Академический Документы
Профессиональный Документы
Культура Документы
300 www.erpublication.org
Public examining for seclusion of shared Data in the Cloud
block using his private key. Finally, different blocks are the performance of Oruta. Finally, they briefly discuss related
signed by different users due to the changes introduced by work in Section 7, and conclude this paper in Section 8.
these different users. Then, in order to correctly audit the
integrity of the whole information, a public verifier needs to
pick the appropriate public key for each block (e.g., a block II. PROBLEM STATEMENT
signed by Shrikant can only be correctly verified by Shrikant
public key). As a result, this public verifier will inevitably 2.1 System Model
learn the identity of the signer on each block due to the
matchless binding between an identity and a public key by As illustrated in Fig. 2, the process model in this paper
digital certificates under public key infrastructure (PKI). includes three events: the cloud server, a bunch of users and a
Failing to preserve identity privacy on shared information in public verifier. There are two forms of shoppers in a team: the
the work of public auditing will reveal significant confidential natural consumer and a quantity of personnel shoppers. The
information (e.g., which particular user in the group or special fashioned person at the start creates shared expertise inside
block in shared information is a more valuable target) to the cloud, and shares it with personnel shoppers. Both the
public authenticator. Specifically, as shown in Fig. one, after fashioned client and staff shoppers are contributors of the
performing several examining tasks, this public authenticator crew. Each member of the team of workers is allowed to entry
can first learn that Shrikant could be a more important role in and adjust shared information. Shared know-how and its
the group because most of the blocks in the shared file are verification metadata (i.e., signatures) are each saved within
always signed by Shrikant; on the other side, this public the cloud server. A public verifier, harking back to a 3rd party
authenticator can also basically deduce that the eighth block auditor providing knowledgeable information auditing
may contain information of a higher value (e.g., a final bid in choices or a potential man or woman external the group of
an auction), because this block is often modified by the workers needing to make use of shared data, is able to
different users. In order to protect these private information, it publicly verify the integrity of shared knowledge saved in the
is important and hard to preserve identity privacy from public cloud server. When a public verifier needs to examine the
verifiers in the work of public auditing. integrity of shared information, it first sends an auditing
In this paper, to solve the above privacy issue on shared assignment to the cloud server. After receiving the auditing
Information, they propose Oruta,1 a novel privacy - mission, the Cloud server responds to the public verifier with
preserving public auditing mechanism. More specifically, an auditing proof of the possession of shared understanding.
they utilize ring signatures [21] to construct homomorphic Then, this public verifier checks the correctness of the entire
authenticators [10] in Oruta, so that a public verifier can data by way of verifying the correctness of the auditing proof.
confirm the integrity of shared information without retrieving Essentially, the strategy of public auditing is a mission and
the whole data while the identity of the signer on each block in response protocol between a public verifier and the cloud
shared information is kept private from the public verifier. In server [9].
addition, they further extend our mechanism to support batch
auditing, which can perform multiple auditing tasks
simultaneously and improve the efficiency of verification for
multiple auditing tasks. Meanwhile, Oruta is compatible with
random masking [5], which has been utilized in WWRL and
can preserve information privacy from public verifiers.
Moreover, they also leverage index hash tables from a earlier
public auditing solution [15] to support dynamic information.
A high-level
301 www.erpublication.org
International Journal of Engineering and Technical Research (IJETR)
ISSN: 2321-0869 (O) 2454-4698 (P), Volume-3, Issue-7, July 2015
2.3 Possible Alternative Approaches Computability: there exists an efficiently computable
algorithm for computing map e.
To keep the identification of the signer on each and every
block within the direction of public auditing, one workable Bilinearity: for all , and ,
replacement process is to ask all of the consumers of the team
to share a world private key [22], [23]. Then, each and every
person is able to sign blocks with this world unusual key. .Non-degeneracy: .
Nevertheless, once one client of the staff is compromised or Bilinear maps can be generally constructed from certain
leaving the crew, a new world personal key have to be elliptic curves [27]. Readers do not need to learn the technical
generated and securely shared among the many many leisure details about how to build bilinear maps from certain elliptic
of the staff, which certainly introduces colossal overhead to curves. Understanding the properties of bilinear maps
users in terms of key administration and key distribution. described above is sufficient enough for readers to access the
While in our solution, each consumer in the amusement of the design of our mechanism.
group of workers can nonetheless make use of its own private
key for computing verification metadata without generating 3.2 Security Assumptions
or sharing any new secret keys.
Yet another manageable process to reap identity privations The security of our proposed mechanism is based on the
is to add a depended on proxy between a gaggle of users and two following assumptions: Computational
the cloud within the approach mannequin. Further concretely, Co-Daffier-Hellman (Co-CDH) Problem. Let
every Members competencies is gathered, signed, and
, given and as input, output
uploaded to the cloud by means of utilizing this depended on
. Definition 1 (Computational Co-Diffie-Hellman
proxy, then a public verifier can most potent verify and learn
Assumption). The advantage of a probabilistic polynomial
that it is the proxy symptoms the data, however are not able to
time 2. The direct leverage of group signatures in an public
achieve talents of the identities of crew participants. But, the auditing mechanism makes the size of verification metadata
safety of this process is threatened with the support of the only extremely huge, which is much larger than the size of data
point failure of the proxy. itself. See [25] for details. algorithm A in solving the Co-CDH
Apart from, repeatedly, not the complete crew contributors
problem on is defined as
would like to suppose the same proxy for producing
signatures and uploading knowledge on their behalf. Utilizing
staff signatures [24] will also be an substitute alternative to
maintain identification privations. Alas, as proven in our
recent work [25], suggestions on the way to design an Where the probability is over the choice of a and h, and the
effective public auditing mechanism centered on personnel coin tosses of A. The Co-CDH assumption means, for any
signatures remains open.2 trusted Computing offers a further probabilistic polynomial time algorithm A, the advantage of it
possible alternative technique to acquire the design objectives in solving the Co-CDH problem on (G1,G2)is negligible.
of our mechanism. Notably, with the support of making use of For the ease of understanding, we can also say solving the
direct anonymous attestation [26], which is adopted through Co-CDH problem on is or computationally infeasible
using the relied on Computing crew seeing that the nameless or hard under the Co-CDH assumption. Discrete Logarithm
approach for a long way off authentication in relied on (DL) Problem. Let , given
platform module, users are capable to retain their as input, output a. Definition 2 (Discrete Logarithm
identification privatives on shared information from a public Assumption). The advantage of a probabilistic polynomial
verifier. The predominant problem with this procedure is that time algorithm A in solving the DL problem in G1 is defined
it requires the entire users utilizing designed hardware, and
wants the cloud supplier to maneuver the entire present cloud as , where the
offerings to the relied on computing surroundings, which may probability is over the choice of a, and the coin tosses of .
also be highly-priced and impractical The DL Assumption means, for any probabilistic polynomial
time algorithm A, the advantage of it in solving the DL
III. PRELIMINARIES problem in is negligible.
302 www.erpublication.org
Public examining for seclusion of shared Data in the Cloud
signature scheme introduced by way of Boneh et al. [21] V. PUBLIC AUDITING MECHANISMS
(referred to as BGLS in this paper) is construct bilinear maps.
We will lengthen this ring signature scheme to construct our 5.1 OVERVIEW
public auditing mechanism
Using hars and its properties we established in the previous
3.4 Homomorphic Authenticators section, we now construct oruta, a privacy-preserving public
auditing mechanism for shared data in the cloud. with oruta,
Homomorphic authenticators (also referred to as the public verifier can verify the integrity of shared data
homomorphic verifiable tags) are basic instruments to without retrieving the entire data. Meanwhile, the identity of
construct public auditing mechanisms [1], [5], [9], [10], [12], the signer on each block in shared data is kept private from the
[15]. Besides enforceability (i.e. simplest a consumer with a public verifier during the auditing.
exclusive key can generate legitimate signature), a
homomorphic authenticable signature scheme, which denotes
a homomorphic authenticator founded on signatures, will
have to also satisfy the next houses: Block less verifiability
makes it possible for a verifier to audit the correctness of data
stored within the cloud server with a exact block, which is a
linear combo of all of the blocks in knowledge. If the integrity
of the combined block is correct, then the verifier believes
that the integrity of the complete knowledge is right. In this
way, the verifier does now not need to down load the entire
Fig. 4. Using indices as identifiers.
blocks to check the integrity of knowledge. Non-malleability
shows that an adversary can't generate legitimate signatures
5.2 Construction of Oruta:
on arbitrary blocks by way of linearly combining existing
signatures.
Now, we reward the details of our public auditing
mechanism. It involves 5 algorithms: KeyGen, SigGen,
adjust, ProofGen and ProofVerify. In KeyGen, users generate
IV. NEW RING SIGNATURE SCHEME
their possess public/confidential key pairs. In SigGen, a
consumer (both the usual person or a bunch consumer) is
4.1 Overview competent to compute ring signatures on blocks in shared
knowledge via making use of its own confidential key and all
As we offered in earlier sections, we intend to utilize of the team contributors public keys. Each and every person
Ring signatures to hide the identity of the signer on every in the staff is competent to perform an insert, delete or update
block, in order that private and touchy know-how of the team operation on a block, and compute the new ring signature on
will not be disclosed to public verifiers. Nonetheless, natural this new block in adjust. ProofGen is operated by means of a
ring signatures [21], [28] can't be instantly used into public public verifier and the cloud server together to interactively
auditing mechanism, because these ring signature schemes generate a proof of possession of shared information. In Proof
don't aid block less verifiability. Without block less Verify, the public verifier audits the integrity of shared
verifiability, a public verifier has to download the entire information by verifying the proof. Observe that for the ease
information file to verify the correctness of shared of working out, we first expect the workforce is static, which
information, which consumes excessive bandwidth and takes means that the group is pre-defined before shared information
very lengthy verification times. For this reason, we design a is created within the cloud and the membership of the crew
brand new homomorphism authenticable ring signature isn't converted for the duration of knowledge sharing.
(HARS) scheme, which is improved from a basic ring Especially, before the common consumer outsources shared
signature scheme [21]. The ring signatures generated by knowledge to the cloud, he/she decides the entire staff
means of HARS will not be simplest competent to maintain contributors. We can discuss the case of dynamic companies
identification privateers but additionally in a position to aid later. Discussion. In the construction of Oruta, we aid
block less verifiability. We can show easy methods to build information privacy with the aid of leveraging random
the privations-maintaining public auditing mechanism for covering (i.e in ProofGen), which is also utilized in
shared information within the cloud founded on this new ring previous work [5] to safeguard Information privacy for
signature scheme within the next section. private customers. If a consumer wants to preserve the content
material of private data in the cloud, this consumer can
4.2 Construction of HARS additionally encrypt information before outsourcing it into the
HARS comprises three algorithms: KeyGen, Ring Sign and cloud server with encryption procedures [30], [31], such
Ring Verify. In KeyGen, every consumer in the team because the blend of symmetric key encryption and attribute
generates his/her public key and exclusive key. In Ring -headquartered encryption (ABE) [30]. With the sampling
Sign, a user in the crew is ready to generate a signature on a procedure [9], which is largely used in lots of the public
block and its block identifier along with his/her personal key auditing mechanisms, a public verifier can become aware of
and Others. A verifier is able to check whether a given any corrupted block in shared information with a high chance
block is signed with the aid of a bunch member in ring by using best selecting a subset of all blocks (i.e. selecting
-aspect subset from set ) in each and every auditing
task. Earlier work [9] has already proved that, given a total
303 www.erpublication.org
International Journal of Engineering and Technical Research (IJETR)
ISSN: 2321-0869 (O) 2454-4698 (P), Volume-3, Issue-7, July 2015
quantity of blocks
if 1 percent of the entire blocks are lost or
eliminated, a public verifier can notice these corrupted blocks
with a chance higher than ninety nine percentage by way of
picking best 460 random blocks. Of path, this public verifier
can continually spend more conversation overhead, and
confirm the integrity of information with the aid of deciding
upon all the n blocks in shared knowledge. Even if the entire n
blocks in shared knowledge are chosen (i.e. without making
use of sampling technique), the verbal exchange overhead for headquartered on the correctness of Equation (6), the
the period of public auditing remains to be rather more correctness of batch auditing in Equation (7) may also be
smaller than retrieving the whole data from the cloud [9]. awarded as If all of the B shared information are from the
Apart from identifying a bigger quantity of random blocks, a identical staff, the general public verifier can additional give a
different feasible method to toughen the detection chance is to boost to the effectively of batch auditing by means of
perform more than one auditing duties on the same shared verifying
knowledge by using utilizing one-of-a-kind random (i.e. is
exclusive for block in each extraordinary mission). In
particular, if the current detection chance is and a number
of t auditing tasks is performed, then the detection probability
is computed as . Dynamic agencies. We now
talk about the scenario of dynamic organizations below our
proposed mechanism. If a new person can be introduced in the
workforce or an present person will also be revoked from the
staff, then this workforce is denoted as a dynamic team. To aid
which will shop the general public verifier about pairing
dynamic groups while nonetheless enabling the general public
operations in complete compared to Equation (7). Observe
verifier to participate in public auditing, the entire ring
that batch auditing will fail if at the least one wrong auditing
signatures on shared information must be re-computed with
proof exists in all the B auditing proofs. To enable most of
the signers exclusive key and all of the present customers
auditing proofs to nonetheless go the verification when there
public keys when the membership of the team is changed. For
exists best a small number of fallacious auditing proofs, we
illustration, if the current measurement of the staff is d and a
will utilize binary search [5] for the duration of batch
new user ud1 is delivered into the crew, then a hoop
auditing. More especially, once the batch auditing of the B
signature on each block in shared data wishes to be
auditing proofs fails, the general public verifier divides the set
re-computed with the signers confidential key and the entire
of all of the B auditing proofs into two subsets, where each
public keys subset involves a number of B=2 auditing proofs. Then the
. If the current dimension of the workforce is d and an current general public verifier re-assessments the correctness of
person ud is revoked from the staff, then a hoop signature on auditing proofs in each and every subset using batch auditing.
each block in shared data needs to be re-computed with the If the verification effect of one subset is proper, then the entire
signers private key and all the public keys auditing proofs on this subset are all correct. In any other case,
this subset is extra divided into two sub-subsets, and the
.The primary purpose of this form of general public verifier re-tests the correctness of auditing
re-computation on signatures offered by means of dynamic proofs in each sub-subset with batch auditing except all of the
groups, is seeing that the new release of a hoop signature unsuitable auditing proofs are discovered. Naturally, when
under our mechanism requires the signers private key and the the number of incorrect auditing proofs raises, the public
entire present members public keys. An intriguing trouble for verifier needs extra time to distinguish all of the incorrect
our future work will be the way to preclude this kind of auditing proofs, and the effectively of batch auditing shall be
re-computation offered by dynamic agencies even as still diminished. Experimental outcome in section 6 suggests that,
retaining identity private from the general public verifier when lower than 12 percentage of the entire B auditing proofs
throughout the approach of public auditing of shared are flawed, batching auditing continues to be more effective
knowledge. than verifying all of the B auditing proofs one by one.
304 www.erpublication.org
Public examining for seclusion of shared Data in the Cloud
an identical mannequin called Proofs of Retrievability (POR), verification metadata in some particular occasions. On the
which can be ready to assess the correctness of data on an un grounds that Oruta is based on ring signatures, the place the
trusted server. The original file is added with a set of identification of the signer is unconditionally protected [21],
randomly-valued investigate blocks referred to as sentinels. the present design of ours does not help traceability. To the
The verifier challenges the un trusted server with the aid of nice of our talents, designing an efficient public auditing
specifying the positions of a set of sentinels and asking the un mechanism with the capabilities of maintaining identity
trusted server to return the associated sentinel values. privacy and helping traceability remains to be open. A
Shacham and Waters [10] designed two elevated schemes. different trouble for our future work is how one can show
The first scheme is constructed from BLS signatures [27], and knowledge freshness (prove the cloud possesses the brand
the 2d one is centered on pseudo-random features. To help new version of shared knowledge) whilst nonetheless
dynamic information, Ateniese et al. [33] presented an retaining identification privations.
effective PDP mechanism based on symmetric keys. This
mechanism can aid update and delete operations on data, ACKNOWLEDGMENT
nevertheless, insert operations are not on hand on this I feel great in expressing our deepest sense of gratitude to
mechanism. Because it exploits symmetric keys to affirm the guide and HOD Prof.Ajaykumar kurra for his encouragement
integrity of data, it is not public verifiable and most effective and enlightened comments throughout this project work. His
provides a person with a limited number of verification appreciative suggestion always motivated us for putting most
requests. Wang et al. [12] utilized Merkle Hash Tree and BLS willing efforts on my study during project report. We are also
signatures [27] to help dynamic knowledge in a public thankful to the concerned authorities who directly or
auditing mechanism. Erway et al. [11] introduced dynamic indirectly helped us in the project.
provable knowledge possession (DPDP) with the aid of
utilizing authenticated dictionaries, that are headquarter on REFERENCES
rank information. Zhu et al. [15] exploited the fragment
[1] B. Wang, B. Li, and H. Li, Oruta: Privacy-Preserving Public Auditing
constitution to lower the storage of signatures in their public for Shared Data in the Cloud, Proc. IEEE Fifth Intl Conf. Cloud
auditing mechanism. Furthermore, they also used index hash Computing, pp. 295-302, 2012.
tables to provide dynamic operations on data. The public [2] M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, R.H. Katz, A. Konwinski,
mechanism proposed by means of Wang et al. [5] and its G. Lee, D.A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, A View of
Cloud Computing, Comm. ACM, vol. 53, no. 4, pp. 50-58, Apr. 2010.
journal version [18] are competent to maintain customers [3] K. Ren, C. Wang, and Q. Wang, Security Challenges for the Public
confidential knowledge from a public verifier by way of Cloud, IEEE Internet Computing, vol. 16, no. 1, pp. 69-73, 2012. [4]
utilizing random maskings. In addition, to operate multiple D. Song, E. Shi, I. Fischer, and U. Shankar, Cloud Data Protection for
auditing tasks from one of a kind customers successfully, they the Masses, Computer, vol. 45, no. 1, pp. 39-45, 2012.
[5] C. Wang, Q. Wang, K. Ren, and W. Lou, Privacy-Preserving Public
accelerated their mechanism to enable batch auditing with the
Auditing for Data Storage Security in Cloud Computing, Proc. IEEE
aid of leveraging combination signatures [21]. Wang et al. INFOCOM, pp. 525-533, 2010.
[13] leveraged homomorphic tokens to ensure the correctness [6] B. Wang, M. Li, S.S. Chow, and H. Li, Computing Encrypted Cloud
of erasure codes-situated knowledge dispense on a couple of Data Efficiently under Multiple Keys, Proc. IEEE Conf. Comm. and
Network Security (CNS 13), pp. 90-99, 2013.
servers. This mechanism is capable not best to help dynamic
[7] R. Rivest, A. Shamir, and L. Adleman, A Method for Obtaining Digital
knowledge, but in addition to determine misbehaved servers. Signatures and Public Key Cryptosystems, Comm. ACM, vol. 21, no.
To decrease verbal exchange overhead within the section of 2, pp. 120-126, 1978.
data restore, Chen et al. [14] also presented a mechanism for [8] The MD5 Message-Dgest Algorithm (RFC1321). https://tools.
auditing the correctness of information under the multi-server ietf.org/html/rfc1321, 2014. [9] G. Ateniese, R. Burns, R. Curtmola, J.
Herring, L. Kissner, Z. Peterson, and D. Song, Provable Data
situation, where these knowledge are encoded by community Possession at Untrusted Stores, Proc. 14th ACM Conf. Computer and
coding as an alternative of utilizing erasure codes. More Comm. Security (CCS 07), pp. 598-610, 2007.
recently, Cao et al. [16] built an LT codes-based cozy and safe \[10] H. Shacham and B. Waters, Compact Proofs of Retrievability, Proc.
cloud storage mechanism. Compare to previous work [13], 14th Intl Conf. Theory and Application of Cryptology and Information
Security: Advances in Cryptology (ASIACRYPT 08), pp. 90- 107,
[14], this mechanism can restrict high decoding computation 2008.
fee for data users and store computation resource for online [11] C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia, Dynamic
information homeowners for the period of knowledge repair. Provable Data Possession, Proc. 16th ACM Conf. Computer and
Comm. Security (CCS09), pp. 213-222, 2009.
[12] Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, Enabling Public
VII. CONCLUSION AND FUTURE WORK Verifiability and Data Dynamic for Storage Security in Cloud
In this paper, we propose Oruta, Public examining for Computing, Proc. 14th European Conf. Research in Computer Security
(ESORICS09), pp. 355-370, 2009.
seclusion of shared Data in the Cloud mechanism for shared [13] C. Wang, Q. Wang, K. Ren, and W. Lou, Ensuring Data Storage
information in the cloud. We utilize ring signatures to Security in Cloud Computing, Proc. 17th Intl Workshop Quality of
construct homomorphic authenticators, so that a public Service (IWQoS09), pp. 1-9, 2009. [14] B. Chen, R. Curtmola, G.
verifier is in a position to audit shared knowledge integrity Ateniese, and R. Burns, Remote Data Checking for Network
Coding-Based Distributed Storage Systems, Proc. ACM Workshop
without retrieving the entire information, yet it can't
Cloud Computing Security Workshop (CCSW10), pp. 31-42, 2010.
distinguish who is the signer on every block. To toughen the [15] Y. Zhu, H. Wang, Z. Hu, G.-J. Ahn, H. Hu, and S.S Yau, Dynamic
effectively of verifying more than one auditing tasks, we extra Audit Services for Integrity Verification of Outsourced Storages in
extend our mechanism to support batch auditing. There are Clouds, Proc. ACM Symp. Applied Computing (SAC11), pp.
two intriguing issues we will continue to be taught for our 1550-1557, 2011.
[16] N. Cao, S. Yu, Z. Yang, W. Lou, and Y.T. Hou, LT Codes-Based
future work. One of them is traceability, which means the Secure and Reliable Cloud Storage Service, Proc. IEEE INFOCOM,
ability for the group supervisor (i.e. the customary consumer) 2012.
to disclose the identification of the signer centered on
305 www.erpublication.org
International Journal of Engineering and Technical Research (IJETR)
ISSN: 2321-0869 (O) 2454-4698 (P), Volume-3, Issue-7, July 2015
[17] B. Wang, B. Li, and H. Li, Certificateless Public Auditing for Data
Integrity in the Cloud, Proc. IEEE Conf. Comm. and Network Security
(CNS13), pp. 276-284, 2013.
[18] C. Wang, S.S. Chow, Q. Wang, K. Ren, and W. Lou,
Privacy-Preserving Public Auditing for Secure Cloud Storage, IEEE
Trans. Computers, vol. 62, no. 2, pp. 362-375, Feb. 2013.
[19] B. Wang, B. Li, and H. Li, Public Auditing for Shared Data with
Efficient User Revocation in the Cloud, Proc. IEEE INFOCOM, pp.
2904-2912, 2013.
[20] B. Wang, B. Li, and H. Li, Panda: Public Auditing for Shared Data
with Efficient User Revocation in the Cloud, IEEE Trans. Services
Computing, 20 Dec. 2013, DOI: 10.1109/TSC.2013.2295611.
[21] D. Boneh, C. Gentry, B. Lynn, and H. Shacham, Aggregate and
Verifiably Encrypted Signatures from Bilinear Maps, Proc. 22nd Intl
Conf. Theory and Applications of Cryptographic Techniques: Advances
in Cryptology (EUROCRYPT03), pp. 416-432, 2003.
[22] B. Wang, H. Li, and M. Li, Privacy-Preserving Public Auditing for
Shared Cloud Data Supporting Group Dynamics, Proc. IEEE Intl
Conf. Comm. (ICC13), pp. 539-543, 2013.
[23] B. Wang, S.S. Chow, M. Li, and H. Li, Storing Shared Data on the
Cloud via Security-Mediator, Proc. IEEE 33rd Intl Conf. Distributed
Computing Systems (ICDCS13), pp. 124-133, 2013.
[24] D. Boneh, X. Boyen, and H. Shacham, Short Group Signatures, Proc.
24th Ann. Intl Cryptology Conf. (CRYPTO04), pp. 41-55, 2004. [25]
B. Wang, B. Li, and H. Li, Knox: Privacy-Preserving Auditing for
Shared Data with Large Groups in the Cloud, Proc. 10th Intl Conf.
Applied Cryptography and Network Security (ACNS12), pp. 507-525,
June 2012.
[26] E. Brickell, J. Camenisch, and L. Chen, Direct Anonymous
Attestation, Proc. 11th ACM Conf. Computer and Comm. Security
(CCS04), pp. 132-145, 2004.
[27] D. Boneh, B. Lynn, and H. Shacham, Short Signatures from the Weil
Pairing, Proc. Seventh Intl Conf. Theory and Application of
Cryptology and Information Security: Advances in Cryptology
(ASIACRYPT01), pp. 514-532, 2001.
[28] R.L. Rivest, A. Shamir, and Y. Tauman, How to Leak a Secret, Proc.
Seventh Intl Conf. Theory and Application of Cryptology and
Information Security: Advances in Cryptology (ASIACRYPT01), pp.
552-565, 2001.
[29] D. Cash, A. Kupcu, and D. Wichs, Dynamic Proofs of Retrievability
via Oblivious RAM, Proc. 32nd Ann. Intl Conf. Theory and
Applications of Cryptographic Techniques: Advances in Cryptology
(EUROCRYPT), pp. 279-295, 2013.
[30] S. Yu, C. Wang, K. Ren, and W. Lou, Achieving Secure, Scalale, and
Fine-Grained Data Access Control in Cloud Computing, Proc. IEEE
INFOCOM, pp. 534-542, 2010.
[31] X. Liu, Y. Zhang, B. Wang, and J. Yan, Mona: Secure Multi-Owner
Data Sharing for Dynamic Groups in the Cloud, IEEE Trans. Parallel
and Distributed Systems, vol. 24, no. 6, pp. 1182-1191, June 2013.
[32] A. Juels and B.S. Kaliski, PORs: Proofs of Retrievability for Large
Files, Proc. 14th ACM Conf. Computer and Comm. Security
(CCS07), pp. 584-597, 2007.
[33] G. Ateniese, R.D. Pietro, L.V. Mancini, and G. Tsudik, Scalable and
Efficient Provable Data Possession, Proc. Fourth Intl Conf. Security
and Privacy in Comm. Networks (SecureComm08), 2008.
306 www.erpublication.org