Abstract
Data Integrity Auditing (DIA) is a security service for verifying the integrity of outsourced data in Public Cloud Storage (PCS) by users or by Third-Party Auditors (TPAs) on behalf of the users. This paper proposes a novel DIA framework, called DIA-MTTP. The major novelty of the framework lies in that, while providing the DIA service in a PCS environment, it supports the use of third parties, but does not require full trust in the third parties. In achieving this property, a number of ideas also have been embedded in the design. These ideas include the use of multiple third parties and a hierarchical approach to their communication structure making the service more suited to resource-constrained user devices, the provision of two integrity assurance levels to balance the trade-off between security protection levels and the costs incurred, the application of a data deduplication measure to both new data and existing data updates to minimise the number of tags (re-)generated. In supporting the dynamic data and deduplication measure, a distributed data structure, called Multiple Mapping Tables (M2T), is proposed. Security analysis indicates that our framework is secure with the use of untrusted third parties. Performance evaluation indicates that our framework imposes less computational, communication and storage overheads than related works.
Highlights
One of the commonly used Cloud services is a Public Cloud Storage (PCS) service
As we are interested in supporting both static as well as dynamic data, and the Provable Data Possession (PDP) based Data Integrity Auditing (DIA) can support dynamic data integrity verifications more efficiently, hereafter we only focus on PDPbased DIAs and when we use DIA, we mean PDP-based DIAs
Based on the threat analysis in [37] and usecase study, we have specified a set of requirements for the design of an effective, secure, reliable and efficient DIA
Summary
PCS maintains and manages data for its customers Users can access their data anywhere, at any time and with any device. Such services are typically provided over the Internet and charged on a pay-as-you-go basis. A user may falsely accuse his/her provider of any data integrity or confidentiality breach in an attempt to obtain some financial gains unlawfully, etc. These security concerns are hindering the wide adoption of Cloud services in security sensitive areas, e.g. healthcare [2,3,4]. As we are interested in supporting both static as well as dynamic data, and the PDP based DIAs can support dynamic data integrity verifications more efficiently, hereafter we only focus on PDPbased DIAs and when we use DIA, we mean PDP-based DIAs
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
