Abstract
With the widespread application of cloud storage, users could obtain many conveniences such as low-price data remote storage and flexible data sharing. Considering cloud service provider (CSP) is not full-trusted, lots of cloud auditing schemes are proposed to ensure the shared data security and integrity. However, existing cloud auditing schemes have some security risks, such as user identity disclosure, denial of service attack and single-manager abuse of power. To solve the above issues, we use certificateless signature technology to construct a privacy-preserving cloud auditing scheme for multiple users with authorization and traceability in this paper. Unlike the traditional schemes, our scheme realizes user identity anonymity without group signature and ring signature techniques, which guarantees the tag is compact. Meanwhile, our scheme supports that at least d managers could trace the identity of malicious user collaboratively, which avoids the abuse of single-manager power and provides non-frameability. Furthermore, we introduce an identity authentication process between the third-party auditor (TPA) and the CSP to prevent the denial of service attack. That is, our scheme could solve the problem that anyone can challenge the CSP for the proofs, which averts network congestion and waste of cloud resources. In terms of function, the proposed scheme also supports efficient user revocation from a group. Certificateless cryptography ensures that our scheme does not involve certificate management burden and the key escrow problem. The security analysis shows that our scheme is provably secure against two types of adversaries in the environment of certificateless cryptography. The performance analysis demonstrates that our scheme is efficient
Highlights
With the rapid development of computer technology, people need to process and store a lot of data every day
We consider it is significant to design a cloud auditing scheme that can support privacy-preserving of users, identity trace of the malicious user, identity authorization and efficient user revocation under the certificateless cryptography at the same time
(1) We propose a cloud auditing scheme with group users based on certificateless cryptography to avoid the certificate management issues of traditional public key cryptography (TPKC) and key escrow issues of ID-PKC
Summary
With the rapid development of computer technology, people need to process and store a lot of data every day. We consider it is significant to design a cloud auditing scheme that can support privacy-preserving of users, identity trace of the malicious user, identity authorization and efficient user revocation under the certificateless cryptography at the same time. Li et al [32] presented a privacy-preserving cloud auditing scheme with attribute-based encryption, which cannot support the revocation of group users. In 2018, Li et al [36] designed a certificateless public auditing scheme for cloud data, which can support efficient user revocation It does not realize the functions of identity traceability and privacy-preserving. (1) We propose a cloud auditing scheme with group users based on certificateless cryptography to avoid the certificate management issues of TPKC and key escrow issues of ID-PKC. The analysis and experiments demonstrate that the proposed scheme is more efficient than other similar schemes
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
