Privacy-Preserving Public Auditing Scheme for Data Confidentiality and Accountability in Cloud Storage
|
摘要
Cloud data confidentiality need to be audited for the data owner's concern. Confidentiality auditing is usually based on logging schemes, whereas cloud data dynamics and sharing group dynamics result in massive logs, which makes confidentiality auditing a formidable task for user with limited resources. So we propose a public auditing scheme for data confidentiality,in which user resorts to a Third-party auditor(TPA)for auditing. Our scheme design a special log called attestation in which hash user pseudonym is used to preserve user privacy. Attestation-based data access identifying is presented in our scheme which brings no new vulnerabilities toward data confidentiality and no extra online burden for user. We further support accountability of responsible user for data leakage based on user pseudonym. Extensive security and performance analysis compare our scheme with existing auditing schemes.Results indicate that the proposed scheme is provably secure and highly efficient.
Cloud data confidentiality need to be audited for the data owner's concern. Confidentiality auditing is usually based on logging schemes, whereas cloud data dynamics and sharing group dynamics result in massive logs, which makes confidentiality auditing a formidable task for user with limited resources. So we propose a public auditing scheme for data confidentiality,in which user resorts to a Third-party auditor(TPA)for auditing. Our scheme design a special log called attestation in which hash user pseudonym is used to preserve user privacy. Attestation-based data access identifying is presented in our scheme which brings no new vulnerabilities toward data confidentiality and no extra online burden for user. We further support accountability of responsible user for data leakage based on user pseudonym. Extensive security and performance analysis compare our scheme with existing auditing schemes.Results indicate that the proposed scheme is provably secure and highly efficient.
Cloud data confidentiality need to be audited for the data owner's concern. Confidentiality auditing is usually based on logging schemes, whereas cloud data dynamics and sharing group dynamics result in massive logs, which makes confidentiality auditing a formidable task for user with limited resources. So we propose a public auditing scheme for data confidentiality,in which user resorts to a Third-party auditor(TPA)for auditing. Our scheme design a special log called attestation in which hash user pseudonym is used to preserve user privacy. Attestation-based data access identifying is presented in our scheme which brings no new vulnerabilities toward data confidentiality and no extra online burden for user. We further support accountability of responsible user for data leakage based on user pseudonym. Extensive security and performance analysis compare our scheme with existing auditing schemes.Results indicate that the proposed scheme is provably secure and highly efficient.
引文
[1]Nour Zawawi,Mohamed Hamdy El-Eliemy,Rania El-Gohary,et al.,“Security issues on cloud data services”,Bio-inspiring Cyber Security and Cloud Services:Trends and Innovations,Springer,Berlin,Germany,pp.497-517,2014.
[2]Ryan K.L.Ko,“Data accountability in cloud systems”,Security,Privacy and Trust in Cloud Systems,Springer,Berlin,Germany,pp.211-238,2014.
[3]Matt Blaze,“A cryptographic file system for UNIX”,Proc.of the 1st ACM conference on Computer and communications security,Fairfax,Virginia,USA,pp.9-16,1993.
[4]Shucheng Yu,Cong Wang,Kui Ren,et al.,“Achieving secure,scalable,and fine-grained data access control in cloud computing”,Proc.of the 29th Conference on Information Communications,San Diego,California,USA,pp.534-542,2010.
[5]Tu Shanshan and Huang Yongfeng,“Towards efficient and secure access control system for mobile cloud computing”,China Communications,Vol.12,No.12,pp.43-52,2015.
[6]S.Z.Niu,S.S.Shan and Y.F.Huang,“An effective and secure access control system scheme in the cloud”,Chinese Journal of Electronics,Vol.24,No.3,pp.524-528,2015.
[7]Siani Pearson,Vasilis Tountopoulos,Daniele Catteddu,et al.,“Accountability for cloud and other future internet services”,Proc.of the 4th IEEE International Conference on Cloud Computing Technology and Science,Taipei,China,pp.629-632,2012.
[8]Hui Tian,Yuxiang Chen,Chin-Chen Chang,et al.,“Dynamichash-table based public auditing for secure cloud storage”,IEEE Transactions on Services Computing,Vol.10,No.5,pp.701-714,2015.
[9]Ryan K.L.Ko,Peter Jagadpramana,Miranda Mowbray,et al.,“Trustcloud:A framework for accountability and trust in cloud computing”,Proc.of the 7th IEEE World Congress on Services,Washington,DC,USA,pp.584-588,2011.
[10]Ryan K.L.Ko,Markus Kirchberg and Bu Sung Lee,“From system-centric to data-centric logging-accountability,trust&security in cloud computing”,Proc.of the 2011 Defense Science Research Conference and Expo,Singapore,pp.1-4,2011.
[11]Smitha Sundareswaran,Anna Squicciarini,Dan Lin,et al.,“Promoting distributed accountability in the cloud”,Proc.of the 4th IEEE International Conference on Cloud Computing,Washington,DC,USA,pp.113-120,2011.
[12]Smitha Sundareswaran,Anna Squicciarini and Dan Lin,“Ensuring distributed accountability for data sharing in the cloud”,IEEE Transactions on Dependable and Secure Computing,Vol.9,No.4,pp.556-568,2012.
[13]Yu Shyang Tan,Ryan K.L.Ko and Peter Jagadpramana,“Tracking of data leaving the cloud”,Proc.of the 11th IEEEInternational Conference on Trust,Security and Privacy in Computing and Communications,Liverpool,UK,pp.137-144,2012.
[14]Jinyuan Li,Maxwell N.Krohn,David Mazieres,et al.,“Secure untrusted data repository(SUNDR)”,Proc.of the 6th Symposium on Operating Systems Design and Implementation,San Francisco,California,USA,pp.121-136,2004.
[15]Wassim Itani,Ayman Kayssi and Ali Chehab,“Privacy as a service:Privacy-Aware data storage and processing in cloud computing architectures”,Proc.of the 8th IEEEInternational Conference on Dependable,Autonomic and Secure Computing,Chengdu,China,pp.711-716,2009.
[16]Raluca Ada Popa,Jacob R.Lorch,David Molnar,et al.,“Enabling security in cloud storage SLAs with cloudproof”,Proc.of the 2011 USENIX Annual Technical Conference,Portland,Oregon,USA,pp.355-368,2011.
[17]Gwan-Hwan Hwang,Jenn-Zjone Peng and Wei-Sian Huang,“A mutual nonrepudiation protocol for cloud storage with interchangeable accesses of a single account from multiple devices”,Proc.of the 12th IEEE International Conference on Trust,Security and Privacy in Computing and Communications,Melbourne,Australia,pp.439-446,2013.
[18]Jin Li,Gansen Zhao,Xiaofeng Chen,et al.,“Fine-grained data access control systems with user accountability in cloud computing”,Proc.of the 2nd IEEE International Conference on Cloud Computing Technology and Science,Indianapolis,Indiana,USA,pp.89-96,2010.
[19]Boyang Wang,Hui Li and Ming Li,“Privacy-preserving public auditing for shared cloud data supporting group dynamics”,Proc.of the 2013 IEEE International Conference on Communications,Budapest,Hungary,pp.1946-1950,2013.
[20]Zhen Yang,Wenyu Wang and Yongfeng Huang,“Ensuring reliable logging for data accountability in untrusted cloud storage”,Proc.of the 2017 IEEE International Conference on Communications,Paris,France,pp.1966-1971,2017.
[21]Hui Tian,Zhaoyi Chen,Chin-Chen Chang,et al.,“Enabling public auditability for operation behaviors in cloud storage”,Soft Computing,Vol.21,No.8,pp.2175-2187,2017.
[22]Pierre Karpman,Thomas Peyrin and Marc Stevens,“Practical free-start collision attacks on 76-step SHA-1”,Proc.of the35th Annual Cryptology Conference,Part I,Santa Barbara,California,USA,pp.623-642,2015.
[2]Ryan K.L.Ko,“Data accountability in cloud systems”,Security,Privacy and Trust in Cloud Systems,Springer,Berlin,Germany,pp.211-238,2014.
[3]Matt Blaze,“A cryptographic file system for UNIX”,Proc.of the 1st ACM conference on Computer and communications security,Fairfax,Virginia,USA,pp.9-16,1993.
[4]Shucheng Yu,Cong Wang,Kui Ren,et al.,“Achieving secure,scalable,and fine-grained data access control in cloud computing”,Proc.of the 29th Conference on Information Communications,San Diego,California,USA,pp.534-542,2010.
[5]Tu Shanshan and Huang Yongfeng,“Towards efficient and secure access control system for mobile cloud computing”,China Communications,Vol.12,No.12,pp.43-52,2015.
[6]S.Z.Niu,S.S.Shan and Y.F.Huang,“An effective and secure access control system scheme in the cloud”,Chinese Journal of Electronics,Vol.24,No.3,pp.524-528,2015.
[7]Siani Pearson,Vasilis Tountopoulos,Daniele Catteddu,et al.,“Accountability for cloud and other future internet services”,Proc.of the 4th IEEE International Conference on Cloud Computing Technology and Science,Taipei,China,pp.629-632,2012.
[8]Hui Tian,Yuxiang Chen,Chin-Chen Chang,et al.,“Dynamichash-table based public auditing for secure cloud storage”,IEEE Transactions on Services Computing,Vol.10,No.5,pp.701-714,2015.
[9]Ryan K.L.Ko,Peter Jagadpramana,Miranda Mowbray,et al.,“Trustcloud:A framework for accountability and trust in cloud computing”,Proc.of the 7th IEEE World Congress on Services,Washington,DC,USA,pp.584-588,2011.
[10]Ryan K.L.Ko,Markus Kirchberg and Bu Sung Lee,“From system-centric to data-centric logging-accountability,trust&security in cloud computing”,Proc.of the 2011 Defense Science Research Conference and Expo,Singapore,pp.1-4,2011.
[11]Smitha Sundareswaran,Anna Squicciarini,Dan Lin,et al.,“Promoting distributed accountability in the cloud”,Proc.of the 4th IEEE International Conference on Cloud Computing,Washington,DC,USA,pp.113-120,2011.
[12]Smitha Sundareswaran,Anna Squicciarini and Dan Lin,“Ensuring distributed accountability for data sharing in the cloud”,IEEE Transactions on Dependable and Secure Computing,Vol.9,No.4,pp.556-568,2012.
[13]Yu Shyang Tan,Ryan K.L.Ko and Peter Jagadpramana,“Tracking of data leaving the cloud”,Proc.of the 11th IEEEInternational Conference on Trust,Security and Privacy in Computing and Communications,Liverpool,UK,pp.137-144,2012.
[14]Jinyuan Li,Maxwell N.Krohn,David Mazieres,et al.,“Secure untrusted data repository(SUNDR)”,Proc.of the 6th Symposium on Operating Systems Design and Implementation,San Francisco,California,USA,pp.121-136,2004.
[15]Wassim Itani,Ayman Kayssi and Ali Chehab,“Privacy as a service:Privacy-Aware data storage and processing in cloud computing architectures”,Proc.of the 8th IEEEInternational Conference on Dependable,Autonomic and Secure Computing,Chengdu,China,pp.711-716,2009.
[16]Raluca Ada Popa,Jacob R.Lorch,David Molnar,et al.,“Enabling security in cloud storage SLAs with cloudproof”,Proc.of the 2011 USENIX Annual Technical Conference,Portland,Oregon,USA,pp.355-368,2011.
[17]Gwan-Hwan Hwang,Jenn-Zjone Peng and Wei-Sian Huang,“A mutual nonrepudiation protocol for cloud storage with interchangeable accesses of a single account from multiple devices”,Proc.of the 12th IEEE International Conference on Trust,Security and Privacy in Computing and Communications,Melbourne,Australia,pp.439-446,2013.
[18]Jin Li,Gansen Zhao,Xiaofeng Chen,et al.,“Fine-grained data access control systems with user accountability in cloud computing”,Proc.of the 2nd IEEE International Conference on Cloud Computing Technology and Science,Indianapolis,Indiana,USA,pp.89-96,2010.
[19]Boyang Wang,Hui Li and Ming Li,“Privacy-preserving public auditing for shared cloud data supporting group dynamics”,Proc.of the 2013 IEEE International Conference on Communications,Budapest,Hungary,pp.1946-1950,2013.
[20]Zhen Yang,Wenyu Wang and Yongfeng Huang,“Ensuring reliable logging for data accountability in untrusted cloud storage”,Proc.of the 2017 IEEE International Conference on Communications,Paris,France,pp.1966-1971,2017.
[21]Hui Tian,Zhaoyi Chen,Chin-Chen Chang,et al.,“Enabling public auditability for operation behaviors in cloud storage”,Soft Computing,Vol.21,No.8,pp.2175-2187,2017.
[22]Pierre Karpman,Thomas Peyrin and Marc Stevens,“Practical free-start collision attacks on 76-step SHA-1”,Proc.of the35th Annual Cryptology Conference,Part I,Santa Barbara,California,USA,pp.623-642,2015.