World Wide Web

, Volume 15, Issue 4, pp 409–428

Data storage auditing service in cloud computing: challenges, methods and opportunities

Article

Abstract

Cloud computing is a promising computing model that enables convenient and on-demand network access to a shared pool of configurable computing resources. The first offered cloud service is moving data into the cloud: data owners let cloud service providers host their data on cloud servers and data consumers can access the data from the cloud servers. This new paradigm of data storage service also introduces new security challenges, because data owners and data servers have different identities and different business interests. Therefore, an independent auditing service is required to make sure that the data is correctly hosted in the Cloud. In this paper, we investigate this kind of problem and give an extensive survey of storage auditing methods in the literature. First, we give a set of requirements of the auditing protocol for data storage in cloud computing. Then, we introduce some existing auditing schemes and analyze them in terms of security and performance. Finally, some challenging issues are introduced in the design of efficient auditing protocol for data storage in cloud computing.

Keywords

data storage auditing data owner auditing third party auditing cloud computing 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Armbrust, M., et al.: A view of cloud computing. Commun. ACM 53, 50–58 (2010)CrossRefGoogle Scholar
  2. 2.
    Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., Song, D.: Provable data possession at untrusted stores. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS ’07, pp. 598–609. ACM, New York, NY, USA (2007)Google Scholar
  3. 3.
    Ateniese, G., Di Pietro, R., Mancini, L.V., Tsudik, G.: Scalable and efficient provable data possession. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, SecureComm ’08, pp. 9:1–9:10. ACM, New York, NY, USA (2008)Google Scholar
  4. 4.
    Ateniese, G., Kamara, S., Katz, J.: Proofs of storage from homomorphic identification protocols. In: Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, ASIACRYPT ’09, pp. 319–333. Springer, Berlin, Heidelberg (2009)Google Scholar
  5. 5.
    Bairavasundaram, L.N., Goodson, G.R., Pasupathy, S., Schindler, J.: An analysis of latent sector errors in disk drives. In: Proceedings of the 2007 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, SIGMETRICS ’07, pp. 289–300. ACM, New York, NY, USA (2007)Google Scholar
  6. 6.
    Blum, M., Evans, W., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. In: Proceedings of the 32nd Annual Symposium on Foundations of Computer Science, SFCS ’91, pp. 90–99. IEEE Computer Society, Washington, DC, USA (1991)Google Scholar
  7. 7.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. J. Cryptol. 17, 297–319 (2004)MathSciNetMATHCrossRefGoogle Scholar
  8. 8.
    Bowers, K.D., Juels, A., Oprea, A.: Proofs of retrievability: theory and implementation. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW ’09, pp. 43–54. ACM, New York, NY, USA (2009)Google Scholar
  9. 9.
    Cellan-Jones, R.: The Sidekick Cloud Disaster. BBC News, vol. 1 (2009)Google Scholar
  10. 10.
    Chang, E.C., Xu, J.: Remote integrity check with dishonest storage server. In: Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security, ESORICS ’08, pp. 223–237. Springer, Berlin, Heidelberg (2008)Google Scholar
  11. 11.
    Clarke, D., Devadas, S., van Dijk, M., Gassend, B., Suh, G.E.: Incremental multiset hash functions and their application to memory integrity checking. In: Proceedings of the 9th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, ASIACRYPT’03, pp. 188–207. Springer (2003)Google Scholar
  12. 12.
    Curtmola, R., Khan, O., Burns, R.: Robust remote data checking. In: Proceedings of the 4th ACM International Workshop on Storage Security and Survivability, StorageSS ’08, pp. 63–68. ACM, New York, NY, USA (2008)Google Scholar
  13. 13.
    Curtmola, R., Khan, O., Burns, R., Ateniese, G.: MR-PDP: multiple-replica provable data possession. In: Proceedings of the 2008 the 28th International Conference on Distributed Computing Systems, ICDCS ’08, pp. 411–420. IEEE Computer Society, Washington, DC, USA (2008)Google Scholar
  14. 14.
    Deswarte, Y., Quisquater, J., Saidane, A.: Remote integrity checking. In: The Sixth Working Conference on Integrity and Internal Control in Information Systems (IICIS). Springer Netherlands (2004)Google Scholar
  15. 15.
    Dodis, Y., Vadhan, S., Wichs, D.: Proofs of retrievability via hardness amplification. In: Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography, TCC ’09, pp. 109–127. Springer (2009)Google Scholar
  16. 16.
    Dwork, C., Naor, M., Rothblum, G.N., Vaikuntanathan, V.: How efficient can memory checking be? In: Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography, TCC ’09, pp. 503–520. Springer (2009)Google Scholar
  17. 17.
    Erway, C., Kupccu, A., Papamanthou, C., Tamassia, R.: Dynamic provable data possession. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS ’09, pp. 213–222. ACM, New York, NY, USA (2009)Google Scholar
  18. 18.
    Gazzoni Filho, D., Barreto, P.: Demonstrating data possession and uncheatable data transfer. Tech. Rep., Citeseer (2006)Google Scholar
  19. 19.
    Goodson, G.R., Wylie, J.J., Ganger, G.R., Reiter, M.K.: Efficient byzantine-tolerant erasure-coded storage. In: Proceedings of the 2004 International Conference on Dependable Systems and Networks, pp. 135–. IEEE Computer Society, Washington, DC, USA (2004)Google Scholar
  20. 20.
    Hu, L., Ying, S., Jia, X., Zhao, K.: Towards an approach of semantic access control for cloud computing. In: Cloud Computing, pp. 145–156 (2009)Google Scholar
  21. 21.
    Juels, A., Kaliski, Jr., B.S.: Pors: proofs of retrievability for large files. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS ’07, pp. 584–597. ACM, New York, NY, USA (2007)Google Scholar
  22. 22.
    Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: scalable secure file sharing on untrusted storage. In: Proceedings of the 2nd USENIX Conference on File and Storage Technologies, pp. 29–42. USENIX Association, Berkeley, CA, USA (2003)Google Scholar
  23. 23.
    Kher, V., Kim, Y.: Securing distributed storage: challenges, techniques, and systems. In: Proceedings of the 2005 ACM workshop on Storage Security and Survivability, StorageSS ’05, pp. 9–25. ACM, New York, NY, USA (2005)Google Scholar
  24. 24.
    Krohn, M., Freedman, M., Mazieres, D.: On-the-fly verification of rateless erasure codes for efficient content distribution. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 226–240 (2004)Google Scholar
  25. 25.
    Kubiatowicz, J., et al.: Oceanstore: an architecture for global-scale persistent storage. SIGPLAN Not. 35, 190–201 (2000)CrossRefGoogle Scholar
  26. 26.
    Li, J., Krohn, M., Mazieres, D., Shasha, D.: Secure untrusted data repository (sundr). In: Proceedings of the 6th Conference on Symposium on Operating Systems Design & Implementation, vol. 6, pp. 9–9. USENIX Association, Berkeley, CA, USA (2004)Google Scholar
  27. 27.
    Li, M., Yu, S., Ren, K., Lou, W.: Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings. In: Security and Privacy in Communication Networks, pp. 89–106 (2010)Google Scholar
  28. 28.
    Lillibridge, M., Elnikety, S., Birrell, A., Burrows, M., Isard, M.: A cooperative internet backup scheme. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, pp. 3–3. USENIX Association, Berkeley, CA, USA (2003)Google Scholar
  29. 29.
    Lin, J.: Cloud Data Storage for Group Collaborations. Lecture Notes in Engineering and Computer Science, vol. 2183 (2010)Google Scholar
  30. 30.
    Maheshwari, U., Vingralek, R., Shapiro, W.: How to build a trusted database system on untrusted storage. In: Proceedings of the 4th Conference on Symposium on Operating System Design & Implementation, OSDI’00, vol. 4, pp. 10–10. USENIX Association, Berkeley, CA, USA (2000)Google Scholar
  31. 31.
    Maniatis, P., Roussopoulos, M., Giuli, T.J., Rosenthal, D.S.H., Baker, M.: The lockss peer-to-peer digital preservation system. ACM Trans. Comput. Syst. 23, 2–50 (2005)CrossRefGoogle Scholar
  32. 32.
    Mell, P., Grance, T.: The NIST definition of cloud computing. Tech. Rep., National Institute of Standards and Technology (2009)Google Scholar
  33. 33.
    Merkle, R.C.: Protocols for public key cryptosystems. IEEE Symposium on Security and Privacy, p. 122 (1980)Google Scholar
  34. 34.
    Miller, R.: Amazon addresses EC2 power outages. Data Center Knowledge 1 (2010)Google Scholar
  35. 35.
    Muthitacharoen, A., Morris, R., Gil, T.M., Chen, B.: Ivy: a read/write peer-to-peer file system. In: Proceedings of the 5th Symposium on Operating Systems Design and Implementation, OSDI ’02, pp. 31–44. ACM, New York, NY, USA (2002)Google Scholar
  36. 36.
    Naor, M., Rothblum, G.N.: The complexity of online memory checking. In: Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science, FOCS ’05, pp. 573–584. IEEE Computer Society, Washington, DC, USA (2005)Google Scholar
  37. 37.
    Oprea, A., Reiter, M., Yang, K.: Space-efficient block storage integrity. In: Proceedings of the NDSS Symposium, Citeseer (2005)Google Scholar
  38. 38.
    Papamanthou, C., Tamassia, R., Triandopoulos, N.: Authenticated hash tables. In: Proceedings of the 15th ACM conference on Computer and Communications Security, CCS ’08, pp. 437–448. ACM, New York, NY, USA (2008)Google Scholar
  39. 39.
    Plank, J.S.: A tutorial on reed-solomon coding for fault-tolerance in raid-like systems. Softw. Pract. Exp. 27, 995–1012 (1997)CrossRefGoogle Scholar
  40. 40.
    Schroeder, B., Gibson, G.A.: Disk failures in the real world: what does an mttf of 1,000,000 hours mean to you? In: Proceedings of the 5th USENIX conference on File and Storage Technologies. USENIX Association, Berkeley, CA, USA (2007)Google Scholar
  41. 41.
    Schwarz, T., Miller, E.: Store, forget, and check: Using algebraic signatures to check remotely administered storage. In: Proceedings of the 26th IEEE International Conference on Distributed Computing Systems (ICDCS’06), p. 12 (2006). doi:10.1109/ICDCS.2006.80
  42. 42.
    Sebe, F., Domingo-Ferrer, J., Martinez-Balleste, A., Deswarte, Y., Quisquater, J.J.: Efficient remote data possession checking in critical information infrastructures. IEEE Trans. Knowl. Data Eng. 20, 1034–1038 (2008)CrossRefGoogle Scholar
  43. 43.
    Shacham, H., Waters, B.: Compact proofs of retrievability. In: Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, ASIACRYPT ’08, pp. 90–107. Springer, Berlin, Heidelberg (2008)Google Scholar
  44. 44.
    Shah, M., Swaminathan, R., Baker, M.: Privacy-preserving audit and extraction of digital contents. Tech. rep., Cryptology ePrint Archive, Report 2008/186, 2008. http://eprint.iacr.org (2008)
  45. 45.
    Shah, M.A., Baker, M., Mogul, J.C., Swaminathan, R.: Auditing to keep online storage services honest. In: Proceedings of the 11th USENIX workshop on Hot Topics in Operating Systems, pp. 11:1–11:6. USENIX Association, Berkeley, CA, USA (2007)Google Scholar
  46. 46.
    Shoup, V.: On the security of a practical identification scheme. In: Proceedings of the 15th Annual International Conference on Theory and Application of Cryptographic Techniques, EUROCRYPT’96, pp. 344–353. Springer, Berlin, Heidelberg (1996)Google Scholar
  47. 47.
    Smart, N.P., Warinschi, B.: Identity based group signatures from hierarchical identity-based encryption. In: Proceedings of the 3rd International Conference Palo Alto on Pairing-Based Cryptography, Pairing ’09, pp. 150–170. Springer, Berlin, Heidelberg (2009)Google Scholar
  48. 48.
    Velte, T., Velte, A., Elsenpeter, R.: Cloud Computing: a Practical Approach, 1 edn., chap. 7. McGraw-Hill, New York, NY, USA (2010)Google Scholar
  49. 49.
    Wang, C., Ren, K., Lou, W., Li, J.: Toward publicly auditable secure cloud data storage services. IEEE Netw. 24(4), 19–24 (2010). doi:10.1109/MNET.2010.5510914 CrossRefGoogle Scholar
  50. 50.
    Wang, C., Wang, Q., Ren, K., Lou, W.: Privacy-preserving public auditing for data storage security in cloud computing. In: Proceedings of the 29th Conference on Information Communications, INFOCOM’10, pp. 525–533. IEEE Press, Piscataway, NJ, USA (2010)Google Scholar
  51. 51.
    Wang, Q., Wang, C., Li, J., Ren, K., Lou, W.: Enabling public verifiability and data dynamics for storage security in cloud computing. In: Proceedings of the 14th European conference on Research in Computer Security, ESORICS’09, pp. 355–370. Springer, Berlin, Heidelberg (2009)Google Scholar
  52. 52.
    Yamamoto, G., Oda, S., Aoki, K.: Fast integrity for large data. In: Proceedings of the ECRYPT Workshop on Software Performance Enhancement for Encryption and Decryption, pp. 21–32. ECRYPT, Amsterdam, The Netherlands (2007)Google Scholar
  53. 53.
    Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceedings of the 29th Conference on Information Communications, pp. 534–542. IEEE Press (2010)Google Scholar
  54. 54.
    Yumerefendi, A.R., Chase, J.S.: Strong accountability for network storage. Trans. Storage 3 (2007)Google Scholar
  55. 55.
    Zeng, K.: Publicly verifiable remote data integrity. In: Proceedings of the 10th International Conference on Information and Communications Security, ICICS ’08, pp. 419–434. Springer, Berlin, Heidelberg (2008)Google Scholar
  56. 56.
    Zhu, Y., Wang, H., Hu, Z., Ahn, G., Hu, H., Yau, S.: Cooperative provable data possession 0 (2010)Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2011

Authors and Affiliations

  1. 1.Department of Computer ScienceCity University of Hong KongKowloonHong Kong

Personalised recommendations