Skip to main content

A position-aware Merkle tree for dynamic cloud data integrity verification

Abstract

In the cloud storage framework, once clients remotely store their data on cloud storage providers, they will lose the physical control over their outsourced data. The risk of unauthorized access to the data increases dramatically. One of the most serious problems in cloud storage is to ensure the correctness of the outsourced data. Specifically, we need to protect these data from unauthorized operations; we also need to detect and recover users’ data after unexpected changes. In this paper, we propose a publicly verifiable scheme to protect the integrity of cloud data and support dynamic maintenance, which is based on a position-aware Merkle tree. We adopt a 3-tuple to define the node of the new Merkle tree, which records the position of the corresponding node, so that users can verify the consistency of the challenge-response blocks by computing the root value directly without retrieving the whole Merkle tree. In our scheme, the storage complexity at the client side is O(1); the computation complexity at the client side is \(O(\log n)\); the computation cost at the server side is \(O(\log n)\) and the communication overhead is \(O(\log n)\). Our method supports unlimited verification challenges as well.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Notes

  1. We use the term user and client interchangeably in this paper.

References

  • Ateniese G, Burns R, Curtmola R, Herring J, Kissner L, Peterson Z, Song D (2007) Provable data possession at untrusted stores. In: Proceedings of ACM conference on computer and communications security (CCS), pp 598–609

  • Ateniese G, Pietro D, Mancini L, Tsudik G (2008) Scalable and efficient provable data possession. In: Proceedings of the 4th international conference on security and privacy in communication netowrks, vol 9. ACM, New York

  • Ateniese G, Kamara S, Katz J (2009) Proofs of storage from homomorphic identification protocols. In: Advances in cryptology, ASIACRYPT 2009, vol 5912. Springer, Berlin, pp 319–333

  • Ateniese G, Burns R, Curtmola R, Herring J, Khan O, Kissner L, Peterson Z, Song D (2011) Remote data checking using provable data possession. ACM Trans Inf Syst Secur 14(1):12:1–12:34

  • Bellare M, Palacio A (2004) The knowledge-of-exponent assumptions and 3-round zero-knowledge protocols. In: Advances in cryptology, CRYPTO 2004, vol 3152. Springer, Berlin, pp 273–289

  • Boneh D, Lynn B, Shacham H (2001) Short signatures from the weil pairing. In: Proceedings of ASIACRYPT’01. Springer, Berlin, pp 514–532

  • Castiglione A, Catuogno L, Del Sorbo A, Fiore U, Palmieri F (2014a) A secure file sharing service for distributed computing environments. J Supercomput 67:691–710

  • Catuogno L, Löhr H, Winandy M, Sadeghi A (2014b) A trusted versioning file system for passive mobile storage devices. J Netw Comput Appl 38:65–75

  • Chen X, Li J, Huang X, Li J, Xiang Y, Wong D (2014a) Secure outsourced attribute-based signatures. IEEE Trans Parallel Distrib Syst 25:3285–3294

  • Chen X, Li J, Weng J, Ma J, Lou W (2014b) Verifiablecomputation over large database with incremental. In:Proceedings of ESORICS’14, vol 8712. Springer, New York, pp 148–162

  • Chen X, Huang X, Li J, Ma J, Luo W (2015) New algorithms for secure outsourcing of large-scale systems of linear equations. IEEE Trans Inf Forensics Secur 10:69–78

  • Chris Erway C, Küpçü A, Papamanthou C, Tamassia R (2009) Dynamic provable data possession. In: Proceedings of the 16th ACM conference on computer and communications security (CCS). ACM, New York, pp 213–222

  • Chris Erway C, Küpçü A, Papamanthou C, Tamassia R (2015) Dynamic provable data possession. ACM Trans Inf Syst Secur 17(4):15:1–15:29

  • Deswarte Y, Quisquater J, Saidane A (2003) Remote integrity checking. In: Conference on integrity and internal control in information systems, vol 03

  • Esposito C, Ficco M, Palmieri F, Castiglione A (2015) Smart cloud storage service selection based on fuzzy logic, theory of evidence and game theory. IEEE Trans Comput, pp 1

  • Fan X, Yang G, Mu Y, Yu Y (2015) On indistinguishability in remote data integrity checking. Comput J 58:823–830

    Article  Google Scholar 

  • Gazzoni EL, Luiz D, Filho G, Sérgio P, Barreto LM, Politécnica E (2006) Demonstrating data possession and uncheatable data transfer, 2006. IACR ePrint archive. Report 2006/150

  • Hao Z, Zhong S, Yu N (2011) A privacy-preserving remote data integrity checking protocol with data dynamics and public verifiability. IEEE Trans Knowl Data Eng 23(9):1432–1437

  • Juels A, Kaliske B (2007) PORs: proofs of retrievability for large files. In: 14th ACM conference on computer and communications security (CCS). ACM, New York, pp 584–597

  • Kate A, Zaverucha G, Goldberg I (2010) Constant-size commitments to polynomials and their applications. In: Advances in Cryptology, ASIACRYPT 2010, vol 6477. Springer, Berlin, pp 177–194

  • Li X, Li J, Huang F (2015) A secure cloud storage system supporting privacy-preserving fuzzy deduplication. Soft Comput. doi:10.1007/s00500-015-1596-6

  • Mao J, Zhang Y, Xu X (2012) Et-dmd: an error-tolerant scheme to detect malicious file deletion on distributed storage. In: 4th international conference on intelligent networking and collaborative systems. IEEE, New York, pp 365–372

  • Merkle RC (1980) Protocols for public key cryptosystems. In: IEEE symposium on security and privacy, vol 1109. IEEE, New York, pp 122–134

  • Merkle RC (1989) A certified digital signature. In: Proceedings on advances in cryptology, CRYPTO’89. Springer, Berlin, pp 218C–238

  • Pcworld (2008) Amazon. Amazon’s s3 down for several hours. http://www.pcworld.com/businesscenter/article/142549/amazons s3 down for several hours.html. Accessed 12 Sept 2014

  • Shacham H, Waters B (2008) Compact proofs of retrievability. In: Advances in cryptology, ASIACRYPT’08. Springer, Berlin

  • Wang H, Zhang Y (2013) On the knowledge soundness of a cooperative provable data possession scheme in multicloud storage. IEEE Trans Parallel Distrib Syst 25(1):264–267

    Article  Google Scholar 

  • Wang Q, Wang C, Li J, Ren K, Lou W (2009) Enabling public verifiability and data dynamics for storage security in cloud computing. In: Computer security, ESORICS 2009, vol 5789. Springer, Berlin, pp 335–370

  • Wang Q, Wang C, Ren K, Lou W, Li J (2011) Enabling public verifiability and data dynamics for storage security in cloud computing. IEEE Trans Parallel Distrib Syst 22(5):847–859

  • Wang Y, Wu Q, Wong DS, Qin B (2014) Securely outsourcing exponentiations with single untrusted program for cloud storage. In: Proceedings of ESORICS’14. Springer, Berlin, pp 323–340

  • Wikipedia (2014a) Cloud storage. http://en.wikipedia.org/wiki/Cloud_stroage. Accessed Aug 2014

  • Wikipedia (2014b) Merkle tree. http://en.wikipedia.org/wiki/Merkle_tree. Accessed May 2014

  • Wikipedia (2014c) Sha-1. https://en.wikipedia.org/wiki/SHA-1. Accessed June 2014

  • Wu Q, Mu Y, Susilo W (2009) Asymmetric group key agreement. In: Advances in cryptology, EUROCRYPT 2009, vol 5479. Springer, Berlin, pp 153–170

  • Xhafa F, Wang J, Chen X, Liu JK, Li J, Krause P (2014) A secure cloud storage system supporting privacy-preserving fuzzy deduplication. Soft Comput 18:1795–1802

    Article  Google Scholar 

  • Xu J, Chang E (2012) Towards efficient proofs of retrievability. In: 7th ACM symposium on information, computer and communications security. ACM, New York, pp 79–80

  • Yu Y, Yang G, Mu Y, Susilo W (2014) On the security of auditing mechanisms for secure cloud storage. Future Gener Comput Syst Int J Grid Comput Theory Methods Appl 30(1):127–132

    Article  Google Scholar 

  • Yu Y, Au MH, Yi Mu ST, Ren J, Susilo W, Dong L (2015) Enhanced privacy of a remote data integrity-checking protocol for secure cloud storage. Int J Inf Secur 14:307–318

    Article  Google Scholar 

  • Zheng Q, Xu S (2011) Fair and dynamic proofs of retrievability. In: The first ACM conference on data and application security and privacy. ACM, New York, pp 237–248

  • Zhu Y, Wang H, Hu Z, Ahn G, Hu H, Yau S (2010) Efficient provable data possession for hybrid clouds. In: 17th ACM conference on Computer and communications security. ACM, New York, pp 756–758

Download references

Acknowledgments

The authors thank Zhenkai Liang for suggestions on various aspects of this paper. The authors also thank anonymous reviewers for their insightful comments. This work was supported in part by the National Natural Science Foundation of China (No. 61402029), the Beijing Natural Science Foundation (No. 4132056), the National 973 Project of China (No. 2012CB315905) and the National Natural Science Foundation of China (No. 61170246, 376349).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Jian Mao.

Ethics declarations

Conflict of interest

The authors declare that there is no conflict of interests regarding the publication of this paper.

Additional information

Communicated by V. Loia.

Rights and permissions

Reprints and Permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mao, J., Zhang, Y., Li, P. et al. A position-aware Merkle tree for dynamic cloud data integrity verification. Soft Comput 21, 2151–2164 (2017). https://doi.org/10.1007/s00500-015-1918-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00500-015-1918-8

Keywords