Jianbing Ni

Remote data possession checking with enhanced security for cloud storage

Cloud storage allows users to enjoy the on-demand and high quality data storage services without the load of local data maintenance. However, the cloud server providers are not fully trusted. Whether the data over cloud servers are intact becomes a major concern of data owners. To offer cloud users with the capacity of data integrity verification, recently, Chen proposed a remote data possession checking (RDPC) protocol from algebraic signatures which achieves many desirable features such as high efficiency, short length of challenges and responses, non-block verification. Unfortunately, in this paper, we find that the protocol is vulnerable to replay attack and deletion attack launched by a dishonest server. Specifically, the server can deceive the users to believe that their data are well hold by replaying a previous evidence or re-constructing the deleted data blocks from the corresponding tags in the integrity checking process, while their data have been partially discarded in fact. Then, we present an improved scheme to fix the security flaws of the original protocol. Both the theoretical analysis and the implementation results show that the improvement is secure and practical. Analyze the security of a remote data possession checking protocol.Show the protocol is vulnerable to replay attack and deletion attack.Propose an improvement to resist the attacks.Prove the security of the improvement.Report the performance of the improvement by implementing it.

On the Security of an Efficient Dynamic Auditing Protocol in Cloud Storage

Using cloud storage, data owners can remotely store their data and enjoy the on-demand high quality cloud services without the burden of local data storage and maintenance. However, this new paradigm does trigger many security concerns. A major concern is how to ensure the integrity of the outsourced data. To address this issue, recently, a highly efficient dynamic auditing protocol (IEEE Transactions on Parallel and Distributed Systems, doi:10.1109/TPDS.2013.199) for cloud storage was proposed which enjoys many desirable features. Unfortunately, in this letter, we demonstrate that the protocol is insecure when an active adversary is involved in the cloud environment. We show that the adversary is able to arbitrarily modify the cloud data without being detected by the auditor in the auditing process. We also suggest a solution to fix the problem while preserving all the properties of the original protocol.

Improved security of a dynamic remote data possession checking protocol for cloud storage

Cloud storage offers the users with high quality and on-demand data storage services and frees them from the burden of maintenance. However, the cloud servers are not fully trusted. Whether the data stored on cloud are intact or not becomes a major concern of the users. Recently, Chen et al. proposed a remote data possession checking protocol to address this issue. One distinctive feature of their protocol support data dynamics, meaning that users are allowed to modify, insert and delete their outsourced data without the need to re-run the whole protocol. Unfortunately, in this paper, we find that this protocol fails to achieve its purpose since it is vulnerable to forgery attack and replace attack launched by a malicious server. Specifically, we show how a malicious cloud server can deceive the user to believe that the entire file is well-maintained by using the meta-data related to the file alone, or with only part of the file and its meta-data. Then, we propose an improved protocol to fix the security flaws and formally proved that our proposal is secure under a well-known security model. In addition, our improvement keeps all the desirable features of the original protocol.

Cloud data integrity checking with an identity-based auditing mechanism from RSA

Cloud data auditing is extremely essential for securing cloud storage since it enables cloud users to verify the integrity of their outsourced data efficiently. The computation overheads on both the cloud server and the verifier can be significantly reduced by making use of data auditing because there is no necessity to retrieve the entire file but rather just use a spot checking technique. A number of cloud data auditing schemes have been proposed recently, but a majority of the proposals are based on Public Key Infrastructure (PKI). There are some drawbacks in these protocols: (1) It is mandatory to verify the validity of public key certificates before using any public key, which makes the verifier incur expensive computation cost. (2) Complex certificate management makes the whole protocol inefficient. To address the key management issues in cloud data auditing, in this paper, we propose ID-CDIC, an identity-based cloud data integrity checking protocol which can eliminate the complex certificate management in traditional cloud data integrity checking protocols. The proposed concrete construction from RSA signature can support variable-sized file blocks and public auditing. In addition, we provide a formal security model for ID-CDIC and prove the security of our construction under the RSA assumption with large public exponents in the random oracle model. We demonstrate the performance of our proposal by developing a prototype of the protocol. Implementation results show that the proposed ID-CDIC protocol is very practical and adoptable in real life. We formalize the security requirement for identity-based cloud data integrity auditing mechanism.We provide a concrete construction of identity-based cloud data integrity checking protocol.We prove that our construction is secure under the well-known RSA assumption.

Security and Privacy in Smart City Applications: Challenges and Solutions

With the flourishing and advancement of the IoT, the smart city has become an emerging paradigm, consisting of ubiquitous sensing, heterogeneous network infrastructure, and intelligent information processing and control systems. A smart city can monitor the physical world in real time, and provide intelligent services to both local residents and travelers in terms of transportation, healthcare, environment, entertainment, and energy. However, security and privacy concerns arise, since smart city applications not only collect a wide range of privacy-sensitive information from people and their social circles, but also control city facilities and influence people’s lives. In this article, we investigate security and privacy in smart city applications. Specifically, we first introduce promising smart city applications and architecture. Then we discuss several security and privacy challenges in these applications. Some research efforts are subsequently presented to address these security and privacy challenges for intelligent healthcare, transportation, and smart energy. Finally, we point out some open issues for future research.

Comments on a Public Auditing Mechanism for Shared Cloud Data Service

Recently, a public auditing protocol for shared data called Panda (IEEE Transactions on Services Computing, doi: 10.1109/TSC.2013.2295611) was proposed to ensure the correctness of the outsourced data. A distinctive feature of Panda is the support of data sharing and user revocation. Unfortunately, in this letter, we show that Panda is insecure in the sense that a cloud server can hide data loss without being detected. Specifically, we show that even some stored file blocks have been lost, the server is able to generate a valid proof by replacing a pair of lost data block and its signature with another block and signature pair. We also provide a solution to the problem while preserving all the desirable features of the original protocol.

Provable multiple replication data possession with full dynamics for secure cloud storage

Cloud storage has been gaining tremendous popularity among individuals and corporations because of its low maintenance cost and on‐demand services for the clients. To improve the availability and the reliability of critical data, storing multiple replicas on multiple servers is a commonly used strategy. Currently, several provable data possession (PDP) protocols for multiple replicas of dynamic data have been proposed to ensure the integrity of outsourced multi‐copy data, but the efficiency of these protocols on verifying multiple replicas one by one is not satisfactory. In this paper, we propose a provable multiple replication data possession protocol with full dynamics, named MR‐DPDP. In MR‐DPDP, we utilize a novel authenticated data structure called Merkle hash tree with rank to support both full dynamic data updates and efficient integrity verification. In addition, our construction with RSA signature can support both variable‐sized file blocks and public verification. Through security proof and performance evaluation, we demonstrate that MR‐DPDP not only is sound but also incurs less communication overhead when updating data blocks as well as verifying a proof of the integrity of multiple replicas. Copyright

Efficient public key encryption with revocable keyword search

Public key encryption with keyword search is a novel cryptographic primitive enabling one to search on the encrypted data directly. In the known schemes, once getting a trapdoor, the server can search associated data without any restrictions. However, in reality, it is sometimes essential to prevent the server from searching the data all the time because the server is not fully trusted. In this paper, we propose the notion of public key encryption with revocable keyword search to address the issue. We also develop a concrete construction by dividing the whole life of the system into distinct times to achieve our goals. The proposed scheme achieves the properties of the indistinguishability of ciphertexts against an adaptive chosen keywords attack security under the co-decisional bilinear Diffie-Hellman assumption in our security model. Compared with two somewhat schemes, ours offers much better performance in terms of computational cost. Copyright

Securing Fog Computing for Internet of Things Applications: Challenges and Solutions

Internet of Things (IoT) allows billions of physical objects to be connected to collect and exchange data for offering various applications, such as environmental monitoring, infrastructure management, and home automation. On the other hand, IoT has unsupported features (e.g., low latency, location awareness, and geographic distribution) that are critical for some IoT applications, including smart traffic lights, home energy management and augmented reality. To support these features, fog computing is integrated into IoT to extend computing, storage and networking resources to the network edge. Unfortunately, it is confronted with various security and privacy risks, which raise serious concerns towards users. In this survey, we review the architecture and features of fog computing and study critical roles of fog nodes, including real-time services, transient storage, data dissemination and decentralized computation. We also examine fog-assisted IoT applications based on different roles of fog nodes. Then, we present security and privacy threats towards IoT applications and discuss the security and privacy requirements in fog computing. Further, we demonstrate potential challenges to secure fog computing and review the state-of-the-art solutions used to address security and privacy issues in fog computing for IoT applications. Finally, by defining several open research issues, it is expected to draw more attention and efforts into this new architecture.

Fuzzy identity-based data integrity auditing for reliable cloud storage systems

Data integrity, a core security issue in reliable cloud storage, has received much attention. Data auditing protocols enable a verifier to efficiently check the integrity of the outsourced data without downloading the data. A key research challenge associated with existing designs of data auditing protocols is the complexity in key management. In this paper, we seek to address the complex key management challenge in cloud data integrity checking by introducing fuzzy identity-based auditing, the first in such an approach, to the best of our knowledge. More specifically, we present the primitive of fuzzy identity-based data auditing, where a users identity can be viewed as a set of descriptive attributes. We formalize the system model and the security model for this new primitive. We then present a concrete construction of fuzzy identity-based auditing protocol by utilizing biometrics as the fuzzy identity. The new protocol offers the property of error-tolerance, namely, it binds with private key to one identity which can be used to verify the correctness of a response generated with another identity, if and only if both identities are sufficiently close. We prove the security of our protocol based on the computational Diffie-Hellman assumption and the discrete logarithm assumption in the selective-ID security model. Finally, we develop a prototype implementation of the protocol which demonstrates the practicality of the proposal.