TY - JOUR
T1 - Efficient audit service outsourcing for data integrity in clouds
AU - Zhu, Yan
AU - Hu, Hongxin
AU - Ahn, Gail-Joon
AU - Yau, Sik-Sang
N1 - Funding Information:
Gail-Joon Ahn received the Ph.D. degree in information technology from George Mason University, Fairfax, VA, in 2000. He was an Associate Professor at the College of Computing and Informatics, and the Founding Director of the Center for Digital Identity and Cyber Defense Research and Laboratory of Information Integration, Security, and Privacy, University of North Carolina, Charlotte. He is currently an Associate Professor in the School of Computing, Informatics, and Decision Systems Engineering, Ira A. Fulton School of Engineering and the Director of Security Engineering for Future Computing Laboratory, Arizona State University, Tempe. His research interests include information and systems security, vulnerability and risk management, access control, and security architecture for distributed systems, which has been supported by the U.S. National Science Foundation, National Security Agency, U.S. Department of Defense, U.S. Department of Energy, Bank of America, Hewlett Packard, Microsoft, and Robert Wood Johnson Foundation. Dr. Ahn is a recipient of the U.S. Department of Energy CAREER Award and the Educator of the Year Award from the Federal Information Systems Security Educators Association.
Funding Information:
We thank the anonymous reviewers for their useful comments on this paper. The work of Yan Zhu was supported by the National Natural Science Foundation of China (Project No. 61170264 and No. 10990011). Gail-Joon Ahn and Hongxin Hu were partially supported by the Grants from US National Science Foundation ( NSF-IIS-0900970 and NSF-CNS-0831360 ) and Department of Energy ( DE-SC0004308 ). This work of Stephen S. Yau was partially supported by the Grants from US National Science Foundation ( NSF-CCF-0725340 ).
PY - 2012/5
Y1 - 2012/5
N2 - Cloud-based outsourced storage relieves the client's burden for storage management and maintenance by providing a comparably low-cost, scalable, location-independent platform. However, the fact that clients no longer have physical possession of data indicates that they are facing a potentially formidable risk for missing or corrupted data. To avoid the security risks, audit services are critical to ensure the integrity and availability of outsourced data and to achieve digital forensics and credibility on cloud computing. Provable data possession (PDP), which is a cryptographic technique for verifying the integrity of data without retrieving it at an untrusted server, can be used to realize audit services. In this paper, profiting from the interactive zero-knowledge proof system, we address the construction of an interactive PDP protocol to prevent the fraudulence of prover (soundness property) and the leakage of verified data (zero-knowledge property). We prove that our construction holds these properties based on the computation Diffie-Hellman assumption and the rewindable black-box knowledge extractor. We also propose an efficient mechanism with respect to probabilistic queries and periodic verification to reduce the audit costs per verification and implement abnormal detection timely. In addition, we present an efficient method for selecting an optimal parameter value to minimize computational overheads of cloud audit services. Our experimental results demonstrate the effectiveness of our approach.
AB - Cloud-based outsourced storage relieves the client's burden for storage management and maintenance by providing a comparably low-cost, scalable, location-independent platform. However, the fact that clients no longer have physical possession of data indicates that they are facing a potentially formidable risk for missing or corrupted data. To avoid the security risks, audit services are critical to ensure the integrity and availability of outsourced data and to achieve digital forensics and credibility on cloud computing. Provable data possession (PDP), which is a cryptographic technique for verifying the integrity of data without retrieving it at an untrusted server, can be used to realize audit services. In this paper, profiting from the interactive zero-knowledge proof system, we address the construction of an interactive PDP protocol to prevent the fraudulence of prover (soundness property) and the leakage of verified data (zero-knowledge property). We prove that our construction holds these properties based on the computation Diffie-Hellman assumption and the rewindable black-box knowledge extractor. We also propose an efficient mechanism with respect to probabilistic queries and periodic verification to reduce the audit costs per verification and implement abnormal detection timely. In addition, we present an efficient method for selecting an optimal parameter value to minimize computational overheads of cloud audit services. Our experimental results demonstrate the effectiveness of our approach.
KW - Audit service
KW - Cloud storage
KW - Interactive proof system
KW - Provable data possession
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=84863498079&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84863498079&partnerID=8YFLogxK
U2 - 10.1016/j.jss.2011.12.024
DO - 10.1016/j.jss.2011.12.024
M3 - Article
AN - SCOPUS:84863498079
VL - 85
SP - 1083
EP - 1095
JO - Journal of Systems and Software
JF - Journal of Systems and Software
SN - 0164-1212
IS - 5
ER -