Computer Science ›› 2020, Vol. 47 ›› Issue (10): 290-300.doi: 10.11896/jsjkx.191000111

• Information Security • Previous Articles     Next Articles

Research and Development of Data Storage Security Audit in Cloud

BAI Li-fang1,2, ZHU Yue-fei1, LU Bin1   

  1. 1 School of Cyberspace Security,Information Engineering University,Zhengzhou 450000,China
    2 Cybersecurity Testing Engineering Technology Center,China Software Testing Center,Beijing 100048,China
  • Received:2019-10-17 Revised:2020-01-17 Online:2020-10-15 Published:2020-10-16
  • About author:BAI Li-fang,born in 1990,doctorial student,is a member of China Computer Federation.Her main research interests include cloud storage security and network security protocol.
    ZHU Yue-fei,born in 1964,Ph.D,professor,Ph.D supervisor.His main research interests include cryptography,data security and network security protocol.
  • Supported by:
    National Key R&D Program of China (2016YF0801601) and Young Scientists Fund Program of the National Natural Science Foundation of China(61601517)

Abstract: Compared with traditional storage,cloud storage can avoid repeated construction and maintenance of storage platform.Its storage capacity and performance scalability,non-binding geographical location and fee-on-demand service mode effectively optimize storage and social resource allocation.However,due to the separation of data ownership and management rights in cloud storage services,users pay more and more attention to the security and controllability of cloud data.Researchers at home and abroad have conducted a lot of studies on this.The security risks and security audit requirements of cloud data in each stage of its life cycle are discussed.The framework structure of mechanisms of cloud data storage security audit is constructed and the main evaluation index of the audit mechanism is proposed.This paper reviews the existing mechanisms of cloud data storage security audit,including data provable data possession mechanism,provable data retrievability mechanism,outsourcing storage regularity audit mechanism and storage location audit mechanism.Finally,the shortcomings of the existing cloud data storage security audit research from different perspectives and the direction for further research are pointed out.

Key words: Auditing framework, Cloud storage, Outsourcing storage regularity, Provable data possession, Provable data retrievability, Storage security auditing

CLC Number: 

  • TP309.2
[1]YU X,WEN Q.A View about Cloud Data Security from Data Life Cycle[C]//International Conference on Computational Intelligence and Software Engineering.IEEE,2010:1-4.
[2]CHEN L X,XU L.Research on Provable Data Holding and Recovery Technologies in Cloud Storage Services [J].Computer Research and Development,2012,49(S1):19-25.
[3]DESWARTE Y,QUISQUATER J J,SAÏDANE A.Remote Integrity Checking[C]//Sixth Working Conference on Integrity and Internal Control in Information Systems.Springer,2003:1-11.
[4]SHAH M A,BAKER M,MOGUL J C,et al.Auditing to Keep Online Storage Services Honest[C]//USENIX Workshop on Hot Topics inOperating Systems.Usenix Association,2007:1-6.
[5]SHAH M A,SWAMINATHAN R,BAKER M.Privacy-Preserving Audit and Extraction of Digital Contents,HPL-2008-32R1[R].HP Laboratories,2008.
[6]FILHO D,BARRETO P S.Demonstrating data possession and uncheatable data transfer[J].Cryptology Eprint Archive,2006,1(1):150-159.
[7]FRANCESC S,DOMINGO-FERRER J,MARTINEZ-BALLESTE A,et al.Efficient Remote Data Possession Checking in Critical Information Infrastructures[J].IEEE Transactions on Knowledge and Data Engineering,2008,20(8):1034-1038.
[8]GIUSEPPE A,RANDAL B,REZA C,et al.Provable Data Possession at Untrusted Stores[C]//ACM Conference on Computer and Communications Security.ACM,2007:598-610.
[9]GIUSEPPE A,RANDAL B,REZA C,et al.Remote DataCheckingUsing Provable Data Possession[J].ACM Transactions on Information and System Security,2011,14(1):1-34.
[10]CURTMOLA R,KHAN O,BURNS R,et al.MR-PDP:Multiple-Replica Provable Data Possession[C]//International Conference on Distributed Computing Systems.IEEE,2008:411-420.
[11]GIUSEPPE A,KAMARA S,KATZ J.Proofs of Storage from Homomorphic Identification Protocols[C]//International Conference on the Theory and Application of Cryptology and Information Security.Berlin:Springer,2009:319-333.
[12]HAO Z,ZHONG S,YU N.A Privacy-Preserving Remote Data Integrity Checking Protocol with Data Dynamics and Public Verifiability[J].IEEE Transactions on Knowledge & Data Engineering,2011,23(9):1432-1437.
[13]SHACHAM H,WATERS B.Compact Proofs of Retrievability[C]//International Conference on the Theory and Application of Cryptology and Information Security.Springer,2008:90-107.
[14]SHACHAM H,WATERS B.Compact Proofs of Retrievability[J].Journal of Cryptology,2013,26(3):442-483.
[15]BONEH D,LYNN B,SHACHAM H.Short signatures from the Weil pairing[C]//International Conference on the Theory and Application of Cryptology and Information Security.Springer,2001:514-532.
[16]WANG Q,WANG C,LI J,et al.Enabling Public Verifiabilityand Data Dynamics for Storage Security in Cloud Computing[C]//European Conference on Research in Computer Security.Springer,2009:355-370.
[17]WANG C,WANG Q,REN K,et al.Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing[C]//Proceedings of the 29thConference on Information Communications.IEEE Press,2010:525-533.
[18]WANG C,CHOW S M,WANG Q,et al.Privacy-PreservingPublic Auditing for Secure Cloud Storage[J].IEEE Transactions on Computers,2013,62(2):362-375.
[19]SHAMIR A.Identity based cryptosystems and signatureschemes[J].In Proceedings of Crypto 84 on Advances in Cryptology,1985:47-53.
[20]ZHAO J,XU C,LI F,et al.Identity-Based Public Verification with Privacy-Preserving for Data Storage Security in Cloud Computing[J].Ieice Transactions on Fundamentals of Electronics,Communications and Computer Sciences,2013,96(12):2709-2716.
[21]GENTRY C,RAMZAN Z.Identity-Based aggregate signatures[C]//International Conference on Theory and Practice of Public-Key Cryptography.Springer,2006:257-273.
[22]DOMINGO-FERRER J,QIN B,WU Q,et al.Identity-Based Remote Data Possession Checking in Public Clouds[J].IET Information Security,2014,8(2):114-121.
[23]PENG S,ZHOU F,XU J,et al.Identity-Based Distributed Provable Data Possession in Multicloud Storage [J].IEEE Transactions on Services Computing,2016,9(6):996-998.
[24]YU Y,AU M H,ATENIESE G,et al.Identity-based Remote Data Integrity Checking with Perfect Data Privacy Preserving for Cloud Storage[J].IEEE Transactions on Information Forensics and Security,2017,12(4):767-778.
[25]ZHANG J,DONG Q.Efficient ID-based public auditing for the outsourced data in cloud storage[J].Information Sciences,2016,343(C):1-14.
[26]YU Y,XUE L,AU M H,et al.Cloud data integrity checking with an identity-based auditing mechanism from RSA[J].Future GenerationComputer Systems,2016,C(62):85-91.
[27]ZHANG J,LI P,SUN Z,et al.ID-based Data Integrity Auditing Scheme from RSA with Resisting Key Exposure[C]//International Conference on Provable Security.Springer:Springer,2016:83-100.
[28]XU Z,WU L,KHAN M K,et al.A secure and efficient public auditing scheme using RSA algorithm for cloud storage[J].The Journal of Supercomputing,2017,73(12):5285-5309.
[29]LIU Z,LIAO Y,YANG X,et al.Identity-Based Remote DataIntegrity Checking of Cloud Storage From Lattices[C]//International Conference on Big Data Computing & Communications.IEEE Computer Society,2017:128-135.
[30]WANG Y,WU Q,QIN B,et al.Identity-based data outsourcing with comprehensive auditing in clouds[J].IEEE Transactions on Information Forensics and Security,2017,12(4):940-952.
[31]TIAN M,YE S B,HONG Z,et al.Identity-based proofs of storage with enhanced privacy[C]//International Conference on Algorithms and Architectures for Parallel Processing.Springer,2018:461-480.
[32]XUE J,XU C,ZHAO J,et al.Identity-based public auditing for cloud storage systems against malicious auditors via blockchain[J].Science China Information Sciences,2019,62(3):1-16.
[33]WANG S H,PAN X X,WANG Z W,et al.Analysis and improvement on identity-basedcloud data integrityverification scheme [J].Journal on Communications,2018(11):98-105.
[34]TIAN M M,GAO C,CHEN J.Identity-based cloud storage integrity checking from lattices[J].Journal on Communications,2019,40(4):128-139.
[35]LI Y,YU Y,MIN G,et al.Fuzzy Identity-Based Data Integrity Auditing for Reliable Cloud Storage Systems[J].IEEE Transactions on Dependable and Secure Computing,2017,1(16):72-83.
[36]SCHWARZ T J,MILLER E L.Store,Forget,and Check:Using Algebraic Signatures to Check Remotely Administered Storage[C]//IEEE International Conference on Distributed Computing Systems.IEEE Computer Society,2006:1-12.
[37]CHEN L X.Using algebraic signatures for remote data possession checking[C]//2011 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery.IEEE,2011:289-294.
[38]CHEN L X.Using algebraic signatures to check data possession in cloud storage[J].Future Generation Computer Systems,2013,29(7):1709-1715.
[39]GIUSEPPE A,DI PIETRO R,MANCINI L V,et al.Scalable and Efficient Provable Data Possession[C]//International Conference on Security and Privacy in Communication Networks.ACM,2008:1-10.
[40]WANG C,WANG Q,REN K,et al.Ensuring Data Storage Security in Cloud Computing[C]//International Conference onAdvanced Computing,Networking and Security.IEEE Computer Society,2013:214-219.
[41]BARSOUM A F,ANWAR H M.On Verifying Dynamic Mul-tiple Data Copies over Cloud Servers [EB/OL].[2019-10-17].
[42]WANG Q,REN K,YU S,et al.Dependable and Secure Sensor Data Storage with Dynamic Integrity Assurance[J].ACM Transactions on Sensor Networks,2011,8(1):1-24.
[43]YONG Y,MAN H A,YI M,et al.Enhanced privacy of a remote data integrity checking protocol for secure cloud storage[J].International Journal of Information Security,2015,14(4):307-318.
[44]ZHANG Y B M.Efficient dynamic provable possession of re-mote data via balanced update trees[C]//ACM SIGSAC Symposium on Information,Computer and Communications Security.ACM,2013:183-194.
[45]ERWAY C C,KÜPÇÜ A,CHARALAMPOS P,et al.Dynamic Provable Data Possession[J].ACM Transactions on Information and System Security,2015,17(4):1-29.
[46]ERWAY C C,KÜPÇÜ A,CHARALAMPOS P,et al.Dynamic Provable Data Possession[C]//ACM Conference on Computer and Communications Security.2009:213-222.
[47]GOODRICH M T,TAMASSIA R,SCHWERIN A.Implementation of an Authenticated Dictionary with Skip Lists and Commutative Hashing[C]//Darpa Information Survivability Conference & Exposition II.IEEE,2001:68-82.
[48]SAXENA R,DEY S.Cloud Audit:A Data Integrity Verification Approach for Cloud Computing[J].Procedia Computer Science,2016,89:142-151.
[49]YAN Z,HU H X,GAIL-JOON A,et al.Efficient audit service outsourcing for data integrity in clouds[J].Journal of Systems and Software,2012,85(5):1083-1095.
[50]ZHU Y,HU H,AHN G J,et al.Cooperative Provable Data Possession for Integrity Verification in Multicloud Storage[J].IEEE Transactions on Parallel and Distributed Systems,2012,23(12):2231-2244.
[51]TIAN M,YE S B,HONG Z,et al.Identity-based proofs of storage with enhanced privacy[C]//International Conference on Algorithms and Architectures for Parallel Processing.Springer,2018:461-480.
[52]WANG B,LI B,LI H.Oruta:Privacy-Preserving Public Auditing for Shared Data in the Cloud[J].IEEE Transactions on Cloud Computing,2014,2(1):43-56.
[53]WANG B,LI B,LI H.Panda:Public Auditing for Shared Data with Efficient User Revocation in the Cloud[J].IEEE Transactions on Services Computing,2015,8(1):92-106.
[54]ZHANG J H,ZHAO X B.Efficient chameleon hashing-basedprivacy-preserving auditing in cloud storage[J].Cluster Computing,2016,19(1):47-56.
[55]JUELS A,KALISKI J S.Pors:Proofs of Retrievability for Large Files[C]//ACM Conference on Computer and Communications Security.ACM,2007:584-597.
[56]CHEN B,REZA C,GIUSEPPE A,et al.Remote Data Checking for Network Coding-based Distributed Storage Systems[C]//ACM Workshop on Cloud Computing Security Workshop.ACM,2010:31-42.
[57]HU Y C,CHEN H,LEE P C,et al.NCCloud:Applying Net-work Coding for the Storage Repair in a Cloud-of-clouds[C]//USENIX Conference on File and Storage Technologies.Usenix Association.2012:1-8.
[58]BOWERS K D,JUELS A,OPREA A.HAIL:A High-availability and Integrity Layer for Cloud Storage[C]//ACM Conference on Computer and Communications Security.ACM,2009:187-198.
[59]CHEN H,LEE P C.Enabling Data Integrity Protection in Regenerating-Coding-Based Cloud Storage[C]//2012 IEEE 31st Symposium on Reliable Distributed Systems.IEEE,2012:51-60.
[60]BOWERS K D,JUELS A,OPREA A.Proofs of Retrievability:Theory and Implementation[C]//ACM Workshop on Cloud Computing Security.ACM,2009:43-54.
[61]DODIS Y,SALIL V,DANIEL W.Proofs of Retrievability via Hardness Amplification[C]//Theory of Cryptography Conference on Theory of Cryptography.Springer,2009:109-127.
[62]CHEN B C R.Robust dynamic remote data checking for public
clouds[C]//ACM Conference on Computer and Communications Security.ACM,2012:1043-1045.
[63]ZHENG Q J,XU S H.Fair and Dynamic Proofs of Retrievability[C]//ACM Conference on Data and Application Security and Privacy.ACM,2011:237- 248.
[64]YUAN J W,YU S C.Proofs of Retrievability with Public Verifiability and Constant Communication Cost in Cloud[C]//Proceedings of the 2013 International Workshop on Security in Cloud.Computing:ACM,2013:19-26.
[65]DAVID C,ALPTEKIN K,DANIEL W.Dynamic Proofs of Retrievability Via Oblivious RAM[J].Journal of Cryptology,2017,30(1):22-57.
[66]GOLDREICH O O R.Software protection and simulation on oblivious RAMs[J].Journal of the Acm,1996,43(3):431-473.
[67]HAO Z,YU N H.A Multiple-Replica Remote Data Possession Checking Protocol with Public Verifiability[C]//International Symposium on Data.IEEE,2010:84-89.
[68]DAMGÅRD I,GANESH C,ORLANDI C,et al.Proofs of Replicated Storage Without Timing Assumptions[C]//Advances in Cryptology( CRYPTO 2019).Springer,2019:355-380.
[69]PETERSON Z J,GONDREE M,BEVERLY R.A Position Paper on Data Sovereignty:The Importance of Geolocating Data in the Cloud[C]//USENIX Conference on Hot Topics in Cloud Computing.Usenix Association,2011:9.
[70]ALBESHRI A,BOYD C,NIETO J G.GeoProof:Proofs of Geographic Location for Cloud Computing Environment[C]//International Conference on Distributed Computing Systems Workshops.IEEE Computer Society,2012:506-514.
[71]ALBESHRI A,BOYD C,NIETO J.Enhanced GeoProof:im-proved geographic assurance for data in the cloud[J].International Journal of Information Security,2014,13(2):191-198.
[1] XU Kun, FU Yin-jin, CHEN Wei-wei, ZHANG Ya-nan. Research Progress on Blockchain-based Cloud Storage Security Mechanism [J]. Computer Science, 2021, 48(11): 102-115.
[2] LI Ying, YU Ya-xin, ZHANG Hong-yu, LI Zhen-guo. High Trusted Cloud Storage Model Based on TBchain Blockchain [J]. Computer Science, 2020, 47(9): 330-338.
[3] CHEN Li-feng, ZHU Lu-ping. Encrypted Dynamic Configuration Method of FPGA Based on Cloud [J]. Computer Science, 2020, 47(7): 278-281.
[4] ZHANG Xi, WANG Jian. Public Integrity Auditing for Shared Data in Cloud Supporting User Identity Tracking [J]. Computer Science, 2020, 47(6): 303-309.
[5] LI Shu-quan,LIU Lei,ZHU Da-yong,XIONG Chao,LI Rui. Protocol of Dynamic Provable Data Integrity for Cloud Storage [J]. Computer Science, 2020, 47(2): 256-261.
[6] QIAO Mao,QIN Ling. AB-ACCS Scheme for Revocation of Efficient Attributes in Cloud Storage Services [J]. Computer Science, 2019, 46(7): 96-101.
[7] XIE Si-jiang,JIA Bei,WANG He,XU Shi-cong. Cloud Big Data Integrity Verification Scheme Based on Multi-branch Tree [J]. Computer Science, 2019, 46(3): 188-196.
[8] GU Chen-yang, FU Wei, LIU Jin-long, SUN Gang. Survey of ORAM Research in Cloud Storage [J]. Computer Science, 2019, 46(11A): 341-347.
[9] WU Xiu-guo, LIU Cui. Data Replicas Distribution Transition Strategy in Cloud Storage System [J]. Computer Science, 2019, 46(10): 202-208.
[10] JIN Yu, CAI Chao, HE Heng and LI Peng. BTDA:Dynamic Cloud Data Updating Audit Scheme Based on Semi-trusted Third Party [J]. Computer Science, 2018, 45(3): 144-150.
[11] LIU Yan-tao, LIU Heng. Cloud Storage System Based on Network Coding [J]. Computer Science, 2018, 45(12): 293-298.
[12] PANG Xiao-qiong, REN Meng-qi, WANG Tian-qi, CHEN Wen-jun, NIE Meng-fei. Perfect Privacy-preserving Batch Provable Data Possession [J]. Computer Science, 2018, 45(11): 130-137.
[13] ZHANG Gui-peng, CHEN Ping-hua. Secure Data Deduplication Scheme Based on Merkle Hash Tree in HybridCloud Storage Environments [J]. Computer Science, 2018, 45(11): 187-192.
[14] TIAN Hui, CHEN Yu-xiang, HUANG Yong-feng and LU Jing. Research and Development of Auditing Techniques for Cloud Data Possession [J]. Computer Science, 2017, 44(6): 8-16.
[15] XU Yun-yun, BAI Guang-wei, SHEN Hang and HUANG Zhong-ping. Virtual-user-based Public Auditing Integrity in Cloud Storage [J]. Computer Science, 2017, 44(5): 95-99.
Full text



No Suggested Reading articles found!