务,允许数据拥有者将数据远程存储到云服务器上,同时又能够从云服务器上便捷、高效地获取这些数据,没有本地存储和维护数据的负担。然而,这种新的数据存储模式也引发了众多安全问题,一个重要的问题就是如何确保云服务器中数据拥有者数据的完整性。因此,数据拥有者以及云存储服务提供商亟需一个稳定、安全、可信的完整性审计方案,用于审核云服务器中数据的完整性和可用性。不仅如此,一个好的数据完整性审计方案还需满足如下功能需求：支持数据的动态操作,包括插入、删除、修改;支持多用户、多云服务器的批量审计;确保用户数据的隐私性;注重方案的执行效率,尽量减少数据拥有者和云服务器的计算开销与通信开销。为了促进云存储服务的广泛应用与推广,文章重点对云数据完整性审计方案的研究现状进行综述,描述云存储以及数据完整性审计的相关概念、特点,提出云计算环境下数据完整性审计模型和安全需求,阐述云存储数据完整性审计的研究现状,并重点分析部分经典方案,通过方案对比,指出当前方案存在的优点及缺陷。同时,文章还指出了本领域未来的研究方向。     

NaEPASC: a novel and efficient public auditing scheme for cloud data

Cloud computing is deemed the next-generation information technology （IT） platform, in which a data center is crucial for providing a large amount of computing and storage resources for various service applications with high quality guaranteed. However, cloud users no longer possess their data in a local data storage infrastructure, which would result in auditing for the integrity of outsourced data being a challenging problem, especially for users with constrained computing resources. Therefore, how to help the users complete the verification of the integrity of the outsourced data has become a key issue. Public verification is a critical technique to solve this problem, from which the users can resort to a third-party auditor （TPA） to check the integrity of outsourced data. Moreover, an identity-based （ID-based） public key cryptosystem would be an efficient key management scheme for certificatebased public key setting. In this paper, we combine ID-based aggregate signature and public verification to construct the protocol of provable data integrity. With the proposed mechanism, the TPA not only verifies the integrity of outsourced data on behalf of cloud users, but also alleviates the burden of checking tasks with the help of users＇ identity. Compared to previous research, the proposed scheme greatly reduces the time of auditing a single task on the TPA side. Security analysis and performance evaluation results show the high efficiency and security of the proposed scheme.     

Blockchain-based Privacy-Preserving Group Data Auditing with Secure User Revocation

Progress in cloud computing makes group data sharing in outsourced storage a reality. People join in group and share data with each other, making team work more convenient. This new application scenario also faces data security threats, even more complex. When a user quit its group, remaining data block signatures must be re-signed to ensure security. Some researchers noticed this problem and proposed a few works to relieve computing overhead on user side. However, considering the privacy and security need of group auditing, there still lacks a comprehensive solution to implement secure group user revocation, supporting identity privacy preserving and collusion attack resistance. Aiming at this target, we construct a concrete scheme based on ring signature and smart contracts. We introduce linkable ring signature to build a kind of novel meta data for integrity proof enabling anonymous verification. And the new meta data supports secure revocation. Meanwhile, smart contracts are using for resisting possible collusion attack and malicious re-signing computation. Under the combined effectiveness of both signature method and blockchain smart contracts, our proposal supports reliable user revocation and signature re-signing, without revealing any user identity in the whole process. Security and performance analysis compared with previous works prove that the proposed scheme is feasible and efficient.     

Enhanced authentication for outsourced educational contents through provable block possession

In recent years, the volume of educational contents has been explosively increased thanks to the rapid development of multimedia technologies. Furthermore, the development of smart devices has made various educational institutes use them as effective learning tools. Since more and more educational contents become available not only at school zone but at a variety of online learning systems, it becomes increasingly unaffordable for a single educational contents provider to store and process them locally. Therefore, many educational contents providers are likely to outsource the contents to cloud storage for cost saving. These phenomena raise one serious concern: how to authenticate educational contents users in a secure and efficient way? The most widely used password-based authentication suffers from numerous drawbacks in terms of security. Multi-factor authentication protocols based on diverse communication channels such as SMS, biometric, hardware token could enhance security, however they inevitably bring poor usability. To this end, we present a data block-based authentication scheme, which provides provable security and guarantees usability invariant such that users do nothing but entering a password. In addition, the proposed scheme supports efficient user revocation. To the best of our knowledge, our scheme is the first data block-based authentication scheme for outsourced educational contents that is provably secure without usability degradation. The experiment on Amazon EC2 cloud shows that the proposed scheme guarantees nearly constant time for user authentication.     

Comment on “Privacy-preserving public auditing for non-manager group shared data”

Using cloud storage, users can remotely store their data without the burden on complicated local storage management and maintenance. However, users will no longer physically possess the storage of their data after they upload the data to the cloud. It is very natural for users to suspect whether their data stored in the cloud is intact. To help users efficiently check the integrity of the outsourced data, many public auditing schemes have been proposed. Recently, Huang et al. have proposed a privacy-preserving public auditing scheme for non-manager group shared data. In this paper, we find a security flaw in their auditing scheme. Even if the cloud has deleted or polluted the whole outsourced data, it still can pass the verification of the verifier. And then, we overcome this shortcoming by improving their scheme, which prevents the cloud forging a valid proof to pass the integrity auditing. Last, we perform the concrete implementation of our improved scheme and Huang et al. ’s scheme.

     

Cloud data integrity checking with an identity-based auditing mechanism from RSA

Cloud data auditing is extremely essential for securing cloud storage since it enables cloud users to verify the integrity of their outsourced data efficiently. The computation overheads on both the cloud server and the verifier can be significantly reduced by making use of data auditing because there is no necessity to retrieve the entire file but rather just use a spot checking technique. A number of cloud data auditing schemes have been proposed recently, but a majority of the proposals are based on Public Key Infrastructure (PKI). There are some drawbacks in these protocols: (1) It is mandatory to verify the validity of public key certificates before using any public key, which makes the verifier incur expensive computation cost. (2) Complex certificate management makes the whole protocol inefficient. To address the key management issues in cloud data auditing, in this paper, we propose ID-CDIC, an identity-based cloud data integrity checking protocol which can eliminate the complex certificate management in traditional cloud data integrity checking protocols. The proposed concrete construction from RSA signature can support variable-sized file blocks and public auditing. In addition, we provide a formal security model for ID-CDIC and prove the security of our construction under the RSA assumption with large public exponents in the random oracle model. We demonstrate the performance of our proposal by developing a prototype of the protocol. Implementation results show that the proposed ID-CDIC protocol is very practical and adoptable in real life.     

云计算下的数据存储安全可证明性综述

云计算的数据服务外包可以减少数据所有者本地的存储和维护压力,然而用户会因此失去对数据可靠性和安全的物理控制。于是如何确保云中数据的安全就成为了非常有挑战性的任务和难题。在全面研究云计算数据存储安全现有成果的基础上,介绍了云计算数据存储的基本架构,并从可检索证明和可证明数据拥有两个角度分析了相关研究方案的发展,从公共认证、同态认证、数据动态化、隐私保护、批审计和多服务器环境得方面讨论了协议的功能设计,并且列表进行了功能和开销对比,在此基础上提出了一个比较完备的云计算环境下的协议框架。最后总结并阐述了后续工作。     

Security analysis of a publicly verifiable data possession scheme for remote storage

As an essential technology of cloud computing, the cloud storage can exactly satisfy the demand of users with the service of scalability, ubiquitous access and low maintenance cost. However, moving data to the cloud servers will bring some significant security challenges due to the loss of the physical data possession. In order to verify the data integrity, many verifiable data possession schemes have been proposed in last several years. Very recently, Tang and Zhang proposed a new publicly verifiable data possession (PVDP) scheme for remote storage. They claimed that their scheme was suitable for checking the storage correctness and secure against various types of attacks. In this paper, we analyze the security of Tang and Zhang’s PVDP scheme and prove that it is vulnerable to the data recovery attack. We also demonstrate that PVDP scheme works incorrectly with a concrete instance. Our analysis shows that their scheme is not suitable for practical applications. Our work can help cryptographers and engineers design and implement more secure and efficient public auditing schemes for the cloud storage data.     

Ownership-hidden group-oriented proofs of storage from pre-homomorphic signatures

In this paper, we study the problem of secure cloud storage in a multi-user setting such that the ownership of outsourced files can be hidden against the cloud server. There is a group manager for initiating the system, who is also responsible for issuing private keys for the involved group members. All authorized members are able to outsource files to the group’s storage account at some cloud server. Although the ownership of outsourced file is preserved against the cloud server, the group manager could trace the true identity of any suspicious file for liability investigation. To address this issue, we introduce and formalize a notion of ownership-hidden group-oriented proofs of storage (OPoS). We present a generic OPoS construction from pre-homomorphic signatures, and propose an OPoS instantiation by employing the Boneh–Boyen short signature. We show that the OPoS instantiation can be optimized using a polynomial commitment technique, so that the integrity auditing protocol would only take constant-size communication overheads by the cloud server. Theoretical and experimental analyses show that our OPoS instantiations are efficient and practical for enterprise-oriented cloud storage applications. Also, we show that the OPoS instantiations can be enhanced to safeguard against a dynamic set of corrupted members, as well as support batch integrity auditing mechanism.     

支持受损数据定位与恢复的动态群用户可证明存储

The outsourced storage mode of cloud computing leads to the separation of data ownership and management rights of data owners, which changes the data storage network model and security model. To effectively deal with the software and hardware failures of the cloud server and the potential dishonest service provider and also ensure the availability of the data owners’ data, the design of secure and efficient data availability and recoverability auditing scheme has both theoretical and practical importance in solving the concern of users and ensuring the security of cloud data. However, most of the existing studies were designed for the security and efficiency of data integrity or recoverability schemes, without considering the fast identification and reliable recovery of damaged data under dynamic group users. Thus, to quickly identify and recover damaged data, a publicly verifiable proof of storage scheme was proposed for dynamic group cloud users. The designed scheme enabled a trusted third-party auditor to efficiently identify the damaged files through a challenge-response protocol and allowed the cloud storage server to effectively recover them when the degree of data damage is less than an error correction ability threshold. The scheme combined association calculation and accumulation calculation, which effectively reduced the number of calculations for the identification of damaged data. By combining erasure coding and shared coding technology, the scheme achieved effective recovery of damaged data of dynamic group users. At the same time, the scheme also supported dynamic user revocation, which ensured the integrity audit and reliable recovery of the collective data after user revocation. The network model and threat model of the designed scheme were defined and the security of the scheme under the corresponding security model was proved. Through the prototype implementation of the scheme in the real environment and the modular performance analysis, it is proved that the proposed scheme can effectively identify the damaged data and reliably recover the cloud data when the data is damaged. Besides, compared with other schemes, it is also proved that the proposed scheme has less computational overhead in identifying and recovering damaged data. © 2022, Beijing Xintong Media Co., Ltd.. All rights reserved.     

A Lightweight And privacy-preserving public cloud auditing scheme without bilinear pairings in smart cities

Smart Cities have become a global strategy. However, massive data generated by various smart devices need to be uploaded and stored to the cloud servers. It is critical to ensure the integrity and privacy of the stored data. Quite a few public cloud auditing schemes have been proposed recently. However, most of them use bilinear pairing operations in the audit phase, requiring a significant time cost. Meanwhile, users (may be resource-constrained mobile devices or sensor nodes) still need to perform significant computations, like computing meta data for each data block, which bring a huge burden of calculation for these users. Moreover, those schemes cannot effectively protect users’ data privacy. Thus, we propose a lightweight and privacy-preserving public cloud auditing scheme for smart cities that does not require bilinear pairings. First, the proposed scheme is pairing-free, and allowing a third party auditor to generate authentication meta set on behalf of users. Furthermore, it also protects data privacy against the third party auditor and the cloud service providers. In addition, this new scheme can be easily and naturally extended to batch auditing in a multi-user scenario. Detailed security and performance analyses show that the proposed scheme is more secure and efficient compared to the existing public cloud auditing schemes.     

Secure searching on cloud storage enhanced by homomorphic indexing

Enterprise cloud tenants would store their outsourced cloud data in encrypted form for data privacy and security. However, flexible data access functions such as data searching is usually sacrificed as a result. Thus, enterprise tenants demand secure data retrieval and computation solution from the cloud provider, which will allow them to utilize cloud services without the risks of leaking private data to outsiders and even service providers.In this paper, we propose an exclusive-or (XOR) homomorphism encryption scheme to support secure keyword searching on encrypted data for cloud storage. First, this scheme specifies a new data protection method by encrypting the keyword and randomizing it by performing XOR operation with a random bit-string for each session to protect access pattern leakage; Secondly, the homomorphic evaluation key enables the searching evaluation to be on-demand calculated, thus it removes the dependency of key storage on cloud and enhance protection against cloud’s violability; Thirdly, this scheme can effectively protect data-in-transit against passive attack such as access pattern analysis due to the randomization. This scheme also can reduce data leakage to service provider because the homomorphism-key solution instead of key storage on cloud. The above three features have been proved by the experiments and further tested out at Email service which can support secure subject searching. The execution time of one searching process is just in the order of milliseconds. We could get 2–3 times speedup compared to default utility grep with the concern of expensive one-time indexing which can be built off-line in advance.     

面向公有云的数据完整性公开审计方案

针对云数据完整性公开审计中隐私泄漏给第三方审计者（TPA）以及云存储服务器（CSS）发起替代攻击的问题,提出一种面向公有云的数据完整性公开审计方案。该方案首先利用哈希值混淆方法,模糊化云存储服务器返回的证据,以防止TPA分析证据计算出原始数据;然后,在审计过程中,由TPA自行计算出文件Merkle哈希树（MHT）对应挑战请求所选数据块的覆盖树,并与CSS返回的覆盖树作结构匹配,以防止云存储服务器用其他已有数据响应审计挑战。实验结果表明,该方案解决了现有方案隐私问题及攻击问题后,在计算开销、存储开销和通信开销方面的性能不会有数量级变化。     

基于模糊身份的动态数据审计方案

云存储服务的快速发展,也带来众多安全挑战.针对云存储数据的完整性,已有的基于模糊身份的审计方案仅仅支持静态数据,因此很多情况并不适用.本文提出了一种基于模糊身份的动态数据完整性审计方案,结合默克哈希树的动态数据结构,实现用户对云端数据的完全动态操作.该方案采用基于模糊身份的密码体制,与基于公钥基础设施的数据完整性审计方案相比,避免了对公钥证书颁发、管理、吊销的过程,降低了通信代价.并且该方案能够支持批量验证,提高认证效率.最后,本文从安全性和功能上对新方案进行分析,能够抵抗伪造攻击,也保护了数据隐私安全,并且在功能上较其他方案也有一定的优势.     

基于同态加密算法的欧氏距离外包计算协议

针对外包存储数据在密文状态下有关欧氏距离无法计算的问题,构建了欧氏距离外包计算协议,降低了用户的计算负担,保护了数据隐私。回顾了分布式双陷门公钥密码方案。基于同态加密算法设计了安全的乘法协议、单个密钥加密下的完全平方式协议和联合公钥加密下的完全平方式协议,基于这三个基础计算协议设计了欧氏距离的外包计算协议。安全性分析表明该协议足够安全,效率分析显示该协议较为高效,并较好地解决了有关欧氏距离的外包计算问题,对于图像处理的发展有一定的促进作用。     

基于区块链的云数据审计方案

云存储凭借高扩展性、高可靠性、低成本的数据管理优点得到用户青睐。然而,如何确保云数据完整性成为亟待解决的安全挑战。目前的云数据完整性审计方案,绝大部分是基于半可信第三方来提供公共审计服务,它们存在单点失效、性能瓶颈以及泄露用户隐私等问题。针对这些缺点提出了基于区块链的审计模型。该模型采用分布式网络、共识算法建立一个去中心化、易扩展的网络解决单点失效问题和计算力瓶颈,利用区块链技术和共识算法加密用户数据保证数据不可窜改和伪造,确保了用户数据的隐私。实验结果表明,与基于半可信第三方云数据审计方案相比,该模型能够保护用户隐私,显著提高了审计效率,减少通信开销。     

基于云PACS系统的DICOM协议安全通信框架

传统的PACS系统存储和维护海量医疗影像数据成本高昂,且经由DICOM协议传输的影像数据容易遭到黑客攻击,造成数据被非法篡取、病人隐私泄露等数据安全性问题。提出一种PACS云服务模型以满足数据存储、维护、安全传输等需求。设计的统一身份认证框架采用基于USB Key强身份认证方案和基于SSL通用身份认证方案两种混合验证模式,经过安全性分析表明,此框架能够保证数据的秘密性、认证性和完整性,并能抵御常见的中间人攻击、重放攻击和字典攻击,有效确保云PACS系统中DICOM协议安全通信。