International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 21 June 2015

Yuan Zhang, Chunxiang Xu, Shui Yu, Hongwei Li, Xiaojun Zhang
ePrint Report ePrint Report
Cyber-physical-social system (CPSS) allows individuals to share personal information collected from not only cyberspace, but also physical space. This has resulted in generating numerous data at a user\'s local storage. However, it is very expensive for users to store large data sets, and it also causes problems in data management. Therefore, it is of critical importance to outsource the data to cloud servers, which provides users an easy, cost-effective and flexible way to manage data. Whereas, users lose control on their data once outsourcing their data to cloud servers, which poses challenges on integrity of outsourced data. Many mechanisms have been proposed to allow a third-party auditor to verify data integrity using the public keys of users. Most of these mechanisms bear a strong assumption: the auditors are honest and reliable, and thereby are vulnerability in the case that auditors are malicious. Moreover, in most of these approaches, an auditor needs to manage users certificates to choose the correct public keys for verification.

In this paper, we propose a secure certificateless public integrity verification scheme (SCLPV). The SCLPV scheme is the first work that simultaneously supports certificateless public verification and resistance against malicious auditors to verify the integrity of outsourced data in CPSS. A formal and strict security proof proves the correctness and security of our scheme. In addition, an elaborate performance analysis demonstrates that our scheme is efficient and practical. Compared with the best of the existing certificateless public verification scheme (CLPV), the SCLPV provides stronger security guarantees in terms of remedying the security vulnerability of the CLPV and resistance against malicious auditors. At the same time, in comparison with the best of integrity verification scheme achieving resistance against malicious auditors, the communication cost between the auditor and the cloud server in the SCLPV is independent of the size of the processed data, meanwhile, the auditor in the SCLPV does not need to manage certificates.

Expand

Additional news items may be found on the IACR news page.