Remote Data Auditing Technique

Today, most of the individuals and organizations are motivated to outsource the data to the cloud to reduce the cost and time involved in procurement and maintenance of local storage infrastructure. In cloud computing, the Cloud Service Provider (CSP) is in charge of managing the cloud storage services. Therefore, the Data Owners (DOs) lose the physical control over the data. Instead, the management of data is delegated to an untrusted third party. On the other hand, the CSP or any inside attackers are able to arbitrarily change the amount of stored data without any user knowledge or permission (B. Chen, Curtmola, Ateniese, & Burns, 2010). Therefore, several issues need to be resolved before storing the sensitive data in the cloud. For instance, how can the user completely put her trust in the CSP for preserving the outsourced data? Is it possible for the CSP or any inside attackers to arbitrarily change the amount of stored data without user knowledge or permission? Do the users have to download the whole outsourced data to check the integrity of them? Is there any way to update the outsourced data without having to download the entire data?

The Remote Data Auditing (RDA) refers to a sampling of the collected data in the cloud and evaluating the data with various criteria, such as validity, accuracy, and integrity as a way to verify the reliability of the storage provider (Cong et al., 2010). In this section,

CSP $ TPA Data User Read Data Owner

Figure 2.2: The network architecture of RDA in cloud computing

we detail the architecture of the RDA for the single cloud server and taxonomize the RDA requirements.

2.3.1 Remote Data Auditing Architecture

The RDA approaches for the single cloud servers usually include four main com- ponents, namely: (1) User: it represents an enterprise or individual having permission to read the stored data in the cloud, (2) DO: Enterprise or businesses which store their data in the cloud storage having the ability to do update operations (modify, delete, and insert), (3) CSP: This entity is responsible to back-up the user data and generates a proof as a response of the received challenges, and (4) Third Party Auditor (TPA): auditing the outsourced data and its verification is done by TPA. It actually ensures whether the data remains intact over the passage of time in public auditing models. Private auditing schemes, however, cannot support the TPA and DOs in order to check the integrity of the data (Sood, 2012; Sookhak, Talebian, Ahmed, Gani, & Khan, 2014; Sookhak et al., 2015). Figure 2.2 clearly depicts the typical RDA components and their interactions.

2.3.2 Taxonomy of Remote Data Auditing

Figure 2.3 shows the thematic taxonomy of remote data auditing in cloud comput- ing that is categorized based on Security Requirements, Performance Metrics, Security Objectives, Auditing Modes, and Updating Modes.

The security requirements attribute indicates a number of properties which must be taken into account to propose a secure RDA method, as follows: (1) Robustness equips the auditing methods with mechanisms to mitigate arbitrary amount of data corruption (Ate- niese et al., 2011), (2) Fairness ensures that a dishonest data owner is unable to access the data in the cloud storage and manipulate it (Zheng & Xu, 2012), (3) Data Deduplication ensures maximum use of available storage space by recognizing distinct chunks of data with identical content and eliminating redundant data. Considering that more than 75% of the outsourced data in the cloud are not unique, deduplication can dramatically reduce the required space to store a large data set (Gantz & Reinsel, 2010; Storer, Greenan, Long, & Miller, 2008), (4) Data Recovery allows users to recover small or large fraction of file corruptions outsourced to the cloud. This requirement can be achieved by using some methods such as forward error correcting code (FEC) (Clark & Cain, 1981), or Read- Salmon code (Lin & Costello, 2004), (5) Dependability protects the stored data against Byzantine failures (Castro & Liskov, 2002), malicious data modification, and server col- luding attack to augment data availability, (6) Batch Auditing ensures that TPA is able to quickly manage multiple auditing tasks which are received simultaneously from different users and in a cost efficient way, and (7) Data Privacy ensures that the auditors should not be able to learn or guess the data content or have a copy of original data. In other words, data confidentiality should be preserved against the auditors (Wei et al., 2013).

The performance metrics attribute includes a set of important measures such as com- putation cost (processing time), communication cost, and storage cost, and probability of

Confidentiality Integrity Robustness Private Storage Cost Fairness Dependability

Figure 2.3: Taxonomy of Remote data auditing in cloud computing (Sookhak et al., 2014)

detection which are needed to be kept optimized when designing a RDA method. The implemented method requires incurring the least computation, communication and stor- age overhead over the client and server while the probability of detecting data corruption achieves the maximum value (Bowers, Juels, & Oprea, 2009; Oprea, Reiter, & Yang, 2005).

The security objective attributes indicate the RDA method is able to ensure which type of security components (integrity, confidentiality, and privacy). The attribute of the auditing mode shows that who is responsible for verifying the outsourced data. In a private verification, the DO only has to check the integrity of the data. However, in a public verification mode, the DO is able to delegate the auditing task to the trusted third party.

The next attribute is auditing mode including public and private auditing. In public auditing mode the integrity of outsourced data is checked by third party auditor (TPA) while in the private mode, the data owner is only able to audit the data.

The attribute of the uploading mode indicates the type of data modification that can be supported by the protocols. The current RDA methods employ three different strate- gies for updating the outsourced data blocks in the single cloud server. (1) In the static approach, the user must retrieve the data and upload the modified data on the cloud. This process imposes high computation and communication overheads on the cloud side and to the device side. (2) In the dynamic uploading approach, the user is able to update the stored data to the cloud by inserting, deleting, and modifying a portion of the file, or appending to the file remotely rather than downloading the entire file (Yang & Jia, 2012). (3) Semi-dynamic model: allows the owner to make partial update operations on the outsourced data (Sookhak, Talebian, et al., 2014).

the attribute of