Data Integrity Auditing Research Articles

Certificateless integrity auditing scheme for sensitive information protection in cloud storage

Data integrity auditing provides a method for checking the integrity of outsourced data in cloud storage. However, outsourced data often contain sensitive information (such as names), posing risks of exposure during data sharing. To address this issue, Ming et al. proposed a certificateless integrity auditing scheme for sensitive information protection, claiming its security. However, by demonstrating two specific attack scenarios, we pointed out its security vulnerabilities. Subsequently, we proposed a new certificateless integrity auditing scheme for sensitive information protection in cloud storage (CIAS-SIP), which supports sensitive information protection and does not specify the data blocks that need sanitization by the data owner (DO). In addition, it supports dynamic operations by the DO on outsourced data (insertion, deletion, and modification) and provides security proofs based on the discrete logarithm problem. Finally, we compared CIAS-SIP’s performance with three other integrity auditing schemes for sensitive information protection. The results show that CIAS-SIP exhibits superior efficiency.

Blockchain-Based Shared Data Integrity Auditing and Deduplication

Blockchain-Based Shared Data Integrity Auditing and Deduplication

BO-LCNN: butterfly optimization based lightweight convolutional neural network for remote data integrity auditing and data sanitizing model

BO-LCNN: butterfly optimization based lightweight convolutional neural network for remote data integrity auditing and data sanitizing model

NSPFL: A Novel Secure and Privacy-Preserving Federated Learning With Data Integrity Auditing

NSPFL: A Novel Secure and Privacy-Preserving Federated Learning With Data Integrity Auditing

Improved data integrity audit scheme based on certificateless public key cryptography and its application in COVID-19 epidemic data management

Improved data integrity audit scheme based on certificateless public key cryptography and its application in COVID-19 epidemic data management

Secure distributed data integrity auditing with high efficiency in 5G-enabled software-defined edge computing

In edge computing, the idle resources of the devices in the network can be virtualized into a platform that provides clients with storage resource and computing capability. Note that the service response of edge computing is faster than that of cloud computing. The service provision speed and the distributed resources utilization rate of edge computing will be further improved when integrated with 5G and software definition paradigm in the design of the network system. However, the issues of data storage security and edge devices’ trustworthiness seriously restrict the development of edge computing. To enhance the security of the data storage in edge computing, a secure distributed data integrity auditing is proposed. The proposed auditing scheme in this paper can be used to guarantee the correctness and the completeness of the stored data in 5G-enabled software-defined edge computing. The auditing results of the distributed data in the proposed scheme can be used as an important basis for evaluating the trustworthiness of the edge devices. Due to the utilization of certificateless cryptography in the design of the proposed scheme, the computational cost of the terminal side can be highly reduced. Security analysis of the proposed scheme demonstrates that the properties of key exposure resistance and privacy-preserving are provided in data auditing. Simulation results of the time cost of the server side and the terminal side show that the proposed scheme is highly efficient compared to previous schemes.

Efficient Blockchain-Based Data Integrity Auditing for Multi-Copy in Decentralized Storage

Efficient Blockchain-Based Data Integrity Auditing for Multi-Copy in Decentralized Storage

Efficient Identity-Based Data Integrity Auditing With Key-Exposure Resistance for Cloud Storage

The key exposure is a serious threat for the security of data integrity auditing. Once the user's private key for auditing is exposed, most of the existing data integrity auditing schemes would inevitably become unable to work. To deal with this problem, we construct a novel and efficient identity-based data integrity auditing scheme with key-exposure resilience for cloud storage. This is achieved by designing a novel key update technique, which is fully compatible with BLS signature used in identity-based data integrity auditing. In our design, the Third Party Auditor (TPA) is responsible for generating update information. The user can update his private key based on the private key in one previous time period and the update information from the TPA. Furthermore, the proposed scheme supports real lazy update, which greatly improves the efficiency and the feasibility of key update. Meanwhile, the proposed scheme relies on identity-based cryptography, which makes certificate management easy. The security proof and the performance analysis demonstrate that the proposed scheme achieves desirable security and efficiency.

DBT-PDP: Provable data possession with outsourced data batch transfer based on blockchain

In the scenario of large-scale data ownership transactions, existing data integrity auditing schemes are faced with security risks from malicious third-party auditors and are inefficient in both calculation and communication, which greatly affects their practicability. This paper proposes a data integrity audit scheme based on blockchain where data ownership can be traded in batches. A data tag structure which supports data ownership batch transaction is adopted in our scheme. The update process of data tag does not involve the unique information of each data, so that any user can complete ownership transactions of multiple data in a single transaction through a single transaction auxiliary information. At the same time, smart contract is introduced into our scheme to perform data integrity audit belongs to third-party auditors, therefore our scheme can free from potential security risks of malicious third-party auditors. Safety analysis shows that our scheme is proved to be safe under the stochastic prediction model and k-CEIDH hypothesis. Compared with similar schemes, the experiment shows that communication overhead and computing time of data ownership transaction in our scheme is lower. Meanwhile, the communication overhead and computing time of our scheme is similar to that of similar schemes in data integrity audit.

Similarity-based deduplication and secure auditing in IoT decentralized storage

Data storage is becoming more difficult due to the network technology’s rapid development, especially with the significant advancement in Internet of Things (IoT). To solve this problem, various cloud storage-based deduplication schemes have been extensively studied to alleviate the storage burden of local IoT devices. However, recent evidence has revealed the deficiencies of these centralized data management schemes related to poor adaptability and lack of resistance to the single point of failure. Most existing deduplication approaches only perform deduplication on the same data, lacking consideration of the IoT data similarity characteristics. Also, these approaches keep only one copy of all data stored on the cloud server, making them valid only if the cloud storage provider is fully trustable, and the applicability of the solution is significantly reduced. What is important, outsourcing storage takes away control of data from their owners, security audits thus should also be considered in secure data storage research. To tackle these issues, we propose a similarity-based deduplication and secure auditing in the IoT decentralized storage scheme. Specifically, our scheme utilizes a novel similarity-based deduplication method based on the multi-server storage model to achieve efficient space saving while protecting data security. Furthermore, the proposed scheme ensures the integrity and availability of data by introducing similarity-based proofs of data ownership and similarity-based data integrity auditing. On this basis, our scheme further adopts a similarity-based secure auditing mechanism to achieve decentralized public auditing without the third-party auditor, in which the audit results of outsourced data are shared on blockchain to avoid repetitive audit tasks. We verify the correctness and effectiveness of our proposed scheme through rigorous theoretical analysis and extensive experimental results.

Blockchain-based auditing with data self-repair: From centralized system to distributed storage

Cloud storage provides data owners with massive storage and computing resources. To release from heavy data management and maintenance, more and more data owners are willing to outsource data to cloud. However, the data stored in cloud are out of the control of data owners, and may be corrupted and unretrievable. To solve the above problem, this paper proposes a decentralized auditing scheme BVA for the single cloud storage server, and an extended batch auditing scheme E-BVA for distributed storage. Firstly, BVA and E-BVA utilize vector commitment technology to realize lightweight data integrity auditing for outsourced data. Secondly, to avoid privacy and performance risks caused by the third party auditor, both BVA and E-BVA employ a smart contract on the blockchain as an auditor to perform data integrity auditing. Thirdly, both schemes support the verifiability between outsourced data and their corresponding authenticators, which prevents malicious data owners framing cloud storage servers and avoid subsequent dispute arbitration. Finally, based on regenerating code, E-BVA supports data self-repair of corrupted servers, while protecting the privacy of outsourced data and realizing the lightweight computation. The security and performance analyses demonstrate the security and efficiency of BVA and E-BVA.

CIA: A Collaborative Integrity Auditing Scheme for Cloud Data With Multi-Replica on Multi-Cloud Storage Providers

The emergence of cloud storage has solved many pain points of the traditional storage model. However, the issue of cloud storage data integrity - whether the cloud storage provider has kept the data intact - has raised concerns about cloud storage. Integrity auditing of cloud storage data allows users to know the integrity of the outsourced data without downloading it in its entirety. However it is not enough to know its integrity. Multi-replicas, as a common means of redundancy, improves the reliability of cloud storage data. And storing multi-replicas on multi-cloud storage providers (CSPs) enhances this feature. In a multi-replica multi-CSPs scenario, if the independence of CSPs is given full play and auditing is performed among CSPs, not only the introduction of third party auditor (TPA) can be eliminated, but also the tag generation, which is a huge computational overhead, can be removed. Inspired by this, in this paper we propose a new model for remote data integrity auditing: CIA (Collaborative Integrity Auditing). In addition to the reduction in computational overhead, the proposed scheme provides unprecedented support for free data blocking. The proposed scheme employs only hash functions in the calculation, which has a negligible computational overhead compared to the traditional bilinear pairing-based schemes. Theoretical analysis and experimental results show that the proposed scheme provides high efficiency and flexibility with security assurance, and can be used as a lightweight alternative to traditional remote data integrity auditing schemes in multi-replica multi-CSP scenarios.

Data Integrity Audit Scheme Based on Quad Merkle Tree and Blockchain

Cloud storage is an essential method for data storage. Verifying the integrity of data in the cloud is critical for the client. Traditional cloud storage approaches rely on third-party auditors (TPAs) to accomplish auditing tasks. However, third-party auditors are often not trusted. To eliminate over-reliance on third-party auditors, this paper designs a blockchain-based auditing scheme that uses blockchain instead of third-party auditors to ensure the reliability of data auditing. Meanwhile, our scheme is based on the audit method of the quad Merkle hash tree, using the root of the quad Merkle hash tree to verify the integrity of data, which significantly improves computing and storage efficiency. Automated verification of auditing activities by deploying smart contracts on the blockchain allows us to have a more up-to-date picture of data integrity. The performance of the scheme is evaluated through security analysis and experiments, which prove that the proposed scheme is secure and effective.

Certificateless Data Integrity Auditing in Cloud Storage with a Designated Verifier and User Privacy Preservation

With the rapid development of science and technology, enterprises will provide their customers with cloud data storage services. These massive amounts of data bring huge management costs to enterprises. Therefore, enterprises choose to store their data in professional cloud service providers and have third-party auditors check the integrity of cloud data to ensure security. Although the appearance of auditors reduces the enormous calculation pressure on enterprises, if the number of auditors is not limited, it will also bring an expensive management burden to enterprises. At the same time, in the process of performing data integrity auditing on behalf of the enterprise, auditors may be interested in some sensitive information of the enterprise’s customers (such as customer’s identity and specific content of customer data). Therefore, this paper proposes a remote data integrity auditing scheme based on designated verifiers. An essential feature of the scheme is that the auditor cannot obtain any customer’s identity information and data in the process of auditing; data integrity, the anonymity of the user’s identity, and data privacy are maintained in the process of auditing. Both theoretical analysis and experimental results show that our scheme is efficient and feasible.

Certificateless Remote Data Integrity Auditing with Access Control of Sensitive Information in Cloud Storage

With the spread of cloud storage technology, checking the integrity of data stored in the cloud effectively is increasingly becoming a concern. Following the introduction of the first remote data integrity audit schemes, different audit schemes with various characteristics have been proposed. However, most of the existing solutions have problems such as additional storage overhead and additional certificate burden. This paper proposes a certificateless remote data integrity auditing scheme which takes into account the storage burden and data privacy issues while ensuring the correctness of the data audit results. In addition, the certificateless design concept enables the scheme proposed in this paper to avoid a series of burdens brought by certificates. The scheme designed in this paper provides a data access control function whereby only users who hold a valid token generated by the data owner can access the target data from the cloud. Finally, this paper provides a detailed security proof to ensure the rationality of the results. A theoretical analysis and subsequent experimental verification show that the proposed scheme is both effective and feasible.

Improved Efficient Privacy-Preserving Certificateless Provable Data Possession Scheme for Cloud Storage

Cloud storage technology is evolving at a high speed; effectively auditing the cloud data’s integrity has become a focal point. Recently, Ming and Shi proposed a certificateless integrity auditing scheme with a privacy protection function. The scheme used the certificateless cryptosystem to solve the certificate management problem of the auditing schemes based on public key infrastructure and the key escrow problem of the identity-based auditing schemes. Although their scheme is novel and efficient, we found that their scheme was not secure and could not achieve integrity auditing of cloud data. The malicious cloud server can generate the proof through the blocks and tags sent by the user. On the basis of the original scheme, we propose an improved auditing scheme; our new scheme is more secure and effective. In addition, for the problem of idle tags in the existing cloud data integrity auditing scheme, we propose the idea of intermediate tags and we applied the idea to the improved scheme to improve audit efficiency.

Efficient certificateless public integrity auditing of cloud data with designated verifier for batch audit

In the cloud storage environment, scholars have proposed data integrity auditing schemes to ensure the integrity of data in the cloud. In some scenarios, users may need to designate an auditor to perform auditing tasks, however, most existing cloud auditing schemes are not applicable. A small number of cloud auditing schemes with designated verifiers use PKI cryptography and identity-based cryptography, which has complex certificate management and key escrow problems. Therefore, based on the certificateless signature algorithm of the specified verifier, we construct an efficient certificateless provable data possession mechanism in the cloud with a designated verifier called CL-DV-PDP. Based on of meeting the above user’s requirement, our scheme can also perform a batch audit of multi-user data at the same time. We use a dynamic hash table to dynamically update the cloud data and the scheme also supports privacy protection. We define the security model of the scheme in detail, and the security of the scheme is proved based on the CDH assumption under the random oracle model. In the efficiency analysis section, we compare the functions and computational costs of our scheme with the relevant references, the result shows that the functions of the scheme are comprehensive and our scheme is efficient.

Ldasip: A Lightweight Dynamic Audit Approach for Sensitive Information Protection in Cloud Storage

How to audit the integrity of data stored on the cloud with incomplete trust is an important problem that restricts the development of cloud storage. Although there are several data integrity audit schemes in cloud storage, the increased need to protect sensitive information and support large-scale data storage and dynamic update will result in a significant increase in audit cost, which seriously affects the efficiency of existing cloud audit systems. To solve this problem, we propose Ldasip, a lightweight dynamic auditing method that supports sensitive information protection in cloud storage. Exploiting identity-based data integrity audit, a data masking technology is introduced into to protect user’s sensitive information. At the same time, an improved multibranch tree structure is proposed to realize dynamic audit and reduce communication overhead in the verification process. Theoretical analysis and comprehensive experiments have been conducted, which demonstrate the effectiveness of Ldasip. The results show that Ldasip can ensure the correctness of the audit, protect the sensitive information in the user's stored content, and support the dynamic update of data with less audit time and communication overhead.

Outsourced Data Integrity Checking with Practical Key Update in Edge-Cloud Resilient Networks

The edge-cloud continuum is an advanced paradigm for cloud computing, which brings data storage and compute power closer to users or devices, and as a result, eliminates lag time and saves bandwidth. However, this new paradigm is harsh for secure storage and computation due to the separation of data ownership and control. Data security, especially outsourced data integrity in the edge-cloud resilient network, becomes one of the most fundamental challenges. To check the outsourced data integrity and address the efficient key update issue in this scenario, in this article, we propose a framework of outsourced data integrity checking with a practical key update in the edge-cloud resilient network. We first review the existing outsourced data integrity checking algorithms and then put forward a potential solution to achieving outsourced data integrity checking with a practical key update, which is composed of three phases, namely key request and update, local data upload, and outsourced data integrity auditing. We implement a prototype system for our proposal as well, which demonstrates its practicality.

Provable Cloud Data Transfer with Efficient Integrity Auditing for Cloud Computing

Due to the promising market prospects, more and more enterprises invest cloud storage and offer on-demand data storage services, which are characterized by distinct quality; thus, users would dynamically change the cloud service providers and transfer their outsourced data. However, the original cloud server might not honestly transfer the outsourced data for saving overhead, and the outsourced data might be polluted during the transfer process. Therefore, how to achieve secure outsourced data transfer has become a primary concern of users. To solve this issue, we put forward a solution for the issue of provable cloud data transfer, which can also simultaneously realize efficient data integrity auditing. By taking the advantages of Merkle sum hash tree (MSHT), our presented scheme can satisfy verifiability without dependency on a third party auditor (TPA). Meanwhile, the formal security proof can demonstrate that our presented scheme meets all of the expected security requirements. Finally, we implement our presented scheme and offer the precise performance evaluation, which can intuitively show the high-efficiency and practicality of our presented scheme in the real-world applications.