Study on the Third-party Audit in Cloud Storage Service*

Ling Li Lin Xu Jing Li Changchun Zhang

School of Computer Science and Technology

University of Science and Technology of China

Hefei, Anhui, P.R. China

{liling, linxu, zccc}@mail.ustc.edu.cn, lj@ustc.edu.cn

Abstract—Cloud computing, emerging as a new scheme, makes adjustment for the utilization of available resources by using certain service mode. As one of the wide application services in cloud computing, cloud storage provides data storage and busi-ness access externally. The remote mode of service provision will inevitably come up against security problems and furthermore these problems will bring in crisis of confidence to the develop-ment of cloud computing services. That is bound to impede the wide application of cloud computing services due to the lack of necessary reliability. Analysis for the essence of these problems indicates that the introduction of an external trusted third-party audit (TPA) mechanism is important and indispensable for the protection of data security and the reliability of services. This paper mainly reviews and analyzes the problems occurring in current development of cloud storage. Besides, we also focus on analyzing the problems caused by introduction of the TPA in more details and exploring the application prospects and solu-tions for the TPA mechanism in cloud storage. Inspired by the research work, we propose the idea of a file-sharing system, which is built on top of our service delivery platform, with the TPA mechanism deployed, and discuss the assurance of reliabili-ty for the system.

Keywords-cloud computing; cloud storage; third-party audit mechanism; TPA; reliability

I. INTRODUCTION

Cloud computing, which emerges as a new scheme, has

been served as the next-generation infrastructure of the IT in-

dustry [1,2]. Cloud storage, as one of the wide application ser-

vices in the cloud, provides data storage and business access

services externally by connecting a large number of different

types of storage devices to work together through application

software [3]. As the concept of cloud storage spreading, many

established enterprises focus on it, such as Amazon with its

Simple Storage Service (S3) aiming to provide Internet servic-

es in the form of storage and computing, CDNetworks and

Nirvanix with its platform where cloud storage and data deli-

very services are integrated, Microsoft with its Windows Live

SkyDrive beta version which provides users with online sto-

rage of experience, EMC announcing its membership in “Daoli

Trusted Infrastructure Project”, and IBM planning to use cloud

computing standard to expand its global backup center [4,5].

* Sponsored by Comprehensive Strategic Cooperation Project with CAS and

Guangdong province (2010A090100027), USTC-Lenovo Joint Laboratory for

Cloud Computing, the CNGI Project (2008BAH37B05), Anhui Natural

Science Foundation (090412064), and the USTC Innovation Foundation of

Graduate Student.

The growth of data storage capacity brings pressure to storage

industry, but conversely contributes to its rapid development

simultaneously. So cloud storage has become the ideal candi-

date for the next generation of storage services.

The development of new services will always coexist with

opportunities and challenges. At present, almost all front-line

IT enterprises are involved in cloud storage by services provi-

sion. Each of them gives its own cloud storage architecture

based on their traditional technology and marketing strategies

and offers cloud services externally. But while provision of

services, we must take the problems emerging from the storage

operations in cloud into account. When the data store on per-

sonal devices, users have the highest privilege to operate on

them and ensure its security. But once the users choose to put

data into cloud, they lose their control over the data. That be-

cause cloud storage services providers (such as Amazon,

Google, Microsoft and others) are all independent entities, each

of which has its own data services and security policies and is

responsible for data operations and security respectively with-

out users‟ participation. Now, all cloud computing service pro-

viders try their best to introduce new services and promise data

security due to the competitive market of application, however,

the actual situation is not satisfactory. The cases cited in [6-9]

illustrate that cloud computing infrastructures also suffer from

internal or external data security threats in spite of the claimed

completeness given by the service providers. At the same time,

for the sake of keeping reputation, service providers may deli-

berately conceal accidents caused by data loss [10]. In addition

to cloud storage services, the users also need to be authenti-

cated and authorized to access so as to prevent stealing other

users‟ data through service failure or system intrusion. From

these facts, we can see that the problems, such as equipment

failures, authentication errors, and service delays, bring crisis

of confidence to cloud services. So reliability assurance is one

of the key factors to promote the popularity of cloud compu-

ting services.

According to the report “Assessing the Security Risks of

Cloud Computing” given by consulting firm Gartner, we can

see that there are seven potential security risks around cloud

computing services [11], such as privileged user access, regu-

latory compliance, data location, data segregation, recovery,

investigation support and long-term viability. We divide these

security risks into the following three aspects according to their

different contents.

220

2011 International Conference on Cloud and Service Computing

978-1-4577-1637-9/11/$26.00 ©2011 IEEE

1) data transmission and storage security

Around the cloud service environment, data users send data

to service providers mainly through the network. The user‟s

personal information, financial situation, privacy and so on

may be involved into the personal data, which must be pro-

tected by certain secure transmission modes, such as Secure

Sockets Layer (SSL), Point to Point Tunneling Protocol

(PPTP), Virtual Private Network (VPN) and so on. Filters are

also be added into the network to monitor the data flow be-

tween users and service providers and prevent sensitive data

leakage in real time. For example, the concept of “cloud fire-

wall” mentioned in [12].

Taking the importance of users‟ data into account, either

users or service providers often encrypt the data files in order

to ensure their privacy and isolation. Amazon S3 generates

MD5 hash automatically when users store their data to ensure

data integration. In this way, there is no need to utilize external

tools for MD5 checksum generation and it can also prevent

data leakage because there is no need to provide data informa-

tion to external entities. Craig Gentry of IBM Research Center

proposed “Ideal Lattice” mathematic model in [13] which

enables users to fully operate on encrypted data. At the same

time, service providers are able to accept users‟ commission in

order to make fully analysis for the data.

2) data audit security

While transferring data between users and service providers,

it is hard to avoid malicious attack, even on encrypted data. In

order to ensure data integrity, the best way is to introduce au-

thentication mechanism based on the third party. Audit is often

a two-way mechanism. As for users, it is necessary to audit

their operation strictly for ensuring the legality of their data

access. In this way, users can require their data safely at any

time. As for service providers, they should provide useful in-

formation to the TPA for assisting data integrity and security

audit. The ultimate goal of audit is to get win-win situation

between users and service providers. The audit mechanism can

help users choose the most suitable one among all sorts of ser-

vice providers. In the meantime, it can also help the service

providers establish their reputation to make more profits by

attracting more users.

3) security risk prevention strategies

Service Level Agreement (SLA) between users and service

providers is a useful solution to reduce the security risk. It is

one of cloud computing services‟ advantages. SLA serves as

the standard for service supply, quality of service, service mon-

itoring and controlling. It tries to detect the workflow which

does not meet with the expected quality of service and make

adjustments correspondingly. At the same time, some items are

established in SLA to avoid risks, typical ones including selec-

tion of service provider with high reputation, encryption for

both transmission channels, security for data storage location,

ability to data recovery, definition of data recovery time and so

on.

The security issues mentioned above include both intrinsic

risks of cloud services and problems through service supply.

The difficulties while dealing with these issues slow down the

development of cloud computing applications. Therefore, the

introduction of an appropriate security strategy or mechanism

(such as a trusted third-party audit) for protecting the stabiliza-

tion of cloud computing becomes necessary. In this paper, we

mainly focus on the third-party audit mechanism in cloud

computing services. We review and analyze the problems

around current cloud services and discuss the challenges and

technology solutions for the introduction of the TPA mechan-

ism. Note that we will use TPA as the abbreviation of

third-party audit in this paper. The rest of this paper is orga-

nized as follows. In section II, we illustrate the concept of TPA

and explore the prospects of its usage in cloud storage. Then

reasonable advices to solve the problems using TPA are dis-

cussed in section III. The fourth part gives brief description of

our own research work based on TPA. At last we conclude the

paper and look forward for the future work.

II. THE THIRD-PARTY AUDIT

Users choose cloud storage because of its convenient ser-

vice provision. During the service process, users focus on the

problem whether the data stored in the cloud is safe or not. But

for the service provider, the main concern is the profits while

providing convenient services. For both parties that focus on

different aspects, the TPA operating as an independent and

credible entity plays well in guaranteeing the trust relationship

between the two parties. The TPA has professional authenticate

knowledge and audit skills. Familiar with the SLA between

users and service providers, it can find and evaluate the poten-

tial risks objectively. Users without professional knowledge

and skills can evaluate the safety of cloud storage service rely-

ing on the TPA when they make service request and do the

right choice at the same time. Cloud storage service providers

can also improve their services according to the audit report

given by the TPA [14,15].

The introduction of the TPA mechanism refers to the com-

prehensive assessment of the phases of the cloud storage ser-

vices including security management, configuration manage-

ment, fault and abnormal management, data management, op-

eration management and so on [17]. Users may be unaware of

the location of data while using cloud storage services due to

the distributed characteristics of cloud computing, which re-

quires the TPA to be clear with the laws and regulations in the

area where data have been stored. So this is the main consider-

ation for the audit to service safety and configuration manage-

ment. The listed cases in [6-9] indicate that an SLA should be

established between users and service providers, in which the

specified responsibility and consequences will be pointed out,

in order to avoid the problems appeared in the process of ser-

vices. Agreement should specify the methods to process data,

emergency measures to deal with failure and abnormal, conti-

nuous service providing and the consequences of SLA viola-

tion, and so on in detail for service providers. So this is the

221

main consideration for the audit to fault and abnormal in ser-

vice and data management. For providing storages and busi-

ness access services externally, strict access control audit is

particularly important. Access control audit to the system,

network, and applications associated with cloud storage ser-

vices can prevent viruses, network intrusion, data leakage and

other security issues and also enhance management capacity of

those services.

In view of the audit mechanism involving the evaluation

work of several management phases of cloud storage, its range

is wider. According to audit methods for traditional patterns of

business, literature [14] divides audit mechanism into two

modes: internal audit and external audit. Internal audit inspects

the internal behavior and process of service providers and try

to avoid the violation of SLA of the service providers. When

internal audit starts, auditors need comprehensive understand-

ing of the risk in storage service and good measures about

dealing with them in industry. Baker enumerates the related

risks of data protection in [16], but the information is insuffi-

cient to the needs of audit work because the information about

storage service is difficult to obtain. At the same time, whether

the internal audit work takes extra expenses or brings in unex-

pected risk still need further research. As the internal audit will

check the internal behavior and process of service providers,

internal operating process of those providers will be exposed in

the audit results. As a result, most service providers may not

allow internal audit, and the TPA mainly tends to external audit

mode. External audit provides end-to-end service quality me-

trics using SLA. The main purpose is to ensure data integrity in

storage services. Through the APIs offered by the service pro-

viders, external audit can examine the data stored in the service

providers by sampling and ensure their integrity, for example,

using the APIs provided by Amazon S3 to realize data access

[14]. But now most service providers mainly give priority to

economic profits without interfaces for the TPA, Thus there

will be more limits to the external audit work.

Both the internal and external audit need to be guided with

complete audit methodology. In [17,18], they have discussed

the specific contents of the audit methodology. Generally

speaking, the TPA includes three main phases: Audit planning

phase, execute audit phase and post-audit phase. Audit plan-

ning phase first need to make sure the audit content, audit de-

tails and so on, and then determine the audit schedule. At the

same time, it will also need to provide auditors with the basic

background of current audit work. Fully understanding of the

background knowledge helps auditors get the main purpose of

the audit, and makes the work focused more clearly. Sufficient

preparation in the audit planning phase is helpful to maximize

the efficiency of audit work [18]. Execute audit phase eva-

luates the superiority and insufficiency of current safety strat-

egy and points out its potential security threats. Evaluation and

verification are key audit technologies during this phase. Au-

ditors evaluate the matching degree between the methods used

to solve the existing security threats and the internal and exter-

nal security standard. In the audit report, it gives the sugges-

tions for improving, with which the objects of audit can make

suitable improvement. Verification process is mainly for the

data integrity and the consistency of safety strategy and reali-

zation. It tries to find out the items lacking in those strategies

or standards and make supplement in time. In the post-audit

phase, special organizations will deal with the corresponding

problems and make improve on them according to the audit

report given by the auditors.

III. ISSUES AND SOLUTIONS FOR THE APPLICATION OF TPA

As for a system, an independent trusted TPA, which is be-

tween data user and service provider, must have the ability to

deal with some common problems to meet different design

requirements. [14,15] have listed the functions of TPA with an

ideal state theoretically. So, taking both the theoretical and the

practical application into account, the TPA should have the

following five basic functions.

A. protection for data integrity

If users choose cloud storage services, they will expect

much of data security in cloud storage service provider. Then

the cloud storage service provider will customize the service

about privacy of data with the users by SLA and monitor with

TPA during service process. Users expect that it can maintain

data integrity in the audit process such as the service provider

can‟t read or leak any data, and the audit process should not

introduce any new security threats. Traditional encryption

technology is widely used in data privacy protection. Data en-

cryption technology transforms the original information

(known as plaintext) and encryption keys into a completely

random message (known as ciphertext) with encryption algo-

rithm; and that decryption is the reverse process of encryption

[19]. On the other hand, both user and service provider are in

the same network communication environment. So their ex-

changes of information are inevitably confronted with prob-

lems, such as information leakage, traffic analysis, camouflage,

sequential modification and so on [13], so message authentica-

tion done by a trusted TPA is indispensable.

Message authentication is one of the mechanism or service

to verify message integrity [19]. The TPA will confirm that

data received and sent are the same (i.e. no change, insert, de-

lete or replay) by message authentication, and the identity

claimed by the sender is true and valid. For message authenti-

cation, one of the most common cryptographic technologies is

Message Authentication Code (MAC) [15,19]. MAC generates

metadata in fixed length by using encryption key, and sends

message to the receiver with metadata attached to. The receiver

will re-calculate the MAC of receiving data using decryption

key. Comparing the new MAC with the original one, if they are

the same, then the receiver can trust that the message has not

been modified and it is from the real sender. The basic func-

tions of message authentication code are shown in Fig. 1 [19].

222

M ‖

C

M

C(K,M)

C

comparison

K

Source A HostB

（a）message authentication

M ‖

C

EK1

K2E(K2,[M‖C(K1,M)])

D

K2

M

C(K,M)

C

K1

（b）message authentication and confidentiality: authentication with plaintext

M E

K2

‖

C

K1

C(K1,E(K2,M))

E(K2,M)

K1

CD

K2

M

（c）message authentication and confidentiality: authentication with ciphertext

K

comparison

comparison

Figure 1. Usage of MAC

E-encryption, D-decryption, M-message, C-MAC function, K-key

In the audit process of cloud storage, the data user needs to

partition the data file F into blocks bi i ∈ 1, ⋯ , n , and get

the message authentication code δ i = MAC𝑠𝑘 𝑖 b𝑖 for each

block by secret key sk. Used as metadata for auxiliary authori-

zation, collection of message authentication code for each

block δ i 1≤i≤n will be sent to cloud storage service pro-

vider with file blocks. At the same time, the key sk will be sent

to the TPA. According to the method of message authentica-

tion introduced previously, TPA will request randomized block

of data file F and its MAC value bi ,δ i from the service

provider. And then re-calculate MAC value δ i′

of these ran-

domized blocks by key sk, and compare with original data to

achieve the target of audit. The insufficiency of this audit is

[15,20,21]: 1) in the audit process, TPA should request the

user's original data from cloud storage service providers. The

request process may threaten the privacy of user data; 2) TPA

requests randomized data blocks from service providers. The

volume of sample data determines linear communication com-

plexity and computational complexity of the audit process,

resulting in increasing of audit overhead.

In order to prevent the potential threat and linear complex-

ity of requesting service provider for user‟s original data, im-

proved audit method will select a set of keys 𝑠𝑘𝑖 1 ≤ 𝑖 ≤ 𝑛 ,

rather than one single key, when the data users calculate the

MAC values. And then calculate the MAC value set

𝑀𝐴𝐶𝑠𝑘 𝑖 𝐹 1 ≤ 𝑖 ≤ 𝑛 of corresponding file blocks asso-

ciated with these keys. Data file will be sent to cloud storage

service provider, while the set of keys and MAC values will be

sent to the TPA. So the audit process of TPA has been changed

as that TPA provides a single key ski to service provider and

request the new value MAC𝑠𝑘𝑖

′ 𝐹 calculated by the key. It is

only for comparison purpose, so there is no need to require the

original user data from service provider. However, the new

method still has some deficiencies [15,20,21]. The number of

selected keys limits the times of audit to data files. If the keys

are used up in the audit process, users have to request original

data from service providers again, re-calculate and re-distribute

MAC values, which will lead to the increasing of audit over-

head.

B. support for data dynamic

In the process of cloud storage services, users store their

data into the cloud remotely, so researches on security of re-

mote data storage arise and develop rapidly. Literatures

[10,14,15,20,21] have proposed their own security mechanisms.

The object of all these studies is "static data", which can only

be applied in specific situation, such as book information in

library, scientific documents in museum, and so on [22]. But

typically for the log file, it has dynamic characteristic. The user

may add, delete, update or do any other routine operations at

any time. Therefore, TPA must support the dynamic characte-

ristic of the data. And it is able to verify data integrity even

when user data has been changed, which will make it possible

to be used in a wide range of applications.

To support the dynamic characteristics of the data, the most

general way of audit is that the user downloads data files from

the service provider and performs block-level operations on the

data files, then re-calculates authentication information of cor-

responding data blocks. The authentication information is

passed back to TPA, as the new metadata used for the next

verification. But in view of the huge cost of downloading and

re-calculating for users, such methods only have the theoretical

value, which cannot be applied in practice. In [10,23], Ateniese

has proposed formalized model provable data possession (PDP

shown in Fig. 2) to provide authentication between users and

service providers. PDP model uses homomorphic verifiable

tags (HVTs) based on RSA as metadata of authentication. The

verification process relies on a random sampling of data file

blocks to give reasonable probabilistic guarantee. However,

this mechanism limits the operations on data file blocks, and

therefore it can only provide incomplete support for data dy-

namic. And in [22], it has proposed challenge-response proto-

col based on erasure codes technology in distributed applica-

tion environment, which has the same issue.

F

input

client server

generate metadata (m) and

modified file (F') no data processing

m

m

F'

F'

store for the client store for the server

client server

(1)generate random

challenge R (2)compute

proof of

possession P

m

m

F'

P

store for the client store for the server

R

F'

(3)verify server’s

proof

0/1

（a）pre-process

and store

（b）verification

of server

possession

Figure 2. PDP Protocol

Based on the research work of PDP model, Erway [24] has

brought up a dynamic version of PDP model to support data

verification after update dynamically. The audit process uses a

rank-based authenticated skip list to find the data file blocks

and verify its tag information. The correctness of the data

structure has been proved in [25,26], so the correctness about

the audit result can be strictly guaranteed. In DPDP mechanism,

223

update operation of data file has been expanded from the orig-

inal append to arbitrarily insert, delete, and so on in any posi-

tion of data files. Then it can embody the real needs of users

better. Erway‟s research is the first exploration in audit to pro-

vide completely verification for data dynamic. It inspires the

following researches, such as [21], to use the famous data

structure Merkle Hash Tree (MHT) for verification. Data file

blocks are abstracted as MHT‟s leaf nodes. It can effectively

verify the data blocks with both the information of root node

and the auxiliary authentication information of sibling nodes

from leaf to root.

C. support for access control

In addition to integrity authentication and dynamic assur-

ance for data stored by service provider, the users also need a

trusted system to verify their identities and resource access and

usage. So functions of TPA can be expanded based on data

audit, such as increasing access control and identity authentica-

tion mechanisms to monitor users in cloud environment, the-

reby increasing the visibility and reliability of cloud users.

The Trusted Computer System Evaluation Criteria (the

Orange Book) [27] released by U.S. Department of Defense is

the accepted criteria for security classification in computer

system. As one of the main security requirements, access con-

trol mechanism [28] is composed of two important processes:

○1 authentication, to verify the legal status of the subject; ○2authorization, to restrict user level for accessing to resources.

So any illegal, unauthorized data access will be monitored as

problems in the distributed network environment of cloud sto-

rage. For such problems, we can add in the ability of safe net-

work management [29] in TPA mechanisms through identifi-

cation and authorization for users, i.e. identification and au-

thentication before users‟ accessing to system, and authority

control before service invocation. So the process of access

control between data users, TPA and service providers in cloud

storage environments is: ○1 data users and TPA: data users log

into the TPA to complete the identity authentication; TPA cer-

tifies information provided by the users, legitimate users will

be given the rights for accessing; TPA mechanism determines

whether the operation request of the users meet a given per-

mission interval, legal operation request will be sent to storage

service providers. ○2 TPA and storage service providers: if it is

the first time for the TPA to send request to storage service

provider, storage server provider needs to verify the identity of

this TPA to establish a trusted session, and then the related

services will be provided based on the previous trusted session.

For access control mechanism between the three parties in

the cloud storage environment, one well-known authentication

protocol based on symmetric encryption system is Kerberos

[19,30-32], another two are Public Key Infrastructure (PKI)

based on public key encryption system [33] and SESAME [34].

Key distribution center (KDC) is introduced in Kerberos pro-

tocol, as a trusted third party used in user identity verification

process. Data owners only need to provide authentication in-

formation once and then they can get access to various services

by tickets. The shared key between data owners and system

services ensures security of protocol. PKI follows X.509 stan-

dard and use asymmetric cryptographic algorithm theory to

build security infrastructure to provide service to data users.

The core executive component is Certificate Authority (CA),

and its core element is a digital certificate [33]. SESAME is the

abbreviation form of Secure European System for Applications

in a Multi-vendor Environment. It provides distributed access

control mechanism based on more advanced single sign on

function. All of the interactive data between both parties are

dealing with asymmetric encryption approach. The overall

authentication process is similar to the Kerberos protocol.

D. support for batch audit

Application of TPA ensures privacy and integrity of user

data stored in the cloud environment. Cloud storage service is

for the majority of users group, each user may have request of

data security to a TPA after storing data, so TPA must have the

ability to cope with large-scale user requests. Based on the

conventional first come first serve (FCFS) principle, the first

request reaching the TPA is given top priority to be dealt with.

In the process, a new authentication request will be placed in

queue, waiting for the first authentication request to be finished.

However, in some cases, a single user may initiate several au-

thentication requests at the same time, and then execution in

order will lead to waste of time and high cost for calculation.

Batch processing mechanism, gathering all different au-

thentication requests from different users and process at once,

is an effective way that can be used by TPA. Compared to

process in order, the batch system can greatly save time and

reduce audit costs. [24] has brought up concurrent access in

multi-user collaboration in cloud storage [15,20,21]. In the

study of remote storage data security, it also states the issue of

batch process for certification request. The bilinear aggregate

signature technology [35,36] provides great help for study of

this problem.

Signatures signed by different users for different messages

are aggregated into a single signature by bilinear aggregate

signature technology. The effective audit for the aggregated

signature can indicate that all messages are true. As the tech-

nical basis, a bilinear map is a map meet with the following

four properties [37,38]: e ∶ G1 × G2 → GT ,

a) bilinear: ∀u ∈ G1, v ∈ G2, ∀a, b ∈ Z, e ua , vb =e u, v ab ,

b) non-degenerate: e g1, g2 ≠ 1,

c) ∀u1, u2 ∈ G1, ∀v ∈ G2, e u1u2, v = e u1, v e u2, v ,

d) ∀u，vϵG2, e ψ u , v = e ψ v , u ,

where G1 and G2 are two multiplicative cyclic groups of prime

order p; g1 and g2 are generators of G1 and G2 respectively;

ψ：G2 → G1 is a computable isomorphism from G2 to G1 and

with ψ g2 = g1; GT is a target multiplicative cyclic group

with G1 = G2 = GT . Bilinear aggregate signature me-

chanism makes use of a bilinear map on G1 and G2 mentioned

above. Its verification progress is composed of five steps [35]:

224

a) key generation, user randomly picks x ← Zp and uses x

for computing v ← g2x , and then sets v ∈ G2 as user‟s public

key, x ∈ Zp as user‟s secret key.

b) signature, suppose that x is user‟s secret key, M stands for

message, the hash of message can be obtained as h ←H M h ∈ G1

and the signature of message will be σ ←hx σ ∈ G1

.

c) verification, suppose that v is user‟s public key, M stands

for message, signature of the message is σ , verification

progress should check e σ , g2 = e(h, v)︱h ← 𝐻(𝑀)

based on property 1of bilinear maps. If the equation is estab-

lished, it indicates the validity of the signature.

d) aggregation, each user ui provides a signature σiϵG1 on

a message Mi, and then aggregate them by

σ ← σ iki=1 σ ϵG1

. e) aggregate verification, suppose that vi ∈ G2 are all users‟

public keys, Mi stand for all messages, σ is the aggregation

of all messages, now verification progress should check

e σ , g2 = e(hi , vi)︱hi ← 𝐻(𝑀𝑖) based on property 1of

bilinear maps. If the equation is established, it indicates the

validity of the aggregated signature.

E. minimize audit cost

Audit cost must be taken into account while introduction

TPA to cloud storage service. In the audit process, it should

minimize the cost for data user identity authentication, data

encryption and decryption, data transmission bandwidth re-

quirements, I/O cost of data access, and so on. Through effec-

tive measures for cost reduction during the audit, it can in-

crease the confidence of application and attract more users.

[10,20,21,39] point out that if the TPA supports batch audit,

it can shorten audit time and reduce the computational cost for

the TPA. Suppose that the processing time for any request are

the same, for example, it needs to use one unit of time to

process one certification request message, then there will be n

messages for processing: if processing by sequence, it needs to

audit by amount of n units of time; If processing by batch, it

will be far less than n units of time. The reduced time can be

used to process the next batch of request message. Combina-

tion of both batch audit and sequence audit will be the key

point for future research works.

There is limitation on use of bilinear aggregate signature

authentication technology because the establishment of equa-

tion mentioned above is based on the right feedback from ser-

vice provider, even if there is one error feedback massage, it

can lead to failure of certification process. It is common in

practice, such as malicious behavior from service provider,

failure of storage equipment, unsynchronized data updating

and data loss, and so on. Failure of certification is obviously

unable to meet with the requests of users and service providers.

Literature [20] has proposed method of binary search [35,36]

to effectively deal with feedback error in massage. If batch

audit fails, then the feedback massage set will be divided into

two parts to be audited respectively. Whichever set with error

feedbacks in the audit, certification will be proceeded recur-

sively. The analysis in [10,20,21] shows that, in the set of 256

different feedback massages, even the error feedback ratio is

18% , the efficiency of batch audit is still higher than the se-

quence audit. At present, in addition to binary search, there are

many other well-known search methods for dealing with this

problem. Application of those methods and their efficiency will

be our new direction for future research work.

In the above sections we have described the suggested five

basic functions for the application of TPA in detail and the

state of art that fulfills them. However, due to the immature

technical support, many service providers nowadays still evade

the application of TPA through commercial leverage. But from

a long-term point of view, the requirements of data security

and privacy protection are indispensable during the develop-

ment of cloud computing. At the same time, it is important to

achieve the practicality of those techniques described above in

cloud environment. With the help of the practicality, we expect

researchers to devise new technology system in order to deli-

very cloud services more securely.

IV. BRIEF DESCRIPTION OF OUR RESEARCH WORK

For the widespread application of cloud storage service,

two prerequisites are essential. The first one is the availability

of service supply for the end user including large storage space,

reasonable distributed file system, adequate bandwidth and

most importantly the scalability. Now, we have built a service

supply platform based on open source software Eucalyptus in

our research work [40]. Its scalability, storage capacity, net-

work bandwidth and so on are all suitable for the prerequisite

described above. And the second one is the operation simplici-

ty. That means a simple and uniform access interface must be

supplied to the users. For the users, the only thing they should

be focus on is to access services as required without the need to

know how the service is supplied. Users in our campus mostly

only need to storage data in demand and access services se-

curely. They do not concern about the data processing, storage

location and management at the back-end. For all these advan-

tages mentioned above, we have designed a file-sharing system

hosted on the platform using cloud storage. It is mainly used

for convenient storage service supply to the campus.

Typical cloud storage service architecture is composed of

three entities, users, service providers and the TPA. In our

proposed system, students and teachers are the main data pro-

viders and also can be the potential users of data accessing.

High-performance devices, adequate storage spaces and stable

network bandwidth are combining together as the service pro-

vider. But there is no any audit mechanism introduced in the

design to ensure the system‟s own security, reliability and oth-

er issues, which become further improvement of the system.

According to the problems and solutions proposed in section

three, we introduce a TPA mechanism for the file-share system

(as shown in Fig. 3) and try to make audit to both users and

service providers for the sake of system security.

225

The file-sharing system

based on cloud storage

Third-Party Audit

Platform based on

Eucalyptus(Walrus)

Auth

enti

cati

on

/

Auth

ori

zati

on R

esp

onse

Data

for

publi

c a

udit

Request

/Send

chal

Figure 3. Our proposed architecture with TPA

Our experiments are conducted using Java on a system with

an Intel Pentium Dual processor running at 1.6 GHz, 3072 MB

RAM, and a 7200 RPM Western Digital 160GB serial ATA

drive. The general scheme of our proposed mechanism is as

follows:

1) Design of the file-sharing system, including basic file

uploading, downloading and public sharing. Besides, the

application interfaces that toward both the TPA and the storage

provider are provided for the implementation of system‟s new

function.Through these APIs, users can get their requirements

directly, and moreover, they can customize the functions of the

system by themselves.

2) Design of TPA services, including basic mechanism of

data integrity audit and data operation support such as insertion,

deletion and modification. At the same time, authentication

with access control will be added in order to extend audit

function. The functional modules of TPA can also be called or

modified for secondary development.

3) Users and the TPA make use of authentication protocol

for communication. Through communication, users register

into the system and get their keys and digital certificates. all

these processes aim to make sure the validity of users and

restrain their accessing.

4) The authenticated users require storage services to the

service providers.

5) The authenticated users require data verification from

the TPA. And the TPA provide data integrity and dynamic

verification through principles similar to the PDP mechanism

[10].

6) The authenticated users ask for load monitoring of the

storage system from the TPA. So there will be some reasonable

reputation mechanisms established in order to evaluate the

service levels of the system.

As to authentication, we use a RSA-based instantiation that

offers authentication for certain users or service providers. At

the beginning, user creates a pair of RSA-based pku and sku for

himself and requests for registration. TPA listens for the re-

quest and replies to the user with its pktpa. After receiving

TPA‟s pk, user encrypts his pku with pktpa and sends the en-

crypted E(pktpa, pku) back to TPA. TPA use D(sktpa, pku) to get

and store user‟s pk, which will be used for identifying user‟s

verification request later. Then, a unique ID is designated to the

user by TPA through E(sktpa, IDu). While user has got pktpa, he

can receive and store his IDu for the next session. The proce-

dure between TPA and service providers is the same as that

described above. As to the functions of TPA, the most repre-

sentative example is the MHT construction for dynamic cha-

racteristics of data. As described in section III, MHT is a

proved structure to efficiently and securely check that the ele-

ments are undamaged and unaltered. So, for the sake of effi-

ciency and security, we leverage the APIs of Qilin Crypto SDK

[41] and jPBC (Java Pairing Based Cryptography Library) [42],

which are open-source Java SDKs for rapid prototyping of

cryptographic protocols, for tree‟s construction and data

processing implementation. In order to uniquely determine the

sequence of file blocks represented as leaf nodes of the span-

ning tree, we adjust its structure to make the leaf nodes as the

left-to-right ascending sequence, so any operations on leaf

nodes can still keep the sequence. Based on MHT, we devise

the dynamic operation interfaces and then verify their correct-

ness. These devised APIs meet our demands and will be im-

proved when new requirements establish. The experiments are

mainly designed for subfunction realization of our proposed

audit mechanism. With the help of them, we can check the

users‟ identities and make data verification based on legal users‟

requests. All these experimental results will be included in our

system in the future for its integrity.

V. CONCLUSION AND FUTURE WORK

As the development of cloud computing is on a roll, secu-

rity issues become more and more important. This paper main-

ly focuses on the in-depth study of TPA mechanism and dis-

cussing the solutions by reviewing sorts of problems during the

process of cloud computing services provision and finding out

the deficiencies of the traditional strategy used in data transfer

and storage, also in data audit and risk prevention. Recurring

problems during the development process bring in crisis of

confidence to cloud computing. The application of cloud com-

puting services will be obstructed due to the lack of necessary

reliability which is the key point of promoting the cloud com-

puting services. The essence of the cloud computing security

issues indicates that it is absolutely necessary to introduce a

TPA mechanism for ensuring data security and the reliability

of cloud computing services. Inspired by the researches, we

propose an idea of bringing in the TPA mechanism into the

file-sharing system and analyze the reliability of the system.

We are motivated by the feasibility of bringing in the TPA

mechanism. The next stage is to complete the file-sharing sys-

tem with the TPA model supplemented to meet with the typical

architecture of cloud storage services. We prospect to perform

correct evaluation on the aspects of system performance, secu-

rity and so on with campus-based storage case and even with a

larger storage case. Cloud computing security issues have

brought us with great opportunity and challenges. And the con-

tinuous development of cloud computing techniques will be

bound to give promotion for the future research works.

REFERENCE

226

[1] P. Mell and T. Grance, “Draft NIST Working Definition of Cloud

Computing,” National Institude of Standtard and Technology, 2009.

[2] M. Armbrust et al., “Above the Clouds: A Berkeley View of Cloud

Computing,” Univ. California, Berkeley, Tech. Rep. UCBEECS-2009-28, Feb.

2009.

[3] http://www.cloudcomputing-china.cn/

[4] ChenK and Zheng WM, “CloudComputing: System instances and current

research”, Journal of Software, Vol.20(5):1337-1348, 2009.

[5] Feng DG, Zhang M, Zhang Y, Xu Z, “Study on cloud computing security”,

Jounal of Software, Vol.22(1):71-83, 2011.

[6] Amazon.com, “Amazon s3 Availability Event: July 20, 2008,” July 2008;

http://status.aws.amazon.com/s3-20080720.html

[7] M. Arrington, “Gmail Disaster: Reports of Mass Email Deletions,” Dec.

2006.

[8] http://www.reuters.com/article/idUS188745639320100824

[9] M. Krigsman, “Apple‟s MobileMe Experiences Post-Launch Pain,” July

2008; http://blogs.zdnet.com/projectfailures/?p=908

[10] G. Ateniese et al., “Provable Data Possession at Untrusted Stores,” Proc.

ACM CCS „07, Oct. 2007, pp. 598–609.

[11]Jon Brodkin Gartner:Seven cloud-computing security risks[EB/OL],2009.

[12] Weili Huang, Jian Yang. “New Network Security Based on Cloud

Computing,” In Proceeding of the Second International Workshop on

Education Technology and Computer Science, ETCS 2010, March 2010, pp.

604-609.

[13] Craig Gentry. “Fully Homomorphic Encryption Using Ideal Lattices,” In

Proceedings of the Annual ACM Symposium on Theory of Computing,

STOC'09, May 2009, pp.169-178.

[14] M. A. Shah, M. Baker, J. C. Mogul, and R. Swaminathan, “Auditing to

keep online storage services honest,” in Proc. of HotOS‟07. Berkeley, CA,

USA: USENIX Association, 2007, pp. 1–6.

[15] Cong Wang, Kui Ren, Wenjing Lou and Jin Li. “Toward publicly

auditable secure cloud data storage services”, IEEE Network, v 24, n 4, p

19-24, July-August 2010.

[16] M. Baker, M. Shah, D.S.H. Rosenthal, et al., “A Fresh Look at the

Reliability of Long-term Digital Storage,” in Proceeding of the 1st ACM

SIGOPS/EuroSys‟06, Vol.40 Issue 4, Oct 2006.

[17] D. Forte, “security audits in mixed environments,” Network Security,

2009(3):17-19.

[18] Huddleston R.L. Jr., Crow D.R., “A second set of eyes – The benefits

of a third party audit,” in Proceeding of PCIC‟03, Sept 2003, pp:15-17.

[19] William Stallings, “Cryptography and Network Security:Principles and

Practices, Fourth Edition[M],” Prentice Hall, 2005..

[20] C. Wang et al., “Privacy-Preserving Public Auditing for Storage Security

in Cloud Computing,” Proc. IEEE INFOCOM‟10, Mar. 2010.

[21] Q. Wang et al., “Enabling Public Verifiability and Data Dynamics for

Storage Security in Cloud Computing,” Proc. ESORICS „09, Sept. 2009, pp.

355–70.

[22] C. Wang, Q. Wang, K. Ren, and W. Lou, “Ensuring data storage security

in cloud computing,” in Proc. of IWQoS‟09, Charleston, South Carolina, USA,

2009.

[23] G. Ateniese et al., “Scalable and efficient provable data possession,” In

Proceedings of the 4th International Conference on Security and Privacy in

Communication Networks, SecureComm'08, Sept 2008.

[24] C. Erway et al., “Dynamic provable data possession,” In Proceedings of

the 16th ACM Conference on Computer and Communications Security,

CCS'09, Nov 2009, pp.213-222.

[25] W. Pugh. “Skip lists: A probabilistic alternative to balanced trees,”

Commun. ACM, 33(6):668–676, 1990.

[26] M. T. Goodrich, R. Tamassia, and A. Schwerin. “Implementation of an

authenticated dictionary with skip lists and commutative hashing,” In

DISCEX II, pp. 68–82, 2001.

[27] DoD 5200.28-STD, National Computer Security Center, “Department of

Defense Trusted Computer System Evaluation Criteria,” Dec 1985.

[28] Lnadwehr CE, “Formal models for computer security,” ACM Computing

Surveys, 1981,13 (3) :247-278.

[29] Wang Wei, Wu Yu-hong, Ma Wen-ping, “access control in distributed

network management system,” computer simulation, Vol.22, No.1, Jan 2005.

[30] Miller S., Neuman B., Schiller J., and Saltzer J., “Kerberos

Authentication and Authorization System,” Section E.2.1, Project Athena

Technical Plan, MIT Project Athena, Cambridge, MA. 27 October 1988.

[31] Steiner J., Neuman C., and Schiller J., “Kerberos: An Authentication

Service for Open Networked Systems,” Proceedings of the Winter 1988

USENIX Conference, Feb 1988.

[32] J. Kohl, B. Neuman, T. Ts‟o, “The Evolution of the Kerberos

Authentication Service,” Distributed Open Systems, IEEE Computer Society

Press,1994.

[33] Guan ZS, “public key infrastructure PKI and its application[M],”

Publishing House of Electronics Industry, 2008.

[34] P. Ashley, M. Vandenwauver, “Practical Intranet Security: Overview of

the State of the Art and Available Technologies,” Kluwer Academic

Publishers, Jan 1999.

[35] D. Boneh et al., “Aggregate and Verifiably Encrypted Signatures from

Bilinear Maps,” Proc. EuroCrypt „03, LNCS, vol. 2656, May 2003, pp.

416–432.

[36] Li Meng-dong, Yang Yi-xian, Ma Chun-guang, Cai Man-chun, “A

scheme of fair exchange of signatures based on bilinear aggregate signatures,”

Journal of China Institute of Communications, Vol.25, No.12, Dec 2004.

[37] A. L. Ferrara, M. Greeny, S. Hohenberger, and M. Pedersen, “Practical

short signature batch verification,” in Proceedings of CT-RSA, volume 5473

of LNCS. Springer-Verlag, 2009, pp. 309–324.

[38] Cormen T. H., “Introduction to algorithm[M],” Beijing:Higher Education

Press, 2002.

[39] C. Cachin, I. Keidar, A. Shraer. “Trusting the cloud,” ACM SIGACT

News, Vol.40, No.2, June 2009.

[40] Shupeng Li, Jing Li, Ling Li, and Ryan Wu, “CStorage: A Cloud Storage

Management System For USTC Campus”, in Proceeding of 3rd IEEE

International Conference on Computer Science and Information Technology,

ICCSIT 2010, July 2010, pp. 446-449.

[41] http://qilin.seas.harvard.edu/

[42] http://libeccio.dia.unisa.it/projects/jpbc/

227