Key-Exposure Protection in Public Auditing with User Revocation in Cloud Storage

  • Hua GuoEmail author
  • Fangchao Ma
  • Zhoujun Li
  • Chunhe Xia
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9473)


With the development of cloud data storage, more and more data owners are choosing to store their data in the Cloud and share them as a group. To protect integrity of sharing data, data are signed before they are stored on the cloud. When a user is revoked from the group, the revoked user’s signature can be converted to the existing group member’s signature by the cloud to preserve the revocation’s efficiency. Accordingly, the public auditing should be done by the third party auditor using the existing group member’s public key. As a basic secure requirement, the cloud sever should not know the existing group member’s private key even if he obtains the revoked user’s private key. In this paper, we propose a new public auditing protocol in which a public verifier is always able to audit the integrity of shared data even if some part of shared data has been re-signed by the cloud. By integrating the proxy re-signature with random masking technique, the new public auditing protocol satisfies the basic secure requirement. In addition, we prove the security of the new protocol, and finally compare it with other existing public auditing protocols and show that the new mechanism provides a good key-exposure protection for the existed public auditing protocol for shared data without losing the communication and computation efficiency.


Public auditing Shared data Cloud storage User revocation Key-exposure protection 



This work was supported by the National Natural Science Foundation of China (grant number 61300172), the Research Fund for the Doctoral Program of Higher Education (grant number 20121102120017) and the Fund of the State Key Laboratory of Software Development Environment (grant number SKLSDE-2014ZX-14), and the Fundamental Research Funds for the Central Universities grant number YWF-14-JSJXY-008).


  1. 1.
    Ateniese, G., Burns, R., Curtmola, R. et al.: Provable data possession at untrusted stores. In: The Proceedings of ACM CCS 2007, pp. 598–610 (2007)Google Scholar
  2. 2.
    Ateniese, G., Pietro, R.D., Mancini, L.V., Tsudik, G.: Scalable and efficient provable data possession. In: The Proceedings of ICST SecureComm 2008 (2008)Google Scholar
  3. 3.
    Erway, C., Kupcu, A., Papamanthou, C., Tamassia, R.: Dynamic provable data possession. In: The Proceedings of ACM CCS 2009, pp. 213–222 (2009)Google Scholar
  4. 4.
    Juels, A., Burton, J., Kaliski, S.: Proofs of retrievability for large files. In: The Proceedings of ACM CCS 2007, pp. 584–597 (2007)Google Scholar
  5. 5.
    Shacham, H., Waters, B.: Compact proofs of retrievability. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 90–107. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  6. 6.
    Wang, C., Wang, Q., Ren, K., Cao, N., Lou, W.: Toward secure and dependable storage services in cloud computing. IEEE Trans. Serv. Comput. 5(2), 220–232 (2012)CrossRefGoogle Scholar
  7. 7.
    Wang, C., Chow, S.S., Wang, Q., Ren, K., Lou, W.: Privacy-preserving public auditing for secure cloud storage. IEEE Transa. Comput. 62(2), 275–362 (2013)MathSciNetGoogle Scholar
  8. 8.
    Zhu, Y., Wang, H., Hu, Z. et al.: Dynamic audit services for integrity verification of outsourced storage in clouds. In: The Proceedings of ACM SAC 2011, pp. 1550–1557 (2011)Google Scholar
  9. 9.
    Wang, B., Li, B., Li, H.: Oruta: privacy-preserving public auditing for shared data in the cloud. In: The Proceedings of IEEE Cloud 2012, pp. 95–302 (2012)Google Scholar
  10. 10.
    Wang, B., Li, B., Li, H.: Knox: privacy-preserving auditing for shared data with large groups in the cloud. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 507–525. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  11. 11.
    Wang, B., Li, B., Li, H.: Public auditing for shared data with efficient user revocation in the cloud. In: The Proceedings of INFOCOM 2013, pp. 2904–2912 (2013)Google Scholar
  12. 12.
    Ateniese, G., Hohenberger, S.: Proxy re-signatures: new definitions, algorithms and applications. In: The Proceedings of ACM CCS 2005, pp. 310–319 (2005)Google Scholar
  13. 13.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.State Key Laboratory of Software Development EnvironmentBeihang UniversityBeijingChina
  2. 2.Beijing Key Laboratory of Network Technology, School of Computer Science and EngineeringBeihang UniversityBeijingChina

Personalised recommendations