Dynamic Data Integrity Auditing Based on Hierarchical Merkle Hash Tree in Cloud Storage
Abstract
:1. Introduction
- We designed a hierarchical Merkle hash tree (HMHT) structure with authoritative nodes. Based on the hierarchical principle, the HMHT can significantly decrease the number of invalid retrievals, shorten the authentication path of the nodes, and improve auditing efficiency and dynamic update efficiency.
- We have introduced a monitoring mechanism to improve the transparency and credibility of the CSP, which can offer timely conduct violation analysis and the traceability of illegal operations.
- We used monitoring logs to recover the damaged data, and to reduce the number of cloud data copies and redundancy. This can save a great deal in terms of storage resources and reduce the complexity of computation.
- We analyzed the security and performance of this scheme through a series of experiments; the results prove that the solution is safe and effective in terms of communication cost and computational overhead.
2. Related Work
3. Preliminaries
3.1. Bilinear Map
- Computability: for any x1, y1 ∈ G1, there is always an efficient algorithm to calculate e(x1, y1).
- Bilinearity: for any x2, y2 ∈ G1 and α, β ∈ Zp*, and .
- Non-degeneracy: for any x3, y3 ∈ G1, and .
3.2. The Computational Diffie–Hellman (CDH) Problem
3.3. Notations
4. Problem Statement
4.1. System Model
- KeyGen(1k) → (sk, M). The key generation algorithm is executed by the DO, with an input security parameter, k, output private key, sk, and system parameter, M.
- RepGen(F, m) → F*. The replica generation algorithm is executed by the DO. We input the original file F and the copy number m, and output the encrypted copy block set F* = {mij}1≤i≤n,1≤j≤m.
- SigGen(F*, sk) → {σi}. The signature algorithm is executed by the DO. We input the replica block set F* and private key sk and output the aggregate signature {σi}1≤i≤n of all replica blocks.
- Store(F*, M, {σi}, C) → valid. The storage algorithm is executed by the CSP. The input encrypted files are F* and other authentication parameters, along with the output storage results.
- ChalGen(c) → chal. The challenge algorithm is executed by the TPA. Input challenge parameter c, output random challenge information chal.
- ProofGen(chal) → proof. The evidence generation algorithm is executed by the CSP. Input challenge information is chal, and output evidence information is proof.
- ProofVerify(proof, pk) → valid. The evidence verification algorithm is executed by the TPA. Input the audit evidence proof and public key, pk, to output the integrity verification result.
- UpdateVerify(proof) → valid. The update verification algorithm is executed by the TPA. We input the update evidence, proof, and public key, pk, and output the update result.
- DataRecover(Uid, {Fid, {bid, {Wtype, offset, data}}) → (Uid, {Fid}). The data recovery algorithm is executed by the TPM. We input the user ID and the damaged file parameters, along with the output metadata information of the recovered files.
4.2. Security Goals
- Public auditing: The integrity of cloud data can be verified by the TPA on behalf of the DO.
- Storage integrity: Only when the CSP stores the data correctly can it pass the verification of the TPA.
- Batch auditing: The TPA has the ability to verify the data of different numbers of users or files at the same time.
- Privacy protection: The data are stored in the cloud in the form of ciphertext, wherein only the DO has the ability to decrypt the data.
- Data recovery: The TPM can recover damaged or tampered data via the cloud.
4.3. Threat Model
- Setup phase: Challenger C runs the secret key generation algorithm to generate sk and system parameter M, and then sends M to Adversary A.
- Query phase: Adversary A can perform the following three queries through Challenger C:
- (1)
- Private key query: Adversary A sends the identity to Challenger C, and C obtains the corresponding private key and returns it to A.
- (2)
- Public key query: Adversary A sends the identity to Challenger C, and C obtains the corresponding public key and returns it to A.
- (3)
- Hash query: Adversary A sends the parameters to be encrypted to Challenger C, and C calculates the corresponding hash value and returns it to A.
- (4)
- SigGen query: Adversary A sends the tuple (ID, m) to Challenger C, and C executes the signature algorithm to generate the signature σ corresponding to file block m and returns it to A.
- Challenge phase: In this phase, Challenger C will act as an auditor. C generates a random challenge and sends it to Adversary A, then A calculates the corresponding evidence and returns it to C.
- Verification phase: Challenger C verifies the received evidence. If the evidence generated by A can pass the verification of C with a non-negligible probability, this means that A wins the game.
5. Detailed Implementation of the Scheme
5.1. The Hierarchical Authentication Data Structure
5.2. The Specific Realization of the Scheme
5.2.1. Setup Phase
5.2.2. Verification Phase
Algorithm 1: Data Auditing |
Require:Uid, filename, c |
1: function ChalGen(c) |
2: for i = 0; i < c, i++ do |
3: Qi = random element from [1, n] |
4: λi = random element from Zp* |
5: chali = {Qi, λi} |
6: end for |
7: return chal |
8: end function |
9: funtion ProofGen(chal) |
10: get block signatures {σi} according to chal.Q |
11: search blocks {mi}, f(vR), f(vSR) according to chal.Q and HMHT |
12: for i = 0; i < chal.length; i++ do |
13: |
14: end for |
15: return proof = {σ, μ, f(vR), f(vSRi)} |
16: end function |
17: function ProofVerify(proof, pk) |
18: if f(vR), f(vSRi) is not correct then |
19: return “false” |
20: end if |
21: compute |
22: compute |
23: if left == right then |
24: return “true” |
25: else |
26: return “false” |
27: end if |
28: end function |
5.2.3. Dynamic Update Phase
5.2.4. Batch Auditing Phase
5.2.5. Data Recovery Phase
- After the TPA issued a challenge request to the CSP, the received evidence could not be successfully verified by the TPA.
- The DO finds suspicious or illegal operations via a client of the TPM.
- The TPM detects that the root node value of the HMHT in the cloud is inconsistent with the local value.
6. Security Analysis
6.1. Correctness
6.2. Resisting Forgery Attacks
- (1)
- E1: Challenger C did not stop the game during the private key retrieval phase.
- (2)
- E2: Adversary A successfully outputs the signature σ* corresponding to m*.
- (3)
- E3: Under the condition that E2 has occurred, the forged signature, σ*, can pass the verification stage.
6.3. Resisting Replay Attacks
6.4. Monitoring Security
6.5. Data Privacy
7. Efficiency Analysis and Experiment Comparison
7.1. Theoretical Analysis
7.1.1. Computational Overhead
7.1.2. Communication Cost
7.2. Experimental Comparison
8. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Srivastava, S.; Saxena, S.; Buyya, R.; Kumar, M.; Shankar, A.; Bhushan, B. CGP: Cluster-based gossip protocol for dynamic resource environment in cloud. Simul. Model. Pract. Theory 2021, 108, 102275. [Google Scholar] [CrossRef]
- Wang, H.; He, D.; Fu, A.; Li, Q.; Wang, Q. Provable data possession with outsourced data transfer. IEEE Trans. Serv. Comput. 2019, 14, 1929–1939. [Google Scholar] [CrossRef]
- Chuka-Maduji, N.; Anu, V. Cloud Computing Security Challenges and Related Defensive Measures: A Survey and Taxonomy. SN Comput. Sci. 2021, 2, 331. [Google Scholar] [CrossRef]
- Xu, Y.; Sun, S.; Cui, J.; Zhong, H. Intrusion-resilient public cloud auditing scheme with authenticator update. Inf. Sci. 2020, 512, 616–628. [Google Scholar] [CrossRef]
- Hu, C.; Xu, Y.; Liu, P.; Yu, J.; Guo, S.; Zhao, M. Enabling cloud storage auditing with key-exposure resilience under continual key-leakage. Inf. Sci. 2020, 520, 15–30. [Google Scholar] [CrossRef]
- Zhou, L.; Fu, A.; Yu, S.; Su, M.; Kuang, B. Data integrity verification of the outsourced big data in the cloud environment: A survey. J. Netw. Comput. Appl. 2018, 122, 1–15. [Google Scholar] [CrossRef]
- Etemad, M.; Küpçü, A. Generic dynamic data outsourcing framework for integrity verification. ACM Comput. Surv. (CSUR) 2020, 53, 8. [Google Scholar] [CrossRef]
- Tian, J.; Wang, H. A provably secure and public auditing protocol based on the bell triangle for cloud data. Comput. Netw. 2021, 195, 108223. [Google Scholar] [CrossRef]
- Parast, F.K.; Sindhav, C.; Nikam, S.; Yekta, H.I.; Kent, K.B.; Hakak, S. Cloud computing security: A survey of service-based models. Comput. Secur. 2022, 114, 102580. [Google Scholar] [CrossRef]
- Jin, H.; Jiang, H.; Zhou, K. Dynamic and public auditing with fair arbitration for cloud data. IEEE Trans. Cloud Comput. 2016, 6, 680–693. [Google Scholar] [CrossRef]
- Juels, A.; Kaliski Jr, B.S. PORs: Proofs of retrievability for large files. In Proceedings of the 14th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, 31 October–2 November 2007; pp. 584–597. [Google Scholar]
- Piao, C.; Hao, Y.; Yan, J.; Jiang, X. Privacy protection in government data sharing: An improved LDP-based approach. Serv. Oriented Comput. Appl. 2021, 15, 309–322. [Google Scholar] [CrossRef]
- Shacham, H.; Waters, B. Compact proofs of retrievability. J. Cryptol. 2013, 26, 442–483. [Google Scholar] [CrossRef]
- Ateniese, G.; Burns, R.; Curtmola, R.; Herring, J.; Kissner, L.; Peterson, Z.; Song, D. Provable data possession at untrusted stores. In Proceedings of the 14th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, 31 October–2 November 2007; pp. 598–609. [Google Scholar]
- Wang, Q.; Wang, C.; Ren, K.; Lou, W.; Li, J. Enabling public auditability and data dynamics for storage security in cloud computing. IEEE Trans. Parallel Distrib. Syst. 2010, 22, 847–859. [Google Scholar] [CrossRef]
- Erway, C.C.; Küpçü, A.; Papamanthou, C.; Tamassia, R. Dynamic provable data possession. ACM Trans. Inf. Syst. Secur. (TISSEC) 2015, 17, 15. [Google Scholar] [CrossRef]
- Shen, J.; Shen, J.; Chen, X.; Huang, X.; Susilo, W. An efficient public auditing protocol with novel dynamic structure for cloud data. IEEE Trans. Inf. Forensics Secur. 2017, 12, 2402–2415. [Google Scholar] [CrossRef]
- Su, D.; Liu, Z. New type of Merkle hash tree for integrity audit scheme in cloud storage. Comput. Eng. Appl. 2018, 54, 70–76. [Google Scholar]
- Hariharasitaraman, S.; Balakannan, S. A dynamic data security mechanism based on position aware Merkle tree for health rehabilitation services over cloud. J. Ambient. Intell. Humaniz. Comput. 2019, 4, 1–15. [Google Scholar] [CrossRef]
- Shen, W.; Qin, J.; Yu, J.; Hao, R.; Hu, J. Enabling identity-based integrity auditing and data sharing with sensitive information hiding for secure cloud storage. IEEE Trans. Inf. Forensics Secur. 2018, 14, 331–346. [Google Scholar] [CrossRef]
- Li, J.; Yan, H.; Zhang, Y. Efficient identity-based provable multi-copy data possession in multi-cloud storage. IEEE Trans. Cloud Computing 2019, 10, 356–365. [Google Scholar] [CrossRef]
- Liu, Z.; Liu, Y.; Yang, X.; Li, X. Integrity Auditing for Multi-Copy in Cloud Storage Based on Red-Black Tree. IEEE Access 2021, 9, 75117–75131. [Google Scholar] [CrossRef]
- Garg, N.; Bawa, S.; Kumar, N. An efficient data integrity auditing protocol for cloud computing. Future Gener. Comput. Syst. 2020, 109, 306–316. [Google Scholar] [CrossRef]
- Zhou, L.; Fu, A.; Yang, G.; Wang, H.; Zhang, Y. Efficient certificateless multi-copy integrity auditing scheme supporting data dynamics. IEEE Trans. Dependable Secur. Comput. 2020, 19, 1118–1132. [Google Scholar] [CrossRef]
- Thangavel, M.; Varalakshmi, P. Enabling ternary hash tree based integrity verification for secure cloud data storage. IEEE Trans. Knowl. Data Eng. 2019, 32, 2351–2362. [Google Scholar] [CrossRef]
- Zhou, L.; Fu, A.; Feng, J.; Zhou, C. An efficient and secure data integrity auditing scheme with traceability for cloud-based EMR. In Proceedings of the ICC 2020—2020 IEEE International Conference on Communications (ICC), Dublin, Ireland, 7–11 June 2020; pp. 1–6. [Google Scholar]
- Xu, G.; Han, S.; Bai, Y.; Feng, X.; Gan, Y. Data tag replacement algorithm for data integrity verification in cloud storage. Comput. Secur. 2021, 103, 102205. [Google Scholar] [CrossRef]
- Luo, W.; Ma, W.; Gao, J. MHB* T based dynamic data integrity auditing in cloud storage. Clust. Comput. 2021, 24, 2115–2132. [Google Scholar] [CrossRef]
- Gudeme, J.R.; Pasupuleti, S.K.; Kandukuri, R. Attribute-based public integrity auditing for shared data with efficient user revocation in cloud storage. J. Ambient Intell. Humaniz. Comput. 2021, 12, 2019–2032. [Google Scholar] [CrossRef]
- Li, Y.; Yu, Y.; Min, G.; Susilo, W.; Ni, J.; Choo, K.-K.R. Fuzzy identity-based data integrity auditing for reliable cloud storage systems. IEEE Trans. Dependable Secur. Comput. 2017, 16, 72–83. [Google Scholar] [CrossRef]
- Shen, W.; Qin, J.; Yu, J.; Hao, R.; Hu, J.; Ma, J. Data integrity auditing without private key storage for secure cloud storage. IEEE Trans. Cloud Comput. 2019, 9, 1408–1421. [Google Scholar] [CrossRef]
- Zhang, Y.; Xu, C.; Lin, X.; Shen, X.S. Blockchain-based public integrity verification for cloud storage against procrastinating auditors. IEEE Trans. Cloud Computing 2019, 9, 923–937. [Google Scholar] [CrossRef]
- Huang, P.; Fan, K.; Yang, H.; Zhang, K.; Li, H.; Yang, Y. A collaborative auditing blockchain for trustworthy data integrity in cloud storage system. IEEE Access 2020, 8, 94780–94794. [Google Scholar] [CrossRef]
- Yang, Y.; Chen, Y.; Chen, F. A compressive integrity auditing protocol for secure cloud storage. IEEE/ACM Trans. Netw. 2021, 29, 1197–1209. [Google Scholar] [CrossRef]
- Gudeme, J.R.; Pasupuleti, S.K.; Kandukuri, R. Certificateless multi-replica public integrity auditing scheme for dynamic shared data in cloud storage. Comput. Secur. 2021, 103, 102176. [Google Scholar] [CrossRef]
- Lynn, B. The Pairing-Based Cryptographic Library. Available online: https://crypto.stanford.edu/pbc (accessed on 1 December 2016).
Notation | Description |
---|---|
p | Large prime number |
G, GT | Multiplicative cyclic group of order p |
e | Bilinear map |
Zp* | {1, 2,…, p − 1} |
H1, H2, H3 | Three hash functions |
M | System public parameters |
F = {b1, b2,..., bn} | The original file |
F* = {mij}1≤i≤n,1≤j≤m | The encrypted file copies |
g | A generator of G |
u | Random elements in G |
n | The number of file blocks |
m | The number of file copies |
{σi} | Signature collection of the file blocks |
C | Authentication tree information |
chal | Challenge |
proof | The evidence information |
f(vR), f(vSR), f(vi) | Node hash value |
OPmodify, OPinsert, OPdelete | File update operators |
Root Node | Authoritative Node | Leaf Node | |||
---|---|---|---|---|---|
Root hash | f(vR) | Node hash | f(vSRi) | Node hash | f(vij) |
File ID | Fid | Block ID | bid | ||
Leaf pointer | LP | Parent pointer | PP | Version | version |
Leaf pointer | LP | Parent pointer | PP |
Scheme [21] | Scheme [24] | Scheme [35] | Our Scheme | |
---|---|---|---|---|
SigGen | (2mn + s + 1)Exp + 2mnMul | 2mnExp + (2mn + m − 1)Mul | 2mnExp + 2mnMul | 2mnExp + mnMul |
ProofGen | mcExp + mcMul | cExp+m(c − 1)Mul | cExp + mcMul | cExp + (c−1)Mul |
ProofVerify | 3Pair + (mc + s + 3)Exp + (mc + s)Mul | 3Pair + (mc + s + 1)Exp + (mc + s)Mul | 3Pair + 2cExp + 2mcMul | 2Pair + (mc + 1)Exp + mcMul |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Liu, Z.; Wang, S.; Duan, S.; Ren, L.; Wei, J. Dynamic Data Integrity Auditing Based on Hierarchical Merkle Hash Tree in Cloud Storage. Electronics 2023, 12, 717. https://doi.org/10.3390/electronics12030717
Liu Z, Wang S, Duan S, Ren L, Wei J. Dynamic Data Integrity Auditing Based on Hierarchical Merkle Hash Tree in Cloud Storage. Electronics. 2023; 12(3):717. https://doi.org/10.3390/electronics12030717
Chicago/Turabian StyleLiu, Zhenpeng, Shuo Wang, Sichen Duan, Lele Ren, and Jianhang Wei. 2023. "Dynamic Data Integrity Auditing Based on Hierarchical Merkle Hash Tree in Cloud Storage" Electronics 12, no. 3: 717. https://doi.org/10.3390/electronics12030717
APA StyleLiu, Z., Wang, S., Duan, S., Ren, L., & Wei, J. (2023). Dynamic Data Integrity Auditing Based on Hierarchical Merkle Hash Tree in Cloud Storage. Electronics, 12(3), 717. https://doi.org/10.3390/electronics12030717