Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

Cloud Data Auditing Using Proofs of Retrievability

  • Chapter
  • First Online:
Guide to Security Assurance for Cloud Computing

Part of the book series: Computer Communications and Networks ((CCN))

Abstract

Cloud servers offer data outsourcing facility to their clients. A client outsources her data without having any copy at her end. Therefore, she needs a guarantee that her data are not modified by the server which may be malicious. Data auditing is performed on the outsourced data to resolve this issue. Moreover, the client may want all her data to be stored untampered. In this chapter, we describe proofs of retrievability (POR) that convince the client about the integrity of all her data.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Standard model is a model of computation where the security of a cryptographic scheme is derived from some complexity assumptions (e.g., hardness of factoring large integers [70] or hardness of finding discrete logarithm of an element of a finite group [68].)

  2. 2.

    Random oracle model is a model of computation where the security of a cryptographic scheme is proven assuming a cryptographic hash function used in the scheme as a truly random function.

References

  1. Amazon: Amazon S3. http://aws.amazon.com/s3/

  2. Armknecht F, Bohli J, Karame GO, Liu Z, Reuter CA (2014) Outsourced proofs of retrievability. In: Proceedings of the 2014 ACM conference on computer and communications security, Scottsdale, 3–7 Nov 2014, pp 831–843

    Google Scholar 

  3. Arora S, Barak B (2009) Computational complexity – a modern approach. Cambridge University Press, New York

    Google Scholar 

  4. Ateniese G, Burns R, Curtmola R, Herring J, Khan O, Kissner L, Peterson Z, Song D (2011) Remote data checking using provable data possession. ACM Trans Inf Syst Secur 14(1):12:1–12:34

    Google Scholar 

  5. Ateniese G, Burns RC, Curtmola R, Herring J, Kissner L, Peterson ZNJ, Song DX (2007) Provable data possession at untrusted stores. In: Proceedings of the 2007 ACM conference on computer and communications security, CCS 2007, Alexandria, pp 598–609

    Google Scholar 

  6. Ateniese G, Pietro RD, Mancini LV, Tsudik G (2008) Scalable and efficient provable data possession. In: 4th international ICST conference on security and privacy in communication networks, SECURECOMM 2008, Istanbul, p 9

    Google Scholar 

  7. Bellare M, Guérin R, Rogaway P (1995) XOR MACs: new methods for message authentication using finite pseudorandom functions. In: Advances in cryptology – CRYPTO 1995, Santa Barbara, pp 15–28

    Google Scholar 

  8. Bellare M, Rogaway P (1993) Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1993 ACM conference on computer and communications security, CCS 1993, New York. ACM, pp 62–73

    Google Scholar 

  9. Boneh D, Boyen X, Shacham H (2004) Short group signatures. In: Franklin M (ed) Advances in cryptology – CRYPTO 2004. Lecture notes in computer science, vol 3152. Springer, Berlin/Heidelberg, pp 41–55

    Google Scholar 

  10. Boneh D, Gentry C, Lynn B, Shacham H (2003) Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham E (ed) Advances in cryptology – EUROCRYPT 2003. Lecture notes in computer science, vol 2656. Springer, Berlin/Heidelberg, pp 416–432

    Google Scholar 

  11. Boneh D, Lynn B, Shacham H (2004) Short signatures from the Weil pairing. J Cryptol 17(4):297–319

    Google Scholar 

  12. Bowers KD, Juels A, Oprea A (2009) HAIL: a high-availability and integrity layer for cloud storage. In: Proceedings of the 2009 ACM conference on computer and communications security, CCS 2009, Chicago, 9–13 Nov 2009, pp 187–198

    Google Scholar 

  13. Bowers KD, Juels A, Oprea A (2009) Proofs of retrievability: theory and implementation. In: Proceedings of the first ACM cloud computing security workshop, CCSW 2009, Chicago, 13 Nov 2009, pp 43–54

    Google Scholar 

  14. Camenisch J, Hohenberger S, Pedersen M.Ø (2012) Batch verification of short signatures. J Cryptol 25(4):723–747

    Google Scholar 

  15. Camenisch J, Lysyanskaya A (2004) Signature schemes and anonymous credentials from bilinear maps. In: Franklin M (ed) Advances in cryptology – CRYPTO 2004. Lecture notes in computer science, vol 3152. Springer, Berlin/Heidelberg, pp 56–72

    Google Scholar 

  16. Cash D, Küpçü A, Wichs D (2013) Dynamic proofs of retrievability via oblivious RAM. In: Johansson T, Nguyen P (eds) Advances in cryptology – EUROCRYPT 2013. Lecture notes in computer science, vol 7881. Springer, Berlin/Heidelberg, pp 279–295

    Google Scholar 

  17. Cha JC, Cheon JH (2003) An identity-based signature from gap Diffie-Hellman groups. In: Desmedt Y (ed) Public key cryptography – PKC 2003. Lecture notes in computer science, vol 2567. Springer, Berlin/Heidelberg, pp 18–30

    Google Scholar 

  18. Chandran N, Kanukurthi B, Ostrovsky R (2014) Locally updatable and locally decodable codes. In: Proceedings of theory of cryptography – 11th theory of cryptography conference, TCC 2014, San Diego, 24–26 Feb 2014, pp 489–514

    Google Scholar 

  19. Chow SSM, Yiu S, Hui LCK (2005) Efficient identity based ring signature. In: Ioannidis J, Keromytis A, Yung M (eds) Applied cryptography and network security – ACNS 2005. Lecture notes in computer science, vol 3531. Springer, Berlin/Heidelberg, pp 499–512

    Google Scholar 

  20. Curtmola R, Khan O, Burns RC, Ateniese G (2008) MR-PDP: multiple-replica provable data possession. In: 28th IEEE international conference on distributed computing systems (ICDCS 2008), Beijing, pp 411–420

    Google Scholar 

  21. Diffie W, Hellman M (2006) New directions in cryptography. IEEE Trans Inf Theory 22(6):644–654

    Google Scholar 

  22. Dodis Y, Vadhan SP, Wichs D (2009) Proofs of retrievability via hardness amplification. In: Theory of cryptography, 6th theory of cryptography conference, TCC 2009, San Francisco, pp 109–127

    Google Scholar 

  23. Dropbox: Dropbox. https://www.dropbox.com/

  24. ElGamal T (1985) A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakley G, Chaum D (eds) Advances in cryptology – CRYPTO 1984. Lecture notes in computer science, vol 196. Springer, Berlin/Heidelberg, pp 10–18

    Google Scholar 

  25. Erway CC, Küpçü A, Papamanthou C, Tamassia R (2009) Dynamic provable data possession. In: Proceedings of the 2009 ACM conference on computer and communications security, CCS 2009, Chicago, pp 213–222

    Google Scholar 

  26. Fiat A, Shamir A (1987) How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko A (ed) Advances in cryptology – CRYPTO 1986. Lecture notes in computer science, vol 263. Springer, Berlin/Heidelberg, pp 186–194

    Google Scholar 

  27. Galbraith SD, Paterson KG, Smart NP (2008) Pairings for cryptographers. Discret Appl Math 156(16):3113–3121

    Google Scholar 

  28. Goldreich O (2001) The foundations of cryptography – volume 1, basic techniques. Cambridge University Press, Cambridge/New York

    Google Scholar 

  29. Goldreich O (2004) The foundations of cryptography – volume 2, basic applications. Cambridge University Press, New York

    Google Scholar 

  30. Goldreich O (2008) Computational complexity – a conceptual perspective. Cambridge University Press, Cambridge/New York

    Google Scholar 

  31. Goldreich O, Ostrovsky R (1996) Software protection and simulation on oblivious RAMs. J ACM 43(3):431–473

    Google Scholar 

  32. Goldwasser S, Micali S, Rivest RL (1988) A digital signature scheme secure against adaptive chosen-message attacks. SIAM J Comput 17(2):281–308

    Google Scholar 

  33. Goodrich MT, Mitzenmacher M (2011) Privacy-preserving access of outsourced data via oblivious RAM simulation. In: Automata, languages and programming – 38th international colloquium, ICALP 2011, Zurich, part II, pp 576–587

    Google Scholar 

  34. Google: Google Drive. https://www.google.com/drive/

  35. Hess F (2002) Efficient identity based signature schemes based on pairings. In: Nyberg K, Heys H (eds) Selected areas in cryptography – SAC 2002. Lecture notes in computer science, vol 2595. Springer, Berlin/Heidelberg, pp 310–324

    Google Scholar 

  36. Johnson D, Menezes A, Vanstone S (2001) The elliptic curve digital signature algorithm (ECDSA). Int J Inf Secur 1(1):36–63

    Google Scholar 

  37. Jr., JLD, Stefanov E, Shi E (2014) Burst ORAM: minimizing ORAM response times for bursty access patterns. In: Proceedings of the 23rd USENIX security symposium, San Diego, pp 749–764

    Google Scholar 

  38. Juels A, Kaliski Jr. BS (2007) PORs: proofs of retrievability for large files. In: Proceedings of the 2007 ACM conference on computer and communications security, CCS 2007, New York. ACM, pp 584–597

    Google Scholar 

  39. Katz J, Lindell Y (2007) Introduction to modern cryptography. Chapman and Hall/CRC, Boca Raton

    Google Scholar 

  40. Koblitz N, Menezes A (2005) Pairing-based cryptography at high security levels. In: Smart N (ed) Cryptography and coding. Lecture notes in computer science, vol 3796. Springer, Berlin/Heidelberg, pp 13–36

    Google Scholar 

  41. Lamport L (1979) Constructing digital signatures from a one-way function. Technical report, Computer Science Laboratory, SRI International (Oct 1979)

    Google Scholar 

  42. Luby M, Rackoff C (1988) How to construct pseudorandom permutations from pseudorandom functions. SIAM J Comput 17(2):373–386

    Google Scholar 

  43. Lynn B (2007) On the implementation of pairing-based cryptosystems. PhD thesis, Stanford University (June 2007). https://crypto.stanford.edu/pbc/thesis.pdf

  44. MacWilliams FJ, Sloane NJA (1977) The theory of error-correcting codes. North-Holland Publishing Company, Amsterdam/New York

    Google Scholar 

  45. Merkle R (1990) A certified digital signature. In: Brassard G (ed) Advances in cryptology – CRYPTO 1989. Lecture notes in computer science, vol 435. Springer, New York, pp 218–238

    Google Scholar 

  46. Mitzenmacher M (2004) Digital fountains: a survey and look forward. In: Proceedings of ITW 2004, San Antonio, pp 271–276

    Google Scholar 

  47. Naor M, Rothblum GN (2009) The complexity of online memory checking. J ACM 56(1):2:1–2:46

    Google Scholar 

  48. NIST: Recommendation for block cipher modes of operation: the CMAC mode for authentication (May 2005). http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf

  49. NIST: The keyed-hash message authentication code (HMAC) (July 2008). http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf

  50. NIST: Digital Signature Standard (DSS) (July 2013). http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf

  51. Paterson MB, Stinson DR, Upadhyay J (2013) A coding theory foundation for the analysis of general unconditionally secure proof-of-retrievability schemes for cloud storage. J Math Cryptol 7(3):183–216

    Google Scholar 

  52. Pinkas B, Reinman T (2010) Oblivious RAM revisited. In: Advances in cryptology – CRYPTO 2010, Santa Barbara, pp 502–519

    Google Scholar 

  53. Rabin MO (1979) Digitalized signatures and public-key functions as intractable as factorization. Technical report, Massachusetts Institute of Technology, Cambridge

    Google Scholar 

  54. Reed IS, Solomon G (1960) Polynomial codes over certain finite fields. J Soc Ind Appl Math 8(2):300–304

    Google Scholar 

  55. Rivest RL, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21(2):120–126

    Google Scholar 

  56. Schnorr C (1991) Efficient signature generation by smart cards. J Cryptol 4(3):161–174

    Google Scholar 

  57. Shacham H, Waters B (2008) Compact proofs of retrievability. In: Advances in cryptology – ASIACRYPT 2008, Melbourne, pp 90–107

    Google Scholar 

  58. Shacham H, Waters B (2013) Compact proofs of retrievability. J Cryptol 26(3):442–483

    Google Scholar 

  59. Shi E, Chan TH, Stefanov E, Li M (2011) Oblivious RAM with O((logN)3) worst-case cost. In: Advances in cryptology – ASIACRYPT 2011, Seoul, pp 197–214

    Google Scholar 

  60. Shi E, Stefanov E, Papamanthou C (2013) Practical dynamic proofs of retrievability. In: Proceedings of the 2013 ACM conference on computer and communications security, CCS 2013, New York. ACM, pp 325–336

    Google Scholar 

  61. Sipser M (1997) Introduction to the theory of computation. PWS Publishing Company, Boston

    Google Scholar 

  62. Stefanov E, Shi E, Song DX (2012) Towards practical oblivious RAM. In: 19th annual network and distributed system security symposium, NDSS 2012, San Diego

    Google Scholar 

  63. Stefanov E, van Dijk M, Juels A, Oprea A (2012) Iris: a scalable cloud file system with efficient integrity checks. In: 28th annual computer security applications conference, ACSAC 2012, Orlando, pp 229–238

    Google Scholar 

  64. Stefanov E, van Dijk M, Shi E, Fletcher CW, Ren L, Yu X, Devadas S (2013) Path ORAM: an extremely simple oblivious RAM protocol. In: 2013 ACM conference on computer and communications security, CCS 2013, Berlin, pp 299–310

    Google Scholar 

  65. Stinson DR (2006) Cryptography – theory and practice. Discrete mathematics and its applications series. Chapman and Hall/CRC, Boca Raton

    Google Scholar 

  66. Wang C, Chow SSM, Wang Q, Ren K, Lou W (2013) Privacy-preserving public auditing for secure cloud storage. IEEE Trans Comput 62(2):362–375

    Google Scholar 

  67. Wang XS, Huang Y, Chan TH, Shelat A, Shi E (2014) SCORAM: Oblivious RAM for secure computation. In: Proceedings of the 2014 ACM conference on computer and communications security, CCS 2014, Scottsdale, pp 191–202

    Google Scholar 

  68. Wikipedia: Discrete logarithm. https://en.wikipedia.org/wiki/Discrete_logarithm

  69. Wikipedia: Fast fourier transform. https://en.wikipedia.org/wiki/Fast_Fourier_transform

  70. Wikipedia: Integer factorization. https://en.wikipedia.org/wiki/Integer_factorization

  71. Wikipedia: Merkle tree. https://en.wikipedia.org/wiki/Merkle_tree

Download references

Author information

Authors and Affiliations

  1. Indian Statistical Institute, Kolkata, India

    Binanda Sengupta & Sushmita Ruj

Authors
  1. Binanda Sengupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sushmita Ruj
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Binanda Sengupta .

Editor information

Editors and Affiliations

  1. University of Derby, Department of Computing and Mathematics, Derby, United Kingdom

    Shao Ying Zhu

  2. University of Derby, Department of Computing and Mathematics, Derby, United Kingdom

    Richard Hill

  3. University of Derby, Department of Computing and Mathematics, Derby, United Kingdom

    Marcello Trovati

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Sengupta, B., Ruj, S. (2015). Cloud Data Auditing Using Proofs of Retrievability. In: Zhu, S., Hill, R., Trovati, M. (eds) Guide to Security Assurance for Cloud Computing. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-25988-8_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25988-8_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25986-4

  • Online ISBN: 978-3-319-25988-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation