Key-exposure resistance has always been an important issue for in-depth cyber defence in many security applications. Recently, how to deal with the key exposure problem in the settings of cloud storage auditing has been proposed and studied. To address the challenge, existing solutions all require the client to update his secret keys in every time period, which may inevitably bring in new local burdens to the client, especially those with limited computation resources, such as mobile phones. In this paper, we focus on how to make the key updates as transparent as possible for the client and propose a new paradigm called cloud storage auditing with verifiable outsourcing of key updates. In this paradigm, key updates can be safely outsourced to some authorized party, and thus the key-update burden on the client will be kept minimal. In particular, we leverage the third party auditor (TPA) in many existing public auditing designs, let it play the role of authorized party in our case, and make it in charge of both the storage auditing and the secure key updates for key-exposure resistance. In our design, TPA only needs to hold an encrypted version of the client’s secret key while doing all these burdensome tasks on behalf of the client. The client only needs to download the encrypted secret key from the TPA when uploading new files to cloud. Besides, our design also equips the client with capability to further verify the validity of the encrypted secret keys provided by the TPA. All these salient features are carefully designed to make the whole auditing procedure with key exposure resistance as transparent as possible for the client. We formalize the definition and the security model of this paradigm. The security proof and the performance simulation show that our detailed design instantiations are secure and efficient.
The cloud storage service (CSS) relieves the burden for storage management and maintenance. However, if such an important service is vulnerable to attacks or failures, it would bring irretrievable losses to the clients because their data or archives are stored in an uncertain storage pool outside the enterprises. These security risks come from the following reasons: First, the cloud infrastructures are much more powerful and reliable than personal computing devices, but they are still susceptible to internal threats (e.g., via virtual machine) and external threats (e.g., via system holes) that can damage data integrity; second, for the benefits of
possession, there exist various motivations for cloud service providers (CSP) to behave unfaithfully toward the cloud users; furthermore, disputes occasionally suffer from the lack of trust on CSP because the data change may not be timely known by the cloud users, even if these disputes may result from the users’ own improper operations. Therefore, it is necessary for CSP to offer an efficient audit service to check the integrity and availability of stored data.
Existing work introduced a dynamic audit service for integrity verification of untrusted and outsourced storages. Constructed on interactive
proof system (IPS) with the zero knowledge property, our audit service can provide public auditability without downloading raw data and protect privacy of the data. Also, the audit system can support dynamic data operations and timely anomaly detection with the help of several effective techniques, such as fragment structure, random sampling, and index-hash table (IHT). It also developed an efficient approach based on probabilistic query and periodic verification for improving the performance of audit services. A proof-of-concept prototype is also implemented to evaluate the feasibility and viability of our approaches. The experimental results not only validate the effectiveness of our approaches, but also show that our system does not create any significant computation cost and require less extra storage for integrity verification. The method also has one drawback that is named as TPA monitoring
Disadvantages • It must requires external TPA monitoring • No Secure
n existing work, the audit service is performed by TPA monitoring. Sometimes the TPA may have chances to hide anomaly details to cloud users. To overcome this drawback, we propose dynamic audit service in the cloud. In this method user sent query request to server and that server matches the user query and keyword if it is match, user can proceed the process otherwise, the user is automatically/dynamically marked as untrusted and sends intimation about anomaly detection to cloud user. So that it can secure the cloud storage data
Advantages • No need external TPA • Secure & Effective
Modules: a. Authentication b. Cloud Storage c. Auditing d. Secure Notification e. Performance & Evaluation
Enabling Cloud Storage Auditing With Verifiable Outsourcing of Key Updates Enabling Cloud Storage Auditing With Verifiable Outsourcing of Key Updates Enabling Cloud Storage Auditing With Verifiable Outsourcing of Key Updates Enabling Cloud Storage Auditing With Verifiable Outsourcing of Key Updates