Yong Yu

Identity-Based Remote Data Integrity Checking With Perfect Data Privacy Preserving for Cloud Storage

Remote data integrity checking (RDIC) enables a data storage server, say a cloud server, to prove to a verifier that it is actually storing a data owner’s data honestly. To date, a number of RDIC protocols have been proposed in the literature, but most of the constructions suffer from the issue of a complex key management, that is, they rely on the expensive public key infrastructure (PKI), which might hinder the deployment of RDIC in practice. In this paper, we propose a new construction of identity-based (ID-based) RDIC protocol by making use of key-homomorphic cryptographic primitive to reduce the system complexity and the cost for establishing and managing the public key authentication framework in PKI-based RDIC schemes. We formalize ID-based RDIC and its security model, including security against a malicious cloud server and zero knowledge privacy against a third party verifier. The proposed ID-based RDIC protocol leaks no information of the stored data to the verifier during the RDIC process. The new construction is proven secure against the malicious server in the generic group model and achieves zero knowledge privacy against a verifier. Extensive security analysis and implementation results demonstrate that the proposed protocol is provably secure and practical in the real-world applications.

Remote data possession checking with enhanced security for cloud storage

Cloud storage allows users to enjoy the on-demand and high quality data storage services without the load of local data maintenance. However, the cloud server providers are not fully trusted. Whether the data over cloud servers are intact becomes a major concern of data owners. To offer cloud users with the capacity of data integrity verification, recently, Chen proposed a remote data possession checking (RDPC) protocol from algebraic signatures which achieves many desirable features such as high efficiency, short length of challenges and responses, non-block verification. Unfortunately, in this paper, we find that the protocol is vulnerable to replay attack and deletion attack launched by a dishonest server. Specifically, the server can deceive the users to believe that their data are well hold by replaying a previous evidence or re-constructing the deleted data blocks from the corresponding tags in the integrity checking process, while their data have been partially discarded in fact. Then, we present an improved scheme to fix the security flaws of the original protocol. Both the theoretical analysis and the implementation results show that the improvement is secure and practical. Analyze the security of a remote data possession checking protocol.Show the protocol is vulnerable to replay attack and deletion attack.Propose an improvement to resist the attacks.Prove the security of the improvement.Report the performance of the improvement by implementing it.

Improved security of a dynamic remote data possession checking protocol for cloud storage

Cloud storage offers the users with high quality and on-demand data storage services and frees them from the burden of maintenance. However, the cloud servers are not fully trusted. Whether the data stored on cloud are intact or not becomes a major concern of the users. Recently, Chen et al. proposed a remote data possession checking protocol to address this issue. One distinctive feature of their protocol support data dynamics, meaning that users are allowed to modify, insert and delete their outsourced data without the need to re-run the whole protocol. Unfortunately, in this paper, we find that this protocol fails to achieve its purpose since it is vulnerable to forgery attack and replace attack launched by a malicious server. Specifically, we show how a malicious cloud server can deceive the user to believe that the entire file is well-maintained by using the meta-data related to the file alone, or with only part of the file and its meta-data. Then, we propose an improved protocol to fix the security flaws and formally proved that our proposal is secure under a well-known security model. In addition, our improvement keeps all the desirable features of the original protocol.

Provable multiple replication data possession with full dynamics for secure cloud storage

Cloud storage has been gaining tremendous popularity among individuals and corporations because of its low maintenance cost and on‐demand services for the clients. To improve the availability and the reliability of critical data, storing multiple replicas on multiple servers is a commonly used strategy. Currently, several provable data possession (PDP) protocols for multiple replicas of dynamic data have been proposed to ensure the integrity of outsourced multi‐copy data, but the efficiency of these protocols on verifying multiple replicas one by one is not satisfactory. In this paper, we propose a provable multiple replication data possession protocol with full dynamics, named MR‐DPDP. In MR‐DPDP, we utilize a novel authenticated data structure called Merkle hash tree with rank to support both full dynamic data updates and efficient integrity verification. In addition, our construction with RSA signature can support both variable‐sized file blocks and public verification. Through security proof and performance evaluation, we demonstrate that MR‐DPDP not only is sound but also incurs less communication overhead when updating data blocks as well as verifying a proof of the integrity of multiple replicas. Copyright

SDIVIP2: shared data integrity verification with identity privacy preserving in mobile clouds

Mobile networks integrate cloud computing to impair the weaknesses of the mobile terminals. With mobile cloud storage, mobile users can fully enjoy the advantages from both mobile networks and cloud storage. However, a major concern of mobile users is how to guarantee the integrity of their outsourced data. Taking into account the mobility of mobile devices, in this paper, we propose a shared data integrity verification protocol with identity privacy preserving, named SDIVIP2, for mobile cloud storage. In the construction of SDIVIP2, the dynamic group key agreement technique is employed for key sharing among a group of mobile users and the proxy re‐signature mechanism is utilized to update tags efficiently when users in the group change. In this new protocol, a third party auditor is able to verify the correctness of cloud data without the knowledge of mobile users identities during the data integrity checking process. Performance analysis demonstrates that SDIVIP2 outperforms the existing schemes in the sense that it can significantly enhance the efficiency of mobile users joining and leaving a group. Copyright

Efficient E-coupon systems with strong user privacy

We propose two novel e-coupon systems that can achieve the following new properties: (1) The coupon issuer (or service provider) can trace the identity of a dishonest user while the identity privacy (or anonymity) of a honest user is still well protected. (2) A honest user’s redemption privacy (i.e., the items chosen when redeeming an e-coupon) is well protected from the service provider. (3) If a dishonest user redeems an e-coupon for more than the pre-determined number of times, then the user will lose the redemption privacy (i.e., all the choices the user has made in the previous redemptions can be revealed). We first propose a novel blind signature scheme that we employ together with oblivious transfer to construct our first e-coupon system, which achieves the first two properties without the involvement of any trusted third party. Then we propose a novel oblivious transfer scheme and use it to construct the second e-coupon system that can achieve all the properties given above. We also define the formal security models for these new security requirements, and show that our new e-coupon systems are proven secure in the proposed models.

Cloud computing security and privacy: Standards and regulations

Abstract Cloud computing is a distributed computation model over a large pool of shared and virtualized computing resources, such as storage, processing power, applications and services. It has received considerable attention from the research communities and the industry due to its practicality This kind of new computing represents a vision of providing computing services as public utilities like water and electricity. Cloud computing provides a number of benefits, including reduced IT costs, flexibility, increased collaboration, etc. However, the advent of cloud computing has posed a variety of new challenges for both cloud users and cloud service providers. Taking data privacy as an example, encryption is becoming a standard practice for both cloud users and cloud service providers, as a mechanism against unauthorized surveillance as well as malware. However, the introduction of encryption to cloud also leads to new problems such as key management, as well as the inability of cloud to provide some utilities such as data manipulation. Providing cloud as utilities is an active research area of interest, which includes how these encrypted data can be searched, shared or used as input for computation directly.

Data integrity checking with reliable data transfer for secure cloud storage

Currently, an increasing number of data owners prefer to store their data on remote servers due to a number of appealing advantages of cloud storage, say convenience and simplicity, scalability of the service and ubiquitous network access. However, outsourced datas transfer becomes a critical requirement for cloud users because of the emergence of various cloud storage services with different qualities of services. Therefore, the users might not only be anxious about the status of their data on cloud servers but also care whether the data are transferred entirely to the new cloud without corruption and whether the data on original cloud are discarded. To address these challenging issues, in this paper, we propose a novel auditing scheme for cloud storage services characterised by secure data transfer, provable data erasure, high error detection probability, confidential data storage. The proposed scheme can guarantee the integrity of remote data when the data are hosted on cloud servers and are transferred between two clouds, and secure deletion of the transferred data on the original cloud.

Providing Task Allocation and Secure Deduplication for Mobile Crowdsensing via Fog Computing

Mobile crowdsensing enables a crowd of individuals to cooperatively collect data for special interest customers using their mobile devices. The success of mobile crowdsensing largely depends on the participating mobile users. The broader participation, the more sensing data are collected; nevertheless, the more replicate data may be generated, thereby bringing unnecessary heavy communication overhead. Hence it is critical to eliminate duplicate data to improve communication efficiency, a.k.a., data deduplication. Unfortunately, sensing data is usually protected, making its deduplication challenging. In this paper, we propose a fog-assisted mobile crowdsensing framework, enabling fog nodes to allocate tasks based on user mobility for improving the accuracy of task assignment. Further, a fog-assisted secure data deduplication scheme (Fo-SDD) is introduced to improve communication efficiency while guaranteeing data confidentiality. Specifically, a BLS-oblivious pseudo-random function is designed to enable fog nodes to detect and remove replicate data in sensing reports without exposing the content of reports. To protect the privacy of mobile users, we further extend the Fo-SDD to hide users’ identities during data collection. In doing so, Chameleon hash function is leveraged to achieve contribution claim and reward retrieval for anonymous mobile users. Finally, we demonstrate that both schemes achieve secure, efficient data deduplication.

Privacy-preserving k-time authenticated secret handshakes

Secret handshake allows a group of authorized users to establish a shared secret key and at the same time authenticate each other anonymously. A straightforward approach to design an unlinkable secret handshake protocol is to use either long-term certificate or one-time certificate provided by a trusted authority. However, how to detect the misusing of certificates by an insider adversary is a challenging security issue when using those approaches for unlinkable secret handshake. In this paper, we propose a novel k-time authenticated secret handshake (k-ASH) protocol where each authorized user is only allowed to use the credential for k times. We formalize security models, including session key security and anonymity, for k-ASH, and prove the security of the proposed protocol under some computational problems which are proved hard in the generic bilinear group model. The proposed protocol also achieved public traceability property if a user misuses the k-time credential.