Identity-Based Provable Data Possession From RSA Assumption for Secure Cloud Storage

Abstract

As cloud storage services have become popular nowadays, the integrity of outsourced data stored at untrusted servers received increased attention. Provable data possession (PDP) provides an effective and efficient solution for cloud data integrity by asking the cloud server to prove that the stored data are not tampered with or maliciously discarded without returning the actual data to users. In this article, we propose an efficient identity-based privacy-preserving provable data possession scheme (ID-P <inline-formula><tex-math notation="LaTeX">$^3$</tex-math></inline-formula> DP) based on the RSA assumption for secure cloud storage. In ID-P <inline-formula><tex-math notation="LaTeX">$^3$</tex-math></inline-formula> DP, a cloud user takes the outsourcing file and a global parameter in a time period as inputs to generate identity-based homomorphic authenticators, and any third-party auditor (TPA) can check the integrity of the outsourced file by verifying the validity of homomorphic authenticators. The distinguished feature of ID-P <inline-formula><tex-math notation="LaTeX">$^3$</tex-math></inline-formula> DP is to support the aggregation of identity-based homomorphic authenticators generated by different users under the RSA assumption, which is an open problem in provable data possession. Specifically, we transfer the identity-based homomorphic authenticators generated in distinct time periods into those with the same period parameter, and the cloud can compress the homomorphic authenticators of different users to generate a data possession proof for integrity verification. Besides, by exploiting zero-knowledge proof, the leakage of outsourced data to TPA can be prevented. The soundness of ID-P <inline-formula><tex-math notation="LaTeX">$^3$</tex-math></inline-formula> DP is proved based on the RSA assumption, and the privacy against TPA is perfectly preserved. Finally, we demonstrate ID-P <inline-formula><tex-math notation="LaTeX">$^3$</tex-math></inline-formula> DP is more efficient on integrity verification than the existing BLS-based schemes, and cross-user aggregate verification can significantly reduce computational and communication overhead for TPA.