research article a secure and efficient audit mechanism...

Research ArticleA Secure and Efficient Audit Mechanism for Dynamic SharedData in Cloud Storage

Ohmin Kwon Dongyoung Koo Yongjoo Shin and Hyunsoo Yoon

Department of Computer Science Korea Advanced Institute of Science and Technology (KAIST) Daejeon 305-701 Republic of Korea

Correspondence should be addressed to Dongyoung Koo dykoonslabkaistackr

Received 29 January 2014 Accepted 26 February 2014 Published 12 May 2014

Academic Editors Y Pan and J J Park

Copyright copy 2014 Ohmin Kwon et al This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

With popularization of cloud services multiple users easily share and update their data through cloud storage For data integrityand consistency in the cloud storage the audit mechanisms were proposed However existing approaches have some securityvulnerabilities and require a lot of computational overheads This paper proposes a secure and efficient audit mechanism fordynamic shared data in cloud storageThe proposed scheme prevents a malicious cloud service provider from deceiving an auditorMoreover it devises a new index table management method and reduces the auditing cost by employing less complex operationsWe prove the resistance against some attacks and show less computation cost and shorter time for auditing when compared withconventional approaches The results present that the proposed scheme is secure and efficient for cloud storage services managingdynamic shared data

1 Introduction

Cloud computing is a promising paradigm to create vari-ous computing environments such as [1ndash3] Cloud serviceprovider (CSP) allows network-connected users to make useof computing resources in a remote location As the usage ofcloud service matures users try to share their data in cloudstorage and process the data efficiently at a low cost [3ndash5]Although several CSPs such as Google [6] and Amazon [7]support computing environments for shared data integrity ofoutsourced data is hard to be guaranteed Due to the lack oftransparency users delegate the control for datamanagementto the third-party CSP but there is no way for users to benoticed about data loss or modification occurred at the cloudstorage In addition for the reputation of the cloud serviceCSPs are reluctant to reveal data inconsistency caused byexternal threats softwarehardware failures inside attacksand so on Therefore audit mechanisms are required forverifying consistent data management in the cloud storage

There are several studies verifying integrity of outsourceddata at untrusted storages [8ndash18] Most of them [8ndash14] areyet to consider a situation where the same data is sharedby multiple users In these approaches only a single user

is allowed to update his own data And he can audit thedata either by himself [8 9 13] or with assistance from athird-party auditor (TPA) [10ndash12 14] Recent studies [16ndash18]consider audit for shared data but they only support a limitednumber of data updates In addition the CSP can cheat oncensorship in these schemes since an index table used forverification is managed only by the CSP One way to preventsuch a cheat is to make users and the TPA also maintain theindex table Owing to storage and synchronization overheadhowever it might cause a significant delay and degrade thequality of service (QoS) as the number of data updatesincreases

In order to design a secure and efficient audit mechanismfor dynamic shared data in cloud storage aforementionedchallenges should be efficiently addressed In other words thescheme must guarantee the following properties

(1) Audit for Outsourced Data The TPA is able to checkthe integrity of outsourced data without retrieving alldata contents

(2) SharedDynamicData Users are allowed to outsourceshare insert delete or modify their data contentswithout restriction

Hindawi Publishing Corporatione Scientific World JournalVolume 2014 Article ID 820391 10 pageshttpdxdoiorg1011552014820391

2 The Scientific World Journal

(3) Efficiency Computational overhead for data out-sourcing and update at users side as well as the onesfor auditing at the TPA should be low

(4) Soundness The CSP is not allowed to deceive users orthe TPA into passing a censorship of damaged datacontents

We propose an audit mechanism satisfying the aboverequirements by utilizing aggregate signature [19] and sampleauditing [8] For data integrity and consistency the TPAmanages an index table and the CSP keeps renewing anidentifier for data update In addition the audit mechanismprovides efficiency to users and the TPA through makingthe auditing operations simple Specially in this paper weconsider forge attack and replace attack as regards soundnessfor the sake of secure audit These attacks are described in[20] and they can be summarized as follows Forge attack is anattack to forge a verifying term for a data content which wasnot actually outsourced by users Replace attack is an attackto pass a censorship by choosing another data content forverification in place of the damaged data content

The rest of this paper is organized as follows In Section 2we introduce related works about auditing data in the cloudstorage In Section 3 issues about index table managementare described depending on which entity manages it InSection 4 we present methods for our audit mechanism InSection 5 preliminaries used in our work are briefly intro-duced In Section 6 a secure and efficient audit mechanismfor dynamic shared data is presented In Section 7 security ofthe proposed scheme is analyzed In Section 8 performanceevaluations and experimental results show efficiency of ourmechanism Finally we conclude our work in Section 9

2 Related Work

Ateniese et al firstly introduced the notion of provable datapossession (PDP) in [8] for integrity check of outsourceddata in untrusted storage They could achieve efficient auditwith high probability of detection by sampling randomblocksfrom outsourced data instead of downloading the entiredata Since the original PDP does not consider dynamicdata a user should download the whole data and regeneratemetadata for verification whenever there is a modificationof the outsourced data To provide audit for dynamic datawithout retrieving entire data subsequent works adoptedauthenticated data structures such as skip list Merkle treeor index tables [9 12 14ndash18] Erway et al [9] proposeddynamic provable data possession (DPDP) based on rank-based authenticated skip list and Wang et al [12] presented amechanism by exploiting Merkle tree Both schemes requirereconstruction of the authenticated data structure when thecorresponding data is updated Another data structure calledindex table was introduced to handle data updates moreefficiently by keeping unique identifier for each data block[14ndash18]

It is also notable that outsourced data should be auditedperiodically for verifying consistent data management Ded-icated to this purpose TPAs can be delegated by usersfor auditing outsourced data in privacy-preserving manner

Privacy preservation means that the TPA cannot learn anyinformation about the data during audit process It wasachieved through the methods of random masking [11] andbilinear map [14]

3 Index Table Management

Previous works [14ndash18] utilized an index table for efficientdata updates It is composed of indices which representthe sequences of data blocks and identifiers The identifierwhich is used in tag (tag is a verifying term stored withdata in the cloud storage and has consistency with a datablock) generation and verification is a number identifyingeach data block It should be defined in order to keep theinitial value in all circumstances Otherwise a user repeatsfollowing operations whenever identifiers of data blocks inthe cloud storage are changed The user downloads datablocks which have changed identifiers regenerates tags ofthem and uploads the tags to the cloud storage

In this section we look into security issues and updateflows depending on which entity manages an index table Atthe security aspect we check the possibility of forge attackand replace attack Then we describe communication flowsfor getting an identifier of new data block when a user tries toupdate

31 Management by the CSP When the CSP onlymanages anindex table users and the TPA do not have any informationabout identifiers of data blocks which are already uploadedand will be updated As illustrated in Figure 1 the userrequests an identifier of new data block to the CSP when hetries to update In this environment the CSP can forge tagsof data blocks which users have not uploaded It transmits anidentifier already existed in the index table then obtains tagswhich are of different data blocks but have same identifierIt can learn meaningful information for forgery throughcombination of these data blocks and tags

Since the TPA needs identifiers of challenged data blockswhen verifying it receives a proof that includes the identifiersfrom the CSP [16ndash18] However the TPA cannot distinguishthem from the challenged ones because it does not maintainan index table Therefore if challenged data blocks aremodified or deleted the CSP can replace them with otherundamaged data blocks

32 Management by the TPA One simple way to preventthe forge attack and replace attack in the above case is thatthe TPA manages an index table [15] Even though the CSPtries to launch a forge attack by exploiting a collision ofidentifiers it is impossible because the CSP has no knowledgeof identifiers In addition a replace attack can be detectedeasily because the TPA knows identifiers of challenged datablocks through the index table

Figure 2 shows that the TPA participates in the updateprocess and a user who tries to update cannot generate a tagfor new data block without a reception of new identifier fromthe TPA Accordingly update process can be delayed when

The Scientific World Journal 3

TPA Users CSP

Request new identifier

Index table (IT)Index

1

2

middot middot middot middot middot middot

n

Identifier

Generate

id1

id2

idn

New identifier id998400i

tag 120590998400i

Update data m998400i and tag 120590998400

i

u1 uk ud

Figure 1 Data update flows when the only CSP manages an indextable


tag 120590998400i

Update data m998400i

and tag 120590998400i

TPA Users CSP


Update report

Generate


1

2


n

Identifierid1

id2

idn

u1 uk ud

Figure 2 Data update flows when the only TPA manages an indextable

the TPA is on sleep or suffers from bottleneck caused by alarge number of requests from users

33 Management by Both the TPA and Users Delays ofupdate process can be removed through managing an indextable by a user directly [14] Generally it is suitable for asituation where data is not shared However it has a problemabout synchronization of index tables because the indextables are managed separately by each individual user whoshares the data If they are not synchronized identifiersgenerated by other users can have same value then the CSPcan exploit forge attack or replace attack by using such tagsgenerated by the same identifiers

Broadcasting update information after a user finisheddata update is a solution for synchronization as shown inFigure 3 However it requires all users to always wake upOtherwise the users need to request the information forsynchronization but cannot easily determine who has thenewest index table Although the users can request it to theTPA this is not different from a previous way that the onlyTPA manages an index table

TPA Users CSP

Synchronize index tables of TPAand users after data update

Generatetag 120590998400

i


1

2


n

Identifierid1

id2

idn


and tag 120590998400i

u1 uj uk ud

Figure 3 Data update flows when the TPA and users manage anindex table together

4 Methods

In this section we present methods for a secure and efficientaudit mechanism for shared dynamic data

41 System Model Our system model for auditing mecha-nism is illustrated in Figure 4There are four entities CSP ini-tial uploader users and TPA The CSP provides a large-scalestorage for shared data to users It should process requestsfrom authorized users and respond to every challenge fromthe TPA An initial uploader uploads data to cloud storagefirstly and forms a group of users who share the data togetherUsers in the group are able to access and update shared datain the cloud storage Both an initial uploader and the usersare able to audit shared data in cloud storage via the TPAdelegated by the initial uploader

42 Secure and Efficient Index Table Management We pro-pose a secure and efficient index table management thatis used for our audit mechanism As mentioned in theprevious section a TPA must manage an index table toprevent forge attack and replace attack However delay andsynchronization problems can be caused when the indextable is managed by the only TPA or each user To solvethese problems it is required that a user who tries to updateobtains an identifier from the CSP as described in Figure 5Consequently a way that the TPA manages an index tableand the CSP keeps renewing an identifier for new data blocksatisfies security and efficiency

43 Identifier Definition for Dynamic Data Changing iden-tifiers of data blocks by update process causes repetitivetasks to usersThey download the corresponding data blocksregenerate tags to apply the modified identifiers and uploadthe tags again to cloud storage Our mechanism removesthese repetitive tasks by defining the identifier as an uploadsequence of the data block If an update of data block happensthen new identifier is assigned as the upload sequence fromthe CSP


(1) D

elegat

ion of

auditin

g

for share

d data

(2) A

uditing r

equest

(5) A

uditing r

eport

(3) Challenge for auditing

(4) Response for proof

Initial uploader

Group

Data flow

CSP

TPA

Data

Tag

m1 m2 mnmiddot middot middot

1205901 1205902 middot middot middot 120590nmiddot middot middot middot middot middot

Manage users in group

Figure 4 Our system model for auditing mechanism


1

2


n

Identifier

TPA Users CSP

Request new

Update report

Identifier id998400

Renewidentifier id998400

identifier

Generate

id1

id2

idn


tag 120590998400i


and tag 120590998400i

u1 uk ud

Figure 5 Data update flows in the proposed mechanism

44 Simple Operations for Audit Mechanism Conventionalapproaches employ relatively complex operations for auditmechanism It may causemore delay time and computationaloverhead for tag generation and verification For efficiencyof audit mechanism the proposed scheme utilizes simpleoperations in the data integrity check Moreover because itcan reduce delay time and computational overhead throughlight-weight operations the QoS of the cloud storage serviceis improved

5 Preliminaries

In this section cryptographic backgrounds for the proposedscheme are briefly introduced

51 Bilinear Map Let 1198661and 119866

2be multiplicative cyclic

groups of prime order 119901 and let 119892 be a generator of 1198661 Then

a bilinear map 119890 satisfies the following properties

(1) Bilinearity for any 119906 V isin 1198661 and 119886 119887 isin 119885

119901

119890(119906119886 V119887) = 119890(119906 V)119886119887

(2) Nondegeneracy 119890(119892 119892) = 1(3) Computability there exists an efficiently computable

algorithm 119890 satisfying the above properties such that119890 1198661times 1198661rarr 1198662

52 Pseudorandom Permutation Let 119865 0 1119899times 0 1

119899rarr

0 1119899 be an efficiently computable keyed permutation for

positive integer 119899 We say that 119865 is a pseudorandom per-mutation if there exists a negligible function negl for anyprobabilistic polynomial-time distinguisher119863 such that

10038161003816100381610038161003816Pr [119863119865119896(sdot) (1119899) = 1] minus Pr [119863119891(sdot) (1119899) = 1]

10038161003816100381610038161003816le negl (119899) (1)

where 119896$larr 0 1

119899 is a permutation key chosen uniformly atrandom and 119891 is a real-random permutation

53 Discrete Logarithm (DL) Assumption Discrete logarithm(DL) problem is to compute 119886 isin 119885

119901 given 119892 isin 119866

1and 119892

119886isin

1198661 The DL assumption holds in 119866

1if it is computationally

infeasible to solve DL problem in 1198661

6 The Proposed Scheme

In this section we present a secure and efficient audit mech-anism supporting dynamic updates of shared data Whencloud storage service initiates a CSP generates public param-eters for system and publicizes them An initial uploadergenerates secret components and public components used intag generation and verification He divides data into blocksand generates tags for each data blockThen he uploads them


to the cloud storage and deletes them in his local storageTo share the data with other users he needs to deliver secretcomponents for tag generation In addition he can delegateauditing processes to a TPA by delivering a part of secretcomponents for verification

When a user tries to update a new data block he receivesan identifier from the CSP generates a tag for the data blockand uploads them After update is finished the user reportsupdate information to the TPA Then the TPA updates anindex table following the update information And the CSPrenews the identifier as next upload sequence for next update

The TPA maintains the newest index table that keepstrack of upload sequence of data blocks The TPA makes achallenge derived from the index table and transmits it to theCSP periodically or when a user wantsThe CSP who receivesthe challenge makes a proof and responds to it Then theTPA checks whether outsourced data is damaged or not byverifying the proof with the challenge

61 Definition The proposed scheme Π is composed of thefollowing eight algorithms such as Π = 119878119890119905119906119901119870119890119910119866119890119899

119879119886119892119866119890119899 119879119886119892119866119890119899119880119901 119868119879119880119901 119862ℎ119886119897119866119890119899 119875119903119900119900119891119866119890119899 119881119890119903119894119891119910

119878119890119905119906119901(120574) rarr 119901119886119903119886119898 On security parameter 120574 the CSPgenerates and publicizes public parameters 119901119886119903119886119898

119870119890119910119866119890119899(119901119886119903119886119898) rarr (119892119898119904119896 119892119904119896 119892119886119896 119892119901119896) An initialuploader takes public parameter 119901119886119903119886119898 as input and outputsgroupmaster key 119892119898119904119896 group secret key 119892119904119896 group auditingkey 119892119886119896 and group public key 119892119901119896 Group master key 119892119898119904119896

is kept secret Group secret key 119892119904119896 = 1198921199041198961 1198921199041198962 and group

auditing key 119892119886119896 are used in tag generation Group public key119892119901119896 = 119892119901119896

1 1198921199011198962 is used for verification of data integrity

along with group auditing key 119892119886119896

119879119886119892119866119890119899(119872 119892119904119896 119892119886119896) rarr 120590 On uploading data 119872 to thecloud storage the initial uploader divides the data into blocksand generates a set of tags 120590 using 119892119904119896 and 119892119886119896 Eachcomponent of 120590 is a tag of the corresponding data block in119872 such that 120590 = 120590

1 120590

119899

119879119886119892119866119890119899119880119901(1198981015840

119894 119892119904119896 119892119886119896 id1015840

119894) rarr 120590

1015840

119894 When a user tries to

update a data block 1198981015840

119894 he generates a new tag 120590

1015840

119894using 119892119904119896

119892119886119896 and new identifier id1015840119894received from the CSP

119868119879119880119901(119880type 119880index 119880id iT) rarr iT1015840 This algorithm takesupdate information and current index table iT as inputand outputs new index table iT1015840 The update informationincludes three elements119880type 119880index and119880id119880type representsan update type which can be either insertion modificationor deletion 119880index is the index of the data block to beupdated and 119880id is a newly assigned unique identifier usedin 119879119886119892119866119890119899119880119901 for the data block

119862ℎ119886119897119866119890119899(iT) rarr 119888ℎ119886119897 This algorithm generates a challeng-ing query 119888ℎ119886119897 = 119897 119903

119897119897isin119871

for randomly selected blocks TheTPA chooses random indices 119871 from the index table iT andgenerates random values 119903

119897119897isin119871

119875119903119900119900119891119866119890119899(119872 120590 119888ℎ119886119897 119892119901119896) rarr (120572 120573) The CSP generates aproof (120572 120573) for a challenge from the TPA 120572 is derived fromoutsourced data blocks 119898

119897119897isin119871

119903119897119897isin119871

and 119892119901119896 while 120573 iscomputed from tags 120590

119897119897isin119871

and 119903119897119897isin119871

119881119890119903119894119891119910(119888ℎ119886119897 iT (120572 120573) 119892119901119896 119892119886119896) rarr 119879119903119906119890119865119886119897119904119890 This algo-rithm verifies consistency of the proof generated by the CSPfor the given challenge If they are consistent it outputs119879119903119906119890Otherwise it outputs 119865119886119897119904119890

62 Construction Let 1198661 1198662be multiplicative cyclic groups

of prime order 119901 let 119892 be a generator of1198661 let 119890 119866

1times1198661rarr

1198662be a bilinear map and let 119865 0 1

log119901times 0 1

log119901rarr

0 1log119901 be a pseudorandom permutation We consider data

119872 is divided into 119899 blocks as 119872 = (1198981 119898

119899) and each

data block119898119894= (1198981198941 119898

119894119904) contains 119904 sectors of 119885

119901

621 Setup When cloud storage service initiates the CSPchooses two groups 119866

1 1198662with 119892 for a bilinear map 119890

by running 119878119890119905119906119901 algorithm and publicizes 119901119886119903119886119898 =

(1198661 1198662 119901 119892 119890) to users and the TPA

622 Upload for Data Sharing An initial uploader 1199061 runs

119870119890119910119866119890119899 algorithm It first chooses (119904 + 2) random values119892119898119904119896 = 119886 isin 119885

lowast

119901 119892119886119896 = 119887 isin 119885

119901 and 119892119904119896

2= 119892119904119896

2119895=

119888119895isin 119885119901119895isin[1119904]

and computes 1198921199041198961

= 1198921119886

1198921199011198961

= 119892119886 and

1198921199011198962

= 1198921199011198962119895

= 119892119888119895119895isin[1119904]

Then by running 119879119886119892119866119890119899 1199061

generates corresponding tags such as

120590119894= (119892119904119896

1)119865119892119886119896(119894) +sum119895isin[1119904] 1198921199041198962119895 sdot119898119894119895 (2)

for 1 le 119894 le 119899 1199061uploads (119872 120590) to the cloud storage and

deletes them from his local storage When the CSP receivesfresh data from the initial uploader it saves an identifier id1015840 =119899+1 for the next upload sequence To share data119872with otherusers 119906

1delivers group secret key 119892119904119896 and group auditing key

119892119886119896 to them

623 Delegation of Audit The initial uploader 1199061delegates

audit for shared data to the TPA by delivering a groupauditing key 119892119886119896 In addition 119906

1notifies the number of data

blocks 119899 for the TPA to correctly generate an initial indextable for 119872 In other words the TPA creates an index tablewhich includes identifiers defined as block sequences initially

624 Data Update In the proposed scheme any user 119906119896in

the group which shares data 119872 is allowed to modify insertor delete data119872 in the cloud storage

If 119906119896tries to modify 119894-th block 119898

119894 119906119896first receives a new

identifier from theCSP as illustrated in Figure 5On receipt ofthe identifier id1015840

119894 119906119896computes a tag 120590

1015840

119894for updated data block

1198981015840

119894by running 119879119886119892119866119890119899119880119901 algorithm as follows

1205901015840

119894= (119892119904119896

1)119865119892119886119896(id

1015840

119894) +sum119895isin[1119904]1198921199041198962119895 sdot119898

1015840

119894119895 (3)

Then 119906119896sends (119880type =

1015840 119880index = 119894 119880id = id1015840

119894) along

with (1198981015840

119894 1205901015840

119894) to the CSP where

1015840 stands for modification


Initial next identifierid998400 = n + 1

(UtypeUindex = 2Uid = n + 1)


(UtypeUindex = 3Uid = 0)

Next identifierid998400 = n + 2



n + 1

n + 1

n + 1

n + 1

n + 2m998400

2

1205909984002

m9984002

1205909984002

m9984002

1205909984002

m9984003

1205909984003

m9984002 120590998400

2

m9984003

1205909984003

(a) State after initial upload (b) State after modification of m2

(c) State after insertion of m9984003(d) State after the deletion of m998400

3

Data

Tag

Initial index table (IT)


123

1

3middot middot middot middot middot middotn n

Identifier


123

1


IdentifierIndex12 23

1


Identifier


1234

1

3middot middot middot middot middot middot

n

Identifier

Data

Tag

m1 m2 m3 mnmiddot middot middot

1205901 1205902 1205903 middot middot middot 120590n


1205901 1205903 middot middot middot 120590n

Data

Tag


1205901 1205903

m3

1205903

middot middot middot 120590n

Data

Tag

m1 mnmiddot middot middot

1205901 middot middot middot 120590n

TPA CSP TPA CSP

TPA CSPTPA CSP

= M998400

= D998400

= I998400

Figure 6 Examples of data update

The CSP can update the data block in the cloud storage byreplacement of (119898

119894 120590119894) with (119898

1015840

119894 1205901015840

119894) uploaded by 119906

119896

For the case of insertion 119906119896makes a tag 120590

1015840

119894for newly

created data block 1198981015840

119894by running 119879119886119892119866119890119899119880119901 algorithm and

sends (119880type = 1015840 119880index = 119894 119880id = id1015840

119894) along with (119898

1015840

119894 1205901015840

119894) to

the CSPWhen 119906

119896wants to delete data block in the cloud storage

119906119896sends (119880type =

1015840 119880index = 119894 119880id = 0) to the CSP

and allows the CSP to delete the corresponding data blockfrom the cloud storage In this case 119906

119896does not need to

request a new identifier Therefore we set the value of 119880id byzero

After update is finished 119906119896delivers update information

(119880type 119880index 119880id) to the TPA for consistent audit for updatedshared data in the cloud storage Then the TPA updates theindex table managed by itself according to the informationby running 119868119879119880119901 When 119880type =

1015840 it changes the 119880index-th identifier to 119880id When 119880type =

1015840 the TPA inserts 119880idjust before the 119880index-th field while it removes the 119880index-th field from the index table if 119880type =

1015840 Through thisnotification of data updates the TPA can detect maliciousbehaviors of theCSP In other words the CSP cannot transmitpreviously used identifier in order to exploit forge attack andreplace attack Simple examples of data update are depicted inFigure 6

625 Audit for Outsourced Data For the TPA to checkintegrity of outsourced data it engages in challenge-responseprotocol with the CSPTheTPA first chooses a random subset119871 of indices from the index table and generates randomvalues119903119897

isin 119885lowast

119901119897isin119871

by running 119862ℎ119886119897119866119890119899 algorithm The 119888ℎ119886119897 =

119897 119903119897119897isin119871

is transmitted to the CSP and the CSP generates

a proof (120572 120573) for the challenge 119888ℎ119886119897 by running 119875119903119900119900119891119866119890119899

algorithm as follows

120572 = prod

119895isin[1119904]

119892119901119896sum119897isin119871119903119897sdot119898119897119895

2119895

120573 = prod

119897isin119871

120590119903119897

119897

(4)

After receiving the proof (120572 120573) as a response of thechallenge the TPA verifies it by running 119881119890119903119894119891119910 algorithm asfollows

119890 (119892sum119897isin119871119903119897 sdot119865119892119886119896(id119897) sdot 120572 119892) =

119890 (120573 119892119901119896

1) (5)

If (5) holds then the TPA returns 119879119903119906119890 and returns 119865119886119897119904119890otherwise

7 Security Analysis

In this section we show that the proposed scheme is correctand resistant against forge attack and replace attack

Theorem 1 Π provides correctness to the TPA during audit-ing outsourced data

Proof Correctness of Π is achieved by exploiting bilinearproperty of the bilinear map Left-hand side (LHS) of (5)expands as follows

LHS = 119890(119892sum119897isin119871119903119897sdot119865119892119886119896(id119897) sdot prod

119895isin[1119904]

1198921198921199041198962119895 sdotsum119897isin119871 119903119897 sdot119898119897119895 119892)


= 119890 (119892sum119897isin119871119903119897 sdot119865119892119886119896(id119897)+sum119895isin[1119904](1198921199041198962119895 sdotsum119897isin119871 119903119897sdot119898119897119895) 119892)

= 119890(119892 119892)sum119897isin119871(119903119897 sdot119865119892119886119896(id119897)+119903119897 sdotsum119895isin[1119904] 1198921199041198962119895 sdot119898119897119895)

(6)

while the right-hand side (RHS) of (5) expands as follows

RHS = 119890(prod

119897isin119871

120590119897

119903119897 1198921199011198961)

= 119890(prod

119897isin119871

119892119903119897 sdot(119865119892119886119896(id119897)+sum119895isin[1119904] 1198921199041198962119895 sdot119898119897119895)119892119898119904119896 119892

119892119898119904119896)

= 119890 (119892sum119897isin119871(119903119897 sdot119865119892119886119896(id119897)+119903119897 sdotsum119895isin[1119904] 1198921199041198962119895 sdot119898119897119895)119892119898119904119896 119892

119892119898119904119896)


(7)

Since the terms LHS and RHS are the same the proof iscompleted

Theorem 2 Π is secure against forge attack

Proof If the CSP acquires an element in 1198921199011198962119895

1119892119898119904119896=

1198921198921199041198962119895119892119898119904119896

119895isin[1119904]from the public parameter 119892119901119896 the CSP can

forge a tag Given 1198921199011198961= 119892119892119898119904119896 computing 119892119898119904119896 is hard due

to DL assumptionThus it is infeasible for the CSP to acquirean element in 119892

1198921199041198962119895119892119898119904119896119895isin[1119904]

When 119865

119892119886119896(id119894) for 120590

119894and 119865

119892119886119896(id119902) for 120590

119902are the same

the CSP computes 120590119894120590119902 Then the CSP can obtain 120575 =

(1198921199041198961)sum119895isin[1119904]1198921199041198962119895 sdot(119898119894119895minus119898119902119895) and forge the tag 120590

119911of data block119898

119911

using 120575 as follows

1205901015840

119911= 120590119911times 120575

= (1198921199041198961)119865119892119886119896(id119911)+sum119895isin[1119904] 1198921199041198962119895 sdot119898119911119895

times (1198921199041198961)sum119895isin[1119904]1198921199041198962119895 sdot(119898119894119895minus119898119902119895)

= (1198921199041198961)119865119892119886119896(id119911)+sum119895isin[1119904] 1198921199041198962119895 sdot(119898119911119895+119898119894119895minus119898119902119895)

(8)

Finally the CSP obtains forged tag 1205901015840

119911of modified data block

1198981015840

119911= 119898

119911119895+ 119898119894119895

minus 119898119902119895119895isin[1119904]

However 119865119892119886119896

(id119894) and

119865119892119886119896

(id119902) cannot be the same value for id

119894= id119902because of the

definition of pseudorandompermutationTherefore the CSPcannot forge a tag to pass the censorship This completes theproof

Theorem 3 Π is secure against replace attack

Proof When damaged block 119898119894

is challenged theCSP may try to pass the censorship by choosing adifferent block (119898

119902 120590119902) in place of (119898

119894 120590119894) such as

1205721015840= prod119895isin[1119904]

119892119901119896119903119894 sdot119898119902119895+sum119897isin119871119897 = 119894 119903119897 sdot119898119897119895

2119895and 120573

1015840= 120590119903119894

119902sdot prod119897isin119871119897 = 119894

120590119903119897

119897

Then the left-hand side of (5) is computed as

119890(119892sum119897isin119871119903119897 sdot119865119892119886119896(id119897) sdot prod

119895isin[1119904]

119892119901119896119903119894 sdot119898119902119895+sum119897isin119871119897 = 119894 119903119897sdot119898119897119895

2119895 119892)

= 119890 (119892sum119897isin119871119903119897 sdot119865119892119886119896(id119897) sdot 119892

sum119895isin[1119904]1198921199041198962119895 sdot(119903119894 sdot119898119902119895+sum119897isin119871119897 = 119894 119903119897sdot119898119897119895) 119892)

=119890 (119892119903119894 sdot(119865119892119886119896(id119894)+sum119895isin[1119904] 1198921199041198962119895 sdot119898119902119895)+sum119897isin119871119897 = 119894 119903119897sdot(119865119892119886119896(id119897)+sum119895isin[1119904] 1198921199041198962119895 sdot119898119897119895) 119892)

= 119890 (119892(119903119894 sdot119865119892119886119896(id119894)minus119903119894 sdot119865119892119886119896(id119902))119892119898119904119896 times 120573

1015840 1198921199011198961)

(9)

in which 119892(119903119894 sdot(119865119892119886119896(id119894)minus119865119892119886119896(id119902)))119892119898119904119896 should be 1 to satisfy (5)

This means that 119865119892119886119896

(id119894) and 119865

119892119886119896(id119902) should be the same

Due to the bijective property of the permutation howeverthese values cannot be the same

8 Performance Evaluation

In this section the prosed scheme is analyzed and comparedwith previous studies [14ndash16] in terms of communication andcomputational overhead We first evaluate communicationoverhead for updating a data block Then computationaloverhead for tag generation and verification is evaluated

81 Communication Overhead As we described in Section 3the way to get an identifier of updated data block depends onwhich entity manages an index table In Wang et alrsquos work[16] 119906

119896needs one round-trip communication to request and

receive the identifier (Figure 1) Zhu et al [15] utilize a waythat the TPA manages the index table (Figure 2) It needsan additional connection between 119906

119896and the TPA for the

identifier and a report of update information Yang and Jia[14] utilize a way that a user manages the index table byhimself Although it is suitable when the outsourced data ismanaged by a single user it requires more communicationcosts for synchronization of the index tables when the data isshared by multiple users

Communication costs are summarized in Table 1 Weomitted costs for uploading a data block and a correspondingtag for simplicity Although the proposed scheme seems torequire the same cost as Zhu et alrsquos approach there may beupdate delays caused by concentration of communications tothe TPA in [15] On the other hand the proposed schemeremoves this delay via a direct acquisition of the identifierfrom the CSP For [14] to synchronize the index tables of usersand the TPA 119906

119896needs to broadcast extra update information

Considering this circumstance additional communicationscaused by broadcast might be added into Table 1

82 Computational Overhead Computation costs for taggeneration and verification are described in Table 2 Theproposed scheme requires a single Exp

119866operation in tag

generation while the others [14ndash16] require Exp119866and Mul

119866

operations which are proportional to the number of sectors


Table 1 Connections and communication costs for updating a data block

Wang et al [16] Zhu et al [15] Yang and Jia [14] Our scheme

Connections 119906119896harr CSP

119906119896harr TPA 119906

119896with other users 119906

119896harr TPA

119906119896harr CSP 119906

119896harr TPA

119906119896harr CSP

119906119896harr CSP

Extra communication costs 1003816100381610038161003816119902id1003816100381610038161003816 + |id| 1003816100381610038161003816119902id

1003816100381610038161003816 + |id| + 1003816100381610038161003816119906info1003816100381610038161003816 119889 times

1003816100381610038161003816119906info1003816100381610038161003816

1003816100381610038161003816119902id1003816100381610038161003816 + |id| + 1003816100381610038161003816119906info

1003816100381610038161003816

Table 2 Computation costs for a tag generation and verification

Tag generation VerificationWang et al [16] (119878 + 1) sdot Exp

119866+ 119878 sdotMul

119866+ 119867119866

2 sdot Pair + (119871 + 119878) sdot Exp119866+ (119871 + 119878 minus 1) sdotMul

119866+ 119871 sdot 119867

119866

Zhu et al [15] (119878 + 2) sdot Exp119866+ 119878 sdotMul

119866+ 119867119866

3 sdot Pair + (119871 + 119878) sdot Exp119866+ (119871 + 119878) sdotMul

119866+ 119871 sdot 119867

119866

Yang and Jia [14] (119878 + 1) sdot Exp119866+ 119878 sdotMul

119866+ 119867119866

2 sdot Pair + (119871 + 1) sdot Exp119866+ 119871 sdotMul

119866+ 119871 sdotMul

119885119901+ 119871 sdot 119867

119866

Our scheme Exp119866+ 119878 sdotMul

119885119901+ 119878 sdot Add

119885119901+ 119865prp

2 sdot Pair + Exp119866+Mul

119866

119871 sdotMul119885119901

+ (119871 minus 1) sdot Add119885119901

+ 119871 sdot 119865prp

in a data block When the TPA verifies a proof received fromthe CSP one Exp

119866and one Mul

119866operations are required in

the proposed scheme regardless of the number of challengeddata blocks However the others require Exp

119866and Mul

119866

operations linear to the number of challenged data blockswhich cause a significant overhead to the TPA

83 Experimental Results We measure the performance ofour scheme and compare it with other works [14ndash16] basedon implementations inUbuntu 1204We utilize Paring BasedCryptography (PBC) library for cryptographic operationsand OpenSSL to use Advanced Encryption Standard (AES)for pseudorandom permutation All experiments are exe-cuted on an Intel Core i3 310GHz with 2GB memory Weassume that |119901| is 160 bits |id| is 80 bits and size of a datablock is 160 bits We simulate each scheme on 4 different datawhich has 1000 data blocks with 5 times All experimentalresults show an average of 20 trials

831 TagGeneration Theperformances of the tag generationtimes are presented in Figure 7(a) Tag generation time inour scheme is 318 milliseconds per block when 119878 = 1

and 328 milliseconds per block when 119878 = 100 Sincea single Exp

119866is required regardless of 119878 119878 almost never

influences on tag generation time However tag generationtimes of the others increase with increasing 119878 Reference[16] requires 32365 milliseconds per block and [14] requires32463 milliseconds per block when 119878 = 100 Since they havesame computation complexity their tag generation times arealmost identical Reference [15] needs onemore Exp

119866Thus it

requires 32997milliseconds per blockwhich ismore than theothers

832 Verification Wemeasure verification times dependingon 119871 when 119878 = 100 As depicted in Figure 7(b) theverification times for the TPA are dependent on 119871 in theothers [14ndash16]When 119871 = 500 [14ndash16] requires 513 566 and575 seconds respectively Furthermore Figure 7(c) shows

that 119878 influences [15 16] However our scheme requires 001seconds for verification regardless of 119871 and 119878

9 Conclusion

In this paper we present a secure and efficient audit mech-anism for shared dynamic data in cloud storage It makespossible for the TPA to correctly audit outsourced data whichcan be updated in a secure manner With simple index tablemanagement by the TPA and identifier renewal by the CSPany user in a group can update shared data block efficientlyFurthermore making the auditing operations simple leads toless computational overhead for the whole auditing processPerformance evaluation and security analysis show thatthe proposed scheme is best suited to the cloud storagewhere multiple users share and update the outsourced datafrequently

Notations

119906119896 A user who tries to update

119889 The number of users in group119871 The number of challenged data blocks119878 The number of sectors in a data blockid An identifier119902id Request for an identifier119906info Update information119865prp Pseudorandom permutation119867119866 0 1

lowast to 119866

Pair Pairing operationExp119866 Exponentiation in 119866

Mul119866 Multiplication in 119866


119901

Add119885119901 Addition in 119885

119901

Conflict of Interests

The authors declare that there is no conflict of interestsregarding the publication of this paper


0

50

100

150

200

250

300

350

1 20 40 60 80 100

Tag

gene

ratio

n tim

e (m

s)

The number of sectors in a data blockOur scheme

Wang et al [16]Zhu et al [15]

Yang and Jia [14]

(a) Impact of 119878 on tag generation time

0

1

2

3

4

5

6

7

100 200 300 400 500

Verifi

catio

n tim

e (s)

The number of challenged data blocksOur scheme


Yang and Jia [14]

(b) Impact of 119871 on verification time when 119878 = 100

0

1

2

3

4

5

6

20 40 60 80 100

Verifi

catio

n tim

e (s)



Yang and Jia [14]

(c) Impact of 119878 on verification time when 119871 = 460

Figure 7 Experimental results

Acknowledgment

This work was supported by the IT R amp D program ofMKEKEIT (10041244 SmartTV 20 Software Platform)

References

[1] E-H Song H-W Kim and Y-S Jeong ldquoVisual monitoringsystem of multi-hosts behavior for trustworthiness with mobilecloudrdquo Journal of Information Processing Systems vol 8 no 2pp 347ndash358 2012

[2] J Bringer and H Chabanne ldquoEmbedding edit distance toenable private keyword searchrdquoHuman-Centric Computing andInformation Sciences vol 2 article 2 2012

[3] Y Pan and J Zhang ldquoParallel programming on cloud comput-ing platforms challenges and solutionsrdquo Journal of Convergencevol 3 no 4 pp 23ndash28 2012

[4] T Teraoka ldquoOrganization and exploration of heterogeneouspersonal data collected in daily liferdquoHuman-Centric Computingand Information Sciences vol 2 article 1 no 1 2012

[5] J K Y Ng ldquoUbiquitous healthcare healthcare systems andapplications enabled by mobile and wireless technologiesrdquoJournal of Convergence vol 3 no 2 pp 15ndash20 2012

[6] ldquoGoogle Google driverdquo httpdrivegooglecom[7] ldquoAmazon Amazon s3rdquo httpawsamazoncoms3[8] G Ateniese R Burns R Curtmola et al ldquoProvable data

possession at untrusted storesrdquo in Proceedings of the 14th ACM


Conference on Computer and Communications Security (CCSrsquo07) pp 598ndash610 November 2007

[9] C Erway A Kupcu C Papamanthou and R TamassialdquoDynamic provable data possessionrdquo in Proceedings of the 16thACM Conference on Computer and Communications Security(CCS rsquo09) pp 213ndash222 November 2009

[10] H Shacham and B Waters ldquoCompact proofs of retrievabilityrdquoin Proceedings of the 14th International Conference on theTheory and Application of Cryptology and Information SecurityAdvances in Cryptology (ASIACRYPT rsquo08) pp 90ndash107 Springer2008

[11] C Wang S Chow Q Wang K Ren and W Lou ldquoPrivacy-preserving public auditing for secure cloud storagerdquo IEEETransactions on Computers vol 62 no 2 pp 362ndash375 2013

[12] Q Wang C Wang K Ren W Lou and J Li ldquoEnabling publicauditability and data dynamics for storage security in cloudcomputingrdquo IEEE Transactions on Parallel and DistributedSystems vol 22 no 5 pp 847ndash859 2011

[13] A Juels and B S Kaliski Jr ldquoPors proofs of retrievabilityfor large filesrdquo in Proceedings of the 14th ACM Conference onComputer and Communications Security CCS rsquo07) pp 584ndash597ACM November 2007

[14] K Yang and X Jia ldquoAn efficient and secure dynamic auditingprotocol for data storage in cloud computingrdquo IEEE Transac-tions on Parallel and Distributed Systems vol 24 no 9 pp 1717ndash1726 2013

[15] Y Zhu H Wang Z Hu G-J Ahn H Hu and S S YauldquoDynamic audit services for integrity verification of outsourcedstorages in cloudsrdquo in Proceedings of the 26th Annual ACMSymposium on Applied Computing (SAC rsquo11) pp 1550ndash1557March 2011

[16] B Wang B Li and H Li ldquoPublic auditing for shared datawith efficient user revocation in the cloudrdquo in Proceedingsof the Annual Joint Conference of the IEEE Computer andCommunications Societies (IEEE INFOCOM rsquo13) pp 2904ndash2912 2013

[17] B Wang B Li and H Li ldquoOruta privacy-preserving publicauditing for shared data in the cloudrdquo in Proceedings of the 5thIEEE International Conference on Cloud Computing (CLOUDrsquo12) pp 295ndash302 2012

[18] B Wang B Li and H Li ldquoKnox privacy-preserving auditingfor shared data with large groups in the cloudrdquo in AppliedCryptography and Network Security F Bao P Samarati and JZhou Eds vol 7341 of Lecture Notes in Computer Science pp507ndash525 Springer Berlin Germany 2012

[19] D Boneh C Gentry B Lynn and H Shacham ldquoAggregateand verifiably encrypted signatures from bilinear mapsrdquo inProceedings of the 22nd International Conference on Theory andApplications of Cryptographic Techniques (EUROCRYPT rsquo03)pp 416ndash432 Springer 2003

[20] K Yang and X Jia ldquoData storage auditing service in cloudcomputing challenges methods and opportunitiesrdquo WorldWide Web vol 15 no 4 pp 409ndash428 2012

Submit your manuscripts athttpwwwhindawicom

Computer Games Technology

International Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Distributed Sensor Networks


Advances in

FuzzySystems

Hindawi Publishing Corporationhttpwwwhindawicom

Volume 2014


ReconfigurableComputing

Hindawi Publishing Corporation httpwwwhindawicom Volume 2014


Applied Computational Intelligence and Soft Computing

thinspAdvancesthinspinthinsp

Artificial Intelligence

HindawithinspPublishingthinspCorporationhttpwwwhindawicom Volumethinsp2014

Advances inSoftware EngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Electrical and Computer Engineering

Journal of

Journal of

Computer Networks and Communications


Hindawi Publishing Corporation

httpwwwhindawicom Volume 2014

Advances in

Multimedia


Biomedical Imaging


ArtificialNeural Systems

Advances in


RoboticsJournal of



Computational Intelligence and Neuroscience

Industrial EngineeringJournal of


Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Human-ComputerInteraction

Advances in

Computer EngineeringAdvances in



(3) Efficiency Computational overhead for data out-sourcing and update at users side as well as the onesfor auditing at the TPA should be low

(4) Soundness The CSP is not allowed to deceive users orthe TPA into passing a censorship of damaged datacontents

We propose an audit mechanism satisfying the aboverequirements by utilizing aggregate signature [19] and sampleauditing [8] For data integrity and consistency the TPAmanages an index table and the CSP keeps renewing anidentifier for data update In addition the audit mechanismprovides efficiency to users and the TPA through makingthe auditing operations simple Specially in this paper weconsider forge attack and replace attack as regards soundnessfor the sake of secure audit These attacks are described in[20] and they can be summarized as follows Forge attack is anattack to forge a verifying term for a data content which wasnot actually outsourced by users Replace attack is an attackto pass a censorship by choosing another data content forverification in place of the damaged data content

The rest of this paper is organized as follows In Section 2we introduce related works about auditing data in the cloudstorage In Section 3 issues about index table managementare described depending on which entity manages it InSection 4 we present methods for our audit mechanism InSection 5 preliminaries used in our work are briefly intro-duced In Section 6 a secure and efficient audit mechanismfor dynamic shared data is presented In Section 7 security ofthe proposed scheme is analyzed In Section 8 performanceevaluations and experimental results show efficiency of ourmechanism Finally we conclude our work in Section 9

2 Related Work

Ateniese et al firstly introduced the notion of provable datapossession (PDP) in [8] for integrity check of outsourceddata in untrusted storage They could achieve efficient auditwith high probability of detection by sampling randomblocksfrom outsourced data instead of downloading the entiredata Since the original PDP does not consider dynamicdata a user should download the whole data and regeneratemetadata for verification whenever there is a modificationof the outsourced data To provide audit for dynamic datawithout retrieving entire data subsequent works adoptedauthenticated data structures such as skip list Merkle treeor index tables [9 12 14ndash18] Erway et al [9] proposeddynamic provable data possession (DPDP) based on rank-based authenticated skip list and Wang et al [12] presented amechanism by exploiting Merkle tree Both schemes requirereconstruction of the authenticated data structure when thecorresponding data is updated Another data structure calledindex table was introduced to handle data updates moreefficiently by keeping unique identifier for each data block[14ndash18]

It is also notable that outsourced data should be auditedperiodically for verifying consistent data management Ded-icated to this purpose TPAs can be delegated by usersfor auditing outsourced data in privacy-preserving manner

Privacy preservation means that the TPA cannot learn anyinformation about the data during audit process It wasachieved through the methods of random masking [11] andbilinear map [14]

3 Index Table Management

Previous works [14ndash18] utilized an index table for efficientdata updates It is composed of indices which representthe sequences of data blocks and identifiers The identifierwhich is used in tag (tag is a verifying term stored withdata in the cloud storage and has consistency with a datablock) generation and verification is a number identifyingeach data block It should be defined in order to keep theinitial value in all circumstances Otherwise a user repeatsfollowing operations whenever identifiers of data blocks inthe cloud storage are changed The user downloads datablocks which have changed identifiers regenerates tags ofthem and uploads the tags to the cloud storage

In this section we look into security issues and updateflows depending on which entity manages an index table Atthe security aspect we check the possibility of forge attackand replace attack Then we describe communication flowsfor getting an identifier of new data block when a user tries toupdate

31 Management by the CSP When the CSP onlymanages anindex table users and the TPA do not have any informationabout identifiers of data blocks which are already uploadedand will be updated As illustrated in Figure 1 the userrequests an identifier of new data block to the CSP when hetries to update In this environment the CSP can forge tagsof data blocks which users have not uploaded It transmits anidentifier already existed in the index table then obtains tagswhich are of different data blocks but have same identifierIt can learn meaningful information for forgery throughcombination of these data blocks and tags

Since the TPA needs identifiers of challenged data blockswhen verifying it receives a proof that includes the identifiersfrom the CSP [16ndash18] However the TPA cannot distinguishthem from the challenged ones because it does not maintainan index table Therefore if challenged data blocks aremodified or deleted the CSP can replace them with otherundamaged data blocks

32 Management by the TPA One simple way to preventthe forge attack and replace attack in the above case is thatthe TPA manages an index table [15] Even though the CSPtries to launch a forge attack by exploiting a collision ofidentifiers it is impossible because the CSP has no knowledgeof identifiers In addition a replace attack can be detectedeasily because the TPA knows identifiers of challenged datablocks through the index table

Figure 2 shows that the TPA participates in the updateprocess and a user who tries to update cannot generate a tagfor new data block without a reception of new identifier fromthe TPA Accordingly update process can be delayed when


TPA Users CSP



1

2


n

Identifier

Generate

id1

id2

idn


tag 120590998400i


i

u1 uk ud



tag 120590998400i


and tag 120590998400i

TPA Users CSP


Update report

Generate


1

2


n

Identifierid1

id2

idn

u1 uk ud





TPA Users CSP



i


1

2


n

Identifierid1

id2

idn


and tag 120590998400i

u1 uj uk ud


4 Methods






(1) D

elegat

ion of

auditin

g

for share

d data

(2) A

uditing r

equest

(5) A

uditing r

eport



Initial uploader

Group

Data flow

CSP

TPA

Data

Tag






1

2


n

Identifier

TPA Users CSP

Request new

Update report

Identifier id998400


identifier

Generate

id1

id2

idn


tag 120590998400i


and tag 120590998400i

u1 uk ud



5 Preliminaries







119901

119890(119906119886 V119887) = 119890(119906 V)119886119887




119899rarr




10038161003816100381610038161003816le negl (119899) (1)




119901 given 119892 isin 119866

1and 119892

119886isin











119879119886119892119866119890119899 119879119886119892119866119890119899119880119901 119868119879119880119901 119862ℎ119886119897119866119890119899 119875119903119900119900119891119866119890119899 119881119890119903119894119891119910








1 120590

119899

119879119886119892119866119890119899119880119901(1198981015840

119894 119892119904119896 119892119886119896 id1015840

119894) rarr 120590

1015840




1015840

119894using 119892119904119896




119897119897isin119871


119897119897isin119871


119897119897isin119871

119903119897119897isin119871


119897119897isin119871

and 119903119897119897isin119871




1times1198661rarr


log119901times 0 1

log119901rarr



119899) and each

data block119898119894= (1198981198941 119898


119901







lowast

119901 119892119886119896 = 119887 isin 119885

119901 and 119892119904119896

2= 119892119904119896

2119895=

119888119895isin 119885119901119895isin[1119904]

and computes 1198921199041198961

= 1198921119886

1198921199011198961

= 119892119886 and

1198921199011198962

= 1198921199011198962119895

= 119892119888119895119895isin[1119904]

Then by running 119879119886119892119866119890119899 1199061


120590119894= (119892119904119896

1)119865119892119886119896(119894) +sum119895isin[1119904] 1198921199041198962119895 sdot119898119894119895 (2)




119892119886119896 to them










119894 119906119896computes a tag 120590

1015840


1198981015840


1205901015840

119894= (119892119904119896

1)119865119892119886119896(id

1015840

119894) +sum119895isin[1119904]1198921199041198962119895 sdot119898

1015840

119894119895 (3)

Then 119906119896sends (119880type =

1015840 119880index = 119894 119880id = id1015840

119894) along

with (1198981015840

119894 1205901015840











n + 1

n + 1

n + 1

n + 1

n + 2m998400

2

1205909984002

m9984002

1205909984002

m9984002

1205909984002

m9984003

1205909984003

m9984002 120590998400

2

m9984003

1205909984003



3

Data

Tag



123

1


Identifier


123

1



1


Identifier


1234

1


n

Identifier

Data

Tag





Data

Tag


1205901 1205903

m3

1205903


Data

Tag



TPA CSP TPA CSP

TPA CSPTPA CSP

= M998400

= D998400

= I998400



119894 120590119894) with (119898

1015840

119894 1205901015840

119894) uploaded by 119906

119896


1015840

119894for newly




119894) along with (119898

1015840

119894 1205901015840

119894) to

the CSPWhen 119906


119906119896sends (119880type =











isin 119885lowast

119901119897isin119871


119897 119903119897119897isin119871




120572 = prod

119895isin[1119904]

119892119901119896sum119897isin119871119903119897sdot119898119897119895

2119895

120573 = prod

119897isin119871

120590119903119897

119897

(4)



119890 (120573 119892119901119896

1) (5)


7 Security Analysis





119895isin[1119904]





(6)


RHS = 119890(prod

119897isin119871

120590119897

119903119897 1198921199011198961)

= 119890(prod

119897isin119871


119892119898119904119896)


119892119898119904119896)


(7)




1119892119898119904119896=

1198921198921199041198962119895119892119898119904119896




1198921199041198962119895119892119898119904119896119895isin[1119904]

When 119865

119892119886119896(id119894) for 120590

119894and 119865

119892119886119896(id119902) for 120590

119902are the same




119911


1205901015840

119911= 120590119911times 120575

= (1198921199041198961)119865119892119886119896(id119911)+sum119895isin[1119904] 1198921199041198962119895 sdot119898119911119895



(8)



1198981015840

119911= 119898

119911119895+ 119898119894119895

minus 119898119902119895119895isin[1119904]

However 119865119892119886119896

(id119894) and

119865119892119886119896







119902 120590119902) in place of (119898

119894 120590119894) such as

1205721015840= prod119895isin[1119904]


2119895and 120573

1015840= 120590119903119894

119902sdot prod119897isin119871119897 = 119894

120590119903119897

119897



119895isin[1119904]


2119895 119892)





1015840 1198921199011198961)

(9)


This means that 119865119892119886119896

(id119894) and 119865
















119866






119906119896harr TPA 119906


119896harr TPA

119906119896harr CSP 119906

119896harr TPA

119906119896harr CSP

119906119896harr CSP


1003816100381610038161003816 + |id| + 1003816100381610038161003816119906info1003816100381610038161003816 119889 times

1003816100381610038161003816119906info1003816100381610038161003816

1003816100381610038161003816119902id1003816100381610038161003816 + |id| + 1003816100381610038161003816119906info

1003816100381610038161003816



119866+ 119878 sdotMul

119866+ 119867119866


119866+ 119871 sdot 119867

119866


119866+ 119867119866


119866+ 119871 sdot 119867

119866


119866+ 119867119866


119866+ 119871 sdotMul

119885119901+ 119871 sdot 119867

119866


119885119901+ 119878 sdot Add

119885119901+ 119865prp


119866

119871 sdotMul119885119901

+ (119871 minus 1) sdot Add119885119901

+ 119871 sdot 119865prp


119866and one Mul



119866and Mul

119866







119866Thus it




9 Conclusion


Notations



lowast to 119866




119901

Add119885119901 Addition in 119885

119901




0

50

100

150

200

250

300

350

1 20 40 60 80 100

Tag

gene

ratio

n tim

e (m

s)



Yang and Jia [14]


0

1

2

3

4

5

6

7

100 200 300 400 500

Verifi

catio

n tim

e (s)



Yang and Jia [14]


0

1

2

3

4

5

6

20 40 60 80 100

Verifi

catio

n tim

e (s)



Yang and Jia [14]



Acknowledgment


References





























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in




TPA Users CSP



1

2


n

Identifier

Generate

id1

id2

idn


tag 120590998400i


i

u1 uk ud



tag 120590998400i


and tag 120590998400i

TPA Users CSP


Update report

Generate


1

2


n

Identifierid1

id2

idn

u1 uk ud





TPA Users CSP



i


1

2


n

Identifierid1

id2

idn


and tag 120590998400i

u1 uj uk ud


4 Methods






(1) D

elegat

ion of

auditin

g

for share

d data

(2) A

uditing r

equest

(5) A

uditing r

eport



Initial uploader

Group

Data flow

CSP

TPA

Data

Tag






1

2


n

Identifier

TPA Users CSP

Request new

Update report

Identifier id998400


identifier

Generate

id1

id2

idn


tag 120590998400i


and tag 120590998400i

u1 uk ud



5 Preliminaries







119901

119890(119906119886 V119887) = 119890(119906 V)119886119887




119899rarr




10038161003816100381610038161003816le negl (119899) (1)




119901 given 119892 isin 119866

1and 119892

119886isin











119879119886119892119866119890119899 119879119886119892119866119890119899119880119901 119868119879119880119901 119862ℎ119886119897119866119890119899 119875119903119900119900119891119866119890119899 119881119890119903119894119891119910








1 120590

119899

119879119886119892119866119890119899119880119901(1198981015840

119894 119892119904119896 119892119886119896 id1015840

119894) rarr 120590

1015840




1015840

119894using 119892119904119896




119897119897isin119871


119897119897isin119871


119897119897isin119871

119903119897119897isin119871


119897119897isin119871

and 119903119897119897isin119871




1times1198661rarr


log119901times 0 1

log119901rarr



119899) and each

data block119898119894= (1198981198941 119898


119901







lowast

119901 119892119886119896 = 119887 isin 119885

119901 and 119892119904119896

2= 119892119904119896

2119895=

119888119895isin 119885119901119895isin[1119904]

and computes 1198921199041198961

= 1198921119886

1198921199011198961

= 119892119886 and

1198921199011198962

= 1198921199011198962119895

= 119892119888119895119895isin[1119904]

Then by running 119879119886119892119866119890119899 1199061


120590119894= (119892119904119896

1)119865119892119886119896(119894) +sum119895isin[1119904] 1198921199041198962119895 sdot119898119894119895 (2)




119892119886119896 to them










119894 119906119896computes a tag 120590

1015840


1198981015840


1205901015840

119894= (119892119904119896

1)119865119892119886119896(id

1015840

119894) +sum119895isin[1119904]1198921199041198962119895 sdot119898

1015840

119894119895 (3)

Then 119906119896sends (119880type =

1015840 119880index = 119894 119880id = id1015840

119894) along

with (1198981015840

119894 1205901015840











n + 1

n + 1

n + 1

n + 1

n + 2m998400

2

1205909984002

m9984002

1205909984002

m9984002

1205909984002

m9984003

1205909984003

m9984002 120590998400

2

m9984003

1205909984003



3

Data

Tag



123

1


Identifier


123

1



1


Identifier


1234

1


n

Identifier

Data

Tag





Data

Tag


1205901 1205903

m3

1205903


Data

Tag



TPA CSP TPA CSP

TPA CSPTPA CSP

= M998400

= D998400

= I998400



119894 120590119894) with (119898

1015840

119894 1205901015840

119894) uploaded by 119906

119896


1015840

119894for newly




119894) along with (119898

1015840

119894 1205901015840

119894) to

the CSPWhen 119906


119906119896sends (119880type =











isin 119885lowast

119901119897isin119871


119897 119903119897119897isin119871




120572 = prod

119895isin[1119904]

119892119901119896sum119897isin119871119903119897sdot119898119897119895

2119895

120573 = prod

119897isin119871

120590119903119897

119897

(4)



119890 (120573 119892119901119896

1) (5)


7 Security Analysis





119895isin[1119904]





(6)


RHS = 119890(prod

119897isin119871

120590119897

119903119897 1198921199011198961)

= 119890(prod

119897isin119871


119892119898119904119896)


119892119898119904119896)


(7)




1119892119898119904119896=

1198921198921199041198962119895119892119898119904119896




1198921199041198962119895119892119898119904119896119895isin[1119904]

When 119865

119892119886119896(id119894) for 120590

119894and 119865

119892119886119896(id119902) for 120590

119902are the same




119911


1205901015840

119911= 120590119911times 120575

= (1198921199041198961)119865119892119886119896(id119911)+sum119895isin[1119904] 1198921199041198962119895 sdot119898119911119895



(8)



1198981015840

119911= 119898

119911119895+ 119898119894119895

minus 119898119902119895119895isin[1119904]

However 119865119892119886119896

(id119894) and

119865119892119886119896







119902 120590119902) in place of (119898

119894 120590119894) such as

1205721015840= prod119895isin[1119904]


2119895and 120573

1015840= 120590119903119894

119902sdot prod119897isin119871119897 = 119894

120590119903119897

119897



119895isin[1119904]


2119895 119892)





1015840 1198921199011198961)

(9)


This means that 119865119892119886119896

(id119894) and 119865
















119866






119906119896harr TPA 119906


119896harr TPA

119906119896harr CSP 119906

119896harr TPA

119906119896harr CSP

119906119896harr CSP


1003816100381610038161003816 + |id| + 1003816100381610038161003816119906info1003816100381610038161003816 119889 times

1003816100381610038161003816119906info1003816100381610038161003816

1003816100381610038161003816119902id1003816100381610038161003816 + |id| + 1003816100381610038161003816119906info

1003816100381610038161003816



119866+ 119878 sdotMul

119866+ 119867119866


119866+ 119871 sdot 119867

119866


119866+ 119867119866


119866+ 119871 sdot 119867

119866


119866+ 119867119866


119866+ 119871 sdotMul

119885119901+ 119871 sdot 119867

119866


119885119901+ 119878 sdot Add

119885119901+ 119865prp


119866

119871 sdotMul119885119901

+ (119871 minus 1) sdot Add119885119901

+ 119871 sdot 119865prp


119866and one Mul



119866and Mul

119866







119866Thus it




9 Conclusion


Notations



lowast to 119866




119901

Add119885119901 Addition in 119885

119901




0

50

100

150

200

250

300

350

1 20 40 60 80 100

Tag

gene

ratio

n tim

e (m

s)



Yang and Jia [14]


0

1

2

3

4

5

6

7

100 200 300 400 500

Verifi

catio

n tim

e (s)



Yang and Jia [14]


0

1

2

3

4

5

6

20 40 60 80 100

Verifi

catio

n tim

e (s)



Yang and Jia [14]



Acknowledgment


References





























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in




(1) D

elegat

ion of

auditin

g

for share

d data

(2) A

uditing r

equest

(5) A

uditing r

eport



Initial uploader

Group

Data flow

CSP

TPA

Data

Tag






1

2


n

Identifier

TPA Users CSP

Request new

Update report

Identifier id998400


identifier

Generate

id1

id2

idn


tag 120590998400i


and tag 120590998400i

u1 uk ud



5 Preliminaries







119901

119890(119906119886 V119887) = 119890(119906 V)119886119887




119899rarr




10038161003816100381610038161003816le negl (119899) (1)




119901 given 119892 isin 119866

1and 119892

119886isin











119879119886119892119866119890119899 119879119886119892119866119890119899119880119901 119868119879119880119901 119862ℎ119886119897119866119890119899 119875119903119900119900119891119866119890119899 119881119890119903119894119891119910








1 120590

119899

119879119886119892119866119890119899119880119901(1198981015840

119894 119892119904119896 119892119886119896 id1015840

119894) rarr 120590

1015840




1015840

119894using 119892119904119896




119897119897isin119871


119897119897isin119871


119897119897isin119871

119903119897119897isin119871


119897119897isin119871

and 119903119897119897isin119871




1times1198661rarr


log119901times 0 1

log119901rarr



119899) and each

data block119898119894= (1198981198941 119898


119901







lowast

119901 119892119886119896 = 119887 isin 119885

119901 and 119892119904119896

2= 119892119904119896

2119895=

119888119895isin 119885119901119895isin[1119904]

and computes 1198921199041198961

= 1198921119886

1198921199011198961

= 119892119886 and

1198921199011198962

= 1198921199011198962119895

= 119892119888119895119895isin[1119904]

Then by running 119879119886119892119866119890119899 1199061


120590119894= (119892119904119896

1)119865119892119886119896(119894) +sum119895isin[1119904] 1198921199041198962119895 sdot119898119894119895 (2)




119892119886119896 to them










119894 119906119896computes a tag 120590

1015840


1198981015840


1205901015840

119894= (119892119904119896

1)119865119892119886119896(id

1015840

119894) +sum119895isin[1119904]1198921199041198962119895 sdot119898

1015840

119894119895 (3)

Then 119906119896sends (119880type =

1015840 119880index = 119894 119880id = id1015840

119894) along

with (1198981015840

119894 1205901015840











n + 1

n + 1

n + 1

n + 1

n + 2m998400

2

1205909984002

m9984002

1205909984002

m9984002

1205909984002

m9984003

1205909984003

m9984002 120590998400

2

m9984003

1205909984003



3

Data

Tag



123

1


Identifier


123

1



1


Identifier


1234

1


n

Identifier

Data

Tag





Data

Tag


1205901 1205903

m3

1205903


Data

Tag



TPA CSP TPA CSP

TPA CSPTPA CSP

= M998400

= D998400

= I998400



119894 120590119894) with (119898

1015840

119894 1205901015840

119894) uploaded by 119906

119896


1015840

119894for newly




119894) along with (119898

1015840

119894 1205901015840

119894) to

the CSPWhen 119906


119906119896sends (119880type =











isin 119885lowast

119901119897isin119871


119897 119903119897119897isin119871




120572 = prod

119895isin[1119904]

119892119901119896sum119897isin119871119903119897sdot119898119897119895

2119895

120573 = prod

119897isin119871

120590119903119897

119897

(4)



119890 (120573 119892119901119896

1) (5)


7 Security Analysis





119895isin[1119904]





(6)


RHS = 119890(prod

119897isin119871

120590119897

119903119897 1198921199011198961)

= 119890(prod

119897isin119871


119892119898119904119896)


119892119898119904119896)


(7)




1119892119898119904119896=

1198921198921199041198962119895119892119898119904119896




1198921199041198962119895119892119898119904119896119895isin[1119904]

When 119865

119892119886119896(id119894) for 120590

119894and 119865

119892119886119896(id119902) for 120590

119902are the same




119911


1205901015840

119911= 120590119911times 120575

= (1198921199041198961)119865119892119886119896(id119911)+sum119895isin[1119904] 1198921199041198962119895 sdot119898119911119895



(8)



1198981015840

119911= 119898

119911119895+ 119898119894119895

minus 119898119902119895119895isin[1119904]

However 119865119892119886119896

(id119894) and

119865119892119886119896







119902 120590119902) in place of (119898

119894 120590119894) such as

1205721015840= prod119895isin[1119904]


2119895and 120573

1015840= 120590119903119894

119902sdot prod119897isin119871119897 = 119894

120590119903119897

119897



119895isin[1119904]


2119895 119892)





1015840 1198921199011198961)

(9)


This means that 119865119892119886119896

(id119894) and 119865
















119866






119906119896harr TPA 119906


119896harr TPA

119906119896harr CSP 119906

119896harr TPA

119906119896harr CSP

119906119896harr CSP


1003816100381610038161003816 + |id| + 1003816100381610038161003816119906info1003816100381610038161003816 119889 times

1003816100381610038161003816119906info1003816100381610038161003816

1003816100381610038161003816119902id1003816100381610038161003816 + |id| + 1003816100381610038161003816119906info

1003816100381610038161003816



119866+ 119878 sdotMul

119866+ 119867119866


119866+ 119871 sdot 119867

119866


119866+ 119867119866


119866+ 119871 sdot 119867

119866


119866+ 119867119866


119866+ 119871 sdotMul

119885119901+ 119871 sdot 119867

119866


119885119901+ 119878 sdot Add

119885119901+ 119865prp


119866

119871 sdotMul119885119901

+ (119871 minus 1) sdot Add119885119901

+ 119871 sdot 119865prp


119866and one Mul



119866and Mul

119866







119866Thus it




9 Conclusion


Notations



lowast to 119866




119901

Add119885119901 Addition in 119885

119901




0

50

100

150

200

250

300

350

1 20 40 60 80 100

Tag

gene

ratio

n tim

e (m

s)



Yang and Jia [14]


0

1

2

3

4

5

6

7

100 200 300 400 500

Verifi

catio

n tim

e (s)



Yang and Jia [14]


0

1

2

3

4

5

6

20 40 60 80 100

Verifi

catio

n tim

e (s)



Yang and Jia [14]



Acknowledgment


References





























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in








119879119886119892119866119890119899 119879119886119892119866119890119899119880119901 119868119879119880119901 119862ℎ119886119897119866119890119899 119875119903119900119900119891119866119890119899 119881119890119903119894119891119910








1 120590

119899

119879119886119892119866119890119899119880119901(1198981015840

119894 119892119904119896 119892119886119896 id1015840

119894) rarr 120590

1015840




1015840

119894using 119892119904119896




119897119897isin119871


119897119897isin119871


119897119897isin119871

119903119897119897isin119871


119897119897isin119871

and 119903119897119897isin119871




1times1198661rarr


log119901times 0 1

log119901rarr



119899) and each

data block119898119894= (1198981198941 119898


119901







lowast

119901 119892119886119896 = 119887 isin 119885

119901 and 119892119904119896

2= 119892119904119896

2119895=

119888119895isin 119885119901119895isin[1119904]

and computes 1198921199041198961

= 1198921119886

1198921199011198961

= 119892119886 and

1198921199011198962

= 1198921199011198962119895

= 119892119888119895119895isin[1119904]

Then by running 119879119886119892119866119890119899 1199061


120590119894= (119892119904119896

1)119865119892119886119896(119894) +sum119895isin[1119904] 1198921199041198962119895 sdot119898119894119895 (2)




119892119886119896 to them










119894 119906119896computes a tag 120590

1015840


1198981015840


1205901015840

119894= (119892119904119896

1)119865119892119886119896(id

1015840

119894) +sum119895isin[1119904]1198921199041198962119895 sdot119898

1015840

119894119895 (3)

Then 119906119896sends (119880type =

1015840 119880index = 119894 119880id = id1015840

119894) along

with (1198981015840

119894 1205901015840











n + 1

n + 1

n + 1

n + 1

n + 2m998400

2

1205909984002

m9984002

1205909984002

m9984002

1205909984002

m9984003

1205909984003

m9984002 120590998400

2

m9984003

1205909984003



3

Data

Tag



123

1


Identifier


123

1



1


Identifier


1234

1


n

Identifier

Data

Tag





Data

Tag


1205901 1205903

m3

1205903


Data

Tag



TPA CSP TPA CSP

TPA CSPTPA CSP

= M998400

= D998400

= I998400



119894 120590119894) with (119898

1015840

119894 1205901015840

119894) uploaded by 119906

119896


1015840

119894for newly




119894) along with (119898

1015840

119894 1205901015840

119894) to

the CSPWhen 119906


119906119896sends (119880type =











isin 119885lowast

119901119897isin119871


119897 119903119897119897isin119871




120572 = prod

119895isin[1119904]

119892119901119896sum119897isin119871119903119897sdot119898119897119895

2119895

120573 = prod

119897isin119871

120590119903119897

119897

(4)



119890 (120573 119892119901119896

1) (5)


7 Security Analysis





119895isin[1119904]





(6)


RHS = 119890(prod

119897isin119871

120590119897

119903119897 1198921199011198961)

= 119890(prod

119897isin119871


119892119898119904119896)


119892119898119904119896)


(7)




1119892119898119904119896=

1198921198921199041198962119895119892119898119904119896




1198921199041198962119895119892119898119904119896119895isin[1119904]

When 119865

119892119886119896(id119894) for 120590

119894and 119865

119892119886119896(id119902) for 120590

119902are the same




119911


1205901015840

119911= 120590119911times 120575

= (1198921199041198961)119865119892119886119896(id119911)+sum119895isin[1119904] 1198921199041198962119895 sdot119898119911119895



(8)



1198981015840

119911= 119898

119911119895+ 119898119894119895

minus 119898119902119895119895isin[1119904]

However 119865119892119886119896

(id119894) and

119865119892119886119896







119902 120590119902) in place of (119898

119894 120590119894) such as

1205721015840= prod119895isin[1119904]


2119895and 120573

1015840= 120590119903119894

119902sdot prod119897isin119871119897 = 119894

120590119903119897

119897



119895isin[1119904]


2119895 119892)





1015840 1198921199011198961)

(9)


This means that 119865119892119886119896

(id119894) and 119865
















119866






119906119896harr TPA 119906


119896harr TPA

119906119896harr CSP 119906

119896harr TPA

119906119896harr CSP

119906119896harr CSP


1003816100381610038161003816 + |id| + 1003816100381610038161003816119906info1003816100381610038161003816 119889 times

1003816100381610038161003816119906info1003816100381610038161003816

1003816100381610038161003816119902id1003816100381610038161003816 + |id| + 1003816100381610038161003816119906info

1003816100381610038161003816



119866+ 119878 sdotMul

119866+ 119867119866


119866+ 119871 sdot 119867

119866


119866+ 119867119866


119866+ 119871 sdot 119867

119866


119866+ 119867119866


119866+ 119871 sdotMul

119885119901+ 119871 sdot 119867

119866


119885119901+ 119878 sdot Add

119885119901+ 119865prp


119866

119871 sdotMul119885119901

+ (119871 minus 1) sdot Add119885119901

+ 119871 sdot 119865prp


119866and one Mul



119866and Mul

119866







119866Thus it




9 Conclusion


Notations



lowast to 119866




119901

Add119885119901 Addition in 119885

119901




0

50

100

150

200

250

300

350

1 20 40 60 80 100

Tag

gene

ratio

n tim

e (m

s)



Yang and Jia [14]


0

1

2

3

4

5

6

7

100 200 300 400 500

Verifi

catio

n tim

e (s)



Yang and Jia [14]


0

1

2

3

4

5

6

20 40 60 80 100

Verifi

catio

n tim

e (s)



Yang and Jia [14]



Acknowledgment


References





























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in











n + 1

n + 1

n + 1

n + 1

n + 2m998400

2

1205909984002

m9984002

1205909984002

m9984002

1205909984002

m9984003

1205909984003

m9984002 120590998400

2

m9984003

1205909984003



3

Data

Tag



123

1


Identifier


123

1



1


Identifier


1234

1


n

Identifier

Data

Tag





Data

Tag


1205901 1205903

m3

1205903


Data

Tag



TPA CSP TPA CSP

TPA CSPTPA CSP

= M998400

= D998400

= I998400



119894 120590119894) with (119898

1015840

119894 1205901015840

119894) uploaded by 119906

119896


1015840

119894for newly




119894) along with (119898

1015840

119894 1205901015840

119894) to

the CSPWhen 119906


119906119896sends (119880type =











isin 119885lowast

119901119897isin119871


119897 119903119897119897isin119871




120572 = prod

119895isin[1119904]

119892119901119896sum119897isin119871119903119897sdot119898119897119895

2119895

120573 = prod

119897isin119871

120590119903119897

119897

(4)



119890 (120573 119892119901119896

1) (5)


7 Security Analysis





119895isin[1119904]





(6)


RHS = 119890(prod

119897isin119871

120590119897

119903119897 1198921199011198961)

= 119890(prod

119897isin119871


119892119898119904119896)


119892119898119904119896)


(7)




1119892119898119904119896=

1198921198921199041198962119895119892119898119904119896




1198921199041198962119895119892119898119904119896119895isin[1119904]

When 119865

119892119886119896(id119894) for 120590

119894and 119865

119892119886119896(id119902) for 120590

119902are the same




119911


1205901015840

119911= 120590119911times 120575

= (1198921199041198961)119865119892119886119896(id119911)+sum119895isin[1119904] 1198921199041198962119895 sdot119898119911119895



(8)



1198981015840

119911= 119898

119911119895+ 119898119894119895

minus 119898119902119895119895isin[1119904]

However 119865119892119886119896

(id119894) and

119865119892119886119896







119902 120590119902) in place of (119898

119894 120590119894) such as

1205721015840= prod119895isin[1119904]


2119895and 120573

1015840= 120590119903119894

119902sdot prod119897isin119871119897 = 119894

120590119903119897

119897



119895isin[1119904]


2119895 119892)





1015840 1198921199011198961)

(9)


This means that 119865119892119886119896

(id119894) and 119865
















119866






119906119896harr TPA 119906


119896harr TPA

119906119896harr CSP 119906

119896harr TPA

119906119896harr CSP

119906119896harr CSP


1003816100381610038161003816 + |id| + 1003816100381610038161003816119906info1003816100381610038161003816 119889 times

1003816100381610038161003816119906info1003816100381610038161003816

1003816100381610038161003816119902id1003816100381610038161003816 + |id| + 1003816100381610038161003816119906info

1003816100381610038161003816



119866+ 119878 sdotMul

119866+ 119867119866


119866+ 119871 sdot 119867

119866


119866+ 119867119866


119866+ 119871 sdot 119867

119866


119866+ 119867119866


119866+ 119871 sdotMul

119885119901+ 119871 sdot 119867

119866


119885119901+ 119878 sdot Add

119885119901+ 119865prp


119866

119871 sdotMul119885119901

+ (119871 minus 1) sdot Add119885119901

+ 119871 sdot 119865prp


119866and one Mul



119866and Mul

119866







119866Thus it




9 Conclusion


Notations



lowast to 119866




119901

Add119885119901 Addition in 119885

119901




0

50

100

150

200

250

300

350

1 20 40 60 80 100

Tag

gene

ratio

n tim

e (m

s)



Yang and Jia [14]


0

1

2

3

4

5

6

7

100 200 300 400 500

Verifi

catio

n tim

e (s)



Yang and Jia [14]


0

1

2

3

4

5

6

20 40 60 80 100

Verifi

catio

n tim

e (s)



Yang and Jia [14]



Acknowledgment


References





























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in






(6)


RHS = 119890(prod

119897isin119871

120590119897

119903119897 1198921199011198961)

= 119890(prod

119897isin119871


119892119898119904119896)


119892119898119904119896)


(7)




1119892119898119904119896=

1198921198921199041198962119895119892119898119904119896




1198921199041198962119895119892119898119904119896119895isin[1119904]

When 119865

119892119886119896(id119894) for 120590

119894and 119865

119892119886119896(id119902) for 120590

119902are the same




119911


1205901015840

119911= 120590119911times 120575

= (1198921199041198961)119865119892119886119896(id119911)+sum119895isin[1119904] 1198921199041198962119895 sdot119898119911119895



(8)



1198981015840

119911= 119898

119911119895+ 119898119894119895

minus 119898119902119895119895isin[1119904]

However 119865119892119886119896

(id119894) and

119865119892119886119896







119902 120590119902) in place of (119898

119894 120590119894) such as

1205721015840= prod119895isin[1119904]


2119895and 120573

1015840= 120590119903119894

119902sdot prod119897isin119871119897 = 119894

120590119903119897

119897



119895isin[1119904]


2119895 119892)





1015840 1198921199011198961)

(9)


This means that 119865119892119886119896

(id119894) and 119865
















119866






119906119896harr TPA 119906


119896harr TPA

119906119896harr CSP 119906

119896harr TPA

119906119896harr CSP

119906119896harr CSP


1003816100381610038161003816 + |id| + 1003816100381610038161003816119906info1003816100381610038161003816 119889 times

1003816100381610038161003816119906info1003816100381610038161003816

1003816100381610038161003816119902id1003816100381610038161003816 + |id| + 1003816100381610038161003816119906info

1003816100381610038161003816



119866+ 119878 sdotMul

119866+ 119867119866


119866+ 119871 sdot 119867

119866


119866+ 119867119866


119866+ 119871 sdot 119867

119866


119866+ 119867119866


119866+ 119871 sdotMul

119885119901+ 119871 sdot 119867

119866


119885119901+ 119878 sdot Add

119885119901+ 119865prp


119866

119871 sdotMul119885119901

+ (119871 minus 1) sdot Add119885119901

+ 119871 sdot 119865prp


119866and one Mul



119866and Mul

119866







119866Thus it




9 Conclusion


Notations



lowast to 119866




119901

Add119885119901 Addition in 119885

119901




0

50

100

150

200

250

300

350

1 20 40 60 80 100

Tag

gene

ratio

n tim

e (m

s)



Yang and Jia [14]


0

1

2

3

4

5

6

7

100 200 300 400 500

Verifi

catio

n tim

e (s)



Yang and Jia [14]


0

1

2

3

4

5

6

20 40 60 80 100

Verifi

catio

n tim

e (s)



Yang and Jia [14]



Acknowledgment


References





























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in







119906119896harr TPA 119906


119896harr TPA

119906119896harr CSP 119906

119896harr TPA

119906119896harr CSP

119906119896harr CSP


1003816100381610038161003816 + |id| + 1003816100381610038161003816119906info1003816100381610038161003816 119889 times

1003816100381610038161003816119906info1003816100381610038161003816

1003816100381610038161003816119902id1003816100381610038161003816 + |id| + 1003816100381610038161003816119906info

1003816100381610038161003816



119866+ 119878 sdotMul

119866+ 119867119866


119866+ 119871 sdot 119867

119866


119866+ 119867119866


119866+ 119871 sdot 119867

119866


119866+ 119867119866


119866+ 119871 sdotMul

119885119901+ 119871 sdot 119867

119866


119885119901+ 119878 sdot Add

119885119901+ 119865prp


119866

119871 sdotMul119885119901

+ (119871 minus 1) sdot Add119885119901

+ 119871 sdot 119865prp


119866and one Mul



119866and Mul

119866







119866Thus it




9 Conclusion


Notations



lowast to 119866




119901

Add119885119901 Addition in 119885

119901




0

50

100

150

200

250

300

350

1 20 40 60 80 100

Tag

gene

ratio

n tim

e (m

s)



Yang and Jia [14]


0

1

2

3

4

5

6

7

100 200 300 400 500

Verifi

catio

n tim

e (s)



Yang and Jia [14]


0

1

2

3

4

5

6

20 40 60 80 100

Verifi

catio

n tim

e (s)



Yang and Jia [14]



Acknowledgment


References





























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in




0

50

100

150

200

250

300

350

1 20 40 60 80 100

Tag

gene

ratio

n tim

e (m

s)



Yang and Jia [14]


0

1

2

3

4

5

6

7

100 200 300 400 500

Verifi

catio

n tim

e (s)



Yang and Jia [14]


0

1

2

3

4

5

6

20 40 60 80 100

Verifi

catio

n tim

e (s)



Yang and Jia [14]



Acknowledgment


References





























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in
























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in



research article a secure and efficient audit mechanism...

Documents