Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing

  • Qian Wang
  • Cong Wang
  • Jin Li
  • Kui Ren
  • Wenjing Lou
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5789)


Cloud Computing has been envisioned as the next-generation architecture of IT Enterprise. It moves the application software and databases to the centralized large data centers, where the management of the data and services may not be fully trustworthy. This unique paradigm brings about many new security challenges, which have not been well understood. This work studies the problem of ensuring the integrity of data storage in Cloud Computing. In particular, we consider the task of allowing a third party auditor (TPA), on behalf of the cloud client, to verify the integrity of the dynamic data stored in the cloud. The introduction of TPA eliminates the involvement of client through the auditing of whether his data stored in the cloud is indeed intact, which can be important in achieving economies of scale for Cloud Computing. The support for data dynamics via the most general forms of data operation, such as block modification, insertion and deletion, is also a significant step toward practicality, since services in Cloud Computing are not limited to archive or backup data only. While prior works on ensuring remote data integrity often lacks the support of either public verifiability or dynamic data operations, this paper achieves both. We first identify the difficulties and potential security problems of direct extensions with fully dynamic data updates from prior works and then show how to construct an elegant verification scheme for seamless integration of these two salient features in our protocol design. In particular, to achieve efficient data dynamics, we improve the Proof of Retrievability model [1] by manipulating the classic Merkle Hash Tree (MHT) construction for block tag authentication. Extensive security and performance analysis show that the proposed scheme is highly efficient and provably secure.


Cloud Computing Storage Security Cloud Storage Server Cryptology ePrint Archive Third Party Auditor 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Shacham, H., Waters, B.: Compact proofs of retrievability. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 90–107. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  2. 2.
    Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., Song, D.: Provable data possession at untrusted stores. In: Proc. of CCS 2007, pp. 598–609. ACM Press, New York (2007)Google Scholar
  3. 3.
    Juels, A., Kaliski Jr., B.S.: Pors: proofs of retrievability for large files. In: Proc. of CCS 2007, pp. 584–597. ACM Press, New York (2007)Google Scholar
  4. 4.
    Bowers, K.D., Juels, A., Oprea, A.: Proofs of retrievability: Theory and implementation. Cryptology ePrint Archive, Report 2008/175 (2008)Google Scholar
  5. 5.
    Naor, M., Rothblum, G.N.: The complexity of online memory checking. In: Proc. of FOCS 2005, pp. 573–584 (2005)Google Scholar
  6. 6.
    Chang, E.-C., Xu, J.: Remote integrity check with dishonest storage server. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 223–237. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Shah, M.A., Swaminathan, R., Baker, M.: Privacy-preserving audit and extraction of digital contents. Cryptology ePrint Archive, Report 2008/186 (2008)Google Scholar
  8. 8.
    Oprea, A., Reiter, M.K., Yang, K.: Space-efficient block storage integrity. In: Proc. of NDSS 2005 (2005)Google Scholar
  9. 9.
    Schwarz, T., Miller, E.L.: Store, forget, and check: Using algebraic signatures to check remotely administered storage. In: Proc. of ICDCS 2006 (2006)Google Scholar
  10. 10.
    Wang, Q., Ren, K., Lou, W., Zhang, Y.: Dependable and secure sensor data storage with dynamic integrity assurance. In: Proc. of IEEE INFOCOM 2009, Rio de Janeiro, Brazil (April 2009)Google Scholar
  11. 11.
    Ateniese, G., Di Pietro, R., Mancini, L.V., Tsudik, G.: Scalable and efficient provable data possession. In: Proc. of SecureComm 2008 (2008)Google Scholar
  12. 12.
    Wang, C., Ren, K., Lou, W.: Towards secure cloud data storage. In: Proc. of IEEE GLOBECOM 2009 (submitted on March 2009)Google Scholar
  13. 13.
    Wang, C., Wang, Q., Ren, K., Lou, W.: Ensuring data storage security in cloud computing. In: Proc. of IWQoS 2009, Charleston, South Carolina, USA (2009)Google Scholar
  14. 14.
    Erway, C., Kupcu, A., Papamanthou, C., Tamassia, R.: Dynamic provable data possession. Cryptology ePrint Archive, Report 2008/432 (2008)Google Scholar
  15. 15.
    Bowers, K.D., Juels, A., Oprea, A.: Hail: A high-availability and integrity layer for cloud storage. Cryptology ePrint Archive, Report 2008/489 (2008)Google Scholar
  16. 16.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Merkle, R.C.: Protocols for public key cryptosystems. In: Proc. of IEEE Symposium on Security and Privacy 1980, pp. 122–133 (1980)Google Scholar
  18. 18.
    Wang, Q., Wang, C., Li, J., Ren, K., Lou, W.: Enabling public verifiability and data dynamics for storage security in cloud computing. Cryptology ePrint Archive, Report 2009/281 (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Qian Wang
    • 1
  • Cong Wang
    • 1
  • Jin Li
    • 1
  • Kui Ren
    • 1
  • Wenjing Lou
    • 2
  1. 1.Illinois Institute of TechnologyChicagoUSA
  2. 2.Worcester Polytechnic InstituteWorcesterUSA

Personalised recommendations