See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/320144020

Cloud Data Integrity Auditing Over Dynamic Data for Multiple Users

Article  in  International Journal of Intelligent Engineering and Systems · October 2017

DOI: 10.22266/ijies2017.1031.26

CITATION READS

1 22

2 authors, including:

Latha Parthiban
Pondicherry University
57 PUBLICATIONS   39 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Self-Configurable Semantic Web Service Architecture For Quality Multimedia Service Composition View project

All content following this page was uploaded by Latha Parthiban on 20 February 2020.

The user has requested enhancement of the downloaded file.

Received: June 13, 2017 239

Cloud Data Integrity Auditing Over Dynamic Data for Multiple Users

Santhosh Kumar1* Latha Parthiban2

1
Sathyabama University, Tamilnadu, India
2
Pondicherry Community College, Pondicherry, India
* Corresponding author’s Email: [email protected]

Abstract: Cloud computing is a state-of-the-art computing model, which encourages remote data storage. This
facility shoots up the necessity of secure data auditing mechanism over outsourced data. Several mechanisms are
proposed in the literature for supporting dynamic data. However, most of the existing schemes lack the security
feature, which can withstand collusion attacks between the cloud server and the abrogated users. This paper presents
a technique to overthrow the collusion attacks and the data auditing mechanism is achieved by means of vector
commitment and backward unlinkable verifier local abrogation group signature. The proposed work allows multiple
users to deal with the remote cloud data. The performance of the proposed approach is checked in terms of update,
verify and enquiry time cost. The performance of the proposed work is analysed and compared with the existing
techniques. The update time cost is lesser than the comparative techniques. However the verify time cost is greater,
because of the process of integrity verification of the signature. Hence, this work ensures quality of service and
tightened security by having reasonable update time and a strict verification policy respectively.
Keywords: Cloud computing, Data auditing, Vector commitment.

storage service based on Luby Transform (LT)

1. Introduction codes is presented in [2]. In [3], a privacy preserving
public auditing mechanism is proposed namely
Cloud computing is a new generation computing
Oruta. The verification information of this
model that provides an option to distribute the
mechanism is computed by ring signatures. A
computational and storage resources. It provides a
dynamic auditing service for integrity verification is
range of Information Technology (IT) services to
proposed in [4]. The auditing service of this work is
the users via network with high computational and
based on fragmentation, random sampling and index
storage ability at low charge [1]. Cloud storage
hash table. Initially, the integrity solutions were
services are the boon to the small and mid-scale
simple replications of stored data, which is quite
industry, as it involves a nominal charge based on
impractical now-a-days due to the exponential
demand. The cloud storage provides a smart solution
data growth.
to issues as management and maintenance of data.
The data integrity solutions can be categorized
Besides these advantages, the major concern about
into two and they are static and dynamic. The static
cloud is the security of data.
data integrity solution does not accept any sort of
Though the cloud service provider guarantees
data modification. However, the integrity solution
the security of data, the data owners are still
that supports data dynamism is necessary. A data
reluctant for remote data storage, as the data may get
integrity scheme is claimed as public verifiable,
corrupted. The data integrity may get affected either
when the third party auditor checks for the integrity,
intentionally or unintentionally. Thus, data integrity
in addition to the data owner. Most of the existing
preservation is a challenging task and several
dynamic schemes for integrity verification assume
mechanisms have been presented to handle this
that the data owner alone can perform data
issue. For instance, a secure and reliable cloud
modification. For instance, the work proposed in [5]
International Journal of Intelligent Engineering and Systems, Vol.10, No.5, 2017 DOI: 10.22266/ijies2017.1031.26
Received: June 13, 2017 240

achieves Proof of Retrievability (PoR) by means of functionality and efficiency. In [13], a verifiable
hardness amplification. In [6], a dynamic provable database scheme on the basis of subgroup
data possession model, which is an enhancement of membership problem in bilinear group is presented.
provable data possession, is proposed. Yet, the public verifiability attribute is not
A privacy preserving public auditing system is considered. The concept of group signature is
proposed in [7], which employs homomorphic linear introduced by Chaum and Heyst [14]. The group
authentication and random masking techniques, in signature promotes the concept of anonymous
order to prevent data leakage. A PoR scheme is signers, such that every group member possesses a
proposed in [8], which is based on constant size private key for signing messages. Besides this, the
polynomial commitment and homomorphic linear identity of the signer is kept secret. An efficient
authenticators. In [9], a dynamic PoR, which is group signature with verifier-local revocation, which
public verifiable is proposed. Several variants of supports traceability and anonymity, is proposed in
PoR schemes such as bounded and unbounded usage [15]. However, this involves greater communication
is presented in [10]. However, all these works and computation overheads. Another group
prompts the data owner to perform data signature method is presented in [16], which is
modification. based on broadcast encryption leads to memory
Of late, cloud is mainly utilized for data sharing overhead. An enhancement of this work is presented
and thereby encourages group effort. In such in [17], which tends to provide static sized private
platform, the cloud customers of a group share and keys. Yet, the the issue of memory overhead could
access the data from any cloud participating in a not be solved completely.
group. The existing solutions assume the data A data integrity method on the basis of ring
modification is done by data owner alone. signature is proposed, in order to support data
Recognizing the importance of this issue, this work operations by several users of a group [3]. However,
proposes to present a reliable integrity verification this scheme does not take the issue of user
model along with effective group user abrogation. revocation into account and the cost of auditing is
The contribution of the proposed work is listed directly proportional to the size of group and data.
below. The enhancement of this scheme is presented in
 A defended and effective data integrity [18], which employs proxy re-signatures. The
auditing scheme is presented for user drawback of this scheme is the assumption of the
group for cipher text database. presence of secure channel between the entities and
the collusion is not taken into account. Besides this,
 An effective data auditing scheme is
the auditing cost is directly proportional to the size
proposed by incorporating polynomial of the group or team. In [19], a dynamic public
commitment, dynamic group key integrity auditing scheme is presented and is proved
agreement protocol and unlinkable to be efficient with user revocation. The demerit of
group signature. this scheme is its working nature with plain text but
The remainder of this paper is organized as not cipher text.
follows. Section 2 presents the related works with Motivated by the above stated works, the
respect to data integrity. Section 3 and section 4 proposed scheme intends to work effectively with
present the preliminaries and background the cipher text database. Thus, taking all the
respectively. The proposed work is presented in aforementioned points into account, the proposed
section 5. The performance of the proposed work is work intends to overcome this issue by means of
evaluated in section 6. The concluding remarks are leveraging dynamic asymmetric group key protocol
drawn in section 7. [20] and backward unlinkable group signature [21].
The asymmetric group key protocol permits the
2. Related works group members to establish a dynamic public group
The intention of this section is to review the encryption key and each member possesses a
existing literature with respect to data integrity different decryption key.
preservation in cloud environment.
The theory of Provable Data Possession (PDP) 3. Preliminaries
and Proofs of Retrievability (PoR) were initially The intention of this section is to explain the
introduced by Ateneise et.al. and Juels et.al. storage representation of the proposed work and to
respectively [11,12]. As these works are initial present the threat model along with the security
versions, they could not provide advanced goals to be attained.

International Journal of Intelligent Engineering and Systems, Vol.10, No.5, 2017 DOI: 10.22266/ijies2017.1031.26
Received: June 13, 2017 241

assumption and Decision Tripartite Diffie-Hellman

assumption. This section aims to review the
definitions and complexity assumptions of the
system.

4.1 Bilinear groups

Consider ℊ and ℊT are the groups of prime order

𝛲. These groups are called as bilinear groups and
their mapping would be 𝑒: 𝔾 × 𝔾 → 𝔾T , such that

𝑒(𝑔𝑎 , ℎ𝑏 ) = 𝑒(𝑔, ℎ)𝑎𝑏

𝑓𝑜𝑟 𝑎𝑛𝑦 (𝑔, ℎ) ∈ 𝔾 × 𝔾 and a, b ∈ ℤ; (1)
𝑒(𝑔, ℎ) ≠ 1𝔾 T 𝑤ℎ𝑒𝑛 𝑔, ℎ ≠ 1𝔾 (2)
Figure.1 Data storage in cloud
These groups involve non-interactive complexity
assumptions and are given below.
3.1 Representation of cloud storage
Def.1. Decision linear problem
The cloud storage pattern of the proposed work
Let ℊ = < 𝑔 > be a group which of prime
relies on three key entities. They are cloud server,
clustered users and Third Party Checker (TPC). A order 𝛲 > 2𝜆 . The purpose of decision linear issue
team of users is named as clustered users, which is to differentiate the distributions
contains a data owner or cluster head and a group of (𝑔, 𝑔𝑎 , 𝑔𝑏 , 𝑔𝑎𝑐 , 𝑔𝑏𝑑 , 𝑔𝑐+𝑑 ) and
𝑅
users. The users can access or modify the data which (𝑔, 𝑔𝑎 , 𝑔𝑏 , 𝑔𝑎𝑐 , 𝑔𝑏𝑑 , 𝑔 𝑧 ) , where 𝑎, 𝑏, 𝑐, 𝑑 ← ℤ∗𝑝 , 𝑧
is subjected to the cluster head permission. Cloud 𝑅
server is utilized for data storage and is not ← ℤ∗𝑝 . The decision linear problem can make the
considered trustworthy. TPC is responsible for the decision about the linearity of the vectors, in order
data integrity verification of the data being saved in to predict the dependency. Thus, it is more suitable
the cloud server. The overall idea of data integrity for establishing non-interactive proof systems.
auditing is presented in figure 1.
The cluster head encrypts the data to be Def.2. ℓ-Hidden Strong Diffie-Hellman problem
uploaded and stores it in the cloud server. Besides Let ℊ be a group of order 𝑝. The ℓ-Hidden
this, the cluster head is the authority to grant Strong Diffie-Hellman problem with factors
𝑅
permission to the cluster users and to revoke the (𝑔, 𝛺 = 𝑔𝜔 , 𝑢) ← 𝔾3 and ℓ distinct triples
1
privilege assigned to the user. The TPA checks for 𝑅
the data integrity and serves its best even when the (𝑔 𝜔+𝑠𝑖
, 𝑔 𝑠𝑖 , 𝑢 𝑠𝑖 ) with 𝑠1 , … 𝑠𝑙 ← ℤ∗𝑝 in order to
1
data is modified often. compute another triple (𝑔𝜔+𝑠 , 𝑔 𝑠 , 𝑢 𝑠 ) , so 𝑠 ≠
𝑠𝑖 𝑓𝑜𝑟 𝑖 ∈ {1,2, . . 𝑙}.
3.2 Security threats and design goals

The clustered user may be abrogated by the head Def.3. Decision Tripartite Diffie-Hellman problem
of the cluster, at any instant of time with respect to Let ℊ be a group of order 𝑝. The Decision
the behaviour. In such cases, the abrogated user may Tripartite Diffie-Hellman problem checks for the
perform fraudulent activity with the cloud server infeasibility if 𝜂 = 𝑔𝑎𝑏𝑐 over (𝑔, 𝑔𝑎 , 𝑔𝑏 , 𝑔𝑐 , 𝜂) as
𝑅
and share the cluster’s secret key. This is a serious the input; where 𝑎, 𝑏, 𝑐 ← ℤ∗𝑝 . This assumption is
issue as the secret key of the abrogated user is quite tougher than Decision Bilinear Diffie-Hellman
obtained by the partially trusted cloud server. This assumption.
work strives to overcome the aforementioned issues
by introducing several security measures. 4.2 Vector commitment

4. Background Commitment techniques are the vital

components of cryptographic algorithms and some
The proposed technique exploits bilinear groups.
of the key properties of it are vote, identification and
The technique’s security is based on Decision
zero-knowledge proof etc. A secure commitment
Linear assumption, ℓ-Hidden Strong Diffie-Hellman
scheme works by having an entity called
International Journal of Intelligent Engineering and Systems, Vol.10, No.5, 2017 DOI: 10.22266/ijies2017.1031.26
Received: June 13, 2017 242

‘committer’, who is permitted to publish a value. Recently, the works proposed in [23,24] claimed
This process binds the committer with the message, that the vector commitment scheme is susceptible to
however maintains secrecy. The committer can open forward automatic update attack and backward
the commitment later on, in order to disclose the substitution attack. The solution for the same is also
committed message to the verifier. The verifier then presented in those works.
checks for the data consistency along with the
commitment. 4.3 Unlinkable group signature
The vector commitment scheme is proposed in
[22]. The main features of vector commitment The formal definition of unlinkable group signature
scheme are listed below. The vector commitment is presented below. The backward unlinkable
supports position binding, such that the attacker verifier local revocation is comprised of the
cannot open the commitment with two distinct following algorithms.
values from the constant location. Besides this, 𝐾𝑒𝑦𝐺𝑒𝑛(𝜆, 𝑁, 𝑇) - This randomized algorithm
vector commitments do not rely on the vector length. taking as input a security parameter λ ∈ ℕ and
Def.4. A vector commitment scheme is comprised integers 𝑁, 𝑇 ∈ ℕ indicating the number of group
of six different algorithms which are members and the number of time periods,
𝑉𝐶. 𝐾𝑒𝑦𝐺𝑒𝑛, 𝑉𝐶. 𝐶𝑜𝑚, 𝑉𝐶. 𝑂𝑝𝑒𝑛, 𝑉𝐶. 𝑉𝑒𝑟, respectively. Its output consists of a group public
𝑉𝐶. 𝑈𝑝𝑑𝑎𝑡𝑒, 𝑉𝐶. 𝑃𝑟𝑜𝑜𝑓𝑈𝑝𝑑𝑎𝑡𝑒. key 𝑔𝑝𝑘, a 𝑁-vector of group members' secret keys
𝑉𝐶. 𝐾𝑒𝑦𝐺𝑒𝑛(1𝑘 , 𝑞) - Given the security parameter 𝑔𝑠𝑘 = (𝑔𝑠𝑘[1], … 𝑔𝑠𝑘[𝑁]) and a (𝑁 × 𝑇) vector of
𝑘 and the size 𝑞 of the committed vector (with revocation tokens 𝑔𝑟𝑡 =
(𝑔𝑟𝑡[1][1], … , 𝑔𝑟𝑡[𝑁][𝑇]), where 𝑔𝑟𝑡[𝑖][𝑗]
𝑞 = 𝑝𝑜𝑙𝑦(𝑘) ), the key generation outputs some
public parameters 𝑝𝑝 (which implicitly defines the indicates the token of member 𝑖 at time interval 𝑗.
message space 𝑀). 𝑆𝑖𝑔𝑛(𝑔𝑝𝑘, 𝑔𝑠𝑘[𝑖], 𝑗, 𝑀) – It is a possibly
randomized algorithm taking as input, the group
𝑉𝐶. 𝐶𝑜𝑚𝑝𝑝 (𝑚1 , … 𝑚𝑞 ) - On input a sequence of
public key 𝑔𝑝𝑘, the current time interval 𝑗, a group
𝑞 messages 𝑚1, . . . , 𝑚𝑞 ∈ 𝑀 and the public
member's secret key 𝑔𝑠𝑘[𝑖] and a message 𝑀 ∈
parameters 𝑝𝑝, the committing algorithm outputs a {0,1}∗ . It outputs a group signature 𝜎.
commitment string 𝐶 and an auxiliary information
𝑉𝑒𝑟𝑖𝑓𝑦(𝑔𝑝𝑘, 𝑗, 𝑅𝐿𝑗 , 𝜎, 𝑀) – It is a deterministic
𝑎𝑢𝑥.
𝑉𝐶. 𝑂𝑝𝑒𝑛𝑝𝑝 (𝑚, 𝑖, 𝑎𝑢𝑥) - This algorithm is run algorithm that takes 𝑔𝑝𝑘 as input, the period number
𝑗 , a set of revocation tokens 𝑅𝐿𝑗 for period 𝑗 , a
by the committer to produce a proof 𝛬𝑖 that 𝑚 is the
signature 𝜎, and the message 𝑀. It outputs either
𝑖 𝑡ℎ committed message. In particular, notice that in
“valid” or “invalid”. The former output indicates
the case when some updates have occurred the
that 𝜎 is a correct signature on 𝑀 at interval 𝑗 with
auxiliary information aux can include the update
respect to 𝑔𝑝𝑘, and that the signer is not revoked at
information produced by these updates.
𝑉𝐶. 𝑉𝑒𝑟𝑝𝑝 (𝐶, 𝑚, 𝑖, 𝛬𝑖) - The verification interval 𝑗 . The main features of unlinkable group
signature are traceability and anonymity [25].
algorithm accepts (i.e., it outputs 1) only if 𝛬𝑖 is a
valid proof that 𝐶 was created to a sequence
5. Proposed scheme
𝑚1 , . . . , 𝑚𝑞 such that 𝑚 = 𝑚𝑖 .
𝑉𝐶. 𝑈𝑝𝑑𝑎𝑡𝑒𝑝𝑝 (𝐶, 𝑚, 𝑚′, 𝑖) - This algorithm is The proposed work takes a database Dbase into
run by the committer who produced 𝐶 and wants to account, which consists of multiple records
update it by changing the 𝑖 𝑡ℎ message to 𝑚′. The (𝑖𝑑, 𝑣𝑎𝑙𝑖𝑑 ), where 𝑖𝑑 is the index and 𝑣𝑎𝑙𝑖𝑑 is the
algorithm takes as input the old message 𝑚, the new value of that index. The proposed scheme supports
message 𝑚′ and the position 𝑖 . It outputs a new dynamism and so the stored data can be accessed
commitment 𝐶 ′ together with a update information 𝑈. and modified by the user. Finally, the data integrity
can be verified. The building blocks of proposed
𝑉𝐶. 𝑃𝑟𝑜𝑜𝑓𝑈𝑝𝑑𝑎𝑡𝑒𝑝𝑝 (𝐶, 𝛬𝑗 , 𝑚′ , 𝑖, 𝑈) - This
scheme are given below.
algorithm can be run by any user who holds a proof
𝛬𝑗 for some message at position 𝑗 with respect to 𝐶,
𝑺𝒆𝒕𝒖𝒑(𝟏𝒌 , 𝑫𝒃𝒂𝒔𝒆)
and it allows the user to compute an updated proof
Consider a Dbase with (𝑖𝑑, 𝑣𝑎𝑙𝑖𝑑 ), where 1 ≤
𝛬′𝑗 (and the updated commitment 𝐶′) such that 𝛬′𝑗
𝑖𝑑 ≤ 𝑤 . The database is maintained by clustered
will be valid with respect to 𝐶 ′ which contains 𝑚′ as users with a cluster head. The cluster head is
the new message at position 𝑖. Basically, the value U responsible for granting permission or revoke the
contains the update information which is needed to granted permission from the users.
compute such values [22].

International Journal of Intelligent Engineering and Systems, Vol.10, No.5, 2017 DOI: 10.22266/ijies2017.1031.26
Received: June 13, 2017 243

1. Initially, the KeyGen algorithm of vector determines the validity. This is followed by the
commitment is executed, so as to obtain the execution of verification algorithm of vector
public parameters (𝑝𝑝), which can be denoted commitment.
as 𝑝𝑝 ← 𝑉𝐶. 𝐾𝑒𝑦𝐺𝑒𝑛(1𝑘 , 𝑤).
2. Execute the KeyGen of backward unlinkable 𝑼𝒑𝒅𝒂𝒕𝒆(𝒌, 𝝆)
VLR group signature, in order to acquire group In the update phase, initially the user enquiries
public key (gpk), secret key of group members and verifies the database for checking the validity,
(gsk) and revocation tokens (grt). This can be by following the previously explained sessions. The
denoted by (𝑔𝑝𝑘, 𝑔𝑠𝑘, 𝑔𝑟𝑡) ← update operation can be carried out by taking the
𝑉𝐿𝑅. 𝐾𝑒𝑦𝐺𝑒𝑛(1𝑘 , 𝑁, 𝑇) , where 𝑔𝑠𝑘 = index, message and new message into account. The
(𝑔𝑠𝑘[1], 𝑔𝑠𝑘[2], . . 𝑔𝑠𝑘[𝑛]) and 𝑔𝑟𝑡 = outcome of this operation is a new commitment
𝑔𝑟𝑡[1][1], … , 𝑔𝑟𝑡[𝑁][𝑇] . 𝑁 is the count of string along with the updated message, which can be
group members and T is the time interval. represented by the following.
3. Compute the commitment and supplementary
information by (𝐶, 𝑎𝑢𝑥) ← (𝐶 ′ , 𝑈𝑚 ← 𝑉𝐶. 𝑈𝑝𝑑𝑎𝑡𝑒
𝑉𝐶. 𝐶𝑜𝑚𝑝𝑝 (𝑐1 , … , 𝑐𝑤 ). Consider 𝑐𝑢𝑟𝑢𝑠𝑟 as the (𝐶, 𝑜𝑙𝑑 𝑚𝑒𝑠𝑠𝑎𝑔𝑒, 𝑛𝑒𝑤 𝑚𝑒𝑠𝑠𝑎𝑔𝑒, 𝑖) (5)
current data updater, such that 0 ≤ 𝑐𝑢𝑟𝑢𝑠𝑟 ≤ 𝑁
and assume that (𝑔𝑠𝑘[𝑐𝑢𝑟𝑢𝑠𝑟 ], 𝑔𝑝𝑘) be the 𝑷𝒓𝒐𝒐𝒇𝑼𝒑𝒅𝒂𝒕𝒆
secret and public key of the corresponding The user who holds the proof 𝛬𝑘 for the message
clustered user. Let the commitment be denoted at 𝑘 𝑡ℎ position for the committed string 𝐶 can
as 𝐶 𝑡 = 𝑉𝐶. 𝐶𝑜𝑚𝑝𝑝 (𝑐1𝑡 , . . 𝑐𝑤
𝑡
) , where 𝑡 is the proceed with this phase. The updated proof 𝛬′𝑘 can
counter. then be created for the committed string 𝐶 ′ with the
4. Execute the signing algorithm upon the newly updated message at position 𝑘.
commitment 𝐶. The signature is computed by
taking 𝑔𝑝𝑘, 𝑔𝑠𝑘[𝑐𝑢𝑟𝑢𝑠𝑟 ]𝑎𝑛𝑑 𝐶 into account. 𝑼𝒔𝒆𝒓 𝒂𝒃𝒓𝒐𝒈𝒂𝒕𝒊𝒐𝒏
The current user 𝑐𝑢𝑟𝑢𝑠𝑟 computes the signature The process of user abrogation can be
at the specific time interval, which can be given accomplished by the third party auditor by executing
by 𝜎 𝑡 ← 𝑉𝐿𝑅. 𝑆𝑖𝑔𝑛(𝑔𝑝𝑘, 𝑔𝑠𝑘[𝑐𝑢𝑟𝑢𝑠𝑟 ], 𝑡, 𝐶) . the verification algorithm of the backward
The so computed signature 𝜎 𝑡 is forwarded to unlinkable VLR. As a clustered user group contains
the cloud server. The cloud server checks for multiple users, it is essential to trace the user who
the validity of 𝜎 𝑡 and computes 𝐶(𝑡) = 𝜎 𝑡 × produces the signature by utilizing the 𝑔𝑟𝑡, as the
𝐶 𝑡 . This supplementary information is added to trace key. The signed user can be verified by the
the aux. query message opener by running the verification
algorithm which takes the message and the signature
5. Set the public key
for a specific time interval as input. The verification
algorithm is applied over the message along with the
𝑃𝐾 = (𝑝𝑝, 𝑔𝑝𝑘, 𝐶(𝑡 − 1), 𝐶(𝑡)) (3)
signature by exploiting the revocation tokens 𝑅𝐿𝑗 =
𝑬𝒏𝒒𝒖𝒊𝒓𝒚(𝑷𝑲, 𝒑𝒑, 𝒂𝒖𝒙, 𝑫𝒃𝒂𝒔𝒆, 𝒌) {𝑔𝑟𝑡[𝑚][𝑛]} 𝑚 ∈ 1 … 𝑁; 𝑁 is the count of clustered
In this stage, the clustered user has to execute user group. The corresponding index is returned as
the open algorithm, in order to produce the proof the output and the status is set either as valid or
𝛬𝑘 ← 𝑉𝐶. 𝑂𝑝𝑒𝑛𝑝𝑝 (𝑐𝑘 , 𝑘, 𝑎𝑢𝑥) ; 𝛬𝑘 is the proof of invalid.
𝑘 𝑡ℎ committed message. The outcome of this phase 5.1 Support for encrypted database
is
Usually, the data owners prefer to encrypt the
𝜌 = (𝑐𝑘 , 𝛬𝑘 , ∑(𝑡)) (4) database before the process of outsourcing data.
Thus, it is obviously necessary for the auditing
𝑽𝒆𝒓𝒊𝒇𝒚(𝑷𝑲, 𝒋, 𝑹𝑳𝒋 , 𝝈, 𝑪) mechanism to support the encrypted database.
Once the proof is proved to be valid, then the Encryption is the process of changing the original
verification algorithm of group signature is executed. data into unintelligible format. In the cloud
𝑉𝐿𝑅. 𝑉𝑒𝑟𝑖𝑓𝑦(𝑔𝑝𝑘, 𝑗, 𝑅𝐿𝑗 , 𝜎, 𝐶) takes the public key, environment, a single user can achieve data
time period, revocation tokens at time period 𝑗 , encryption effectively. For instance, the data 𝑑𝑥 can
signature and the string. 𝜎 is determined by be encrypted by any encryption mechanism with a
𝑠𝑖𝑔𝑛(𝑔𝑝𝑘, 𝑔𝑠𝑘[𝑛], 𝑗, 𝐶). The verification algorithm secret key. The encryption process of a single user
environment is hassle-free. However, a single secret
International Journal of Intelligent Engineering and Systems, Vol.10, No.5, 2017 DOI: 10.22266/ijies2017.1031.26
Received: June 13, 2017 244

key for a user group does not serve the purpose for
encryption in a multiple user environment. The 4
usage of single secret key can introduce several
issues such as single point-of-failure and security 3.5
breaches. 3
For this sake, a mechanism which can support

Time cost (sec)

data alteration in a user group is needed. In [24], 2.5
group key agreement protocol namely Dynamic 2
Identity-based Authenticated Asymetric Group Key
Agreement (IBAAGKA) is presented. This 1.5
technique allows the user group to create a public 1
group encryption key, in a dynamic fashion and
0.5
each user has unique key. This scheme is proved to
be secure against 𝑘 -bilinear Diffie-Hellman 0
exponent assumption. 0 100 200 300 400 500 600 700 800
The proposed work utilizes the aforementioned Data items count
key agreement protocol, in order to extend its
support to encrypted database. The changes Figure.2 Enquiry time cost
incorporated in the proposed work are listed below.
The key agreement protocol has to be executed in 60
the setup phase. Let (𝑖𝑑, 𝑣𝑎𝑙𝑖𝑑 ) be the database with
id as indexes and 𝑣𝑎𝑙𝑖𝑑 is the value. This database is 50 Scheme [29]
encrypted by the group public key of the cluster Scheme [30]
Time Cost (ms)

head, in order to arrive at a database (𝑐𝑖𝑑, 𝑐𝑣𝑎𝑙𝑖𝑑 ). 40 Proposed

In the process of updation, the clustered user is
prompted to decrypt the data with the help of the 30
secret key 𝑔𝑠𝑘[𝑖], in order to arrive at the original
database. This step is followed by altering the data 20
to 𝑣𝑎𝑙′𝑖𝑑 . The so updated data is again encrypted by
means of the group public key, such that 10
(𝑐𝑖𝑑′, 𝑐𝑣𝑎𝑙′𝑖𝑑 ) is attained.
0
6. Performance analysis 0 100 200 300 400 500 600 700 800
Data items count
The performance of the proposed work is Figure.3 Verify time cost
compared with the results of [25,26]. All the
mentioned works need an expensive set up phase.
The enquiry cost of the proposed work is directly 0.45
proportional to the count of data items. However, Scheme [30]
0.4
the computational cost of the proposed work is Proposed
comparatively low. The enquiry cost of the proposed 0.35
work is presented in figure 2. From the experimental 0.3
Time cost (sec)

results, it can be observed that the time cost grows

along with the data items. 0.25
The verify time cost of the proposed work is 0.2
analysed and compared with the existing schemes in
figure 3. It is observed that the verify time cost of 0.15
the proposed work is five times greater than the 0.1
existing works. The reason for the increase in
‘verify time cost’ is that the verification phase 0.05
involves the integrity verification of signature, 0
which involves several parameters. 0 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80
On analysing the update time cost as shown in Data blocks
figure 4, it is evident that the update time cost of Figure.4 Update time cost

International Journal of Intelligent Engineering and Systems, Vol.10, No.5, 2017 DOI: 10.22266/ijies2017.1031.26
Received: June 13, 2017 245

both the techniques show gradual rise with respect [3] B. Wang, B. Li, and H. Li, “Oruta: Privacy-
to the data blocks. However, the update time cost of Preserving Public Auditing for Shared Data in
the proposed approach is considerably low, as the the Cloud”, IEEE Transactions on Cloud
data updation can be done in a stretch upon data
Computing, Vol.2, No.1, pp. 43-56, 2014.
owner’s approval. The experimental analysis
evaluates the time cost of enquiry, verify and update [4] N. Cao, S. Yu, Z. Yang, W. Lou, and Y. T. Hou,
operations, owing to their importance. From the “LT Codes-based Secure and Reliable Cloud
experimental analysis, it is proven that the update Storage Service”, In: Proc. of IEEE INFOCOM,
time cost of the proposed work is lower than the Florida, USA, pp. 693–701, 2012.
existing work. Thus, the proposed work supports [5] Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou,
user groups, works over cipher text database and “Proofs of retrievability via hardness
proves high degree of security.
amplification”, In: Proc. of ESORICS, Saint-
7. Conclusion Malo, France, pp. 355–370, 2009.
[6] C. Erway, A. Kupcu, C. Papamanthou, and R.
The cloud storage must guarantee effortless data Tamassia, “Dynamic provable data possession”,
modification to the cloud users. This paper presents
a scheme that operates over dynamic data, which In: Proc. of ACM CCS, Illinois, USA, pp. 213–
provides secure data integrity auditing mechanism 222, 2009.
for user group with the alter provision. The data [7] C. Wang, Q. Wang, K. Ren, and W. Lou,
integrity auditing is achieved by exploiting vector “Privacy-preserving public auditing for data
commitment, Dynamic Identity-based Authenticated storage security in cloud computing”, In: Proc.
Asymetric Group Key Agreement (IBAAGKA) and of IEEE INFOCOM, CA, USA, pp. 525–533,
backward unlinkable verifier local revocation group
2010.
signature. These ingredients make it possible to
achieve working with cipher text database and [8] J. Yuan and S. Yu, “Proofs of retrievability
secure user abrogation. Besides this, the proposed with public verifiability and constant
work is resistant against collusion attacks. communication cost in cloud”, In: Proc. of
The proposed work supports all sorts of dynamic International Workshop on Security in Cloud
data operations and frees the data owners from the Computing, Hangzhou, China, pp. 19–26, 2013.
worry of data modification. This work paves for the [9] E. Shi, E. Stefanov, and C. Papamanthou,
cloud customers of a group can share and access the
“Practical dynamicproofs of retrievability”, In:
data. The data owner has all the rights to abrogate
the user at any instant of time. This ensures data Proc. of ACM CCS, Berlin, Germany, pp. 325–
security, while providing good quality of service. 336, 2013.
The experimental results of the proposed work are [10] Y. Dodis, S. Vadhan, and D. Wichs, “Proofs of
satisfactory in terms of computational and time retrievability via hardness amplification”, In:
complexity. In future, this research work can be Proc. of TCC, CA, USA, pp. 109–127, 2009.
improved by reducing the verification time cost. [11] G. Ateniese, R. Burns, R. Curtmola, J. Herring,
L. Kissner, Z. Peterson, and D. Song, “Provable
References
Data Possession at Untrusted Stores”, In: Proc.
[1] L.M. Vaquero, L.R. Merino, J. Caceres and M. of ACM CCS, pp. 598–610, 2007.
Lindner, “A break in the clouds: towards a [12] A. Juels and B. S. Kaliski, “Pors: Proofs of
cloud definition”, ACM SIGCOMM Computer retrievability for large files”, In: Proc. of ACM
Communication Review, Vol.39, No.1, pp.50- CCS, Virginia, USA, pp. 584–597, 2007.
55, 2008. [13] S. Benabbas, R. Gennaro, and Y. Vahlis,
[2] Y. Zhu, H. Wang, Z. Hu, G. J. Ahn, H. Hu, H. “Verifiable delegation of computation over
and S.S. Yau, “Dynamic audit services for large datasets”, In: Proc. of CRYPTO, CA,
integrity verification of outsourced storages in USA, pp. 111–131, 2011.
clouds”, In: Proc. of ACM Symposium on [14] D. Chaum and E.V. Heyst, “Group signatures”,
Applied Computing, Taichung, Taiwan, pp. In: Proc. of EUROCRYPT, Brighton, UK, pp.
1550-1557, 2011. 257–265, 1991.

International Journal of Intelligent Engineering and Systems, Vol.10, No.5, 2017 DOI: 10.22266/ijies2017.1031.26
 Received: June 13, 2017 246

[15] D. Boneh and H. Shacham, “Group signatures [26] J. Yuan and S. Yu, “Efficient public integrity
with verifier local revocation”, In: Proc. of checking for cloud data sharing with multi-user
ACM CCS, DC, USA, pp. 168–177, 2004. modification”, In: Proc. of IEEE INFOCOM,
Toronto, Canada, pp. 2121–2129, 2014.
[16] B. Libert, T. Peters, and M. Yung, “Scalable
group signatures with revocation”, In: Proc. of
EUROCRYPT, CA, USA, pp. 61–76, 2012.
[17] B. Libert, T. Peters, and M. Yung, “Group
signatures with almost-for-free revocation”, In:
Proc. of CRYPTO, CA, USA, pp. 571–589,
2012.
[18] B. Wang, L. Baochun, and L. Hui, “Public
auditing for shared data with efficient user
revocation in the cloud”, In: Proc. of IEEE
INFOCOM, Turin, Italy, pp. 2904–2912, 2013.
[19] J. Yuan and S. Yu, “Efficient public integrity
checking for cloud data sharing with multi-user
modification”, In: Proc. of IEEE INFOCOM,
Toronto, Canada, pp. 2121–2129, 2014.
[20] L. Zhang, Q. Wu, J. D. Ferrer, B. Qin, and Z.
Dong, “Round-Efficient and Sender-
Unrestricted Dynamic Group Key Agreement
Protocol for Secure Group Communications”,
IEEE Transactions on Information Forensics
and Security, Vol.10, No.11, pp.2352-2364,
2015.
[21] B. Libert, D.Vergnaud, “Group Signatures with
Verifier-Local Revocation and Backward
Unlinkability in the Standard Model”,
Cryptology and Network Security, Springer
Berlin, Heidelberg, pp.498-517, 2009.
[22] D. Catalano and D. Fiore, “Vector
commitments and their applications”, Public-
Key Cryptography - PKC 2013, Nara, Japan,
Mar. 2013, pp. 55–72.
[23] X. Chen, J. Li, J. Weng, J. Ma, and W. Lou,
“Verifiable computation over large database
with incremental updates”, In: Proc. of
ESORICS, Wroclaw, Poland, pp. 148–162,
2014.
[24] X. Chen, J. Li, X. Huang, J. Ma, and W. Lou,
“New publicly verifiable databases with
efficient updates”, IEEE Transactions on
Dependable and Secure Computing, Vol.12,
No.5, pp.546-556, 2015.
[25] B. Wang, L. Baochun, and L. Hui, “Public
auditing for shared data with efficient user
revocation in the cloud”, In: Proc. of IEEE
INFOCOM, Turin, Italy, pp. 2904–2912, 2013.
International Journal of Intelligent Engineering and Systems, Vol.10, No.5, 2017 DOI: 10.22266/ijies2017.1031.26

View publication stats