Cloud Secure Auditing Scheme Supporting Key Update and Auditor Replacement
-
Graphical Abstract
-
Abstract
Cloud storage provides data hosting services, which solves the issue of local data management and sharing restrictions. Existing audit methods used for securing the cloud data usually have a serious security flaw: if the signature key is revealed, the audit proposal that relies on the key to produce signatures would no longer guarantee the data integrity. In addition, most audit schemes assume that there is only one fixed auditor throughout the auditing process. However, due to being compromised, bribed, or lacking resources, the auditor may not be able to perform audit agency services anymore. Therefore, we propose a cloud secure auditing scheme supporting key update and auditor replacement, named AKUAR. In the model, AKUAR utilizes bilinear pairs and proxy re-signature idea to develop an efficient key and tag update mechanism, wherein the cloud server undertakes the computationally intensive tag update operations and only a little amount of cost is incurred in the local side. In addition, when the fog node acting as the auditor terminates the audit, the new fog node can carry on the integrity audit in its place, realizing the sustainability of the audit service and preventing disclosure of the new signature key to the old fog node. Finally, security analysis demonstrates that AKUAR is provably secure, and performance evaluations also confirm that AKUAR only introduces a modest amount of acceptable computational and communication costs during the tag generation and key update phases.
-
-