Key-Exposure Protection in Public Auditing with User Revocation in Cloud Storage
With the development of cloud data storage, more and more data owners are choosing to store their data in the Cloud and share them as a group. To protect integrity of sharing data, data are signed before they are stored on the cloud. When a user is revoked from the group, the revoked user’s signature can be converted to the existing group member’s signature by the cloud to preserve the revocation’s efficiency. Accordingly, the public auditing should be done by the third party auditor using the existing group member’s public key. As a basic secure requirement, the cloud sever should not know the existing group member’s private key even if he obtains the revoked user’s private key. In this paper, we propose a new public auditing protocol in which a public verifier is always able to audit the integrity of shared data even if some part of shared data has been re-signed by the cloud. By integrating the proxy re-signature with random masking technique, the new public auditing protocol satisfies the basic secure requirement. In addition, we prove the security of the new protocol, and finally compare it with other existing public auditing protocols and show that the new mechanism provides a good key-exposure protection for the existed public auditing protocol for shared data without losing the communication and computation efficiency.
KeywordsPublic auditing Shared data Cloud storage User revocation Key-exposure protection
This work was supported by the National Natural Science Foundation of China (grant number 61300172), the Research Fund for the Doctoral Program of Higher Education (grant number 20121102120017) and the Fund of the State Key Laboratory of Software Development Environment (grant number SKLSDE-2014ZX-14), and the Fundamental Research Funds for the Central Universities grant number YWF-14-JSJXY-008).
- 1.Ateniese, G., Burns, R., Curtmola, R. et al.: Provable data possession at untrusted stores. In: The Proceedings of ACM CCS 2007, pp. 598–610 (2007)Google Scholar
- 2.Ateniese, G., Pietro, R.D., Mancini, L.V., Tsudik, G.: Scalable and efficient provable data possession. In: The Proceedings of ICST SecureComm 2008 (2008)Google Scholar
- 3.Erway, C., Kupcu, A., Papamanthou, C., Tamassia, R.: Dynamic provable data possession. In: The Proceedings of ACM CCS 2009, pp. 213–222 (2009)Google Scholar
- 4.Juels, A., Burton, J., Kaliski, S.: Proofs of retrievability for large files. In: The Proceedings of ACM CCS 2007, pp. 584–597 (2007)Google Scholar
- 8.Zhu, Y., Wang, H., Hu, Z. et al.: Dynamic audit services for integrity verification of outsourced storage in clouds. In: The Proceedings of ACM SAC 2011, pp. 1550–1557 (2011)Google Scholar
- 9.Wang, B., Li, B., Li, H.: Oruta: privacy-preserving public auditing for shared data in the cloud. In: The Proceedings of IEEE Cloud 2012, pp. 95–302 (2012)Google Scholar
- 11.Wang, B., Li, B., Li, H.: Public auditing for shared data with efficient user revocation in the cloud. In: The Proceedings of INFOCOM 2013, pp. 2904–2912 (2013)Google Scholar
- 12.Ateniese, G., Hohenberger, S.: Proxy re-signatures: new definitions, algorithms and applications. In: The Proceedings of ACM CCS 2005, pp. 310–319 (2005)Google Scholar