Enhanced privacy of a remote data integrity-checking protocol for secure cloud storage

Yong Yu, Man Ho Allen Au, Yi Mu, Shaohua Tang, Jian Ren, Willy Susilo, Liju Dong

Research output: Journal article publicationJournal articleAcademic researchpeer-review

50 Citations (Scopus)

Abstract

Remote data integrity checking (RDIC) enables a server to prove to an auditor the integrity of a stored file. It is a useful technology for remote storage such as cloud storage. The auditor could be a party other than the data owner; hence, an RDIC proof is based usually on publicly available information. To capture the need of data privacy against an untrusted auditor, Hao et al. formally defined “privacy against third party verifiers” as one of the security requirements and proposed a protocol satisfying this definition. However, we observe that all existing protocols with public verifiability supporting data update, including Hao et al.’s proposal, require the data owner to publish some meta-data related to the stored data. We show that the auditor can tell whether or not a client has stored a specific file and link various parts of those files based solely on the published meta-data in Hao et al.’s protocol. In other words, the notion “privacy against third party verifiers” is not sufficient in protecting data privacy, and hence, we introduce “zero-knowledge privacy” to ensure the third party verifier learns nothing about the client’s data from all available information. We enhance the privacy of Hao et al.’s protocol, develop a prototype to evaluate the performance and perform experiment to demonstrate the practicality of our proposal.
Original languageEnglish
Pages (from-to)307-318
Number of pages12
JournalInternational Journal of Information Security
Volume14
Issue number4
DOIs
Publication statusPublished - 24 Aug 2015

Keywords

  • Cloud computing
  • Data integrity
  • Privacy
  • Remote data integrity checking

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Cite this