Identity-based public auditing for cloud storage systems against malicious auditors via blockchain

Abstract

Cloud storage systems provide users with convenient data storage services, which allow users to access and update outsourced data remotely. However, these cloud storage services do not guarantee the integrity of the data that users store in the cloud. Thus, public auditing is necessary, in which a third-party auditor (TPA) is delegated to audit the integrity of the outsourced data. This system allows users to enjoy on-demand cloud storage services without the burden of continually auditing their data integrity. However, certain TPAs might deviate from the public auditing protocol and/or collude with the cloud servers. In this article, we propose an identity-based public auditing (IBPA) scheme for cloud storage systems. In IBPA, the nonces in a blockchain are employed to construct unpredictable and easily verified challenge messages, thereby preventing the forging of auditing results by malicious TPAs to deceive users. Users need only to verify the TPAs auditing results in batches to ensure the integrity of their data that are stored in the cloud. A detailed security analysis shows that IBPA can preserve data integrity against various attacks. In addition, a comprehensive performance evaluation demonstrates that IBPA is feasible and efficient.