Practical Verification of Data Encryption for Cloud Storage Services

  • Jinxia Fang
  • Limin LiuEmail author
  • Jingqiang Lin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11515)


Sensitive data is usually encrypted to protect against data leakage and unauthorized access for cloud storage services. Generally, the remote user has no knowledge of the actual data format stored in the cloud, even though a cloud server promises to store the data with encryption. Although a few works utilize data encapsulation and remote data checking to detect whether the sensitive data is protected securely in the cloud, they still suffer from a number of limitations, such as heavy computational cost at the user side and poor practicality, that would hinder their adoptions. In this paper, we propose a practical verification scheme to allow users to remotely evaluate the actually deployed data encryption protection in the cloud. We employ the pseudo-random number generator and present a data encapsulation solution, which can benefit users with significant cost savings. By imposing monetary rewards or penalties, our proposed scheme can help ensure that the cloud server stores data encrypted at rest honestly. Extensive experiments are conducted to further demonstrate the efficiency and practicality of the proposed scheme.


Cloud storage service Data encapsulation Encryption verification Performance evaluation 



This research was supported by National Key Research and Development Program of China (Grant No. 2017YFB0802404) and partially supported by National Natural Science Foundation of China (Award No. 61772518).


  1. 1.
  2. 2.
  3. 3.
  4. 4.
  5. 5.
  6. 6.
    Alkhojandi, N., Miri, A.: Privacy-preserving public auditing in cloud computing with data deduplication. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 35–48. Springer, Cham (2015). Scholar
  7. 7.
    Armknecht, F., Barman, L., Bohli, J.M., et al.: Mirror: enabling proofs of data replication and retrievability in the cloud. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 1051–1068. USENIX Association, Austin (2016)Google Scholar
  8. 8.
    Armknecht, F., Bohli, J.M., Froelicher, D., et al.: Sport: Sharing proofs of retrievability across tenants. Cryptology ePrint Archive, Report 2016/724 (2016)Google Scholar
  9. 9.
    Ateniese, G., Burns, R., Curtmola, R., et al.: Provable data possession at untrusted stores. In: ACM Conference on Computer and Communications Security, pp. 598–609 (2007)Google Scholar
  10. 10.
    Benson, K., Dowsley, R., Shacham, H.: Do you know where your cloud files are? In: ACM Cloud Computing Security Workshop, Ccsw 2011, Chicago, IL, USA, pp. 73–82, October 2011Google Scholar
  11. 11.
    Bowers, K.D., Dijk, M.V., Juels, A., et al.: How to tell if your cloud files are vulnerable to drive crashes. In: ACM Conference on Computer and Communications Security, CCS 2011, Chicago, Illinois, USA, pp. 501–514, October 2011Google Scholar
  12. 12.
    van Dijk, M., Juels, A., Oprea, A., et al.: Hourglass schemes: how to prove that cloud files are encrypted, pp. 265–280 (2012)Google Scholar
  13. 13.
    Fu, A., Yu, S., Zhang, Y., et al.: NPP: a new privacy-aware public auditing scheme for cloud data sharing with group users. IEEE Trans. Big Data 1 (2017)Google Scholar
  14. 14.
    Gorke, C.A., Janson, C., Armknecht, F., et al.: Cloud storage file recoverability. In: ACM International Workshop on Security in Cloud Computing (2017)Google Scholar
  15. 15.
    Hu, K., Zhang, W.: Efficient verification of data encryption on cloud servers. In: Twelfth International Conference on Privacy, Security and Trust, pp. 314–321 (2014)Google Scholar
  16. 16.
    Hur, J., Koo, D., Shin, Y., et al.: Secure data deduplication with dynamic ownership management in cloud storage. IEEE Trans. Knowl. Data Eng. 28(11), 3113–3125 (2016)CrossRefGoogle Scholar
  17. 17.
    Juels, A.: PORs: proofs of retrievability for large files. In: ACM Conference on Computer and Communications Security, pp. 584–597 (2007)Google Scholar
  18. 18.
    Li, D., Chen, J., Guo, C., et al.: IP-geolocation mapping for moderately connected internet regions. IEEE Trans. Parallel Distrib. Syst. 24(2), 381–391 (2013)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Li, J., Li, J., Xie, D., et al.: Secure auditing and deduplicating data in cloud. IEEE Trans. Comput. 65(8), 2386–2396 (2016)MathSciNetCrossRefGoogle Scholar
  20. 20.
    Long, M., Li, Y., Peng, F.: Dynamic provable data possession of multiple copies in cloud storage based on full-node of AVL tree. Int. J. Digit. Crime Forensics 11(1), 126–137 (2019)CrossRefGoogle Scholar
  21. 21.
    Shen, W., Qin, J., Yu, J., et al.: Enabling identity-based integrity auditing and data sharing with sensitive information hiding for secure cloud storage. IEEE Trans. Inf. Forensics Secur. 14(2), 331–346 (2019)CrossRefGoogle Scholar
  22. 22.
    Wang, B., Li, B., Li, H.: Panda: public auditing for shared data with efficient user revocation in the cloud. IEEE Trans. Serv. Comput. 8(1), 92–106 (2015)CrossRefGoogle Scholar
  23. 23.
    Wang, Q., Ren, K., Lou, W., et al.: Dependable and secure sensor data storage with dynamic integrity assurance. In: INFOCOM, pp. 954–962 (2009)Google Scholar
  24. 24.
    Wang, Q., Wang, C., Ren, K., et al.: Enabling public auditability and data dynamics for storage security in cloud computing. IEEE Trans. Parallel Distrib. Syst. 22(5), 847–859 (2011)CrossRefGoogle Scholar
  25. 25.
    Wang, Z., Sun, K., Jing, J., et al.: Verification of data redundancy in cloud storage. In: Proceedings of the 2013 international workshop on Security in cloud computing, pp. 11–18 (2013)Google Scholar
  26. 26.
    Wu, Y., Jiang, Z.L., Wang, X., et al.: Dynamic data operations with deduplication in privacy-preserving public auditing for secure cloud storage. In: IEEE International Conference on Computational Science and Engineering, pp. 562–567 (2017)Google Scholar
  27. 27.
    Yang, G., Yu, J., Shen, W., et al.: Enabling public auditing for shared data in cloud storage supporting identity privacy and traceability. J. Syst. Softw. 113, 130–139 (2016)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.School of Cyber SecurityUniversity of Chinese Academy of SciencesBeijingChina
  2. 2.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  3. 3.Data Assurance and Communication Security Research CenterChinese Academy of SciencesBeijingChina

Personalised recommendations