Smart contract-based public integrity auditing for cloud storage against malicious auditors

Abstract

Cloud storage, a vital component of cloud computing, faces significant challenges in ensuring data integrity, which hinders its widespread adoption. Public auditing models, which rely on third-party auditors (TPAs), have been developed to address these issues by offloading computation from users. However, maintaining the consistent trustworthiness of TPAs remains a major challenge, especially in preventing dishonest behaviors, such as collusion, procrastination, and forgery. In this paper, we propose a novel smart contract-based public integrity auditing scheme for cloud storage, introducing a transparent, non-black-box auditing process. This scheme adopts certificateless authentication, significantly reducing the overhead associated with traditional key management and certificate handling. To mitigate TPA dishonesty, we introduce a blockchain-based challenge generation algorithm and an auditing process preservation mechanism. The challenge algorithm ensures fair random sampling by leveraging blockchain’s immutability, reducing the risk of collusion between TPAs and cloud service providers (CSPs). The auditing process preservation mechanism prevents procrastination by recording task completion times and preserving metadata, ensuring full traceability and accountability. We also present a post-auditing validation mechanism that enhances the verifiability of auditing results, comprising two components: auditing computation proof, which verifies the correctness of computationally intensive steps, and auditing process replay, which replays the entire auditing using preserved metadata. Finally, we formally prove the security of our scheme and conduct a comprehensive performance comparison with existing solutions. The results demonstrate that our approach offers strong security, reduces computational overhead, and maintains comparable communication overhead to other schemes.