Lightweight and Privacy-Preserving Delegatable Proofs of Storage with Data Dynamics in Cloud Storage
Cloud storage has been in widespread use nowadays, which alleviates users’ burden of local data storage. Meanwhile, how to ensure the security and integrity of the outsourced data stored in a cloud storage server has also attracted enormous attention from researchers. Proofs of storage (POS) is the main technique introduced to address this problem. verify the data integrity on behalf of the data owner significantly improves the scalability of Publicly verifiable POS allowing a third party to cloud service. However, most of existing publicly verifiable POS schemes are extremely slow to compute authentication tags for all data blocks due to many expensive group exponentiation operations, even much slower than typical network uploading speed, and thus it becomes the bottleneck of the setup phase of the POS scheme. In this article, we propose a new variant formulation called “Delegatable Proofs of Storage (DPOS)”. Then, we construct a lightweight privacy-preserving DPOS scheme, which on one side is as efficient as private POS schemes, and on the other side can support third party auditor and can switch auditors at any time, close to the functionalities of publicly verifiable POS schemes. Compared to traditional publicly verifiable POS schemes, we speed up the tag generation process by at least several hundred times, without sacrificing efficiency in any other aspect. In addition, we extend our scheme to support fully dynamic operations with high efficiency, reducing the computation of any data update to O(log n) and simultaneously only requiring constant communication costs. We prove that our scheme is sound and privacy preserving against auditor in the standard model. Experimental results verify the efficient performance of our scheme.
Public verifiability of POS enables any third party to verify the integrity of data in cloud storage, which significantly eliminates the burden from data owner. Nevertheless, in practice, it is not desirable to allow anyone to audit the data at their will, and instead, delegation of the auditing task has to be in a controlled and organized manner. Otherwise, the following two extreme cases may happen: (1) some data files could attract too much attention from public, and are audited unnecessarily too frequently by the public, which might actually result in distributed denial of service attack against the cloud storage server; (2) on the contrary, some unpopular data files may be audited by the public too rarely, so that the possible data loss event might be detected and alerted to the data owner too late and no effective countermeasure can be done to reduce the damage. Instead, the data owner could delegate the auditing task to some semi-trusted third party auditor, and this auditor is fully responsible to audit the data stored in cloud storage on behalf of the data owner, in a controlled way, with proper frequency. We call such an exclusive auditor as Owner-Delegated-Auditor or ODA for short. In real world applications, ODA could be another server that provides free or paid auditing service to many cloud users.
• Most of existing publicly verifiable POS schemes employ expensive operations (e.g. group exponentiation) to generate HVTs for data blocks.
• It is prohibitively expensive to generate HVTs for medium or large-size data files.
• The amount of heavy computation is not appropriate for a laptop, not to mention tablet computer or smart phone.
In this work a new variant formulation called Delegatable Proofs of Storage (DPOS) , which on one hand supports delegation of data auditing task, like publicly verifiable POS schemes, and on the other hand is as efficient as a privately verifiable POS scheme. As an extension of our conference paper , in this article, we design a new approach to enabling fully dynamic operations which include block modification, block insertion, and block deletion. The proposed method reduces the computation of a data update to O(log n) and simultaneously only constant communication costs are required. The extended scheme also provides privacy-preserving property for the outsourced data against ODA. In addition, we implement our protocol and the experimental results show that the proposed POS scheme is indeed highly efficient especially for the tag generation process.
Thus this work proposed a novel POS scheme which is lightweight and privacy preserving. On one side, the proposed scheme is as efficient as private key POS scheme, especially very efficient in authentication tag generation. On the other side, the proposed scheme supports third party auditor and can revoke an auditor at any time, close to the functionality of publicly verifiable POS scheme. Compared to existing publicly verifiable POS schemes, ours improves the authentication tag generation speed by hundreds of times. Our scheme also prevents data leakage to the auditor during the auditing process. Finally, we designed a new AVL-tree based fully dynamic mechanism for our POS scheme. The experimental results verified the performance efficiency of our scheme.