Information Technology Reference
In-Depth Information
schemes check the possession of data and can recover data in case of data
access failure or data loss. Usually, a PDP scheme can be transformed into a
PoR scheme by adding erasure or error-correcting codes.
The early definitions of PoR [20] and PDP [2] used the definitions in a gen-
eral client server setting; however, we define it in the context of the cloud. We
discuss each of these models and present some third-party (public) auditing
techniques in which anyone can verify the data that a client has stored.
3.4.1 Provable Data Possession Techniques
The PDP schemes involve a challenge/response protocol between the client
(verifier) and the CSP (prover). It consists of two main steps:
• The client (verifier) first allows the CSP (prover) to store files.
• Later, the client can verify if the CSP possesses the data by challenging
t h e C S P.
The PDP techniques generate probabilistic proofs of possession by sampling
random sets of blocks from the server; this drastically reduces input/output
(I/O) costs. In PDP techniques, the client maintains a constant amount of
metadata to verify the proof. The challenge/response protocol transmits a
low, constant amount of data that minimize network communication. Thus,
the PDP schemes for remote data checking support large data sets in widely
distributed storage systems.
Ateniese et al. [2] were the first to define PDP schemes formally. Later, they
[3] proposed a very lightweight and provable secure data possession scheme
in the random oracle model. This scheme is based entirely on symmetric key
cryptography. The main idea of this scheme is that, before outsourcing, a
client precomputes a certain number of short possession verification tokens,
each token covering some set of data blocks. The actual data are then handed
over to the CSP. Subsequently, when the client wants to obtain a proof of data
possession, the client challenges the data storage server with a set of random
block indices. In turn, the data server must compute a short integrity check
over the specified blocks (corresponding to the indices) and return it to the
client. For the proof to hold, the returned integrity check must match the
corresponding value precomputed by the client. However, in their scheme,
the client has the choice of either keeping the precomputed tokens locally
or outsourcing them in encrypted form to the server. In the latter case, the
client's storage overhead is constant regardless of the size of the outsourced
data. The scheme is also efficient in terms of storage, computation overheads,
dynamic support for data operations, and bandwidth. Sebé et al. [35] pre-
sented a scheme that used asymmetric key cryptography (RSA modules) for
integrity verification.
Erway et al. [10] presented a fully dynamic provable data possession
(DPDP), which extends the PDP model to support provable updates to stored
Search WWH ::
Custom Search