An Effective Integrity Check Scheme for Secure Erasure Code-Based Storage Systems

摘要

In the application of cloud storage, a user no longer possesses his files in his local depository. Thus, he is concerned about the security of the stored files. Data confidentiality and data robustness are the main security issues. For data confidentiality, the user can first encrypt files and then store the encrypted files in a cloud storage. For data robustness, there are two concerns: service failure, and service corruption. We are concerned about data robustness in cloud storage services. Lin and Tzeng proposed a secure erasure code-based storage system with multiple key servers recently. Their system supports a repair mechanism, where a new storage server can compute a new ciphertext from the ciphertexts obtained from the remaining storage servers. Their system considers data confidentiality in the cloud, and data robustness against storage server failure. In this paper, we propose an integrity check scheme for their system to enhance data robustness against storage server corruption, which returns tampered ciphertexts. With our integrity check scheme, their storage system can deal with not only the problem of storage server failure, but also the problem of storage server corruption. The challenging part of our work is to have homomorphic integrity tags. New integrity tags can be computed from old integrity tags by storage servers without involvement of the user's secret key or backup servers. We prove the security of our integrity check scheme formally, and establish the parameters for achieving an overwhelming probability of a successful data retrieval.