Abstract
Cloud storage systems provide a flexible, convenient and friendly way for users to outsource data. However, users lose control of their data once outsourcing them to the cloud. Public auditing was introduced to ensure data integrity, in which a third-party auditor (TPA) is delegated to execute auditing tasks. In general, TPA generates and sends challenge information to the cloud server (CS), which proves data possession accordingly. However, the TPA may not perform public auditing protocol honestly or may even collude with CS to deceive users. Some existing public auditing schemes utilize blockchain to resist against the malicious TPA. However, the CS may guess the challenge messages and there is a risk that users' information may be leaked to the TPA during the process of auditing. In this paper, we propose a decentralized and privacy-preserving public auditing scheme based on blockchain (DBPA), in which a blockchain is utilized as an unpredictable source for the generation of (random) challenge information, and the auditor is required to record the audit process onto the blockchain. Due to the characteristics of blockchain, users can check the audit results publicly. Moreover, zero-knowledge proof is used in DBPA to protect user's privacy during the audit process so that the response information returned by the CS does not leak information about user's data. Security analysis and performance evaluation show that DBPA is secure and efficient.
Highlights
INTRODUCTIONData are generated in various of ways whenever and wherever. Massive data at local storage cause a series of difficulty in management
As valuable resources, data are generated in various of ways whenever and wherever
In order to solve this problem, Zhang et al [26] proposed a blockchain-based public integrity verification scheme which uses a series of successive Ethereum block hashes based on the timestamp t instead of the latest block hash to generate challenge messages
Summary
Data are generated in various of ways whenever and wherever. Massive data at local storage cause a series of difficulty in management. In this work we try to solve the problem that the cloud server may guess challenge messages ahead of time in decentralized public auditing schemes, and in the to guarantee that the TPA does not know extra information of user data for the sake of privacy protection. In order to solve this problem, Zhang et al [26] proposed a blockchain-based public integrity verification scheme which uses a series of successive Ethereum block hashes based on the timestamp t instead of the latest block hash to generate challenge messages Their core technique has been applied in another scheme [46] which aims to add an accurate time-stamp for outsourced data. We propose a decentralized privacy-preserving public data integrity auditing scheme based on blockchain, named DBPA, in which the challenge message is generated based on the latest successive block hashes and a random seed chosen by the TPA. 3) TRACEABILITY In order to ensure the correctness and integrity of the outsourced data, the audit process should be traceable so that any malicious behavior of the TPA could be detected
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.