A Lightweight Auditing Service for Shared Data with Secure User Revocation in Cloud Storage

Abstract

As data sharing has become one of the most popular services offered by cloud storage, designing public auditing mechanisms for integrity of shared data becomes more important. Two problems which arise in shared data auditing include preserving users identity and collusion resistant revocation of users. When data stored at the cloud is shared among a group of users, different users may modify and sign different data blocks which leaks signer identities to the public verifier. Also, when a user is revoked from the group, signatures generated by this user should be re-signed by the cloud server using re-signature keys. In addition, collusion of cloud server and the revoked user should leak no information about the private key of other users. In this paper, by employing a new proxy re-signature scheme, we propose a public shared data auditing mechanism that provides identity privacy and collusion resistant user revocation, simultaneously. The proposed protocol requires only lightweight computations at the user side for signing data blocks in real-time online phase. Moreover, our protocol supports large dynamic group of users, batch auditing and dynamic data operations. Experimental results demonstrate excellent efficiency of our scheme in comparison to the state of the art.