Intrusion-resilient public auditing protocol for data storage in cloud computing

Abstract

Cloud storage auditing is a crucial service that provides integrity checking for clients’ data in the cloud server. However, if the client’s auditing secret key is exposed, the malicious cloud server can tamper even throw away the client’s data without being detected. In this paper, we propose an intrusion-resilient public auditing protocol that can reduce the damage caused by key exposure. In our protocol, the auditing secret key is managed by the client with the help of a third party auditor (TPA), who cannot compute the client’s auditing secret key. Our protocol divides the lifetime of file stored on cloud into several time periods, and each time period is further divided into several refreshing periods. We show that our protocol is secure (i.e., backward security and forward security) against the adversary as long as the client and TPA are compromised in different refreshing period. Our protocol still captures the forward security when the client and TPA are compromised in the same refreshing period.