Information Technology Reference
In-Depth Information
3.4.6 Third-Party Auditing of Cloud Data
We assume that file
F
(potentially encoded using Reed-Solomon codes) is
divided into
n
blocks
m
1
,
m
2
, … ,
m
n
, where
m
i
∈ and
q
is a large prime.
Let
e
:
G
×
G
→
G
T
be a bilinear map and
H
: {0, 1}
*
→
G
be a hash function that
converts binary strings to elements of
G
and is viewed as a random oracle.
Let
g
be the generator of
G
.
The data-auditing scheme consists of the following steps:
q
•
Setup
: This step initializes the system and generates public and
secret keys.
1. The client generates a random signing key pair (
ssk
,
spk
) by
invoking
KeyGen
(1
k
). Then, the client chooses a random α∈
q
and computes
v
=
g
α
. The secret key is
sk
= {α,
ssk
}, and the public
key is
pk
= {
v
,
spk
}.
2.
SigGen
(·) is invoked to preprocess the file
F
and to generate
metadata before sending the file to the cloud server. Given
F
= (
m
1
,
m
2
, … ,
m
n
), the client chooses a random element
u
∈
G
.
SigGen
(
sk
,
F
) is invoked to preprocess the file
F
and to generate
metadata before sending the file to the cloud server. Let
t
=
ile
name
||
n
||
u
||
SSig
ssk
(
ilename
||
n
||
u
) be the file tag for
F
. Then, the
client computes signature σ
i
for each block
m
i
(
i
= 1, 2, … ,
n
) as
σ
(
)
α
=
()
m
Hm u
.
. We denote the set of signatures by Φ = {σ
i
}
1≤
i
≤
n
.
i
i
i
3. The client generates the rank-based skip list, where the bottom
level nodes contain the hashes of
m
i
, 1 ≤
i
≤
n
denoted by
H
(
m
i
).
4.
The client signs the hash
H
(
f
(
S
)), where
S
is the start node and
f
(
S
)
is the label of the start node. The client signs using the private
key α:
sig
sk
(
H
(
f
(
S
))) ← (
H
(
f
(
S
)))
α
.
5. The client sends {
F
,
t
, Φ,
sig
sk
(
H
(
f
(
S
)))} to the cloud server.
6. The client now deletes {
F
, Φ,
sig
sk
(
H
(
f
(
S
)))}.
•
Integrity verification protocol
: Once the client has stored the data on
the cloud storage server, the verification protocol can be initiated.
The client can also perform the integrity verification on the data
using a similar process or the task can be delegated to a third-party
auditor (TPA).
1. The TPA first uses
spk
to verify the signature on
t
. If the verifica-
tion fails, TPA returns
FA LSE
; otherwise, it recovers
u
from
t
.
2.
The TPA chooses a random value
r
∈ [1,
n
] and requests the cloud
server to send the table Π(
r
). The cloud server runs Algorithm 1
to calculate Π(
r
).
Search WWH ::
Custom Search