A novel approach to data integrity auditing in PCS: Minimising any Trust on Third Parties (DIA-MTTP)

Abstract

Data Integrity Auditing (DIA) is a security service for verifying the integrity of outsourced data in Public Cloud Storage (PCS) by users or by Third-Party Auditors (TPAs) on behalf of the users. This paper proposes a novel DIA framework, called DIA-MTTP. The major novelty of the framework lies in that, while providing the DIA service in a PCS environment, it supports the use of third parties, but does not require full trust in the third parties. In achieving this property, a number of ideas also have been embedded in the design. These ideas include the use of multiple third parties and a hierarchical approach to their communication structure making the service more suited to resource-constrained user devices, the provision of two integrity assurance levels to balance the trade-off between security protection levels and the costs incurred, the application of a data deduplication measure to both new data and existing data updates to minimise the number of tags (re-)generated. In supporting the dynamic data and deduplication measure, a distributed data structure, called Multiple Mapping Tables (M2T), is proposed. Security analysis indicates that our framework is secure with the use of untrusted third parties. Performance evaluation indicates that our framework imposes less computational, communication and storage overheads than related works.