
Citation: | LI Yumei, ZHANG Futai. Remote Data Auditing for Cloud-Assisted WBANs with Pay-as-You-Go Business Model[J]. Chinese Journal of Electronics, 2023, 32(2): 248-261. DOI: 10.23919/cje.2020.00.314 |
Wireless body area networks (WBANs) are often used to improve the quality of medical treatment and guarantee the human health-care service [1]. It relies on all kinds of sensors to collect medical data and fulfill remote vital signs monitoring of patients. The scale of medical data grows over time, and the storage burden will lead the device to be inefficient. Cloud computing as an auxiliary means provides flexible storage capability and cheap services for data owner. Cloud-assisted WBANs overcome the inherent weaknesses of traditional WBANs and enable the data owner to store and process the collected data conveniently [2], [3]. However, it faces kinds of internal attackers and external attackers. A dishonest cloud service provider (CSP) can mask medical data corruption or data loss to maintain an excellent reputation. Even worse, a malicious adversary can disturb diagnostic results through falsifying some medical data. The incorrect diagnostic results may delay the treatment of patients and cause serious medical incidents. Among these security issues, the integrity auditing of outsourced data is crucial.
Downloading the entire file is the intuitive method to check the integrity of data [4]. However, this is not practical because the solution is inefficient. Remote data auditing is a popular model that allows a party to check data integrity without downloading all data contents [5]. It generates probabilistic proof by sampling random sets of data blocks. Recently, scholars have proposed many schemes to check outsourced data integrity [6]-[12], each has its pros and cons. A common weakness of these schemes is that they only support content integrity checking. It is not applicable to the CSP which using the pay-as-you-go business model [13]. In pay-as-you-go business model, a data owner pays fees for the data in each period based on the storage volume indiscriminately. Therefore, a third party auditor (TPA) should have the ability to check the data integrity and authenticity periodically.
In the pay-as-you-go model, data owners only need to pay for uncorrupted files according to actual storage volume. The CSP charges the storage fee based on the data storage conditions. As shown in Fig.1, storage fee should comply with the following principles: 1) The data owner pays the storage fee for each period in a regular way if the file keeps intact; 2) If any data error is detected in auditing phase, the data owner will not pay the storage fee and the CSP should compensate for the damaged file; 3) If the data owner removes a file from the CSP, he/she pays the storage fee to CSP on demand by this date [14]. A remote data auditing (RDA) protocol which satisfies the above application should support integrity auditing of both content and time of storage (i.e., timestamp). An obvious solution is to attach a timestamp at the end of the outsourced data to mark the storage time. However, a weakness is that the timestamp may be lost or corrupted as there is no relationship between the timestamp and individual data blocks. The solution that an authentication tag generated for each data block includes the timestamp is efficient. It ensures a strong binding between the timestamp and individual data block.
Moreover, there exists another neglected problem that a data owner cannot prove the file has been uploaded to CSP. If a file is lost, the CSP may deny the fact that the file was stored in CSP. Most of existing auditing protocols only focus on partial data damage and loss. The case that the entire file was erased by the CSP is ignored. In this situation, the CSP can claim that it never received the file from the data owner. An effective way to solve the problem is that the CSP returns an unforgeable voucher to the data owner while receiving complete file. Using this method, there is no dispute that the CSP should undertake the obligations for all data damage and loss. Besides, the voucher should be updated by the CSP if the file keeps intact in the last period. It also indicates that the data owner has paid the storage fee for the previous period.
In this paper, we design an efficient certificate-based remote data auditing protocol. Considering the computing power of WBANs, one of the main motivations of our work is to reduce the computation cost in tag generation. In the real world, the storage fee is one of the important factors for data owners to select a service provider. To increase competitiveness, it is necessary to reduce the size of relevant auditing information. Besides, a certificate-based cryptosystem (CBC) is preferable in cloud-assisted WBANs. It can be deployed in public channels without a honest and trusted third party.
We construct a practical remote data auditing protocol for cloud-assisted WBANs with pay-as-you-go business model, which can audit data integrity regularly. The innovations of this paper are as follows.
1) We design a novel auditing model that the TPA will audit data integrity spontaneously periodically according to the auditing period. Besides, the model can prevent CSP from hiding data damaged or lost to evade compensation.
2) We construct a homomorphic verifiable tag, which has low tag generation overhead and verification overhead. Besides, the size of a data block tag is short.
3) We put forward an efficient remote data auditing protocol according to pay-as-you-go business model. It is a valuable application of CBC in checking data integrity.
Moreover, we show the correctness of our protocol and provide rigorous security proof under the random oracle model. We also compare the overhead of our protocol with several other related protocols in computation, communication, and storage. Besides, we show the performance of our work is desirable through experiments.
All sensors in WBANs are usually assigned to collect and monitor users’ physical information [15]. However, low storage power and computing power limit the development of WBANs. With the development of cloud computing, the CSP can assist users in storing these sensors’ data. The integrity and authenticity of data stored in the CSP is widely concerned by users. The technique of proof of storage (PoS) allows a verifier to check the data integrity without holding a local copy [16]. It offers an optional solution for auditing outsourced data integrity [4].
There are two interesting PoS models, namely proof of retrievability (PoR) and provable data possession (PDP). The notion of the former was presented by Juels et al. [17] in 2007. In this protocol, the data owner can retrieve the entire file. The notion of PDP was first proposed by Ateniese et al. [5] in the same year. They proposed two different PDP protocols which based on RSA cryptosystem and homomorphic verifiable tags (HVTs). The two protocols can both randomly choose some data blocks to detect files, and entire files are not required. To reduce the computation and communication overheads, Shacham and Waters [18] constructed a novel HVTs using BLS signature [19]. Later, various PDP protocols based on the construction has been proposed [20]-[30]. Yu et al. [21] proposed an identity-based remote data integrity verification protocol which reaches the perfect data privacy-preserving. Although the protocol is shaken off the burden of certificate management, the verification overhead increases linearly with the number of the challenged data blocks. Zhang et al. [29] introduced an identity-based cloud storage auditing protocol for shared big data with efficient user revocation. Li et al. [30] proposed a certificateless public data integrity checking protocol for data shared among a group. He et al. [26] presented a certificateless public auditing protocol for cloud-assisted WBANs. Their protocol does not suffer from public key certificate management and key escrow problem. Huang et al. [31] proposed a certificateless public verification scheme for data storage and sharing in the cloud. However, the storage space occupied by the data block tag in these protocols is larger than the data block itself.
In 2013, Wang et al. [7] assumed that each block consisting of
There are three types of parties called the data owner, the CSP, and the TPA in a remote data auditing system. The CSP is dishonest, it may generate forged proofs that can pass the verification. The TPA is honest, it performs the data auditing periodically on behalf of the data owner. Fig.2 shows the system model and we give the working process below.
1) The data owner splits a file into data blocks, and generates tags for all data blocks and timestamp. The data owner then uploads these data blocks with the corresponding tags to the CSP.
2) The CSP will store these information if the file is correct and return a voucher to the data owner. The voucher indicates that the data is intact at this time. Note that, the CSP will update and return the voucher after receiving the storage fee.
3) The TPA initiates a challenge to the CSP for file auditing at the end of each period. The CSP generates a proof and sends it to TPA.
4) The TPA checks the correctness of the proof and returns a result to the data owner. The data owner pays the storage fee according to the pay-as-you-go model.
In a practical remote data auditing protocol for cloud-assisted WBANs with a pay-as-you-go business model, the following objectives are required.
1) Correctness: It is possible to generate valid proofs if and only if the CSP possesses the original file and timestamp.
2) Verifiability: The TPA can check the file integrity using partial data blocks without accessing the original file.
3) Periodic auditing: The TPA can audit data integrity spontaneously according to the timestamp and auditing period.
4) Accountability: There is no dispute that the CSP is the responsible party if any error is detected.
5) User friendly: The storage space occupied by data block tags should be smaller than the data block itself. The data owner pays as few storage fees as possible for secure storage without hindering data integrity auditing.
Definition 1 (Bilinear map) Given three prime order groups
1) Bilinearity: The equation
2) Non-degeneracy:
3) Computability: There exists an efficient algorithm to compute
Definition 2 (Collusion attack algorithm with k traitors (k-CAA) problem assumption) For an integer
There is no algorithm to solve the k-CAA problem with a non-negligible advantage in probabilistic polynomial-time.
Definition 3 (Modified k-CAA problem assumption) For three integers
There is no algorithm to solve the modified k-CAA problem with a non-negligible advantage in probabilistic polynomial-time.
We define a certificate-based remote data auditing protocol (CB-RDAP), which consists of eight polynomial-time algorithms.
1) Setup: The CSP takes input a security parameter
2) UserKeyGen: The user takes input
3) Certify: The CSP takes input
4) TagGen: The user takes input
5) Confirm: The CSP takes input
6) Challenge: The TPA takes input
7) ProofGen: The CSP takes input
8) ProofCheck: The TPA takes input
Correctness: For any
{(pp,msk)←Setup(1λ)(uskID,upkID)←UserKeyGen(pp,ID)CertID←Certify(pp,msk,ID,upkID) |
if
A CB-RDAP is secure if it meets the following requirements:
1) If the challenged file stored in CSP is intact and
2) If the challenged file is damaged or deleted, the probability of the CSP could forge a valid proof
3) The CSP cannot deny it has received a file from the data owner successfully if the voucher
To ensure the correctness and integrity of the data, a secure CB-RDAP should resist the following attacks: 1) The third party (CSP or system users) can forge a tag of data block. 2) The CSP can replace the new challenge response with the expired valid proof to deceive the data owner. 3) The CSP can generate a valid proof
In a secure CB-RDAP, three types of adversaries that can be involved to cover these attacks. The Type I adversary models system user’s ability to forge data block tag. It can change the public key for some users, and the target user’s certificate keeps secret from the adversary. The Type II adversary who plays the CSP has the ability to forge data block tags. It holds the master secret key and does not have permission to substitute the target user’s public key. The Type III adversary models the ability of CSP to forge a valid proof, it attempts to generate a valid proof when some data blocks are damaged. Generally, the following oracles are provided for adversaries.
• User-key-gen Oracle. The adversary sends a user’s identity
• Corruption Oracle. On input a user’s identity
• Certification Oracle. The adversary sends a user’s identity
• Key-replace Oracle. The adversary provides a user identity
• TagGen Oracle. It inputs a user’s identity
• ProofCheck Oracle. The adversary generates a proof
We define the security model of CB-RDAP by the game (Game 1, Game 2, Game 3) between the adversary
1) Game 1 (Type I adversary
Initialization: Taking a security parameter
Query:
Forge:
a)
b)
c)
d) ProofCheck
2) Game 2 (Type II adversary
Initialization: Taking a security parameter
Query:
Forge:
a)
b)
c) ProofCheck
3) Game 3 (Type III adversary
Initialization: Taking a security parameter
Query:
Challenge:
Forge:
a) ProofCheck
b) There is at least a challenged data block has never been submitted to the TagGen query.
Definition 4 A CB-RDAP is secure if the advantage of the probabilistic polynomial time adversaries
The construction of linear homomorphic verifiable tags in our protocol is inspired by the work of Ateniese et al. [5] and Shacham et al. [18]. Our goal is to reduce the signature generation cost and the size of the signature over the file. We describe algorithms of our protocol as follows and present the workflow in Fig.3.
1) Setup: The CSP takes input a security parameter
2) UserKeyGen: The user takes input parameters
3) Certify: It takes the public parameters
If
4) TagGen: Given an encrypted file
5) Confirm: On receiving a file from the data owner, the CSP will perform verification on it. The CSP returns “failure” if the file is damaged. Otherwise, the CSP sets the latest audit time
Note that, the auditing period
Upon receiving the voucher
6) Challenge: The TPA runs this algorithm. For each period, it chooses a subset
7) ProofGen: Upon receiving a challenge
8) ProofCheck: On receiving a response
e(˜σ,upkID⋅hˆu)=e(∏i∈Iβici,h)⋅e(H1(ID,upkID)∑nj=1αj⋅˜mj,mpk) | (1) |
If the above equation holds, the challenged file is intact. The data owner pays the storage fee to CSP. Otherwise, the data owner claims for compensation.
Assume all the entities faithfully follows the protocol, we can check the correctness of the verification equation.
e(˜σ,upkID⋅hˆu)=e(∏i∈Iσici,hx+ˆu)=e((∏i∈Iβici⋅H1(ID,upkID)s∑nj=1αj⋅˜mj)1x+ˆu,hx+ˆu)=e(∏i∈Iβici⋅H1(ID,upkID)s∑nj=1αj⋅˜mj,h)=e(∏i∈Iβici,h)⋅e(H1(ID,upkID)∑nj=1αj⋅˜mj,mpk) | (2) |
We prove the proposed protocol is secure under adaptive chosen identity attacks and adaptive chosen file attacks in random oracle model. The security proof is conducted as follows: 1) The single tag of the data block is unforgeable. 2) The proof
Theorem 1 If the advantage of forging the single tag by
Proof Appendix A shows the detailed proof.
Theorem 2 If the advantage of a Type II adversary forges the single tag is at most
Proof Appendix B shows the detailed proof.
Theorem 3 If the challenged file is damaged or deleted, the CSP cannot forge the valid proof with a non-negligible probability.
Proof Appendix C shows the detailed proof.
If the data owner uploads all data blocks and file’s related information successfully, the CSP will provide some audit periods (such as a week, a month, etc.) for data owner to choose. The data owner selects appropriate auditing period
The data owner with the identity
The data owner and the CSP are the two entities that can be responsible for files. Once the file is detected to be damaged, the error may be happened during data upload phase or storage phase. To reduce the controversy, we add the confirm function in our protocol. The CSP will generate and return a voucher
In a remote data auditing system, the CSP stores all data blocks’ tags to ensure data integrity. The data owner has to pay storage fee for storage volumes of tags. In our protocol, the size of each data block
We summarize the efficiency and functionality of our protocol in terms of computation cost, communication cost, storage cost and detection rate. Moreover, we also show a comparison among our protocol, Wang et al.’s protocol [7], and Wu et al.’s PDP protocol [14]. For simplicity, in this section we assume the data owner stores a file with
Notions | Descriptions |
TH | A map-to-point hash computation cost |
TP | A bilinear pairing computation cost |
TE1,TE2,TET | An exponential cost in G1,G2,GT, respectively |
TM1,TM2,TMT | A multiplicative cost in G1,G2,GT, respectively |
|G1|,|G2|,|GT| | The binary length of an element in G1,G2,GT |
|Zq| | The binary length of an element in Zq |
|sig| | The binary length of the cited signature scheme |
1) Computation cost: In Table 2, we list the computation cost of our protocol and the other two protocols. The comparison results show that the computation cost of our protocol is independent with the number of data block sectors
2) Communication cost: From the Table 3, we can see that the data owner uploads
3) Storage cost: We only consider the storage cost at CSP side. The CSP will store all verification information which includes all data blocks and data blocks’ tags. The CSP costs
4) Detection rate analysis: Suppose
Since
1-\left(1-\dfrac{x}{m}\right)^c \leq P_x \leq 1-\left(1-\dfrac{x}{m-c+1}\right)^c | (3) |
From (3), we have
We evaluate experiments on a laptop (4GB RAM, Intel i5 3.2 GHz quad-core processor), and employ the standard paring f.param of JPBC [35] to run these protocols. In standard paring f.param (80-bit security level), the size of elments in
1) Tag generation cost: Let
As shown in Fig.4, the experimental results show that the tag generation cost is nearly constant for signing a file in [7] and [14], and the time cost will reduce as the growth of
2) Proof generation cost: We test the proof generation cost by playing the role of the CSP. In this experiment, we split the file into 2622 data blocks (the sector size is fixed at 20), and choose
3) ProofCheck cost: The TPA runs the algorithm ProofCheck to verify the validity of the proof. Let
4) Detection rate: Considering the number of the challenged data block from 20 to 160, we give the probability of successfully detecting whether the file is contaminated. We test the file with 3
This paper presents a protocol for auditing data remotely, which is suitable for pay-as-you-go business model. In our construction, the TPA can check whether the data is stored correctly according to the auditing period. The data owner pays storage fee according to the pay-as-you-go business model if the file keeps intact. Once a file is detected error or lost, the data owner will stop to pay storage fee and require the CSP to compensate for the damaged file. We prove the correctness and security of our protocol in random oracle. We then test the computational cost from theoretical and experimental aspects, respectively. The experiment results illustrate that the proposed protocol in this paper is more practical than other two protocols.
Theorem 1 proves that our protocol is secure against the Type I adversary which can change the public key and keep the target user’s certificate secret.
Proof Suppose
For
Initialization (Phase 1):
Oracle simulation (Phase 2):
• User-key-gen query. Suppose the
1) If
2) If
•
1) If
2) If
• Corruption query. When receiving a corruption query from
• Certification query.
1) If
2) If
• Key-replace Query.
•
1) If
2) If
a) If
b) If
•
1) If
2) If
• TagGen query.
1) If
a)
b)
{\sigma}_{j} ={{\left(\beta_{j} \cdot {Cert_{ID_i}}^{\sum_{k=1}^{n}{H_4(ID,k) \cdot m_{jk}}}\right)^{\frac{1}{x_i+H_{2i}}}}} |
c)
2) If
a)
b)
c)
d)
{\sigma}_{j} =\psi(h)^{r_j} \cdot ((g^{ab})^{\frac{1}{x+\hat{h}}})^{\sum_{k=1}^{n}{H_4(ID,j) \cdot m_{jk}}} |
e)
Output (Phase 3):
a) A corruption query on
b)
c)
d) Proof check
\begin{split} \sigma^{*}&=({H}_{3}(ID^{*},upk^{*})\cdot Cert_{ID^*}^{\sum_{k=1}^{n}{H_4(ID^*,k)\cdot m_{k}}})^{\frac{1}{{usk}^{*}+h^{*}}}\\& =(\psi(h)^{r^*(usk^{*}+h*)} \cdot g^{ab\sum_{k=1}^{n}{H_4(ID^*,k)\cdot m_{k}}})^{\frac{1}{{usk}^{*}+h^{*}}}\\& =\psi(h)^{r^*}\cdot (g^{ab\sum_{k=1}^{n}{H_4(ID^*,k)\cdot m_{k}}})^{\frac{1}{usk^{*}+h^{*}}}\\& \Rightarrow \left(\frac{\sigma^{*}}{\psi(h)^{r^*}}\right)^{(\sum_{k=1}^{n}{H_4(ID^*,k)\cdot m_{k}})^{-1}}\\& =(g^{ab})^{(x+h^*)^{-1}} \qquad (ID^*=ID_I) \\[-10pt] \end{split} |
where
If
1) If
2) If
Probability analysis: Suppose
a)
b)
c)
The probability that
\epsilon' \geq\left(1-\frac{1}{q_u}\right)^{q_r+q_e}\left(1-\frac{1}{q_t+1}\right)^{q_t}\frac{1}{(q_t+1)q_u}\epsilon |
Theorem 2 proves that our protocol is secure against the Type II adversary which has the master key but cannot change the public key.
Proof Suppose
For
Initialization (Phase 1):
Oracle simulation (Phase 2):
• User-key-gen query. Suppose the
1) If
2) If
•
1) If
2) If
• Corruption query. When receiving a corruption query from
•
1) If
2) If
a) If
b) If
•
1) If
2) If
• TagGen query.
1) If
a)
b)
\begin{array}{l} {\sigma}_{j} ={{\left(\beta_{j} \cdot {\psi(h^s)}^{d_i\sum_{k=1}^{n}{H_4(ID, k) \cdot m_{k}}}\right)^{\frac{1}{x_i+H_{2i}}}}} \end{array} |
c)
2) If
a) If
b) If
c)
\begin{array}{l} {\sigma}_{j} =\psi(h)^{r_{j}} \cdot (g^{\frac{1}{x+H_{2i}}})^{d_i\sum_{k=1}^{n}{H_4(ID,k) \cdot m_{k}}} \end{array} |
d)
Output(Phase 3):
a) A corruption query on
b)
c) ProofCheck
\begin{split} \sigma^{*} &=({H}_{3}(ID^{*},upk^{*})\cdot Cert_{ID^*}^{\sum_{k=1}^{n}{H_4(ID,k)\cdot m_{j}}})^{\frac{1}{{usk}^{*}+h^{*}}}\\& =(\psi(h)^{r^*(usk^{*}+h^*)} \cdot g^{d\sum_{k=1}^{n}{H_4(ID,k)\cdot m_{j}}})^{\frac{1}{{usk}^{*}+h^{*}}}\\& =\psi(h)^{r^*}\cdot (g^{\frac{1}{usk^{*}+h^{*}}})^{d\sum_{j=1}^{n}{H_4(ID,k)\cdot m_{k}}}\\& \Rightarrow \left(\frac{\sigma^{*}}{\psi(h)^{r^*}}\right)^{(d\sum_{k=1}^{n}{H_4(ID,k)\cdot m_{k}})^{-1}}\\& =g^{(x+h^*)^{-1}} \qquad (ID^*=ID_I)\\[-10pt] \end{split} |
where
If
Probability analysis: Suppose
a)
b)
c)
In summary, the probability that
\epsilon'\geq\left(1-\frac{1}{q_u}\right)^{q_r}\left(1-\frac{1}{q_t+1}\right)^{q_t}\frac{1}{(q_t+1)q_u}\epsilon |
Proof We suppose the adversary
Simulation: The system initialization and the oracle simulation are the same as in Game 1 or Game 2.
• ProofCheck.
• Challenge.
Forge: The adversary
Probability analysis: Since the forged proof is valid, it satisfies
\begin{split}& e(\bar{\sigma}, upk^*\cdot {h}^{h^*})/e\left(\displaystyle\prod_{i\in I}{\beta_i}^{c_i},h\right) \\& =e(H_1(ID^*,upk^*)^{\sum_{j=1}^{n}{H_4(ID^*,j)\cdot m_{j}}},pk) \end{split} |
Assume that the real proof for the challenge
\begin{split}& e(\sigma, upk^*\cdot h^{h^*})/e\left(\displaystyle\prod_{i\in I}{\beta_i}^{c_i},h\right) \\& =e(H_1(ID^*,upk^*)^{\sum_{j=1}^{n}{H_4(ID^*,j)\cdot m_{j}}},pk) \end{split} |
Since the hash function is collision resistance, the adversary
Theorem 3 is proved.
[1] |
B. Latré, B. Braem, I. Moerman, et al., “A survey on wireless body area networks,” Wireless Networks, vol.17, no.1, pp.1–18, 2011.
|
[2] |
J. F. Wan, C. F. Zou, S. Ullah, et al., “Cloud-enabled wireless body area networks for pervasive healthcare,” IEEE Network, vol.27, no.5, pp.56–61, 2013. DOI: 10.1109/MNET.2013.6616116
|
[3] |
S. Ullah, A. V. Vasilakos, H. Chao, et al., “Cloud-assisted wireless body area networks,” Information Sciences,, vol.284, pp.81–83, 2014.
|
[4] |
Y. Deswarte, J. J. Quisquater, and A. Saïdane, “Remote integrity checking,” in Proceedings of the Sixth Working Conference on Integrity and Internal Control in Information Systems, Lausanne, Switzerland, pp.1–11, 2004.
|
[5] |
G. Ateniese, R. Burns, R. Curtmola, et al., “Provable data possession at untrusted stores,” in Proceedings of ACM Conference on Computer and Communications Security, Alexandria, Virginia, USA, pp.598–09, 2007.
|
[6] |
Y. M. Li and F. T. Zhang, “An efficient certificate-based data integrity auditing protocol for cloud-assisted WBANs,” IEEE Internet of Things Journal, vol.9, no.13, pp.11513–11523, 2022. DOI: 10.1109/JIOT.2021.3130291
|
[7] |
C. Wang, S. S. M. Chow, Q. Wang, et al., “Privacy-preserving public auditing for secure cloud storage,” IEEE Transactions on Computers, vol.62, no.2, pp.362–375, 2013. DOI: 10.1109/TC.2011.245
|
[8] |
B. Wang, B. Li, H. Li, et al., “Certificateless public auditing for data integrity in the cloud,” in Proceedings of IEEE Conference on Communications and Network Security, National Harbor, MD, USA, pp.136–144, 2013.
|
[9] |
F. Armknecht, J. M. Bohli, G. O. Karame, et al., “Outsourced proofs of retrievability,” in Proceedings of ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, Arizona, USA, pp.831–843, 2014.
|
[10] |
S. K. Nayak and S. Tripathy, “SEPDP: Secure and efficient privacy preserving provable data possession in cloud storage,” IEEE Transactions on Services Computing, vol.14, no.3, pp.876–888, 2021. DOI: 10.1109/TSC.2018.2820713
|
[11] |
Y. N. Li, Y. Yu, G. Min, et al., “Fuzzy identity-based data integrity auditing for reliable cloud storage systems,” IEEE Transactions on Dependable and Secure Computing, vol.16, no.1, pp.72–83, 2019. DOI: 10.1109/TDSC.2017.2662216
|
[12] |
Z. Yang, W. Y. Wang, Y. Huang, et al., “Privacy-preserving public auditing scheme for data confidentiality and accountability in cloud storage,” Chinese Journal of Electronics, vol.28, no.1, pp.179–187, 2019. DOI: 10.1049/cje.2018.02.017
|
[13] |
M. Armbrust, A. Fox, R. Griffith, et al., “A view of cloud computing,” Communications of the ACM, vol.53, no.4, pp.50–58, 2010. DOI: 10.1145/1721654.1721672
|
[14] |
T. Wu, G. M. Yang, Y. Mu, et al., “Privacy-preserving proof of storage for the pay-as-you-go business model,” IEEE Transactions on Dependable and Secure Computing, vol.18, no.2, pp.563–575, 2021. DOI: 10.1109/TDSC.2019.2931193
|
[15] |
T. G. Zimmerman, “Personal area networks: near-field intrabody communication,” IBM Systems Journal, vol.35, no.3.4, pp.609–617, 1996. DOI: 10.1147/sj.353.0609
|
[16] |
G. Ateniese, S. Kamara, and J. Katz, “Proofs of storage from homomorphic identification protocols,” in Proceedings of International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, Japan, pp.319–333, 2009.
|
[17] |
A. Juels and B. S. Kaliski, “PORs: Proofs of retrievability for large files,” in Proceedings of ACM Conference on Computer and Communications Security, Alexandria, Virginia, USA, pp.584–597, 2007.
|
[18] |
H. Shacham and B. Waters, “Compact proofs of retrievability,” in Proceedings of International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, pp.90–107, 2008.
|
[19] |
D. Boneh, B. Lynn, and H. Shacham, “Short signatures from the weil pairing,” in Proceedings of International Conference on the Theory and Application of Cryptology and Information Security, Gold Coast, Australia, pp.514–532, 2001.
|
[20] |
H. Q. Wang, Q. H. Wu, B. Qin, et al., “Identity-based remote data possession checking in public clouds,” IET Information Security, vol.8, no.2, pp.114–121, 2014.
|
[21] |
Y. Yu, M. H. Au, G. Ateniese, et al., “Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage,” IEEE Transactions on Information Forensics and Security, vol.12, no.4, pp.767–778, 2017. DOI: 10.1109/TIFS.2016.2615853
|
[22] |
J. G. Li, H. Yan, and Y. C. Zhang, “Certificateless public integrity checking of group shared data on cloud storage,” IEEE Transactions on Services Computing, vol.14, no.1, pp.71–81, 2021.
|
[23] |
D. B. He, N. Kumar, S. Zeadally, et al., “Certificateless provable data possession scheme for cloud-based smart grid data management systems,” IEEE Transactions on Industrial Informatics, vol.14, no.3, pp.1232–1241, 2018. DOI: 10.1109/TII.2017.2761806
|
[24] |
Y. N. Qi, X. Tang, and Y. F. Huang, “Enabling efficient batch updating verification for multi-versioned data in cloud storage,” Chinese Journal of Electronics, vol.28, no.2, pp.377–385, 2019. DOI: 10.1049/cje.2018.02.007
|
[25] |
G. Prakash, M. Prateek, and I. Singh, “Secure public auditing using batch processing for cloud data storage,” in Proceedings of International Conference on Smart System, Innovations and Computing, Jaipur, India, pp.137–148, 2018.
|
[26] |
D. B. He, S. Zeadally, and L. B. Wu, “Certificateless public auditing scheme for cloud-assisted wireless body area networks,” IEEE Systems Journal, vol.12, no.1, pp.64–73, 2018. DOI: 10.1109/JSYST.2015.2428620
|
[27] |
C. M. Tang and X. J. Zhang, “A new publicly verifiable data possession on remote storage,” The Journal of Supercomputing, vol.75, no.1, pp.77–91, 2019. DOI: 10.1007/s11227-015-1556-z
|
[28] |
X. J. Zhang, J. Zhao, C. X. Xu, et al., “CIPPPA: Conditional identity privacy-preserving public auditing for cloud-based WBANs against malicious auditors,” IEEE Transactions on Cloud Computing, vol.9, no.4, pp.1362–1375, 2021. DOI: 10.1109/TCC.2019.2927219
|
[29] |
Y. Zhang, J. Yu, R. Hao, et al., “Enabling efficient user revocation in identity-based cloud storage auditing for shared big data,” IEEE Transactions on Dependable and Secure Computing, vol.17, no.3, pp.608–619, 2020.
|
[30] |
A. Rehman, L. Jian, M. Q. Yasin, et al., “Securing cloud storage by remote data integrity check with secured key generation,” Chinese Journal of Electronics, vol.30, no.3, pp.489–499, 2021. DOI: 10.1049/cje.2021.04.002
|
[31] |
L. X. Huang, J. L. Zhou, G. X. Zhang, et al., “Certificateless public verification for data storage and sharing in the cloud,” Chinese Journal of Electronics, vol.29, no.4, pp.639–647, 2020. DOI: 10.1049/cje.2020.05.007
|
[32] |
Y. J. Wang, Q. H. Wu, B. Qin, et al., “Identity-based data outsourcing with comprehensive auditing in clouds,” IEEE Trans. on Information Forensics and Security, vol.12, no.4, pp.940–952, 2017. DOI: 10.1109/TIFS.2016.2646913
|
[33] |
H. Yan, J. G. Li, J. G. Han, et al., “A novel efficient remote data possession checking protocol in cloud storage,” IEEE Transactions on Information Forensics and Security, vol.12, no.1, pp.78–88, 2017. DOI: 10.1109/TIFS.2016.2601070
|
[34] |
S. Thokchom and D. K. Saikia, “Privacy preserving integrity checking of shared dynamic cloud data with user revocation,” Journal of Information Security and Applications, vol.50, article no.102427, 2020. DOI: 10.1016/j.jisa.2019.102427
|
[35] |
A. De Caro and V. Iovino, “jPBC: Java pairing based cryptography,” in Proceedings of IEEE Symposium on Computers and Communications, Kerkyra, Corfu, Greece, pp.850–855, 2011.
|
[1] | CHENG Le, CHANG Lyu, SONG Yanhong, WANG Haibo, XU Yihan, BIAN Yuetang. A Bionic Optimization Technique with Cockroach Biological Behavior[J]. Chinese Journal of Electronics, 2021, 30(4): 644-651. DOI: 10.1049/cje.2021.05.006 |
[2] | YAN Yan, MA Hongzhong, LI Zhendong. An Improved Grasshopper Optimization Algorithm for Global Optimization[J]. Chinese Journal of Electronics, 2021, 30(3): 451-459. DOI: 10.1049/cje.2021.03.008 |
[3] | WANG Hongbo, YANG Fan, TIAN Kena, TU Xuyan. A Many-Objective Evolutionary Algorithm with Spatial Division and Angle Culling Strategy[J]. Chinese Journal of Electronics, 2021, 30(3): 437-443. DOI: 10.1049/cje.2021.03.006 |
[4] | LIU Dandan, HUANG Cong, WANG Wenbo, GUO Wenbin. Resource Allocation in High Energy-Efficient Cooperative Spectrum Sharing Communication Networks[J]. Chinese Journal of Electronics, 2016, 25(4): 768-773. DOI: 10.1049/cje.2016.07.013 |
[5] | GAO Yang, CHENG Yuhu, WANG Xuesong. A Quick Convex Hull Building Algorithm Based on Grid and Binary Tree[J]. Chinese Journal of Electronics, 2015, 24(2): 317-320. DOI: 10.1049/cje.2015.04.015 |
[6] | SU Yinjie, JIANG Lingge, HE Chen. Dynamic Decode-and-Forward Relaying with Partial CSIT and Optimal Time Allocation[J]. Chinese Journal of Electronics, 2015, 24(1): 193-198. |
[7] | WANG Xuesong, CHENG Yuhu, JI Jie. Semi-Supervised Regression Algorithm Based on Optimal Combined Graph[J]. Chinese Journal of Electronics, 2013, 22(4): 724-728. |
[8] | GENG Xuan, XIE Hong, CAO Fang. Robust THP Transceiver Optimization under Imperfect CSI with Spatial Correlation[J]. Chinese Journal of Electronics, 2013, 22(2): 387-390. |
[9] | SHU Yongan, SHU Ziyu, LUO Bin. A Multipath Routing Protocol in Wireless Mesh Networks[J]. Chinese Journal of Electronics, 2012, 21(1): 131-136. |
[10] | BAI Jian, FENG Xiangchu. Image Denoising and Decomposition Using Non-convex Functional[J]. Chinese Journal of Electronics, 2012, 21(1): 102-106. |
Notions | Descriptions |
T_H | A map-to-point hash computation cost |
T_P | A bilinear pairing computation cost |
T_{E_1},T_{E_2},T_{E_T} | An exponential cost in { \mathbb{G}}_{1}, \mathbb{G}_2, \mathbb{G}_T , respectively |
T_{M_1},T_{M_2},T_{M_T} | A multiplicative cost in { \mathbb{G}}_{1}, \mathbb{G}_2, \mathbb{G}_T , respectively |
| \mathbb{G}_1|,| \mathbb{G}_2|,| \mathbb{G}_T| | The binary length of an element in { \mathbb{G}}_{1}, \mathbb{G}_2, \mathbb{G}_T |
| \mathbb{Z}_q| | The binary length of an element in \mathbb{Z}_q |
|sig| | The binary length of the cited signature scheme |
Ref. | TagGen | ProofGen | ProofCheck |
[7] | mn(2T_{E_1}+ T_H+T_{M_1}) | (c-1)T_{M_1}+ cT_{E_1}+nT_{E_T} | (n+c+1)T_{E_1}+ cT_H\\+nT_{M_1}+ nT_{M_T}+2T_P |
[14] | mn(2T_{E_1}+ T_H+T_{M_1}) | (c+2)T_{E_1}+ (c-1)T_{M_1}+2T_{M_2} | (c+n)T_{E_1}+ (c+2)T_{M_1}\\ +2T_{E_2} +2T_{M_2}+5T_P |
Ours | m(2T_{E_1}+ T_H+T_{M_1}) | cT_{E_1}+(c-1)T_{M_1} | (c+1)T_{E_1}+T_H+ (c-1)T_{M_1}\\ +T_{E_2} +T_{M_2}+3T_P |
Ref. | Outsourcing storage | Auditing |
[7] | mn| \mathbb{Z}_q|+m| \mathbb{G}_1|+|sig| | (c+n)| \mathbb{Z}_q|+| \mathbb{G}_1|+n| \mathbb{G}_T| |
[14] | mn| \mathbb{Z}_q|+(m+n)| \mathbb{G}_1|+|sig| | (c+4)| \mathbb{Z}_q|+3| \mathbb{G}_1|+2 |
Ours | mn| \mathbb{Z}_q|+m| \mathbb{G}_1|+|sig| | (c+n)| \mathbb{Z}_q|+| \mathbb{G}_1| |