Identity-Based Integrity Auditing Scheme With Sensitive Information Hiding for Proxy-Server-Assisted Cloud Storage Applications

IF 8.9 1区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS IEEE Internet of Things Journal Pub Date : 2024-11-18 DOI:10.1109/JIOT.2024.3491315

Xinran Hu;Jinyong Chang;Tanvir Ahmad;Funing Zhang;Yuchen Zhang

{"title":"Identity-Based Integrity Auditing Scheme With Sensitive Information Hiding for Proxy-Server-Assisted Cloud Storage Applications","authors":"Xinran Hu;Jinyong Chang;Tanvir Ahmad;Funing Zhang;Yuchen Zhang","doi":"10.1109/JIOT.2024.3491315","DOIUrl":null,"url":null,"abstract":"In recent years, the model of storing personal local data on cloud servers to save local space has become popular. However, this model also has certain security risk: the data stored in the cloud may be accidentally damaged or lost. How to perform remote integrity audit of these data is a meaningful research problem. Many current auditing schemes rely on the encryption of the entire data file to ensure data’s privacy, and the tag-generation of data owner (DO) itself, which bring a significant computational burden to the DO. In this article, we propose a technique of only blinding sensitive locations of user data without encrypting the entire file to improve the computational efficiency of current cloud auditing schemes. At the same time, it is also proposed to delegate the generation process of authentication tags to a proxy server (PS) to save DO’s computing resource. Then the integrity audit process is based on stored data file as well as PS’s authentication tags. In addition, the access control strategy of data user (DU)-request-then-DO-authorization has been implemented to facilitate the sharing of stored data, where DU means data user. Finally, security and performance analyses were conducted on the proposed system. The results indicate that our system is provably secure under classical cryptographic assumption and has certain performance advantages compared with related works.","PeriodicalId":54347,"journal":{"name":"IEEE Internet of Things Journal","volume":"12 6","pages":"6673-6684"},"PeriodicalIF":8.9000,"publicationDate":"2024-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Internet of Things Journal","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10756579/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

In recent years, the model of storing personal local data on cloud servers to save local space has become popular. However, this model also has certain security risk: the data stored in the cloud may be accidentally damaged or lost. How to perform remote integrity audit of these data is a meaningful research problem. Many current auditing schemes rely on the encryption of the entire data file to ensure data’s privacy, and the tag-generation of data owner (DO) itself, which bring a significant computational burden to the DO. In this article, we propose a technique of only blinding sensitive locations of user data without encrypting the entire file to improve the computational efficiency of current cloud auditing schemes. At the same time, it is also proposed to delegate the generation process of authentication tags to a proxy server (PS) to save DO’s computing resource. Then the integrity audit process is based on stored data file as well as PS’s authentication tags. In addition, the access control strategy of data user (DU)-request-then-DO-authorization has been implemented to facilitate the sharing of stored data, where DU means data user. Finally, security and performance analyses were conducted on the proposed system. The results indicate that our system is provably secure under classical cryptographic assumption and has certain performance advantages compared with related works.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

为代理服务器辅助云存储应用隐藏敏感信息的基于身份的完整性审计方案

近年来，将个人本地数据存储在云服务器上以节省本地空间的模式开始流行。但是，这种模式也存在一定的安全风险：存储在云中的数据可能会被意外损坏或丢失。如何对这些数据进行远程完整性审计是一个有意义的研究问题。目前许多审计方案依赖于对整个数据文件进行加密来保证数据的隐私性，而数据所有者的标签生成（DO）本身给DO带来了很大的计算负担。在本文中，我们提出了一种仅对用户数据的敏感位置进行盲化而不加密整个文件的技术，以提高当前云审计方案的计算效率。同时，为了节省DO的计算资源，还提出将认证标签的生成过程委托给代理服务器（proxy server， PS）。然后基于存储的数据文件和PS的认证标签进行完整性审计。此外，还实现了数据用户(DU)-请求-再-授权的访问控制策略，以促进存储数据的共享，DU即数据用户。最后，对系统进行了安全性和性能分析。结果表明，该系统在经典密码学假设下是安全的，与相关工作相比具有一定的性能优势。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Internet of Things Journal Computer Science-Information Systems

CiteScore

17.60

自引率

13.20%

发文量

1982

期刊介绍： The EEE Internet of Things (IoT) Journal publishes articles and review articles covering various aspects of IoT, including IoT system architecture, IoT enabling technologies, IoT communication and networking protocols such as network coding, and IoT services and applications. Topics encompass IoT's impacts on sensor technologies, big data management, and future internet design for applications like smart cities and smart homes. Fields of interest include IoT architecture such as things-centric, data-centric, service-oriented IoT architecture; IoT enabling technologies and systematic integration such as sensor technologies, big sensor data management, and future Internet design for IoT; IoT services, applications, and test-beds such as IoT service middleware, IoT application programming interface (API), IoT application design, and IoT trials/experiments; IoT standardization activities and technology development in different standard development organizations (SDO) such as IEEE, IETF, ITU, 3GPP, ETSI, etc.