Distributed auditing protocol for untraceable transactions

Abstract

Data integrity is a property that cloud service providers (CSPs) have focused on. The data integrity checking is assigned to third-party auditors (TPAs) to avoid invalid data storage in CSPs. Nevertheless, this type of mechanism is vulnerable to many threats, including insider/outsider adversaries. Moreover, several threats still exist with its presence, such as deleting, changing, or destroying the recorded data. The study presents a blockchain-based distributed auditing (BB-DA) protocol for auditing confidential/untraceable transactions in a distributed manner. The BB-DA protocol provides message/transaction confidentiality, user privacy, and security against privileged insider adversaries, who want to create disorder in the auditing process by refusing to sign/audit, and those who aim to do so in the BB-DA protocol will fail even if they cooperate. To provide message confidentiality and security against malicious insiders, the ElGamal cryptosystem is used in the BB-DA protocol, and to avoid destroying the submitted data (transactions) by CSPs, the blockchain is used as a distributed and immutable database in the BB-DA protocol. The Zerocoin is applied in the BB-DA protocol for providing user untraceability and anonymity. The security analysis of the BB-DA protocol proves that the offered protocol is secure against the key-only, known message, and chosen message attacks. Additionally, the analysis indicates that it provides security against malicious insiders who want to learn any knowledge about corresponded transactions or break users’ anonymity. The paper’s comparison and evaluation show that the BB-DA offers more features and is more efficient than other auditing protocols.