Yangfei Lin, University of Tsukuba, Jie Li, Shanghai Jiaotong University, Shaozhen Ye, Fuzhou University
Published: 13 Nov 2019
Consortium blockchain is introduced into public integrity verification for cloud storage. The auditor behaviors are recorded in the consortium blockchain and the smart contract is deployed to check the behavior of the auditor. The performance evaluations show that our proposed scheme can alleviate the burden on data owners.
Cloud storage service, with its convenience and efficiency, has became popular among personal users and enterprises . However, once the data outsourced to a cloud, the data owners lose actual control of them, which introduces new security challenges. The data can be deleted or tampered by an untrusted cloud. To solve the problems, cloud data storage auditing has been proposed. Proofs of Retrievability (POR)  and Provable Data Possession (PDP)  are the primary remote data auditing techniques which allow a data owner or a third party auditor to verify the integrity of outsourced data without actually having them as private and public auditing. Most existing public auditing schemes have an assumption that the auditor is honest and cannot be corrupted, which may not be true. A dishonest auditor can cover his nonfeasance by claiming that the designated data has been kept intact in cloud. What is worse, a malicious auditor can collude with the cloud server to mislead the data owner. To tackle this issue, public verification of data integrity for cloud storage against malicious auditors has been proposed. Armknecht et al.  first propose an outsourced POR scheme called Fortress for dealing with malicious auditors. However, their work cannot achieve public auditing with a satisfying communication overhead. Zhang et al.  proposes a secure certificateless public verification (SCLPV) scheme which prevents from malicious auditors by storing all the auditing proofs into a log file. Then they improved their scheme against procrastinating auditors called CPVPA  by recording every auditing proofs into a public blockchain as transactions. However, these schemes leave the burden to data owners to check auditor behaviors which still requires a lot computation time. To reduce the verification burden on data owners, we propose a consortium blockchain based public integrity verification (CBPIV) scheme where the consortium blockchain stores all of the auditing records. Smart contract is utilized to facilitate automatic checking of auditing records generated by the auditor. Performance analyses show that the proposed scheme can achieve degisn goals with efficiency.
2. System Design
As shown in Figure 1, the system model considered here consists of: a data owner, a cloud server , a Third Party Auditor (TPA) and a consortiun blockchain.
(1) Data owner: The data owner is the client who uploads his/her data to remote cloud servers.
(2) Cloud server: The cloud server refers to the enterprise that provides massive storage space and computing resources for cloud service users.
(3) Third Party Auditor: The TPA is in charge of auditing the integrity of cloudstored data on behalf of data owners.
(4) Consortium Blockchain: The consortium blockchain stores the auditing records from the TPA, where smart contract verifies the correctness of the auditing records.
2.2 Design Goals
We intend to reach the following three goals:
- Correctness: The proposed scheme should make sure that the auditing result is correct.
- Efficiency: The communication overhead and computation overhead for data owners to verify the integrity of cloud - stored data should be constant and not be proportional with the volume of data.
- Accountable Traceability: Any misbehavior should be traced to the source with an overwhelming probability including dishonest cloud servers and malicious auditors.
3. Consortium Blockchain Based Cloud Data Auditing
The proposed scheme consists of 7 processes, as shown in Figure 2. The construction of the proposed scheme is as follows:
4. Performance Evaluation
We compare our scheme CBPIV with Fortress , SCLPV  and CPVPA  for the reason that these schemes all propose to protect against untrusted auditors. As shown in Table 1,all the schemes enable public auditing. SCLPV  and CPVPA  use a homomorphic certiﬁcateless authenticable signature technique to fulﬁll certiﬁcateless auditing. The above schemes rely on data owners to perform the veriﬁcation of auditors, which involves heavy communication and computation overheads. Our scheme can not only prevent TPA from colluding with the cloud, but also enable automatic reauditing of TPAs behaviors by authenticated parties. By using smart contract, the burden of veriﬁcation computation on data owners is transfered to the blockchain. The consortium blockchain can alert data owners when their data’s veriﬁcation results are discrepant. Also, random masking technique is adopted to resist the external adversary that lie in the channels between auditors and cloud servers.
The merit of using consortium blockchain instead of public blockchain is less computation time for creating a block. Consortium blockchain has limited participants trusted by some extent to perform the consensus process, while in public blockchain, everyone can participate. The consensus protocol used in public blockchain, Proof of Work (PoW), has strong integrity guarantees but costs more than 100s for a veriﬁcation. While the Practical Byzantine Fault Tolerance used in consortium blockchain takes less than 10s for a veriﬁcation. The throughput of transactions per second (TPS) is a few dozen in public blockchain, while for consortium blockchain it reaches the order of thousands . It is clear that the computation cost on creating blocks in consortium blockchain is much lower than that in public blockchain.
By deploying consortium blockchain into the cloud-stored data integrity audit-ing scheme, it supports verifying auditor’s behaviors. Auditing records are stored in the consortium blockchain, the task of checking the auditing records are operated by smart contract automatically. The performance analysis shows that our proposal alleviates the burden on data owners.
 K. Ren, C. Wang, and Q. Wang, “Security challenges for the public cloud,” IEEE Internet Computing, vol. 16, no. 1, pp. 69–73, 2012.
 H. Shacham and B. Waters, “Compact proofs of retrievability,” in International Conference on the Theory and Application of Cryptology and Information Security. Springer, 2008, pp. 90–107.
 G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, “Provable data possession at untrusted stores,” in Proceedings of the 14th ACM conference on Computer and communications security. Acm, 2007, pp. 598–609.
 F. Armknecht, J.-M. Bohli, G. O. Karame, Z. Liu, and C. A. Reuter, “Out sourced proofs of retrievability,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2014, pp. 831–843.
 Y. Zhang, C. Xu, S. Yu, H. Li, and X. Zhang, “Sclpv: Secure certificateless public verification for cloud-based cyber-physical-social systems against malicious auditors,” IEEE Transactions on Computational Social Systems, vol. 2, no. 4, pp. 159–170, 2015.
 Y. Zhang, C. Xu, X. Lin, and X. S. Shen, “Blockchain-based public integrity verification for cloud storage against procrastinating auditors,” IEEE Transactions on Cloud Computing, 2019.
 D. Boneh, B. Lynn, and H. Shacham, “Short signatures from the weil pairing,” in International Conference on the Theory and Application of Cryptology and Information Security. Springer, 2001, pp. 514–532.
 D. Mingxiao, M. Xiaofeng, Z. Zhe, W. Xiangwei, and C. Qijun, “A review on consensus algorithm of blockchain,” in 2017 IEEE International Conference on Systems, Man, and Cybernetics (SMC). IEEE, 2017, pp. 2567–2572.