A Double-Efficient Integrity Verification Scheme to Cloud Storage Data Deng Hongyao, Song Xiuli, Tao jingsong 2014 TELKOMNIKA Indonesian Journal of Electrical

A Double-Efficient Integrity Verification Scheme to

Cloud Storage DataDeng Hongyao, Song Xiuli, Tao jingsong

2014 TELKOMNIKA Indonesian Journal of Electrical Engineering

Presenter : 陳昱安Date : 2014/10/6

Outline• Introduction

• Schnorr Signature Scheme

• Safety Integrity Verification Scheme Based on Schnorr Signature

• Efficient Integrity Verification Scheme Based on Schnorr Signature

• Security and Performance Analysis

• Conclusion

2






• Conclusion

3

Introduction This paper proposed two integrity verification schemes based on Schnorr Signature Scheme.

4

Safety integrity verification scheme (SIVS).

Efficient integrity verification scheme (EIVS).






• Conclusion

5

Schnorr Signature Scheme (1/3)

Supposed and are two big prime, and is a multiple of ; is a generator of , and .

is private key of .

is a public key and .

() is an approved cryptographic hash function.

6


If a signer signs the message , then he chooses randomly a secret number and computes

The signer sends the message and the signatures to the receiver.

7


If the receiver has received and , then he first

Computes

And checks the following equation:

If the equation is true, then the signature is valid. Otherwise, the signature is invalid.

8

?






• Conclusion

9

Safety Integrity Verification Scheme Based on Schnorr Signature

USER

message


USER

Challenge

Response


USER

Request

Response

Safety Integrity Verification Scheme Based on Schnorr Signature (1/8)

Notation is 1024-bit prime; is 160-bit prime

is private key of .

is a public key and .

() is an approved cryptographic hash function.

() is a pseudo-random function.

() is a pseudo-random permutation

are three keys, where k is the length of the

three keys.

13


Pro-processing Phase

The user sends and

to the cloud storage server.

The user stores and hash value on the local.

14


Challenge Phase

The user‘s challenge values are , where is identity number of the file ;

is the number of challenged blocks ;

and re chosen randomly for each challenge;

is the user’s public key.

15


Response Phase After the cloud storage server has received the challenge values , he uses pseudo-random permutation to generate indices of challenged blocks

.

Also, he uses pseudo-random function to derive coefficients

.

16


In pro-processing phase, the cloud storage server holds the set of file blocks and the set of verification blocks .

Grounded on the block indices, he chooses the subset of file blocks and the subset of

verification blocks , then computes:

The cloud storage server sends response values to the user, and takes them as the proofs of possessing file .

17


Verification Phase The user computes indices of challenged blocks and random coefficients .

Then the user chooses the subset of the signatures

from which has been saved previously on the local.

Further, the user computes

Then he checks the following equation: .

18

?


19


20

Retrieve File Phase

At a later time, when the user needs his file , he sends a request message to the cloud storage server.

Then the cloud server sends back file blocks

to the user.

The user uses hash function to compute

to check.






• Conclusion

21

Efficient Integrity Verification Scheme Based on Schnorr Signature (1/3)

Pro-processing Phase

Here, EIVS doesn't use file blocks to compute signatures , but uses hash values to compute signatures.

22


Response Phase

In response phase, all values of are set to 1, here, the cloud storage server computes:

Now, the scheme doesn't add all file blocks to generate , but add all hash values to generate it.

23


Verification Phase

In verification phase, all values of are set to 1 , then the user computes:

Here, the user checks if below equation holds:

24






• Conclusion

25

Security and Performance Analysis

EIVS scheme substitutes hash values for file blocks to generate signatures and also, all values of coefficients are set to 1, so it improves operation speed and reduces computational costs.

But EIVS scheme can only verify the cloud storage server stores well the sum of hash values, and cannot guarantee that the cloud storage server preserves intact all file blocks.

26

Security Analysis (1/4) SIVS scheme gives double integrity verification guarantee to cloud storage data.

1. in response and verification phase, the user checks response values to judge whether all file blocks are preserved intact in the cloud storage server.

2. In retrieve file phase, the user compares hash values with to judge whether some file blocks have been altered in network transmitting or on cloud storage.

27

Security Analysis (2/4) If the user and the cloud storage server chooses the subset of file blocks as challenged blocks, but the cloud storage server has lost file blocks , where .

Accordingly, the cloud storage server falsifies file blocks with replacement, then he computes:

28

Security Analysis (3/4) After the user has received response values , he computes the value of , and verifies the relation :

If the relation is true, then (mod ), this means

.

If we could find out to let (mod ),

Then (mod ), but this is impossible.

29

Security Analysis (4/4) In retrieve file phase, we suppose the cloud storage server has lost original file blocks .

The cloud storage server substitutes fake file blocks for file blocks and send them to the user.

The user first computes hash value

and check equation :

30

Performance Analysis

31

In the four schemes, if we suppose the size of each file block

is the same, and total number of file blocks is also the same. Moreover, the number of challenged file blocks is also the same.






• Conclusion

32

Conclusion

33

In view of communication costs and computation costs of current integrity verification schemes are too high, this paper proposes two integrity verification schemes SIVS and EIVS based on Schnorr Signature.

If the files need to be stored in cloud for a long time, SIVS scheme will be used to verify the integrity of the file. But in short term, EIVS scheme will be used.

Documents

A Double-Efficient Integrity Verification Scheme to Cloud Storage Data Deng Hongyao, Song Xiuli, Tao jingsong 2014 TELKOMNIKA Indonesian Journal of Electrical