Data Privacy in Remote Data Integrity Checking for Secure Cloud Storage

1

Data Privacy in Remote Data Integrity

Checking for Secure Cloud Storage

Yong Yu

Centre for Computer and Information Security University of Wollongong

Outline

History of Remote Data Integrity Checking Publicly verifiable RICPrivacy in RIC protocols

Definition of privacy - IND-Privacy

Insecurity of existing publicly verifiable RIC protocols Provably secure RIC protocols with IND-Privacy

Conclusion

 Yong Yu, Man Ho Au, Yi Mu, Willy Susilo et al. Enhanced Privacy of a Remote Data Integrity Checking Protocol for Secure Cloud Storage. International Journal of Information Security, accepted, 17 August, 2014.

 Xinyu Fan, Guomin Yang, Yi Mu and Yong Yu, On Indistinguishability in Remote Data Integrity Checking, The Computer Journal, Oxford (accepted, 19 Oct. 2013), (online version: doi: 10.1093/comjnl/bxt137)

Outline

•Cloud computing and cloud storage

•Idea of Ateniese et al’s PDP

•Hao et al.’s scheme

•Privacy in RIC protocols

•Definition of privacy – Zero Knowledge Privacy

•Our RIC protocols with Zero Knowledge Privacy

Cloud Computing: Advantages

– Cloud computing enjoys a "pay-per-use model for enabling available, convenient and on-demand

network access to a shared pool of configurable

computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” – NIST

Cloud Storage vs. Data Integrity

6

Data

owners _owners Data

Data flow

• Cloud storage service allows owners to outsource their data to cloud servers for storage and maintenance.

– Low capital costs on hardware and software, low management and maintenance overheads, universal on-demand data access, etc – E.g., Amazon S3.

Cloud Storage vs. Data Integrity

7

Data

owners _owners Data

Data flow

Loss of physical control

• However, data outsourcing also eliminates owners’ ultimate control over their data.

• The cloud server is not fully trusted.

– Try to hide data loss incidents in order to maintain their reputation. – Might discard the data that have not been or are rarely accessed for

RSA based PDP (Atenises et al, CCS2007)

:

(m) mod

Sign





H

N

1mod (N)

ed





:

(m) mod

Verify





H

N

• RSA-based Tag

(H(W ) g ) mod

i i

t





N

• Single Block (H(W ) g ) modmi d i i t   N i (mi,ti) i

0

;

(W )

t

m

e

g

H







• Challenge-Response σ₁ m₁ σ₂ m₂ σ₃ m₃ σ₄ m₄ … … σ_n m_n Client 3 1 4 1 3 4 n a a a a n T 

   

Shared Data Flow

Cloud Server Data Owner

Third Party Auditor

Privacy against TPA

Security against

server

Privacy Analysis of Ateniese et al.’s PDP 3 1 4 1 3 4 n a a a a n T  t t t t 1 1 3 3 4 4 n n M  a m  a m  a m  a m (T,M) 1 11 1 31 3 41 4 1 2 12 1 32 3 42 4 2 3 13 1 33 3 43 4 3 4 14 1 34 3 44 4 4 n n n n n n n n M a m a m a m a m M a m a m a m a m M a m a m a m a m M a m a m a m a m       _{   }   _{   }   _{   } 

An improvement due to Hao et al.

Zhuo Hao, Sheng Zhong, A Privacy-Preserving Remote Data Integrity Checking Protocol with Data Dynamics and Public Verifiability. IEEE Trans. Knowl. Data Eng. 23(9): 1432-1437 (2011)

Privacy Analysis of the Scheme

Our improvement—

Scheme description

Our improvement—

Scheme description

TagGen:

m



m m m

m t

,



Z

Ivan Damgård, Eiichiro Fujisaki: A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order. ASIACRYPT 2002: 125-142

Our improvement—

Scheme description

Our improvement—

Soundness Proof

If the response can pass the verification,i.e.,

Using the oracle replay technique and forking lemma, replay H2 to generate a new response R’; then we can get two pairs of collision for H2, we have

Conclusions

• Cloud computing has posed new challenges to data integrity

• Privacy issues in existing RIC protocols is a big issue.

• Zero Knowledge Privacy was introduced

• RSA based publicly verifiable RIC protocols fails to achieve Zero Knowledge privacy