![]() | Only 14 pages are availabe for public view |
Abstract Cloud storage is a fundamental cloud computing service. Currently, most owners of large data outsource their data to cloud storage services—even high-profile owners such as governments. However, public cloud storage services are not optimal for ensuring the possession and integrity of the outsourced data, a situation that has given rise to many proposed Provable Data Possession check schemes (PDP). A PDP scheme allows data owners to efficiently, periodically and securely verify that a cloud storage provider possesses the outsourced data. Technically, there are two approaches for performing such integrity verification: 1) The deterministic approach where the data owner requests that all the data blocks be checked to verify their integrity, thus providing a 100 % guarantee of the integrity and possession of the data. 2) The probabilistic approach where the data owner requests random checks of chosen blocks of data to verify their integrity, thus providing less than a 100 % guarantee of the integrity and possession of the data. Most of the currently available provable data possession check schemes make probabilistic checks using random data blocks to verify data integrity since checking the entire dataset has many limitations. Therefore, the probabilistic schemes are considered inadequate by critical infrastructure sectors that involve highly sensitive data (critical data). In this research, a new and efficient deterministic data integrity check scheme deals with static and dynamic data called Cryptographic-Accumulator Provable Data Possession (CAPDP) is proposed. CAPDP surpasses the common limitations exhibited by other currently proposed schemes. The underlying scheme of CAPDP is based on a modified RSA-based cryptographic accumulator that has the following advantages: It allows the data owner to perform an unlimited number of data integrity checks It supports data dynamics It is efficient in terms of communication, computation and storage costs for both the data owner and the cloud storage provider The verification operation in the CAPDP scheme is independent of the number of blocks being verified It minimizes the burden and cost of the verification process on the data owner’s side, enabling verification to be performed even on low-power devices It prevents tag forgery, data deletion, replacement, and data leakage attack and detects replay attacks. A prototype implementation of the CAPDP scheme using the C++ programming language with GMP and Crypto++ libraries proved that the scheme is applicable in real-life applications. Moreover, a performance comparison between CAPDP and other schemes is performed. The results indicate that the computation overhead in CAPDP scheme is reduced to 99.12% and the storage overhead is reduced to 47.54 %. |