Hui Tian , Mengcheng Wang , Hanyu Quan , Chin-Chen Chang , Athanasios V. Vasilakos
{"title":"TEEMRDA:利用可信执行环境对云存储中的多副本数据进行审计","authors":"Hui Tian , Mengcheng Wang , Hanyu Quan , Chin-Chen Chang , Athanasios V. Vasilakos","doi":"10.1016/j.cose.2024.104250","DOIUrl":null,"url":null,"abstract":"<div><div>Driven by the rising popularity of multi-replica backups for enhanced data reliability and availability in cloud storage, multi-replica data auditing, which guarantees that cloud service providers (CSPs) securely store all designated replicas, has become a prominent research area in cloud data security. However, existing multi-replica auditing schemes pose a notable challenge: users incur additional computation and communication overheads to generate and upload multiple replicas. This approach also diverges from the conventional multi-replica storage model, where users typically submit a single copy and the CSP handles replica creation. To address this issue, this paper presents a novel multi-replica data auditing scheme based on Trusted execution environments (TEEs), named TEEMRDA. TEEMRDA is designed to align with real-world practices where users upload a single copy, significantly reducing user burden. To guarantee reliable multi-replica storage, we propose a random mask-based strategy implemented by TEEs to securely generate a predetermined number of data copies. For auditability, we introduce an impartial dual authentication mechanism using replica and data block index-independent signatures, employing both online and offline procedures. This approach substantially reduces the TEE’s computation overhead in generating tags for multiple-replica blocks and enhances efficiency for third-party auditors conducting data audits. Finally, we conduct comprehensive security validation and performance comparison of TEEMRDA with state-of-the-art schemes. The results demonstrate that TEEMRDA achieves secure and efficient auditing for multi-replica data, outperforming existing schemes in terms of computation and communication overheads.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104250"},"PeriodicalIF":6.8000,"publicationDate":"2025-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"TEEMRDA: Leveraging trusted execution environments for multi-replica data auditing in cloud storage\",\"authors\":\"Hui Tian , Mengcheng Wang , Hanyu Quan , Chin-Chen Chang , Athanasios V. Vasilakos\",\"doi\":\"10.1016/j.cose.2024.104250\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Driven by the rising popularity of multi-replica backups for enhanced data reliability and availability in cloud storage, multi-replica data auditing, which guarantees that cloud service providers (CSPs) securely store all designated replicas, has become a prominent research area in cloud data security. However, existing multi-replica auditing schemes pose a notable challenge: users incur additional computation and communication overheads to generate and upload multiple replicas. This approach also diverges from the conventional multi-replica storage model, where users typically submit a single copy and the CSP handles replica creation. To address this issue, this paper presents a novel multi-replica data auditing scheme based on Trusted execution environments (TEEs), named TEEMRDA. TEEMRDA is designed to align with real-world practices where users upload a single copy, significantly reducing user burden. To guarantee reliable multi-replica storage, we propose a random mask-based strategy implemented by TEEs to securely generate a predetermined number of data copies. For auditability, we introduce an impartial dual authentication mechanism using replica and data block index-independent signatures, employing both online and offline procedures. This approach substantially reduces the TEE’s computation overhead in generating tags for multiple-replica blocks and enhances efficiency for third-party auditors conducting data audits. Finally, we conduct comprehensive security validation and performance comparison of TEEMRDA with state-of-the-art schemes. The results demonstrate that TEEMRDA achieves secure and efficient auditing for multi-replica data, outperforming existing schemes in terms of computation and communication overheads.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"150 \",\"pages\":\"Article 104250\"},\"PeriodicalIF\":6.8000,\"publicationDate\":\"2025-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S016740482400556X\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"2024/12/6 0:00:00\",\"PubModel\":\"Epub\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S016740482400556X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2024/12/6 0:00:00","PubModel":"Epub","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
TEEMRDA: Leveraging trusted execution environments for multi-replica data auditing in cloud storage
Driven by the rising popularity of multi-replica backups for enhanced data reliability and availability in cloud storage, multi-replica data auditing, which guarantees that cloud service providers (CSPs) securely store all designated replicas, has become a prominent research area in cloud data security. However, existing multi-replica auditing schemes pose a notable challenge: users incur additional computation and communication overheads to generate and upload multiple replicas. This approach also diverges from the conventional multi-replica storage model, where users typically submit a single copy and the CSP handles replica creation. To address this issue, this paper presents a novel multi-replica data auditing scheme based on Trusted execution environments (TEEs), named TEEMRDA. TEEMRDA is designed to align with real-world practices where users upload a single copy, significantly reducing user burden. To guarantee reliable multi-replica storage, we propose a random mask-based strategy implemented by TEEs to securely generate a predetermined number of data copies. For auditability, we introduce an impartial dual authentication mechanism using replica and data block index-independent signatures, employing both online and offline procedures. This approach substantially reduces the TEE’s computation overhead in generating tags for multiple-replica blocks and enhances efficiency for third-party auditors conducting data audits. Finally, we conduct comprehensive security validation and performance comparison of TEEMRDA with state-of-the-art schemes. The results demonstrate that TEEMRDA achieves secure and efficient auditing for multi-replica data, outperforming existing schemes in terms of computation and communication overheads.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.