[ieee 2011 international conference on cloud and service computing (csc) - hong kong, china...
TRANSCRIPT
Study on the Third-party Audit in Cloud Storage Service*
Ling Li Lin Xu Jing Li Changchun Zhang
School of Computer Science and Technology
University of Science and Technology of China
Hefei, Anhui, P.R. China
{liling, linxu, zccc}@mail.ustc.edu.cn, [email protected]
Abstract—Cloud computing, emerging as a new scheme, makes adjustment for the utilization of available resources by using certain service mode. As one of the wide application services in cloud computing, cloud storage provides data storage and busi-ness access externally. The remote mode of service provision will inevitably come up against security problems and furthermore these problems will bring in crisis of confidence to the develop-ment of cloud computing services. That is bound to impede the wide application of cloud computing services due to the lack of necessary reliability. Analysis for the essence of these problems indicates that the introduction of an external trusted third-party audit (TPA) mechanism is important and indispensable for the protection of data security and the reliability of services. This paper mainly reviews and analyzes the problems occurring in current development of cloud storage. Besides, we also focus on analyzing the problems caused by introduction of the TPA in more details and exploring the application prospects and solu-tions for the TPA mechanism in cloud storage. Inspired by the research work, we propose the idea of a file-sharing system, which is built on top of our service delivery platform, with the TPA mechanism deployed, and discuss the assurance of reliabili-ty for the system.
Keywords-cloud computing; cloud storage; third-party audit mechanism; TPA; reliability
I. INTRODUCTION
Cloud computing, which emerges as a new scheme, has
been served as the next-generation infrastructure of the IT in-
dustry [1,2]. Cloud storage, as one of the wide application ser-
vices in the cloud, provides data storage and business access
services externally by connecting a large number of different
types of storage devices to work together through application
software [3]. As the concept of cloud storage spreading, many
established enterprises focus on it, such as Amazon with its
Simple Storage Service (S3) aiming to provide Internet servic-
es in the form of storage and computing, CDNetworks and
Nirvanix with its platform where cloud storage and data deli-
very services are integrated, Microsoft with its Windows Live
SkyDrive beta version which provides users with online sto-
rage of experience, EMC announcing its membership in “Daoli
Trusted Infrastructure Project”, and IBM planning to use cloud
computing standard to expand its global backup center [4,5].
* Sponsored by Comprehensive Strategic Cooperation Project with CAS and
Guangdong province (2010A090100027), USTC-Lenovo Joint Laboratory for
Cloud Computing, the CNGI Project (2008BAH37B05), Anhui Natural
Science Foundation (090412064), and the USTC Innovation Foundation of
Graduate Student.
The growth of data storage capacity brings pressure to storage
industry, but conversely contributes to its rapid development
simultaneously. So cloud storage has become the ideal candi-
date for the next generation of storage services.
The development of new services will always coexist with
opportunities and challenges. At present, almost all front-line
IT enterprises are involved in cloud storage by services provi-
sion. Each of them gives its own cloud storage architecture
based on their traditional technology and marketing strategies
and offers cloud services externally. But while provision of
services, we must take the problems emerging from the storage
operations in cloud into account. When the data store on per-
sonal devices, users have the highest privilege to operate on
them and ensure its security. But once the users choose to put
data into cloud, they lose their control over the data. That be-
cause cloud storage services providers (such as Amazon,
Google, Microsoft and others) are all independent entities, each
of which has its own data services and security policies and is
responsible for data operations and security respectively with-
out users‟ participation. Now, all cloud computing service pro-
viders try their best to introduce new services and promise data
security due to the competitive market of application, however,
the actual situation is not satisfactory. The cases cited in [6-9]
illustrate that cloud computing infrastructures also suffer from
internal or external data security threats in spite of the claimed
completeness given by the service providers. At the same time,
for the sake of keeping reputation, service providers may deli-
berately conceal accidents caused by data loss [10]. In addition
to cloud storage services, the users also need to be authenti-
cated and authorized to access so as to prevent stealing other
users‟ data through service failure or system intrusion. From
these facts, we can see that the problems, such as equipment
failures, authentication errors, and service delays, bring crisis
of confidence to cloud services. So reliability assurance is one
of the key factors to promote the popularity of cloud compu-
ting services.
According to the report “Assessing the Security Risks of
Cloud Computing” given by consulting firm Gartner, we can
see that there are seven potential security risks around cloud
computing services [11], such as privileged user access, regu-
latory compliance, data location, data segregation, recovery,
investigation support and long-term viability. We divide these
security risks into the following three aspects according to their
different contents.
220
2011 International Conference on Cloud and Service Computing
978-1-4577-1637-9/11/$26.00 ©2011 IEEE
1) data transmission and storage security
Around the cloud service environment, data users send data
to service providers mainly through the network. The user‟s
personal information, financial situation, privacy and so on
may be involved into the personal data, which must be pro-
tected by certain secure transmission modes, such as Secure
Sockets Layer (SSL), Point to Point Tunneling Protocol
(PPTP), Virtual Private Network (VPN) and so on. Filters are
also be added into the network to monitor the data flow be-
tween users and service providers and prevent sensitive data
leakage in real time. For example, the concept of “cloud fire-
wall” mentioned in [12].
Taking the importance of users‟ data into account, either
users or service providers often encrypt the data files in order
to ensure their privacy and isolation. Amazon S3 generates
MD5 hash automatically when users store their data to ensure
data integration. In this way, there is no need to utilize external
tools for MD5 checksum generation and it can also prevent
data leakage because there is no need to provide data informa-
tion to external entities. Craig Gentry of IBM Research Center
proposed “Ideal Lattice” mathematic model in [13] which
enables users to fully operate on encrypted data. At the same
time, service providers are able to accept users‟ commission in
order to make fully analysis for the data.
2) data audit security
While transferring data between users and service providers,
it is hard to avoid malicious attack, even on encrypted data. In
order to ensure data integrity, the best way is to introduce au-
thentication mechanism based on the third party. Audit is often
a two-way mechanism. As for users, it is necessary to audit
their operation strictly for ensuring the legality of their data
access. In this way, users can require their data safely at any
time. As for service providers, they should provide useful in-
formation to the TPA for assisting data integrity and security
audit. The ultimate goal of audit is to get win-win situation
between users and service providers. The audit mechanism can
help users choose the most suitable one among all sorts of ser-
vice providers. In the meantime, it can also help the service
providers establish their reputation to make more profits by
attracting more users.
3) security risk prevention strategies
Service Level Agreement (SLA) between users and service
providers is a useful solution to reduce the security risk. It is
one of cloud computing services‟ advantages. SLA serves as
the standard for service supply, quality of service, service mon-
itoring and controlling. It tries to detect the workflow which
does not meet with the expected quality of service and make
adjustments correspondingly. At the same time, some items are
established in SLA to avoid risks, typical ones including selec-
tion of service provider with high reputation, encryption for
both transmission channels, security for data storage location,
ability to data recovery, definition of data recovery time and so
on.
The security issues mentioned above include both intrinsic
risks of cloud services and problems through service supply.
The difficulties while dealing with these issues slow down the
development of cloud computing applications. Therefore, the
introduction of an appropriate security strategy or mechanism
(such as a trusted third-party audit) for protecting the stabiliza-
tion of cloud computing becomes necessary. In this paper, we
mainly focus on the third-party audit mechanism in cloud
computing services. We review and analyze the problems
around current cloud services and discuss the challenges and
technology solutions for the introduction of the TPA mechan-
ism. Note that we will use TPA as the abbreviation of
third-party audit in this paper. The rest of this paper is orga-
nized as follows. In section II, we illustrate the concept of TPA
and explore the prospects of its usage in cloud storage. Then
reasonable advices to solve the problems using TPA are dis-
cussed in section III. The fourth part gives brief description of
our own research work based on TPA. At last we conclude the
paper and look forward for the future work.
II. THE THIRD-PARTY AUDIT
Users choose cloud storage because of its convenient ser-
vice provision. During the service process, users focus on the
problem whether the data stored in the cloud is safe or not. But
for the service provider, the main concern is the profits while
providing convenient services. For both parties that focus on
different aspects, the TPA operating as an independent and
credible entity plays well in guaranteeing the trust relationship
between the two parties. The TPA has professional authenticate
knowledge and audit skills. Familiar with the SLA between
users and service providers, it can find and evaluate the poten-
tial risks objectively. Users without professional knowledge
and skills can evaluate the safety of cloud storage service rely-
ing on the TPA when they make service request and do the
right choice at the same time. Cloud storage service providers
can also improve their services according to the audit report
given by the TPA [14,15].
The introduction of the TPA mechanism refers to the com-
prehensive assessment of the phases of the cloud storage ser-
vices including security management, configuration manage-
ment, fault and abnormal management, data management, op-
eration management and so on [17]. Users may be unaware of
the location of data while using cloud storage services due to
the distributed characteristics of cloud computing, which re-
quires the TPA to be clear with the laws and regulations in the
area where data have been stored. So this is the main consider-
ation for the audit to service safety and configuration manage-
ment. The listed cases in [6-9] indicate that an SLA should be
established between users and service providers, in which the
specified responsibility and consequences will be pointed out,
in order to avoid the problems appeared in the process of ser-
vices. Agreement should specify the methods to process data,
emergency measures to deal with failure and abnormal, conti-
nuous service providing and the consequences of SLA viola-
tion, and so on in detail for service providers. So this is the
221
main consideration for the audit to fault and abnormal in ser-
vice and data management. For providing storages and busi-
ness access services externally, strict access control audit is
particularly important. Access control audit to the system,
network, and applications associated with cloud storage ser-
vices can prevent viruses, network intrusion, data leakage and
other security issues and also enhance management capacity of
those services.
In view of the audit mechanism involving the evaluation
work of several management phases of cloud storage, its range
is wider. According to audit methods for traditional patterns of
business, literature [14] divides audit mechanism into two
modes: internal audit and external audit. Internal audit inspects
the internal behavior and process of service providers and try
to avoid the violation of SLA of the service providers. When
internal audit starts, auditors need comprehensive understand-
ing of the risk in storage service and good measures about
dealing with them in industry. Baker enumerates the related
risks of data protection in [16], but the information is insuffi-
cient to the needs of audit work because the information about
storage service is difficult to obtain. At the same time, whether
the internal audit work takes extra expenses or brings in unex-
pected risk still need further research. As the internal audit will
check the internal behavior and process of service providers,
internal operating process of those providers will be exposed in
the audit results. As a result, most service providers may not
allow internal audit, and the TPA mainly tends to external audit
mode. External audit provides end-to-end service quality me-
trics using SLA. The main purpose is to ensure data integrity in
storage services. Through the APIs offered by the service pro-
viders, external audit can examine the data stored in the service
providers by sampling and ensure their integrity, for example,
using the APIs provided by Amazon S3 to realize data access
[14]. But now most service providers mainly give priority to
economic profits without interfaces for the TPA, Thus there
will be more limits to the external audit work.
Both the internal and external audit need to be guided with
complete audit methodology. In [17,18], they have discussed
the specific contents of the audit methodology. Generally
speaking, the TPA includes three main phases: Audit planning
phase, execute audit phase and post-audit phase. Audit plan-
ning phase first need to make sure the audit content, audit de-
tails and so on, and then determine the audit schedule. At the
same time, it will also need to provide auditors with the basic
background of current audit work. Fully understanding of the
background knowledge helps auditors get the main purpose of
the audit, and makes the work focused more clearly. Sufficient
preparation in the audit planning phase is helpful to maximize
the efficiency of audit work [18]. Execute audit phase eva-
luates the superiority and insufficiency of current safety strat-
egy and points out its potential security threats. Evaluation and
verification are key audit technologies during this phase. Au-
ditors evaluate the matching degree between the methods used
to solve the existing security threats and the internal and exter-
nal security standard. In the audit report, it gives the sugges-
tions for improving, with which the objects of audit can make
suitable improvement. Verification process is mainly for the
data integrity and the consistency of safety strategy and reali-
zation. It tries to find out the items lacking in those strategies
or standards and make supplement in time. In the post-audit
phase, special organizations will deal with the corresponding
problems and make improve on them according to the audit
report given by the auditors.
III. ISSUES AND SOLUTIONS FOR THE APPLICATION OF TPA
As for a system, an independent trusted TPA, which is be-
tween data user and service provider, must have the ability to
deal with some common problems to meet different design
requirements. [14,15] have listed the functions of TPA with an
ideal state theoretically. So, taking both the theoretical and the
practical application into account, the TPA should have the
following five basic functions.
A. protection for data integrity
If users choose cloud storage services, they will expect
much of data security in cloud storage service provider. Then
the cloud storage service provider will customize the service
about privacy of data with the users by SLA and monitor with
TPA during service process. Users expect that it can maintain
data integrity in the audit process such as the service provider
can‟t read or leak any data, and the audit process should not
introduce any new security threats. Traditional encryption
technology is widely used in data privacy protection. Data en-
cryption technology transforms the original information
(known as plaintext) and encryption keys into a completely
random message (known as ciphertext) with encryption algo-
rithm; and that decryption is the reverse process of encryption
[19]. On the other hand, both user and service provider are in
the same network communication environment. So their ex-
changes of information are inevitably confronted with prob-
lems, such as information leakage, traffic analysis, camouflage,
sequential modification and so on [13], so message authentica-
tion done by a trusted TPA is indispensable.
Message authentication is one of the mechanism or service
to verify message integrity [19]. The TPA will confirm that
data received and sent are the same (i.e. no change, insert, de-
lete or replay) by message authentication, and the identity
claimed by the sender is true and valid. For message authenti-
cation, one of the most common cryptographic technologies is
Message Authentication Code (MAC) [15,19]. MAC generates
metadata in fixed length by using encryption key, and sends
message to the receiver with metadata attached to. The receiver
will re-calculate the MAC of receiving data using decryption
key. Comparing the new MAC with the original one, if they are
the same, then the receiver can trust that the message has not
been modified and it is from the real sender. The basic func-
tions of message authentication code are shown in Fig. 1 [19].
222
M ‖
C
M
C(K,M)
C
comparison
K
Source A HostB
(a)message authentication
M ‖
C
EK1
K2E(K2,[M‖C(K1,M)])
D
K2
M
C(K,M)
C
K1
(b)message authentication and confidentiality: authentication with plaintext
M E
K2
‖
C
K1
C(K1,E(K2,M))
E(K2,M)
K1
CD
K2
M
(c)message authentication and confidentiality: authentication with ciphertext
K
comparison
comparison
Figure 1. Usage of MAC
E-encryption, D-decryption, M-message, C-MAC function, K-key
In the audit process of cloud storage, the data user needs to
partition the data file F into blocks bi i ∈ 1, ⋯ , n , and get
the message authentication code δ i = MAC𝑠𝑘 𝑖 b𝑖 for each
block by secret key sk. Used as metadata for auxiliary authori-
zation, collection of message authentication code for each
block δ i 1≤i≤n will be sent to cloud storage service pro-
vider with file blocks. At the same time, the key sk will be sent
to the TPA. According to the method of message authentica-
tion introduced previously, TPA will request randomized block
of data file F and its MAC value bi ,δ i from the service
provider. And then re-calculate MAC value δ i′
of these ran-
domized blocks by key sk, and compare with original data to
achieve the target of audit. The insufficiency of this audit is
[15,20,21]: 1) in the audit process, TPA should request the
user's original data from cloud storage service providers. The
request process may threaten the privacy of user data; 2) TPA
requests randomized data blocks from service providers. The
volume of sample data determines linear communication com-
plexity and computational complexity of the audit process,
resulting in increasing of audit overhead.
In order to prevent the potential threat and linear complex-
ity of requesting service provider for user‟s original data, im-
proved audit method will select a set of keys 𝑠𝑘𝑖 1 ≤ 𝑖 ≤ 𝑛 ,
rather than one single key, when the data users calculate the
MAC values. And then calculate the MAC value set
𝑀𝐴𝐶𝑠𝑘 𝑖 𝐹 1 ≤ 𝑖 ≤ 𝑛 of corresponding file blocks asso-
ciated with these keys. Data file will be sent to cloud storage
service provider, while the set of keys and MAC values will be
sent to the TPA. So the audit process of TPA has been changed
as that TPA provides a single key ski to service provider and
request the new value MAC𝑠𝑘𝑖
′ 𝐹 calculated by the key. It is
only for comparison purpose, so there is no need to require the
original user data from service provider. However, the new
method still has some deficiencies [15,20,21]. The number of
selected keys limits the times of audit to data files. If the keys
are used up in the audit process, users have to request original
data from service providers again, re-calculate and re-distribute
MAC values, which will lead to the increasing of audit over-
head.
B. support for data dynamic
In the process of cloud storage services, users store their
data into the cloud remotely, so researches on security of re-
mote data storage arise and develop rapidly. Literatures
[10,14,15,20,21] have proposed their own security mechanisms.
The object of all these studies is "static data", which can only
be applied in specific situation, such as book information in
library, scientific documents in museum, and so on [22]. But
typically for the log file, it has dynamic characteristic. The user
may add, delete, update or do any other routine operations at
any time. Therefore, TPA must support the dynamic characte-
ristic of the data. And it is able to verify data integrity even
when user data has been changed, which will make it possible
to be used in a wide range of applications.
To support the dynamic characteristics of the data, the most
general way of audit is that the user downloads data files from
the service provider and performs block-level operations on the
data files, then re-calculates authentication information of cor-
responding data blocks. The authentication information is
passed back to TPA, as the new metadata used for the next
verification. But in view of the huge cost of downloading and
re-calculating for users, such methods only have the theoretical
value, which cannot be applied in practice. In [10,23], Ateniese
has proposed formalized model provable data possession (PDP
shown in Fig. 2) to provide authentication between users and
service providers. PDP model uses homomorphic verifiable
tags (HVTs) based on RSA as metadata of authentication. The
verification process relies on a random sampling of data file
blocks to give reasonable probabilistic guarantee. However,
this mechanism limits the operations on data file blocks, and
therefore it can only provide incomplete support for data dy-
namic. And in [22], it has proposed challenge-response proto-
col based on erasure codes technology in distributed applica-
tion environment, which has the same issue.
F
input
client server
generate metadata (m) and
modified file (F') no data processing
m
m
F'
F'
store for the client store for the server
client server
(1)generate random
challenge R (2)compute
proof of
possession P
m
m
F'
P
store for the client store for the server
R
F'
(3)verify server’s
proof
0/1
(a)pre-process
and store
(b)verification
of server
possession
Figure 2. PDP Protocol
Based on the research work of PDP model, Erway [24] has
brought up a dynamic version of PDP model to support data
verification after update dynamically. The audit process uses a
rank-based authenticated skip list to find the data file blocks
and verify its tag information. The correctness of the data
structure has been proved in [25,26], so the correctness about
the audit result can be strictly guaranteed. In DPDP mechanism,
223
update operation of data file has been expanded from the orig-
inal append to arbitrarily insert, delete, and so on in any posi-
tion of data files. Then it can embody the real needs of users
better. Erway‟s research is the first exploration in audit to pro-
vide completely verification for data dynamic. It inspires the
following researches, such as [21], to use the famous data
structure Merkle Hash Tree (MHT) for verification. Data file
blocks are abstracted as MHT‟s leaf nodes. It can effectively
verify the data blocks with both the information of root node
and the auxiliary authentication information of sibling nodes
from leaf to root.
C. support for access control
In addition to integrity authentication and dynamic assur-
ance for data stored by service provider, the users also need a
trusted system to verify their identities and resource access and
usage. So functions of TPA can be expanded based on data
audit, such as increasing access control and identity authentica-
tion mechanisms to monitor users in cloud environment, the-
reby increasing the visibility and reliability of cloud users.
The Trusted Computer System Evaluation Criteria (the
Orange Book) [27] released by U.S. Department of Defense is
the accepted criteria for security classification in computer
system. As one of the main security requirements, access con-
trol mechanism [28] is composed of two important processes:
○1 authentication, to verify the legal status of the subject; ○2authorization, to restrict user level for accessing to resources.
So any illegal, unauthorized data access will be monitored as
problems in the distributed network environment of cloud sto-
rage. For such problems, we can add in the ability of safe net-
work management [29] in TPA mechanisms through identifi-
cation and authorization for users, i.e. identification and au-
thentication before users‟ accessing to system, and authority
control before service invocation. So the process of access
control between data users, TPA and service providers in cloud
storage environments is: ○1 data users and TPA: data users log
into the TPA to complete the identity authentication; TPA cer-
tifies information provided by the users, legitimate users will
be given the rights for accessing; TPA mechanism determines
whether the operation request of the users meet a given per-
mission interval, legal operation request will be sent to storage
service providers. ○2 TPA and storage service providers: if it is
the first time for the TPA to send request to storage service
provider, storage server provider needs to verify the identity of
this TPA to establish a trusted session, and then the related
services will be provided based on the previous trusted session.
For access control mechanism between the three parties in
the cloud storage environment, one well-known authentication
protocol based on symmetric encryption system is Kerberos
[19,30-32], another two are Public Key Infrastructure (PKI)
based on public key encryption system [33] and SESAME [34].
Key distribution center (KDC) is introduced in Kerberos pro-
tocol, as a trusted third party used in user identity verification
process. Data owners only need to provide authentication in-
formation once and then they can get access to various services
by tickets. The shared key between data owners and system
services ensures security of protocol. PKI follows X.509 stan-
dard and use asymmetric cryptographic algorithm theory to
build security infrastructure to provide service to data users.
The core executive component is Certificate Authority (CA),
and its core element is a digital certificate [33]. SESAME is the
abbreviation form of Secure European System for Applications
in a Multi-vendor Environment. It provides distributed access
control mechanism based on more advanced single sign on
function. All of the interactive data between both parties are
dealing with asymmetric encryption approach. The overall
authentication process is similar to the Kerberos protocol.
D. support for batch audit
Application of TPA ensures privacy and integrity of user
data stored in the cloud environment. Cloud storage service is
for the majority of users group, each user may have request of
data security to a TPA after storing data, so TPA must have the
ability to cope with large-scale user requests. Based on the
conventional first come first serve (FCFS) principle, the first
request reaching the TPA is given top priority to be dealt with.
In the process, a new authentication request will be placed in
queue, waiting for the first authentication request to be finished.
However, in some cases, a single user may initiate several au-
thentication requests at the same time, and then execution in
order will lead to waste of time and high cost for calculation.
Batch processing mechanism, gathering all different au-
thentication requests from different users and process at once,
is an effective way that can be used by TPA. Compared to
process in order, the batch system can greatly save time and
reduce audit costs. [24] has brought up concurrent access in
multi-user collaboration in cloud storage [15,20,21]. In the
study of remote storage data security, it also states the issue of
batch process for certification request. The bilinear aggregate
signature technology [35,36] provides great help for study of
this problem.
Signatures signed by different users for different messages
are aggregated into a single signature by bilinear aggregate
signature technology. The effective audit for the aggregated
signature can indicate that all messages are true. As the tech-
nical basis, a bilinear map is a map meet with the following
four properties [37,38]: e ∶ G1 × G2 → GT ,
a) bilinear: ∀u ∈ G1, v ∈ G2, ∀a, b ∈ Z, e ua , vb =e u, v ab ,
b) non-degenerate: e g1, g2 ≠ 1,
c) ∀u1, u2 ∈ G1, ∀v ∈ G2, e u1u2, v = e u1, v e u2, v ,
d) ∀u,vϵG2, e ψ u , v = e ψ v , u ,
where G1 and G2 are two multiplicative cyclic groups of prime
order p; g1 and g2 are generators of G1 and G2 respectively;
ψ:G2 → G1 is a computable isomorphism from G2 to G1 and
with ψ g2 = g1; GT is a target multiplicative cyclic group
with G1 = G2 = GT . Bilinear aggregate signature me-
chanism makes use of a bilinear map on G1 and G2 mentioned
above. Its verification progress is composed of five steps [35]:
224
a) key generation, user randomly picks x ← Zp and uses x
for computing v ← g2x , and then sets v ∈ G2 as user‟s public
key, x ∈ Zp as user‟s secret key.
b) signature, suppose that x is user‟s secret key, M stands for
message, the hash of message can be obtained as h ←H M h ∈ G1
and the signature of message will be σ ←hx σ ∈ G1
.
c) verification, suppose that v is user‟s public key, M stands
for message, signature of the message is σ , verification
progress should check e σ , g2 = e(h, v)︱h ← 𝐻(𝑀)
based on property 1of bilinear maps. If the equation is estab-
lished, it indicates the validity of the signature.
d) aggregation, each user ui provides a signature σiϵG1 on
a message Mi, and then aggregate them by
σ ← σ iki=1 σ ϵG1
. e) aggregate verification, suppose that vi ∈ G2 are all users‟
public keys, Mi stand for all messages, σ is the aggregation
of all messages, now verification progress should check
e σ , g2 = e(hi , vi)︱hi ← 𝐻(𝑀𝑖) based on property 1of
bilinear maps. If the equation is established, it indicates the
validity of the aggregated signature.
E. minimize audit cost
Audit cost must be taken into account while introduction
TPA to cloud storage service. In the audit process, it should
minimize the cost for data user identity authentication, data
encryption and decryption, data transmission bandwidth re-
quirements, I/O cost of data access, and so on. Through effec-
tive measures for cost reduction during the audit, it can in-
crease the confidence of application and attract more users.
[10,20,21,39] point out that if the TPA supports batch audit,
it can shorten audit time and reduce the computational cost for
the TPA. Suppose that the processing time for any request are
the same, for example, it needs to use one unit of time to
process one certification request message, then there will be n
messages for processing: if processing by sequence, it needs to
audit by amount of n units of time; If processing by batch, it
will be far less than n units of time. The reduced time can be
used to process the next batch of request message. Combina-
tion of both batch audit and sequence audit will be the key
point for future research works.
There is limitation on use of bilinear aggregate signature
authentication technology because the establishment of equa-
tion mentioned above is based on the right feedback from ser-
vice provider, even if there is one error feedback massage, it
can lead to failure of certification process. It is common in
practice, such as malicious behavior from service provider,
failure of storage equipment, unsynchronized data updating
and data loss, and so on. Failure of certification is obviously
unable to meet with the requests of users and service providers.
Literature [20] has proposed method of binary search [35,36]
to effectively deal with feedback error in massage. If batch
audit fails, then the feedback massage set will be divided into
two parts to be audited respectively. Whichever set with error
feedbacks in the audit, certification will be proceeded recur-
sively. The analysis in [10,20,21] shows that, in the set of 256
different feedback massages, even the error feedback ratio is
18% , the efficiency of batch audit is still higher than the se-
quence audit. At present, in addition to binary search, there are
many other well-known search methods for dealing with this
problem. Application of those methods and their efficiency will
be our new direction for future research work.
In the above sections we have described the suggested five
basic functions for the application of TPA in detail and the
state of art that fulfills them. However, due to the immature
technical support, many service providers nowadays still evade
the application of TPA through commercial leverage. But from
a long-term point of view, the requirements of data security
and privacy protection are indispensable during the develop-
ment of cloud computing. At the same time, it is important to
achieve the practicality of those techniques described above in
cloud environment. With the help of the practicality, we expect
researchers to devise new technology system in order to deli-
very cloud services more securely.
IV. BRIEF DESCRIPTION OF OUR RESEARCH WORK
For the widespread application of cloud storage service,
two prerequisites are essential. The first one is the availability
of service supply for the end user including large storage space,
reasonable distributed file system, adequate bandwidth and
most importantly the scalability. Now, we have built a service
supply platform based on open source software Eucalyptus in
our research work [40]. Its scalability, storage capacity, net-
work bandwidth and so on are all suitable for the prerequisite
described above. And the second one is the operation simplici-
ty. That means a simple and uniform access interface must be
supplied to the users. For the users, the only thing they should
be focus on is to access services as required without the need to
know how the service is supplied. Users in our campus mostly
only need to storage data in demand and access services se-
curely. They do not concern about the data processing, storage
location and management at the back-end. For all these advan-
tages mentioned above, we have designed a file-sharing system
hosted on the platform using cloud storage. It is mainly used
for convenient storage service supply to the campus.
Typical cloud storage service architecture is composed of
three entities, users, service providers and the TPA. In our
proposed system, students and teachers are the main data pro-
viders and also can be the potential users of data accessing.
High-performance devices, adequate storage spaces and stable
network bandwidth are combining together as the service pro-
vider. But there is no any audit mechanism introduced in the
design to ensure the system‟s own security, reliability and oth-
er issues, which become further improvement of the system.
According to the problems and solutions proposed in section
three, we introduce a TPA mechanism for the file-share system
(as shown in Fig. 3) and try to make audit to both users and
service providers for the sake of system security.
225
The file-sharing system
based on cloud storage
Third-Party Audit
Platform based on
Eucalyptus(Walrus)
Auth
enti
cati
on
/
Auth
ori
zati
on R
esp
onse
Data
for
publi
c a
udit
Request
/Send
chal
Figure 3. Our proposed architecture with TPA
Our experiments are conducted using Java on a system with
an Intel Pentium Dual processor running at 1.6 GHz, 3072 MB
RAM, and a 7200 RPM Western Digital 160GB serial ATA
drive. The general scheme of our proposed mechanism is as
follows:
1) Design of the file-sharing system, including basic file
uploading, downloading and public sharing. Besides, the
application interfaces that toward both the TPA and the storage
provider are provided for the implementation of system‟s new
function.Through these APIs, users can get their requirements
directly, and moreover, they can customize the functions of the
system by themselves.
2) Design of TPA services, including basic mechanism of
data integrity audit and data operation support such as insertion,
deletion and modification. At the same time, authentication
with access control will be added in order to extend audit
function. The functional modules of TPA can also be called or
modified for secondary development.
3) Users and the TPA make use of authentication protocol
for communication. Through communication, users register
into the system and get their keys and digital certificates. all
these processes aim to make sure the validity of users and
restrain their accessing.
4) The authenticated users require storage services to the
service providers.
5) The authenticated users require data verification from
the TPA. And the TPA provide data integrity and dynamic
verification through principles similar to the PDP mechanism
[10].
6) The authenticated users ask for load monitoring of the
storage system from the TPA. So there will be some reasonable
reputation mechanisms established in order to evaluate the
service levels of the system.
As to authentication, we use a RSA-based instantiation that
offers authentication for certain users or service providers. At
the beginning, user creates a pair of RSA-based pku and sku for
himself and requests for registration. TPA listens for the re-
quest and replies to the user with its pktpa. After receiving
TPA‟s pk, user encrypts his pku with pktpa and sends the en-
crypted E(pktpa, pku) back to TPA. TPA use D(sktpa, pku) to get
and store user‟s pk, which will be used for identifying user‟s
verification request later. Then, a unique ID is designated to the
user by TPA through E(sktpa, IDu). While user has got pktpa, he
can receive and store his IDu for the next session. The proce-
dure between TPA and service providers is the same as that
described above. As to the functions of TPA, the most repre-
sentative example is the MHT construction for dynamic cha-
racteristics of data. As described in section III, MHT is a
proved structure to efficiently and securely check that the ele-
ments are undamaged and unaltered. So, for the sake of effi-
ciency and security, we leverage the APIs of Qilin Crypto SDK
[41] and jPBC (Java Pairing Based Cryptography Library) [42],
which are open-source Java SDKs for rapid prototyping of
cryptographic protocols, for tree‟s construction and data
processing implementation. In order to uniquely determine the
sequence of file blocks represented as leaf nodes of the span-
ning tree, we adjust its structure to make the leaf nodes as the
left-to-right ascending sequence, so any operations on leaf
nodes can still keep the sequence. Based on MHT, we devise
the dynamic operation interfaces and then verify their correct-
ness. These devised APIs meet our demands and will be im-
proved when new requirements establish. The experiments are
mainly designed for subfunction realization of our proposed
audit mechanism. With the help of them, we can check the
users‟ identities and make data verification based on legal users‟
requests. All these experimental results will be included in our
system in the future for its integrity.
V. CONCLUSION AND FUTURE WORK
As the development of cloud computing is on a roll, secu-
rity issues become more and more important. This paper main-
ly focuses on the in-depth study of TPA mechanism and dis-
cussing the solutions by reviewing sorts of problems during the
process of cloud computing services provision and finding out
the deficiencies of the traditional strategy used in data transfer
and storage, also in data audit and risk prevention. Recurring
problems during the development process bring in crisis of
confidence to cloud computing. The application of cloud com-
puting services will be obstructed due to the lack of necessary
reliability which is the key point of promoting the cloud com-
puting services. The essence of the cloud computing security
issues indicates that it is absolutely necessary to introduce a
TPA mechanism for ensuring data security and the reliability
of cloud computing services. Inspired by the researches, we
propose an idea of bringing in the TPA mechanism into the
file-sharing system and analyze the reliability of the system.
We are motivated by the feasibility of bringing in the TPA
mechanism. The next stage is to complete the file-sharing sys-
tem with the TPA model supplemented to meet with the typical
architecture of cloud storage services. We prospect to perform
correct evaluation on the aspects of system performance, secu-
rity and so on with campus-based storage case and even with a
larger storage case. Cloud computing security issues have
brought us with great opportunity and challenges. And the con-
tinuous development of cloud computing techniques will be
bound to give promotion for the future research works.
REFERENCE
226
[1] P. Mell and T. Grance, “Draft NIST Working Definition of Cloud
Computing,” National Institude of Standtard and Technology, 2009.
[2] M. Armbrust et al., “Above the Clouds: A Berkeley View of Cloud
Computing,” Univ. California, Berkeley, Tech. Rep. UCBEECS-2009-28, Feb.
2009.
[3] http://www.cloudcomputing-china.cn/
[4] ChenK and Zheng WM, “CloudComputing: System instances and current
research”, Journal of Software, Vol.20(5):1337-1348, 2009.
[5] Feng DG, Zhang M, Zhang Y, Xu Z, “Study on cloud computing security”,
Jounal of Software, Vol.22(1):71-83, 2011.
[6] Amazon.com, “Amazon s3 Availability Event: July 20, 2008,” July 2008;
http://status.aws.amazon.com/s3-20080720.html
[7] M. Arrington, “Gmail Disaster: Reports of Mass Email Deletions,” Dec.
2006.
[8] http://www.reuters.com/article/idUS188745639320100824
[9] M. Krigsman, “Apple‟s MobileMe Experiences Post-Launch Pain,” July
2008; http://blogs.zdnet.com/projectfailures/?p=908
[10] G. Ateniese et al., “Provable Data Possession at Untrusted Stores,” Proc.
ACM CCS „07, Oct. 2007, pp. 598–609.
[11]Jon Brodkin Gartner:Seven cloud-computing security risks[EB/OL],2009.
[12] Weili Huang, Jian Yang. “New Network Security Based on Cloud
Computing,” In Proceeding of the Second International Workshop on
Education Technology and Computer Science, ETCS 2010, March 2010, pp.
604-609.
[13] Craig Gentry. “Fully Homomorphic Encryption Using Ideal Lattices,” In
Proceedings of the Annual ACM Symposium on Theory of Computing,
STOC'09, May 2009, pp.169-178.
[14] M. A. Shah, M. Baker, J. C. Mogul, and R. Swaminathan, “Auditing to
keep online storage services honest,” in Proc. of HotOS‟07. Berkeley, CA,
USA: USENIX Association, 2007, pp. 1–6.
[15] Cong Wang, Kui Ren, Wenjing Lou and Jin Li. “Toward publicly
auditable secure cloud data storage services”, IEEE Network, v 24, n 4, p
19-24, July-August 2010.
[16] M. Baker, M. Shah, D.S.H. Rosenthal, et al., “A Fresh Look at the
Reliability of Long-term Digital Storage,” in Proceeding of the 1st ACM
SIGOPS/EuroSys‟06, Vol.40 Issue 4, Oct 2006.
[17] D. Forte, “security audits in mixed environments,” Network Security,
2009(3):17-19.
[18] Huddleston R.L. Jr., Crow D.R., “A second set of eyes – The benefits
of a third party audit,” in Proceeding of PCIC‟03, Sept 2003, pp:15-17.
[19] William Stallings, “Cryptography and Network Security:Principles and
Practices, Fourth Edition[M],” Prentice Hall, 2005..
[20] C. Wang et al., “Privacy-Preserving Public Auditing for Storage Security
in Cloud Computing,” Proc. IEEE INFOCOM‟10, Mar. 2010.
[21] Q. Wang et al., “Enabling Public Verifiability and Data Dynamics for
Storage Security in Cloud Computing,” Proc. ESORICS „09, Sept. 2009, pp.
355–70.
[22] C. Wang, Q. Wang, K. Ren, and W. Lou, “Ensuring data storage security
in cloud computing,” in Proc. of IWQoS‟09, Charleston, South Carolina, USA,
2009.
[23] G. Ateniese et al., “Scalable and efficient provable data possession,” In
Proceedings of the 4th International Conference on Security and Privacy in
Communication Networks, SecureComm'08, Sept 2008.
[24] C. Erway et al., “Dynamic provable data possession,” In Proceedings of
the 16th ACM Conference on Computer and Communications Security,
CCS'09, Nov 2009, pp.213-222.
[25] W. Pugh. “Skip lists: A probabilistic alternative to balanced trees,”
Commun. ACM, 33(6):668–676, 1990.
[26] M. T. Goodrich, R. Tamassia, and A. Schwerin. “Implementation of an
authenticated dictionary with skip lists and commutative hashing,” In
DISCEX II, pp. 68–82, 2001.
[27] DoD 5200.28-STD, National Computer Security Center, “Department of
Defense Trusted Computer System Evaluation Criteria,” Dec 1985.
[28] Lnadwehr CE, “Formal models for computer security,” ACM Computing
Surveys, 1981,13 (3) :247-278.
[29] Wang Wei, Wu Yu-hong, Ma Wen-ping, “access control in distributed
network management system,” computer simulation, Vol.22, No.1, Jan 2005.
[30] Miller S., Neuman B., Schiller J., and Saltzer J., “Kerberos
Authentication and Authorization System,” Section E.2.1, Project Athena
Technical Plan, MIT Project Athena, Cambridge, MA. 27 October 1988.
[31] Steiner J., Neuman C., and Schiller J., “Kerberos: An Authentication
Service for Open Networked Systems,” Proceedings of the Winter 1988
USENIX Conference, Feb 1988.
[32] J. Kohl, B. Neuman, T. Ts‟o, “The Evolution of the Kerberos
Authentication Service,” Distributed Open Systems, IEEE Computer Society
Press,1994.
[33] Guan ZS, “public key infrastructure PKI and its application[M],”
Publishing House of Electronics Industry, 2008.
[34] P. Ashley, M. Vandenwauver, “Practical Intranet Security: Overview of
the State of the Art and Available Technologies,” Kluwer Academic
Publishers, Jan 1999.
[35] D. Boneh et al., “Aggregate and Verifiably Encrypted Signatures from
Bilinear Maps,” Proc. EuroCrypt „03, LNCS, vol. 2656, May 2003, pp.
416–432.
[36] Li Meng-dong, Yang Yi-xian, Ma Chun-guang, Cai Man-chun, “A
scheme of fair exchange of signatures based on bilinear aggregate signatures,”
Journal of China Institute of Communications, Vol.25, No.12, Dec 2004.
[37] A. L. Ferrara, M. Greeny, S. Hohenberger, and M. Pedersen, “Practical
short signature batch verification,” in Proceedings of CT-RSA, volume 5473
of LNCS. Springer-Verlag, 2009, pp. 309–324.
[38] Cormen T. H., “Introduction to algorithm[M],” Beijing:Higher Education
Press, 2002.
[39] C. Cachin, I. Keidar, A. Shraer. “Trusting the cloud,” ACM SIGACT
News, Vol.40, No.2, June 2009.
[40] Shupeng Li, Jing Li, Ling Li, and Ryan Wu, “CStorage: A Cloud Storage
Management System For USTC Campus”, in Proceeding of 3rd IEEE
International Conference on Computer Science and Information Technology,
ICCSIT 2010, July 2010, pp. 446-449.
[41] http://qilin.seas.harvard.edu/
[42] http://libeccio.dia.unisa.it/projects/jpbc/
227