Skip to main content
SpringerLink
Log in

Data storage auditing service in cloud computing: challenges, methods and opportunities

  • Published:
World Wide Web Aims and scope Submit manuscript

Abstract

Cloud computing is a promising computing model that enables convenient and on-demand network access to a shared pool of configurable computing resources. The first offered cloud service is moving data into the cloud: data owners let cloud service providers host their data on cloud servers and data consumers can access the data from the cloud servers. This new paradigm of data storage service also introduces new security challenges, because data owners and data servers have different identities and different business interests. Therefore, an independent auditing service is required to make sure that the data is correctly hosted in the Cloud. In this paper, we investigate this kind of problem and give an extensive survey of storage auditing methods in the literature. First, we give a set of requirements of the auditing protocol for data storage in cloud computing. Then, we introduce some existing auditing schemes and analyze them in terms of security and performance. Finally, some challenging issues are introduced in the design of efficient auditing protocol for data storage in cloud computing.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Armbrust, M., et al.: A view of cloud computing. Commun. ACM 53, 50–58 (2010)

    Article  Google Scholar 

  2. Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., Song, D.: Provable data possession at untrusted stores. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS ’07, pp. 598–609. ACM, New York, NY, USA (2007)

  3. Ateniese, G., Di Pietro, R., Mancini, L.V., Tsudik, G.: Scalable and efficient provable data possession. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, SecureComm ’08, pp. 9:1–9:10. ACM, New York, NY, USA (2008)

  4. Ateniese, G., Kamara, S., Katz, J.: Proofs of storage from homomorphic identification protocols. In: Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, ASIACRYPT ’09, pp. 319–333. Springer, Berlin, Heidelberg (2009)

  5. Bairavasundaram, L.N., Goodson, G.R., Pasupathy, S., Schindler, J.: An analysis of latent sector errors in disk drives. In: Proceedings of the 2007 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, SIGMETRICS ’07, pp. 289–300. ACM, New York, NY, USA (2007)

  6. Blum, M., Evans, W., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. In: Proceedings of the 32nd Annual Symposium on Foundations of Computer Science, SFCS ’91, pp. 90–99. IEEE Computer Society, Washington, DC, USA (1991)

  7. Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. J. Cryptol. 17, 297–319 (2004)

    Article  MathSciNet  MATH  Google Scholar 

  8. Bowers, K.D., Juels, A., Oprea, A.: Proofs of retrievability: theory and implementation. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW ’09, pp. 43–54. ACM, New York, NY, USA (2009)

  9. Cellan-Jones, R.: The Sidekick Cloud Disaster. BBC News, vol. 1 (2009)

  10. Chang, E.C., Xu, J.: Remote integrity check with dishonest storage server. In: Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security, ESORICS ’08, pp. 223–237. Springer, Berlin, Heidelberg (2008)

  11. Clarke, D., Devadas, S., van Dijk, M., Gassend, B., Suh, G.E.: Incremental multiset hash functions and their application to memory integrity checking. In: Proceedings of the 9th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, ASIACRYPT’03, pp. 188–207. Springer (2003)

  12. Curtmola, R., Khan, O., Burns, R.: Robust remote data checking. In: Proceedings of the 4th ACM International Workshop on Storage Security and Survivability, StorageSS ’08, pp. 63–68. ACM, New York, NY, USA (2008)

  13. Curtmola, R., Khan, O., Burns, R., Ateniese, G.: MR-PDP: multiple-replica provable data possession. In: Proceedings of the 2008 the 28th International Conference on Distributed Computing Systems, ICDCS ’08, pp. 411–420. IEEE Computer Society, Washington, DC, USA (2008)

  14. Deswarte, Y., Quisquater, J., Saidane, A.: Remote integrity checking. In: The Sixth Working Conference on Integrity and Internal Control in Information Systems (IICIS). Springer Netherlands (2004)

  15. Dodis, Y., Vadhan, S., Wichs, D.: Proofs of retrievability via hardness amplification. In: Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography, TCC ’09, pp. 109–127. Springer (2009)

  16. Dwork, C., Naor, M., Rothblum, G.N., Vaikuntanathan, V.: How efficient can memory checking be? In: Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography, TCC ’09, pp. 503–520. Springer (2009)

  17. Erway, C., Kupccu, A., Papamanthou, C., Tamassia, R.: Dynamic provable data possession. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS ’09, pp. 213–222. ACM, New York, NY, USA (2009)

  18. Gazzoni Filho, D., Barreto, P.: Demonstrating data possession and uncheatable data transfer. Tech. Rep., Citeseer (2006)

  19. Goodson, G.R., Wylie, J.J., Ganger, G.R., Reiter, M.K.: Efficient byzantine-tolerant erasure-coded storage. In: Proceedings of the 2004 International Conference on Dependable Systems and Networks, pp. 135–. IEEE Computer Society, Washington, DC, USA (2004)

  20. Hu, L., Ying, S., Jia, X., Zhao, K.: Towards an approach of semantic access control for cloud computing. In: Cloud Computing, pp. 145–156 (2009)

  21. Juels, A., Kaliski, Jr., B.S.: Pors: proofs of retrievability for large files. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS ’07, pp. 584–597. ACM, New York, NY, USA (2007)

  22. Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: scalable secure file sharing on untrusted storage. In: Proceedings of the 2nd USENIX Conference on File and Storage Technologies, pp. 29–42. USENIX Association, Berkeley, CA, USA (2003)

  23. Kher, V., Kim, Y.: Securing distributed storage: challenges, techniques, and systems. In: Proceedings of the 2005 ACM workshop on Storage Security and Survivability, StorageSS ’05, pp. 9–25. ACM, New York, NY, USA (2005)

  24. Krohn, M., Freedman, M., Mazieres, D.: On-the-fly verification of rateless erasure codes for efficient content distribution. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 226–240 (2004)

  25. Kubiatowicz, J., et al.: Oceanstore: an architecture for global-scale persistent storage. SIGPLAN Not. 35, 190–201 (2000)

    Article  Google Scholar 

  26. Li, J., Krohn, M., Mazieres, D., Shasha, D.: Secure untrusted data repository (sundr). In: Proceedings of the 6th Conference on Symposium on Operating Systems Design & Implementation, vol. 6, pp. 9–9. USENIX Association, Berkeley, CA, USA (2004)

  27. Li, M., Yu, S., Ren, K., Lou, W.: Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings. In: Security and Privacy in Communication Networks, pp. 89–106 (2010)

  28. Lillibridge, M., Elnikety, S., Birrell, A., Burrows, M., Isard, M.: A cooperative internet backup scheme. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, pp. 3–3. USENIX Association, Berkeley, CA, USA (2003)

  29. Lin, J.: Cloud Data Storage for Group Collaborations. Lecture Notes in Engineering and Computer Science, vol. 2183 (2010)

  30. Maheshwari, U., Vingralek, R., Shapiro, W.: How to build a trusted database system on untrusted storage. In: Proceedings of the 4th Conference on Symposium on Operating System Design & Implementation, OSDI’00, vol. 4, pp. 10–10. USENIX Association, Berkeley, CA, USA (2000)

  31. Maniatis, P., Roussopoulos, M., Giuli, T.J., Rosenthal, D.S.H., Baker, M.: The lockss peer-to-peer digital preservation system. ACM Trans. Comput. Syst. 23, 2–50 (2005)

    Article  Google Scholar 

  32. Mell, P., Grance, T.: The NIST definition of cloud computing. Tech. Rep., National Institute of Standards and Technology (2009)

  33. Merkle, R.C.: Protocols for public key cryptosystems. IEEE Symposium on Security and Privacy, p. 122 (1980)

  34. Miller, R.: Amazon addresses EC2 power outages. Data Center Knowledge 1 (2010)

  35. Muthitacharoen, A., Morris, R., Gil, T.M., Chen, B.: Ivy: a read/write peer-to-peer file system. In: Proceedings of the 5th Symposium on Operating Systems Design and Implementation, OSDI ’02, pp. 31–44. ACM, New York, NY, USA (2002)

  36. Naor, M., Rothblum, G.N.: The complexity of online memory checking. In: Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science, FOCS ’05, pp. 573–584. IEEE Computer Society, Washington, DC, USA (2005)

  37. Oprea, A., Reiter, M., Yang, K.: Space-efficient block storage integrity. In: Proceedings of the NDSS Symposium, Citeseer (2005)

  38. Papamanthou, C., Tamassia, R., Triandopoulos, N.: Authenticated hash tables. In: Proceedings of the 15th ACM conference on Computer and Communications Security, CCS ’08, pp. 437–448. ACM, New York, NY, USA (2008)

  39. Plank, J.S.: A tutorial on reed-solomon coding for fault-tolerance in raid-like systems. Softw. Pract. Exp. 27, 995–1012 (1997)

    Article  Google Scholar 

  40. Schroeder, B., Gibson, G.A.: Disk failures in the real world: what does an mttf of 1,000,000 hours mean to you? In: Proceedings of the 5th USENIX conference on File and Storage Technologies. USENIX Association, Berkeley, CA, USA (2007)

  41. Schwarz, T., Miller, E.: Store, forget, and check: Using algebraic signatures to check remotely administered storage. In: Proceedings of the 26th IEEE International Conference on Distributed Computing Systems (ICDCS’06), p. 12 (2006). doi:10.1109/ICDCS.2006.80

  42. Sebe, F., Domingo-Ferrer, J., Martinez-Balleste, A., Deswarte, Y., Quisquater, J.J.: Efficient remote data possession checking in critical information infrastructures. IEEE Trans. Knowl. Data Eng. 20, 1034–1038 (2008)

    Article  Google Scholar 

  43. Shacham, H., Waters, B.: Compact proofs of retrievability. In: Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, ASIACRYPT ’08, pp. 90–107. Springer, Berlin, Heidelberg (2008)

  44. Shah, M., Swaminathan, R., Baker, M.: Privacy-preserving audit and extraction of digital contents. Tech. rep., Cryptology ePrint Archive, Report 2008/186, 2008. http://eprint.iacr.org (2008)

  45. Shah, M.A., Baker, M., Mogul, J.C., Swaminathan, R.: Auditing to keep online storage services honest. In: Proceedings of the 11th USENIX workshop on Hot Topics in Operating Systems, pp. 11:1–11:6. USENIX Association, Berkeley, CA, USA (2007)

  46. Shoup, V.: On the security of a practical identification scheme. In: Proceedings of the 15th Annual International Conference on Theory and Application of Cryptographic Techniques, EUROCRYPT’96, pp. 344–353. Springer, Berlin, Heidelberg (1996)

  47. Smart, N.P., Warinschi, B.: Identity based group signatures from hierarchical identity-based encryption. In: Proceedings of the 3rd International Conference Palo Alto on Pairing-Based Cryptography, Pairing ’09, pp. 150–170. Springer, Berlin, Heidelberg (2009)

  48. Velte, T., Velte, A., Elsenpeter, R.: Cloud Computing: a Practical Approach, 1 edn., chap. 7. McGraw-Hill, New York, NY, USA (2010)

    Google Scholar 

  49. Wang, C., Ren, K., Lou, W., Li, J.: Toward publicly auditable secure cloud data storage services. IEEE Netw. 24(4), 19–24 (2010). doi:10.1109/MNET.2010.5510914

    Article  Google Scholar 

  50. Wang, C., Wang, Q., Ren, K., Lou, W.: Privacy-preserving public auditing for data storage security in cloud computing. In: Proceedings of the 29th Conference on Information Communications, INFOCOM’10, pp. 525–533. IEEE Press, Piscataway, NJ, USA (2010)

  51. Wang, Q., Wang, C., Li, J., Ren, K., Lou, W.: Enabling public verifiability and data dynamics for storage security in cloud computing. In: Proceedings of the 14th European conference on Research in Computer Security, ESORICS’09, pp. 355–370. Springer, Berlin, Heidelberg (2009)

  52. Yamamoto, G., Oda, S., Aoki, K.: Fast integrity for large data. In: Proceedings of the ECRYPT Workshop on Software Performance Enhancement for Encryption and Decryption, pp. 21–32. ECRYPT, Amsterdam, The Netherlands (2007)

  53. Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceedings of the 29th Conference on Information Communications, pp. 534–542. IEEE Press (2010)

  54. Yumerefendi, A.R., Chase, J.S.: Strong accountability for network storage. Trans. Storage 3 (2007)

  55. Zeng, K.: Publicly verifiable remote data integrity. In: Proceedings of the 10th International Conference on Information and Communications Security, ICICS ’08, pp. 419–434. Springer, Berlin, Heidelberg (2008)

  56. Zhu, Y., Wang, H., Hu, Z., Ahn, G., Hu, H., Yau, S.: Cooperative provable data possession 0 (2010)

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, City University of Hong Kong, Kowloon, Hong Kong

    Kan Yang & Xiaohua Jia

Authors
  1. Kan Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiaohua Jia
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kan Yang.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Yang, K., Jia, X. Data storage auditing service in cloud computing: challenges, methods and opportunities. World Wide Web 15, 409–428 (2012). https://doi.org/10.1007/s11280-011-0138-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11280-011-0138-0

Keywords

Search

Navigation