Non-repudiable Query Answer Authentication Scheme over Anonymous Cloud Data

Abstract

In cloud data services, data owners (DO) publish data through cloud servers (CS) so that clients can access and query the data more efficiently. However, cloud service providers (CSP) are often untrustworthy, query answer authentication becomes essential for cloud service systems. Existing solutions mostly provide DO's signature for published data. But the signature always reveals DO's identity. In addition, current efforts do not take into consideration the non-repudiation service between CSP and clients. To this end, this paper proposes a non-repudiable query authentication scheme, by utilizing the ring signature, Merkle hash tree (MHT) and non-repudiable query authentication scheme. Without revealing DO's identity, the proposed scheme still can verify the trustiness, authenticity and completeness of query results. Firstly, it picks up the internal nodes of MHT to sign, as well as the root node. Thus, the verification computation complexity is significantly reduced from O(log2N) to O(log2N0.5) at most. Then it adapts the newest existing ring signature to sign the selected nodes' digest. Furthermore, we employ the non-repudiation protocol during the interaction between CSP and client. Theoretical analysis proves the feasibility and security of the proposed scheme. Extensive experimental results demonstrate its superiority of verifying efficiency and communication cost.