Public Auditing for Ensuring Cloud Data Storage Security With Zero Knowledge Privacy



Similar documents
A binary powering Schur algorithm for computing primary matrix roots

How To Calculate Backup From A Backup From An Oal To A Daa

Spline. Computer Graphics. B-splines. B-Splines (for basis splines) Generating a curve. Basis Functions. Lecture 14 Curves and Surfaces II

Linear Extension Cube Attack on Stream Ciphers Abstract: Keywords: 1. Introduction

Temporal and Spatial Distributed Event Correlation for Network Security

MORE ON TVM, "SIX FUNCTIONS OF A DOLLAR", FINANCIAL MECHANICS. Copyright 2004, S. Malpezzi

An Optimisation-based Approach for Integrated Water Resources Management

Trading volume and stock market volatility: evidence from emerging stock markets

Methodology of the CBOE S&P 500 PutWrite Index (PUT SM ) (with supplemental information regarding the CBOE S&P 500 PutWrite T-W Index (PWT SM ))

Capacity Planning. Operations Planning

COMPETING ADVERTISING AND PRICING STRATEGIES FOR LOCATION-BASED COMMERCE

A Model for Time Series Analysis

GUIDANCE STATEMENT ON CALCULATION METHODOLOGY

The Virtual Machine Resource Allocation based on Service Features in Cloud Computing Environment

(Im)possibility of Safe Exchange Mechanism Design

Template-Based Reconstruction of Surface Mesh Animation from Point Cloud Animation

Genetic Algorithm with Range Selection Mechanism for Dynamic Multiservice Load Balancing in Cloud-Based Multimedia System

An Architecture to Support Distributed Data Mining Services in E-Commerce Environments

Lecture 40 Induction. Review Inductors Self-induction RL circuits Energy stored in a Magnetic Field

Multiple Periodic Preventive Maintenance for Used Equipment under Lease

Anomaly Detection in Network Traffic Using Selected Methods of Time Series Analysis

MULTI-WORKDAY ERGONOMIC WORKFORCE SCHEDULING WITH DAYS OFF

Guidelines and Specification for the Construction and Maintenance of the. NASDAQ OMX Credit SEK Indexes

Cooperative Distributed Scheduling for Storage Devices in Microgrids using Dynamic KKT Multipliers and Consensus Networks

Chosen Public Key and Ciphertext Secure Proxy Re-encryption Schemes

The Rules of the Settlement Guarantee Fund. 1. These Rules, hereinafter referred to as "the Rules", define the procedures for the formation

Optimization of Nurse Scheduling Problem with a Two-Stage Mathematical Programming Model

RESOLUTION OF THE LINEAR FRACTIONAL GOAL PROGRAMMING PROBLEM

SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD

Watermark-based Provable Data Possession for Multimedia File in Cloud Storage

HEDGING METHODOLOGIES IN EQUITY-LINKED LIFE INSURANCE. Alexander Melnikov University of Alberta, Edmonton

COASTAL CAROLINA COMMUNITY COLLEGE

HAND: Highly Available Dynamic Deployment Infrastructure for Globus Toolkit 4

Network Effects on Standard Software Markets: A Simulation Model to examine Pricing Strategies

Effects of Terms of Trade Gains and Tariff Changes on the Measurement of U.S. Productivity Growth *

INTERNATIONAL JOURNAL OF STRATEGIC MANAGEMENT

Oblique incidence: Interface between dielectric media

HEURISTIC ALGORITHM FOR SINGLE RESOURCE CONSTRAINED PROJECT SCHEDULING PROBLEM BASED ON THE DYNAMIC PROGRAMMING

MODEL-BASED APPROACH TO CHARACTERIZATION OF DIFFUSION PROCESSES VIA DISTRIBUTED CONTROL OF ACTUATED SENSOR NETWORKS

CLoud computing has recently emerged as a new

PerfCenter: A Methodology and Tool for Performance Analysis of Application Hosting Centers

COASTAL CAROLINA COMMUNITY COLLEGE

A Heuristic Solution Method to a Stochastic Vehicle Routing Problem

Wilmar Deliverable D6.2 (b) Wilmar Joint Market Model Documentation. Peter Meibom, Helge V. Larsen, Risoe National Laboratory

12/7/2011. Procedures to be Covered. Time Series Analysis Using Statgraphics Centurion. Time Series Analysis. Example #1 U.S.

APPLICATION OF CHAOS THEORY TO ANALYSIS OF COMPUTER NETWORK TRAFFIC Liudvikas Kaklauskas, Leonidas Sakalauskas

Market-Clearing Electricity Prices and Energy Uplift

Currency Exchange Rate Forecasting from News Headlines

A robust optimisation approach to project scheduling and resource allocation. Elodie Adida* and Pradnya Joshi

RISK-BASED REPLACEMENT STRATEGIES FOR REDUNDANT DETERIORATING REINFORCED CONCRETE PIPE NETWORKS

Social security, education, retirement and growth*

CALCULATION OF OMX TALLINN

THE IMPACT OF UNSECURED DEBT ON FINANCIAL DISTRESS AMONG BRITISH HOUSEHOLDS. Ana del Río and Garry Young. Documentos de Trabajo N.

Inter-domain Alliance Authentication Protocol Based on Blind Signature

A Background Layer Model for Object Tracking through Occlusion

DEPARTMENT OF ECONOMETRICS AND BUSINESS STATISTICS. Exponential Smoothing for Inventory Control: Means and Variances of Lead-Time Demand

Secure and Efficient Proof of Storage with Deduplication

Pedro M. Castro Iiro Harjunkoski Ignacio E. Grossmann. Lisbon, Portugal Ladenburg, Germany Pittsburgh, USA

Optimal portfolio allocation with Asian hedge funds and Asian REITs

An Ensemble Data Mining and FLANN Combining Short-term Load Forecasting System for Abnormal Days

The Transport Equation

An Anti-spam Filter Combination Framework for Text-and-Image s through Incremental Learning

Event Based Project Scheduling Using Optimized Ant Colony Algorithm Vidya Sagar Ponnam #1, Dr.N.Geethanjali #2

HEAT CONDUCTION PROBLEM IN A TWO-LAYERED HOLLOW CYLINDER BY USING THE GREEN S FUNCTION METHOD

Cost- and Energy-Aware Load Distribution Across Data Centers

Proceedings of the 2008 Winter Simulation Conference S. J. Mason, R. R. Hill, L. Mönch, O. Rose, T. Jefferson, J. W. Fowler eds.

WHAT ARE OPTION CONTRACTS?

PRIVACY PRESERVING PUBLIC AUDITING FOR SECURED DATA STORAGE IN CLOUD USING BLOCK AUTHENTICATION CODE

Index Mathematics Methodology

Levy-Grant-Schemes in Vocational Education

II. IMPACTS OF WIND POWER ON GRID OPERATIONS

Ground rules. Guide to the calculation methods of the FTSE Actuaries UK Gilts Index Series v1.9

SHIPPING ECONOMIC ANALYSIS FOR ULTRA LARGE CONTAINERSHIP

Kalman filtering as a performance monitoring technique for a propensity scorecard

Attribution Strategies and Return on Keyword Investment in Paid Search Advertising

How To Secure Cloud Computing, Public Auditing, Security, And Access Control In A Cloud Storage System

Towards a Trustworthy and Controllable Peer- Server-Peer Media Streaming: An Analytical Study and An Industrial Perspective

Ground rules. FTSE Global Bonds Index Series v1.7

A Study on Secure Data Storage Strategy in Cloud Computing

A Real-time Adaptive Traffic Monitoring Approach for Multimedia Content Delivery in Wireless Environment *

Auxiliary Module for Unbalanced Three Phase Loads with a Neutral Connection

A Decision-Theoretic Generalization of On-Line Learning and an Application to Boosting*

Cooperative Random Walk for Pipe Network Layout Optimization

Transcription:

P Publc Audng for Ensurng Cloud Daa Sorage Secury Wh Zero Knowledge Prvacy, Wang Shao-huP P, Chang Su-qnP P, Chen Dan-weP P, Wang Zh-weP College of Comuer, Nanjng Unversy of Poss and elecommuncaons, Nanjng 0046, Chna; Nework and Daa Secury Key Laboraory of Schuan Provnce Emal: wangshaohu@njueducn Absrac In cloud sorage servce, clens uload her daa ogeher wh auhencaon nformaon o cloud sorage server o ensure he avalably and negry of clens' sored daa, cloud server(cs) mus rove o a verfer ha he s acually sorng all of he clen's daa unchanged And, enablng ublc audably for cloud sorage s of crcal morance o users wh consraned comung resources, who can resor o a hrd ary audor (PA) o check he negry of ousourced daa However, mos of he exsng roofs of rerevably schemes or roof of daa ossesson schemes do no consder daa rvacy roblem Zero knowledge rvacy requres PA or he adversary can no deduce any nformaon of he fle daa from audng sysem In hs aer, afer gvng a new consrucon of a recenly roosed cryograhc rmve named aggregaable sgnaure based broadcas (ASBB) encryon scheme, we resen an effcen ublc audng scheme wh zero knowledge rvacy he new scheme s as effcen as he scheme resened by Shacham and Waers whou consderng rvacy and s secure n he random oracle model Keywords: Cloud Comung, Cloud Sorage, Publc Audng, Zero-Knowledge Prvacy, Inegry Inroducon Recenly, cloud comung s recevng more and more aenons, from boh ndusral and academc communy Cloud comung searaes usage of I resources from her managemen and manenance, so ha users can focus on her core busness and leave he exensve manenance of I servces o cloud servce rovder However users of ousourced sorage are a he mercy of her sorage rovders for he connued avalably of her daa Even Amazon's S, he bes-known sorage servce, has exerenced sgnfcan downme Here we are consderng scenaros where users may have concerns of he negry and rvacy of her daa sored n he cloud sorage As users no longer hyscally ossess he sorage of her daa, radonal cryograhc rmves for he urose of daa secury roecon canno be drecly adoed In arcular, smly downloadng all he daa for s negry verfcaon s no a raccal soluon due o he exensveness n I/O and ransmsson cos across he nework In order o solve remoe negry checkng roblem n cloud sorage, a lo of works[-6] have been done focusng on varous condons of alcaon and aemng o acheve dfferen goals Among hese works, he mehods can be dvded as Proof of Daa Possesson( PDP ) and Proofs of Rerevably ( PoR ) PDP scheme, frs resened by Aenese e al [,6] are relaed roocols ha only deec a large amoun of corruon n ousourced daa her scheme ulzes he RSA-based homomorhc auhencaors for audng ousourced daa and suggess randomly samlng a few blocks of he fle However, he schemes have o se a ror bound on he number of auds and doesn' suor ublc aud ably Publc audably allows an exernal ary, n addon o he user hmself, o verfy he correcness of remoely sored daa Whle PoR scheme[], frs resened by Juels, s a challenge-resonse roocol ha enables a cloud rovder o demonsrae o a clen ha a fle s rerevable, e, recoverable whou any loss or corruon her scheme use so-checkng and errorcorrecng codes o ensure boh "ossesson" and "rerevably" of remoe daa fles Erway e al[8] was he frs o roose dynamc PDP scheme hey develoed a sk lss based mehod o enable rovable daa ossesson wh dynamc suor however, he effcency of her scheme remans n queson In [9], Wang e al rovded a dynamc archecure for ublc checkng

However, mos of hese schemes [,4,] do no consder he rvacy roecon of users daa agans exernal audors Indeed, cloud servce rovder may oenally reveal users daa o audors or adversares durng he audng From he ersecve of roecng daa rvacy, hs severe drawback grealy affecs he secury of hese roocols n Cloud Comung[5] Recenly Wang e al [6] resened wo rvacy-reservng ublc audng schemes for cloud sorage sysems based on Shacham and Waers scheme[4] In her frs scheme, he adversary can no deduce he daa from he audng sysem f he daa have hgh enroy, bu s no secure f he daa sored have low enroy, for he adversary can have a brue-force guess of he message offlne he second neffcen scheme hey resened can rovde zero knowledge rvacy wh much less effcency han [4], whch means he adversary has erfec zero knowledge from he audng sysem In hs aer, we ackle he roblem of zero knowledge rvacy-reservng ublc audng roblem for cloud sorage sysem o acheve he zero knowledge rvacy, we frs resen a new consrucon of a recenly roosed cryograhc rmve called aggregaable sgnaure based broadcas (ASBB for shor) encryon scheme[7] Based on hs new ASBB scheme, we roose a shor, effcen homomorhc ublc verfable scheme wh zero knowledge rvacy he new scheme s almos as effcen as he orgnal Shacham and Waers scheme[4] and s secure n he random oracle model he res of he aer s organzed as follows In Secon, we resen he relmnares and he buldng blocks relaed o hs aer; he defnon and secury requremens of ublc audng scheme for cloud sorage are revsed n secon ; In secon 4, we resen he dealed descron of our consrucons Secon 5 gves he secury and erformance analyss of he new scheme and concluson s gven n secon 6 Noaons and Buldng Blocks In hs secon, we gve a bref descrons of corresondng relmnares and buldng blocks ncludng blnear mas, comuaon hard roblems, ASBB schemes and knowledge roof sysem Blnear Ma and Hard roblems Defnon Blnear Ma Le G and G be mullcave cyclc grous of rme order Le g be a generaor of grou G A blnear ma s a ma e : G G G sasfyng: a b ab For any u, v G and a, b Z, e ( u, v ) = e( u, v) hs blneary mles ha for any u, u G, e ( u u, v) = e( u, v) e( u, v) here exss an effcenly comuable algorhm for comung e he ma should be non-rval, e, e s non-degenerae: e ( g, g) Some hard roblem assumons relaed o hs aer are resened as follows: a b Comuaonal Dffe-Hellman (CDH) Assumon: Gven g, g, g for unknown a, b Z, ab s hard o comue g a b c Decsonal Blnear Dffe-Hellman (DBDH) Assumons: Gven g, g, g, g for unknown abc a, b, c Z, s hard o dsngush he value = e( g, g) wh random number Z G Blnear Parng Assumon: Gven G, s generaor g, and he value of e( X, g) G, s hard o comue X G a b Blnear Dffe-Hellman Assumon: Gven g, g, g for unknown a b Z, for any random ab h g G, s hard o comue e ( h, g) Aggregaable Sgnaure-Based Broadcas Encryon, As o aggregaable Sgnaure-Based Broadcas(ASBB) Encryon scheme[7], he ublc key can be smulaneously used o verfy sgnaures and encry messages, and any vald sgnaure can be used o

decry cherexs under hs ublc key In [7], ASBB scheme s resened o desgn one round asymmerc grou key agreemen Mos sgnfcance of ASBB scheme s ha has key-homomorhc roery, whch means ha, gven wo sgnaures on he same message under wo secre keys, one can effcenly roduce a sgnaure of he same message under a new secre key derved from he orgnal wo keys he secury of an ASBB scheme ncororaes he sandard noon of secury for a sgnaure scheme, e, exsenal unforgeably under he chosen message aack (EUF-CMA)[8] and he secury as an encryon scheme In [7], Wu e al resened an effcen ASBB scheme based on blnear arngs, and he descron of he scheme s deced below: Publc arameers: Le (, G, G, e) ParGen ( λ ), and g s he generaor of G Le H :{0,} G be a cryograhc hash funcon he sysem arameers are ( g, H,, G, G, e) r Publc/secre keys: Selec a random r Z, X G \{ } Comue R = g, A = e( X, g) he ublc key s k = ( R, A) and he secre key s sk = ( r, X ) r Sgn: he sgnaure of any srng s {0,} under he ublc key ( R, A) s σ = XH ( s) Verfy: Gven a message-sgnaure ar ( s, σ ), he verfcaon equaon s e (σ, g) e( H( s), R) = A If he equaon holds, ouu o reresen ha σ s a vald sgnaure Oherwse ouu 0 and rejec he sgnaure Encryon: For a lanex m G, randomly selec and comue c = g c = R c = ma he cherex s ( c, c, c) Decryon: Afer recevng a cherex c, c, ) ( c ( s, σ ) can exrac he lanex as follow: m = c /( e( σ, c ) e( H ( s), c)) Knowledge Proof for Equaly of Dscree Logarhm Z,,, anyone wh a vald message-sgnaure ar In cryograhy, knowledge roof s an neracve roof n whch he rover succeeds n convncng a verfer ha he knows somehng he queson relaed o he aer s how o rove knowledge ha wo ublc daa have he same dscree logarhm whou revealng any oher nformaon abou hs value Le G and G be mullcave cyclc grous of rme order Le g be generaors of G and random value A G Gven wo ublc daa h G and R G, he rover should rove ha log g h = log A R = x, bu he can no leak any nformaon of x We ado he knowledge roof scheme resened n [9], whch s gven as follows: he rover chooses randomly s and comues: Z s s ( a, b) = ( g, A ), c = H ( a, b), r = s + cx where H ( ) s a secure hash funcon Prover sends a, b, r o he verfer r c r c he verfer frs comues c = H ( a, b), and acces he roof f g = ah, A = br Sysem Archecure and Secury Model In hs secon, we gve he defnons of cloud sorage ublc audng scheme and he corresondng secury requremens ncludng comleeness, soundness and rvacy We used he basc cloud sysem archecure whch s gven n [6] he cloud daa sorage servce nvolves hree dfferen enes, as llusraed n Fg : he cloud user, who has he oenal daa fles o be sored n he cloud; he cloud server (CS), whch s managed by he cloud servce rovder (CSP) o rovde daa sorage servce; he hrd ary audor (PA), who s rused o assess he cloud sorage servce relably on behalf of he cloud user uon reques

Fg : he archecure of cloud daa sorage servce Defnon Publc Audng for Cloud Sorage A ublc audng scheme for cloud sorage s defned hrough hree algorhms: Keygen, Genag and Aud, whch behave as below: Keygen ( λ ) Gven secury arameer λ as nu, hs randomzed algorhm generaes scheme s ublc arameers and cloud users ublc/rvae key ar ( k, sk ) Genag ( sk, F) he randomzed algorhm akes user s secre key sk and daa fle F {0,} as nus, and roduces he auhencaon ags, whch conans nformaon on he fle beng sored and addonal secre nformaon encryed under he secre key sk he fle F and ag wll be sored n he CS Aud he randomzed audng algorhms can be defned as an neracve roocol ( CS ( k, F, ) PA ( k) ) for rovng fle negry Durng roocol execuon, PA(verfer), akng he ublc key k and some rocessed fle descron ha s ouu by Genag as nu, ssues an audng challenge o he cloud server And he CS (rover) wll derve a resonse message usng fle F sored and he fle ag as nus A he end of he roocol run, PA ouus, whch means ha he fle s sored unchanged on he cloud server; Oherwse ouus 0 We assume PA, who s n he busness of audng, s relable and ndeenden Whle CS s resumed o be oenally unrusworhy I may corru he fle-sysem n a fully Byzanne manner he cloud may aler or dro fle-sysem oeraons ransmed by he oral; may corru or erase fles We also assume ha CS has no ncenves o reveal her hosed daa o exernal ares because of some regulaons requremens herefore, he audor or adversary wll exrac he ousourced daa hrough he communcaon beween CS and PA he secury requremens of he ublc audng scheme for cloud sorage ncludng comleeness, soundness and rvacy he deal defnons are gven below: Defnon Comleeness Comleeness requres ha, for all key ars ( k, sk ) ouu by Keygen, for all fles M {0,} and ag ouu by Genag ( sk, M ), he PA wll always ouu when neracng wh he vald CS va audng algorhm: rob ( Aud( CS( k, M, ) PA( sk)) = ) = Defnon Soundness A ublc audng scheme s assumed o be sound f any cheang CS whou sorng he unchanged fle M can no convnce he PA We ulze he defnon of soundness resened n [4] whch s formulzed by he followng game beween an adversary A and a challenger C : Se he challenger generaes key ar ( k, sk ) by runnng algorhm Keygen ( λ ), and rovdes ublc key k o A Se he adversary can now nerac wh he challenger for some oracle queres I can make queres o Genag oracle, and for each query, he challenger chooses some fle M and comues Genag( sk, M ) Boh M and are reurned o he adversary In addon, he adversary can underake audng execuons wh he challenger In hese roocol execuons, he challenger lays he ar of he verfer and he adversary lays he ar of he rover Se he adversary generaes and sends he challenger some daa fle M and he challenger answers he corresondng ag hen he adversary changes he fle o M M and underakes

audng execuons wh he challenger: Aud( C( k) A( k, M, )) We say a cloud sorage ublc audng scheme s sound f he followng robably s neglgble: rob ( Aud( C( k) A( k, M, )) = ) Defnon 4 Zero-knowledge Prvacy Zero-knowledge rvacy means he adversary can oban zero knowledge nformaon of he fles daa sored from he audng scheme We formalze he defnon by he followng game beween he adversary A and he challenger C : Se and Se are almos he same as he ones n he defnon of soundness he dfference s n he roocol execuons, he challenger lays he ar of he rover, e CS, and he adversary lays he ar of he verfer, e PA Fnally, as o any new fle daa M whch s unknown o he adversary, he challenger frs roduces he ag ; hen he adversary wll underake audng execuons wh he challenger: Aud ( A ( k ) C ( k, M, )) We say a ublc audng scheme s zero-knowledge rvacy f for any funcon f on he fle M, he followng robably s neglgble: rob( A( k) : f ( M)) rob( A( k) C( k, M, ) : f ( M)) Here rob ( A( k) : f ( M)) means he robably ha he adversary guesses he value of f ( M) successfully whou any audng rocesson; and he laer robably rob( A( k) C( k, M, ) : f ( M)) means adversary guesses f ( M) hrough he audng scheme So he zero knowledge rvacy defnon ndcaes he adversary can no ge any more useful nformaon from he audng scheme o guess f M ) successfully 4 Our Consrucons ( In hs secon, we frs gve a new effcen consrucon of ASBB scheme ha has aggregaable roery; hen we resen a ublc audng scheme sasfyng zero knowledge rvacy based on he new ASBB scheme 4 A New Consrucon of ASBB Scheme he new roosed ASBB scheme s almos as effcen as he one resened n [7], and he deal descron of he scheme s as follow: λ Publc arameers: Le (, G, G, e) ParGen( ), and g s he generaor of G Le H :{0,} G be a cryograhc hash funcon he sysem arameers are ( g, H,, G, G, e) r Publc/Secre keys: Selec a random number r Z, X G \{ } Comue R = g, A = e( X, g) he ublc key k = ( R, A) and he secre key sk = ( r, X ) Sgn: o gve he sgnaure of any srng m Z under he ublc key k, frs choose randomly m r s {0,}, comue σ = X H( s), and he sgnaure s ( s, σ ) Verfy: Gven a message-sgnaure ar ( m, s, σ ), he verfcaon equaon s e, g) e( H ( s), R) = A ouu 0 and rejec he sgnaure Encryon: For any lanex ω G, selec a random number and comue c = g m (σ If he equaon holds, ouu o reresen ha sgnaure s vald; Oherwse Z, c = R, c = ωa he cherex s ( c, c, c) Decryon: Gven he cherex c, c, ), anyone wh a vald message-sgnaure ar ( c m ( m, s, σ ) can exrac he lanex as: ω = c /( e( σ, c ) e( H ( s), c)) We can reduce he secury of he new ASBB scheme o he secury of he scheme n [7] aken he sgnaure scheme as an examle, I s easy o see f he adversary can forge a vald sgnaure ( m, s, σ ) n he new scheme wh he ublc key ( R, A), he can forge a vald sgnaure ( s, σ m ) for he scheme

[7] wh he ublc key ( R m, A) Usng he same roof mehod n [7], we can conclude he followng heorem: heorem 4 Le G be a blnear grou of rme order, he followng clams hold: () he roosed ASBB scheme s aggregaable agans non-adave chosen message aacks n he random oracle model assumng he decson BDHE assumon holds n G ; () he roosed ASBB scheme s exsenally unforgeable under adave chosen-message aack and ndsngushable under chosen lanex aack n he random oracle model under he CDH and DBDH assumons 4 Publc Audng Scheme wh Zero-knowledge Prvacy In he followng, we resen he audng schemes wh zero-knowledge rvacy ulzng he new roosed ASBB scheme he mehod s easy o undersand Usng he new ASBB scheme, PA encrys arbrary message and sends he cherex as he challenge o CS, and CS can decry he cherex as he resonse only f he fle sored s n good condon he deal descron of he scheme s as follow: Keygen ( λ ) Le G and G be mullcave cyclc grous of rme order, and e : G G G be a blnear ma Le g be a generaor of G H ( ) s a secure ma-o-on hash funcon: { 0,} G, whch mas srngs unformly o G he sysem arameers are r ( g, H,, G, G, e) Cloud user selec a random number r, X G \{ } Comue R = g and A = e( X, g) he ublc key k = ( R, A) and he secre key sk = ( r, X ) Genag ( sk, F) Gven he daa fle F = { m } and each =,, n m Z, he user comues he m r auhencaor ag as σ = X H ( d ) G for each, where d s chosen by he user unformly a random from Z as he denfer of fle F Aud he neracve roof rocess beween PA and CS s roceeded as follows: Se o generae he challenge message for he audng, he PA frs cks randomly Z, c - elemen subse I = { s, s,, sc} [, n], and for each I, PA chooses a random number v hen he PA chooses a random number m G, and comues v c = g, c = R, c = A, c = m e( H ( d ), c ) I In addon, usng he mehod n [9], PA mus gve a roof of knowledge ha c and c have he equal dscree logarhms corresondng o g and A : POK{( g, A, c, c) : log g c = log A c} he fnal audng challenge s {(, v ) I, c, c, c, POK} Se Uon recevng he challenge, CS frs verfes wheher he roof POK s vald If s no vald, he audng fals; Oherwse CS comues: σ v = I σ, = v m, I I = = v B c e( X, g ) m hen CS decrys he message c and sends he lanex o PA as he resonse: m = c e( σ, c )) / B Z ( Se Afer recevng he message m, PA checks wheher m = m If hey are equal, PA acces he roof; Oherwse CS does no ass he audng roof he correcness of he above verfcaon equaon s elaboraed as follows, we relace H ( d ) wh H for convenence : v v r e(, c ) c = e(, g ) m e( H, g ) m r v v r σ = m e( ( X ( H ) ), g ) e( H, g ) σ mv I = m e X g = m e X g (, ) ( (, ) ) I 5 Performance and Secury mv = m B

In hs secon, we gve he erformance and secury analyss of our new zero-knowledge rvacy reservng ublc audng scheme, and we show ha our scheme can rovde soundness and zeroknowledge rvacy requremens 5 Performance Analyss Because he schemes resened by Wang eal[6] are based on Shacham and Waers[4], we comare new roosed scheme wh he orgnal scheme [4] whch does no consder rvacy roblem he comarson consss n sorage cos, communcaon cos and comuaon cos o make he comarson convenen, we suose n boh schemes, CS sores he same fle F and PA chooses he same I = { s, s,, sc} [, n], and v for each I Sorage Cos he number of he auhencaon ag n boh schemes s he same he ublc key of scheme [4] has grou numbers and he secre key has neger n Z ; whle he ublc key of our scheme has grou numbers and he secre key has grou number and neger Communcaon Cos In scheme [4], wha he PA sends s {(, v )} and CS needs o send back grou numbers and neger In our scheme wh zero knowledge rvacy, PA sends exra grou ABLE I COMPARISON OF NEW CONSRUCION WIH SCHEME IN [4] Sorage Commun caon Comua on New Scheme Scheme n [4] PK G G SK G+ I I PA {(, )} + 5G + I v {(, CS G G + I v )} PA BM + 5GE (Off-Lne) BM + GE CS BM + 6 GE GE numbers { c, c, c} and messages generaed by POK (ncludng grou numbers and neger accordng o [9]) exce for {(, v )}, and CS only needs o send back grou number, e he lanex Comuaon Cos Here we only coun he number of mos exensve cos comuaon ncludng blnear ma and grou exonenaon In scheme[4], he comuaon of PA ncludes blnear ma, grou exonenaon comuaon n he Se of audng hase, and CS needs o comue grou exonenaon; whle n our scheme, PA needs o comue blnear ma, 5 grou exonenaon n he Se of he audng hase, and CS should roceed blnear ma and 6 grou exonenaon comuaon he comarsons are lsed n he able, where G and I mean grou number and neger; GE and BM mean grou exonenaon and blnear ma comuaon resecvely From he comarson, we can see new scheme has a lle heaver communcaon overheads, and has more grou exonenaon comuaon han scheme [4] In fac, mos of he grou exonenaon comuaon of our scheme les n he knowledge roof scheme POK However, we can see he comuaon of PA n our scheme haens n Se o generae he challenge, so hese comuaon can be re-comue off-lne whch does no affec he audng scheme hus he me consumed n our scheme only ncludes abou blnear ma and 6 grou exonenaon comuaon Because comung a blnear ma can be sgnfcanly slower han comung an exonenaon, we can conclude ha our scheme s as effcen as Shacham and Waers scheme whou rvacy consderaon

5 Secury Analyss We show he new roosed scheme can rovde soundness and zero knowledge rvacy from he followng wo heorems heorem 5 If he sgnaure scheme used for fle ags s exsenally unforgeable and he comuaonal Dffe-Hellman roblem and Blnear Parng assumon are hard, hen f he cloud server does no ossess he secfc daa nac as s, he can no ass he aud hase wh nonneglgble robably Proof Afer recevng PA s challenge message {(, v ) I, c, c, c, POK}, CS has o comue v e( H ( d ), c ) o decry he cherex c as he resonse From he comuaonal Dffe- Hellman assumon, we know s hard o comue c from c and c So CS can no deduce v e( H ( d ), c ) drecly Now we rove f he adversary can chea he PA n he audng scheme, we can break he Blnear Parng assumon By he correcness of he scheme, we know he execed resonse ( σ, B) ha CS generaes mus sasfy: v B = e( X, g ) = e( σ, c ) e( H ( d ), c ) (4) I If he fle ha CS sores has been changed, we know here exs ( σ σ, B ) ha can ass he verfcaon equaon: ' v B = e( X, g ) = e( σ, c) e( H ( d ), c ) (5) I I follows from he verfcaon equaon ha ', or should conradc our assumon above From equaon (4) and (5), we can ge: ' B / B = e( X, g ) = e( σ / σ, c ) = e( σ / σ, g ) ' ') whch means X = σ /σ, e ( / ) ( X = σ σ hs oucome conradc he Blnear Parng assumon heorem 5 If he knowledge roof scheme for equaly of dscree logarhm n [9] s correc, he new ublc audng scheme can rovde zero knowledge rvacy Proof: As o any challenge {(, v ) I, c, c, c, POK}, messages c and c should have he same dscree logarhm corresondng o g and A because of he correcness of POK scheme So he resonse CS sendng back s: m r v r v c e(, c ) / c = c e( ( X H ), c ) c = c e( X, c ) e( ( H ), c ) c I σ / I / I where = v m I s easy o see f c and c have he same dscree logarhm corresondng o g and A, e ( X, c) mus equal o r v c, and he resonse can be smlfed as c e( ( H I ), c ), whch can be deermned by he adversary alone So he neracve audng communcaon does no leak any nformaon of he daa fle sored In fac, we can see any adversary can choose randomly {(, v )}, and cks random elemen Z, and comues: v c = g, c = R c = A c = m e(,, H ( d ), c ) I he manuscr ha he adversary ouus s {(, v ) I, c, c, c, m, POK}, whch has he dencal dsrbuon of he real neracon beween PA and CS ha s o say, he adversary can no ge any nformaon from he audng roof and he can ouu he manuscrs all by hmself 6 Concluson Secury and negry of daa are he major concerns of clen n he cloud sorage nework In hs aer, we ackle he rvacy roblem caused by he ublc audng scheme Afer resenng a new consrucon of ASBB scheme, we roose an effcen zero knowledge rvacy reservng ublc

audng scheme for daa sorage secury n cloud comung, e he adversary can no deduce any nformaon of he fle sored hrough he audng neracon beween CS and PA he new ublc audng scheme no only elmnaes he burden of cloud user from he edous and ossbly exensve audng ask, bu also allevaes he users fear of her ousourced daa leakage he new scheme has roughly he same effcency as he Shacham and Waers scheme whou consderng rvacy roblem In hs aer, we only consder he suaon ha cloud users do no change daa fle sored; whle n racce, cloud users may modfy, nser, add or delee her ousourced daa How o consruc zeroknowledge ublc audng scheme for dynamc daa sorage wll be consdered n he fuure Acknowledgmen hs work s suored by he Prory Academc Program Develomen of Jangsu Hgher Educaon Insuons (PAPD), Naonal Naural Scence Funds (Gran No60908) and Nanjng Unversy of Poss and elecommuncaons Funds (Gran NoNY0807) References [] M Enar, N Mahl, Gene Auhencaon and negry n ousourced daabases [J] ACM ransacons On Sorage 006, (): 07-8 [] G Aenese, R Burns, R Curmola, e al Provable daa ossesson a unrused sorescryology eprn Archve, Reor 007/0, 007 Onlne: h://ernacrorg/ Verson of 7 Dec 007; vsed 0 Feb 008 [] A Juels, B Kalsk Pors: roofs of rerevably for large fles[c] Proceedngs of CCS 007 Alexandra, VA, USA, 007 584-597 [4] H Shacham, B Waers Comac roofs of rerevably [C] Proceedngs of ASIACRYP 008 Melbourne, Ausrala, 008 90-07 [5] F Sebe, J Domngo-Ferrer, A Marnez-Ballese, e al Effcen Remoe Daa Possesson Checkng n Crcal Informaon Infrasrucures IEEE rans Knowledge and Daa Eng, 008 04-08 [6] G Aenese, RD Pero, LV Mancn, e al Scalable and effcen rovable daa ossesson [C] Proceedngs of he 4h nernaonal conference on secury and rvacy n Communcaon neworks Isanbul, urkey: ACM, 008: 90-99 [7] C Wang, Q Wang, K Ren, e al Ensurng daa sorage secury n cloud comung[c] Proceedngs of IW QoS 009, Charleson, Souh Carolna, USA, 009 [8] C Erway, A Kucu, C Paamanhou, e al Dynamc rovable daa ossesson [EB/OL] Cryology eprn Archve, Reor 008/4, 008 [9] Q Wang, C Wang, J L, e al Enablng ublc verfably and daa dynamcs for sorage secury n cloud comung[c] In Proc of ESORICS 09, San Malo, France, Se 009 Lecure Noes n Comuer Scence, 009, Volume 5789/009: 55-70 [0] K D Bowers, A Juels, A Orea Proofs of rerevably: heory and mlemenaon[c] In: Proc of he 009 ACM Worksho on Cloud Comung Secury, CCSW 009, Co-Locaed wh he 6h ACM Comuer and Communcaons Secury Conf, CCS 009 New York: Assocaon for Comung Machnery, 009 4-54 [] S Kamara, K Lauer Cryograhc Cloud Sorage[C] Lecure Noes n Comuer Scence Fnancal Cryograhy and Daa Secury Berln: Srnger, 00: 6-49 [] Z Hao, N Yu A mulle-relca remoe daa ossesson checkng roocol wh ublc verfably[a] Proc Second In' Daa, Prvacy and E-Commerce Sym (ISDPE '0), 00 [] Q Wang, C Wang, K Ren, W Lou, and J L Enablng ublc audably and daa dynamcs for sorage secury n cloud comung[j] IEEE ransacons on Parallel and Dsrbued Sysems, vol, no 5, 847 859, 0 [4] Q Zheng and S Xu Far and dynamc roofs of rerevably[c] In Proc s ACMM Conference on Daa and Alcaon Secury and Prvacy (CODASPY), 0 [5] M A Shah, M Baker, J C Mogul, and R Swamnahan Audng o kee onlne sorage servces hones[c] In Proc of HoOS 07, 007, -6

[6] C Wang, SS-M Chow, Q Wang, K Ren and WJ Lou Prvacy-Preservng Publc Audng for Secure Cloud Sorage h://ernacrorg/009/579df [7] Wu, Q, Mu, Y, Suslo, W, Qn, B, Domngo-Ferrer, J: Asymmerc Grou Key Agreemen[C] In: Joux, A (ed) EUROCRYP 009 LNCS, vol 5479, 5-70 Srnger, Hedelberg (009) [8] S Goldwasser, S Mcal, R Rves A Dgal Sgnaure Scheme Secure agans Adave Chosenmessage Aacks [J] SIAM J Comung 7(), 8-08 (988) [9] D Chaum, P Pederson Walle daabases wh observers [C] EF Brchell(Ed): Advances n Cryology- CRYPO 9, LNCS 740, 89-05, 99

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information