R&D: Privacy-Preserving Time-Based Auditing for Secure Cloud Storage

IEEE Transactions on Information Forensics and Security has published an article written by Min Wang; Jia Yu; College of Computer Science and Technology, Qingdao University, Qingdao, China, and State Key Laboratory of Integrated Service Networks (ISN), Xidian University, Xi’an, China, Wenting Shen; and Rong Hao, College of Computer Science and Technology, Qingdao University, Qingdao, China.

Abstract: “Cloud storage auditing mechanism is used to check whether the data of users stored in the cloud is intact. Most existing auditing schemes for secure cloud storage are designed to check the integrity for specified files based on file identities. In some scenarios, the user would like to check the integrity of the files generated and uploaded to the cloud in a certain time period. Existing cloud storage auditing schemes cannot work well for supporting this practical requirement because the private information will be exposed. To satisfy this requirement, we propose a brand-new paradigm termed as privacy-preserving time-based auditing for secure cloud storage. The proposed paradigm allows the user to check whether the files generated and uploaded in a certain time period are intactly stored in the cloud. When intending to check the integrity of the files uploaded in this time period, the user only provides the challenged time period t to the Third Party Auditor (TPA). The TPA can verify the integrity of all the files based on this time period, but cannot know how many files and which files the user has generated and uploaded to the cloud in this time period. To decrease the complex overhead associated with certificate management, we introduce an identity-based auditing mechanism. We provide a specific security analysis to show the correctness, auditing soundness and privacy preserving of this scheme. The experiments demonstrate the efficiency of the proposed scheme.“