Verifiable Cloud Data Access: Design, Analysis, and Implementation

Abstract

In this article, we consider the following cloud storage security problem: A user outsources his/her data to a cloud and later frequently updates the data by adding new data items and deleting existing ones. When the user requests an existing data item from the cloud, the cloud may claim that there is no such data item. This could happen due to cloud management issues, hardware/software failures, hackers, or economic incentives, such as saving cloud’s operation costs. The ability to confirm the data existence/nonexistence when accessing a data item on the dynamic outsourced cloud storage is referred to as <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">dynamic verifiable data access</i> (DVDA). Existing cloud security research works, including encrypted search and proof of storage (i.e., proof of retrievability and proof of data possession), are not sufficient for addressing dynamic verifiable data access. In this article, we present a solution for the dynamic verifiable data access problem. In order to support data dynamics and verifiability, we enhance a hash authentication tree that is build on top of a hash table with a new semantics. With the enhanced hash authentication tree, the proposed protocol supports adding/deleting data in the outsourced storage while satisfying data access verifiability requirement simultaneously. Our open-source experimental evaluation shows that it only takes less than 0.1 ms to verify a data access on a dataset with 400 items using communication cost around 1.7 KB.