ISSN 2319-8885

Vol.04,Issue.10,
April-2015,
Pages:1911-1916
www.ijsetr.com

Confidentiality in Public Auditing for Shared Data in the Cloud

G. CHINNA RAMALINGA REDDY1, DR. G. SUNIL VIJAYA KUMAR2
1

PG Scholar, Dept of CSE, ALFA College of Engineering & Technology, Allagadda, AP, India, E-mail: gcrreddy@gmail.com.
2
Professor, Dept of CSE, ALFA College of Engineering & Technology, Allagadda, AP, India, E-mail: sunilvkg@gmail.com.

Abstract: With cloud data services, it is commonplace for data to be not only stored in the cloud, but also shared across multiple
users. Unfortunately, the integrity of cloud data is subject to scepticism due to the existence of hardware/software failures and
human errors. Several mechanisms have been designed to allow both data owners and public verifiers to efficiently audit cloud
data integrity without retrieving the entire data from the cloud server. However, public auditing on the integrity of shared data
with these existing mechanisms will inevitably reveal confidential informationidentity privacyto public verifiers. In this
paper, we propose a novel privacy-preserving mechanism that supports public auditing on shared data stored in the cloud. In
particular, we exploit ring signatures to compute verification metadata needed to audit the correctness of shared data. With our
mechanism, the identity of the signer on each block in shared data is kept private from public verifiers, who are able to efficiently
verify shared data integrity without retrieving the entire file. In addition, our mechanism is able to perform multiple auditing tasks
simultaneously instead of verifying them one by one. Our experimental results demonstrate the effectiveness and efficiency of our
mechanism when auditing shared data integrity.
Keywords: Public Auditing, Privacy-Preserving, Shared Data, Cloud Computing.
I. INTRODUCTION
Cloud service providers manage an enterprise-class
infrastructure that offers a scalable, secure and reliable
environment for users, at a much lower marginal cost due
to the sharing nature of resources. It is routine for users to
use cloud storage services to share data with others in a
team, as data sharing becomes a standard feature in most
cloud storage offerings, including Drop box and Google
Docs. The integrity of data in cloud storage, however, is
subject to skepticism and scrutiny, as data stored in an
untrusted cloud can easily be lost or corrupted, due to
hardware failures and human errors [2]. To protect the
integrity of cloud data, it is best to perform public auditing
by introducing a third party auditor (TPA), who offers its
auditing service with more powerful computation and
communication abilities than regular users. The first
provable data possession (PDP) mechanism [3] to perform
public auditing is designed to check the correctness of data
stored in an untrusted server, without retrieving the entire
data. Moving a step forward, Wang et al. [4] (referred to as
WWRL in this paper) is designed to construct a public
auditing mechanism for cloud data, so that during public
auditing, the content of private data belonging to a personal
user is not disclosed to the third party auditor.
We believe that sharing data among multiple users is
perhaps one of the most engaging features that motivate
cloud storage. A unique problem introduced during the
process of public auditing for shared data in the cloud is
how to preserve identity privacy from the TPA, because the

identities of signers on shared data may indicate that a

particular user in the group or a special block in shared data
is a higher valuable target than others. For example, Alice
and Bob work together as a group and share a file in the
cloud. The shared file is divided into a number of small
blocks, which are independently signed by users. Once a
block in this shared file is modified by a user, this user
needs to sign the new block using her public/private key
pair. The TPA needs to know the identity of the signer on
each block in this shared file, so that it is able to audit the
integrity of the whole file based on requests from Alice or
Bob.

Fig.1. Alice and Bob share a file in the cloud. The TPA
audits the integrity of shared data with existing
mechanisms.

Copyright @ 2015 IJSETR. All rights reserved.

G. CHINNA RAMALINGA REDDY, DR. G. SUNIL VIJAYA KUMAR

As shown in Fig. 1, after performing several auditing
of the whole data is retrieved during integrity checking. A
tasks, some private and sensitive information may reveal to
public verifier could be a data user (e.g., researcher) who
the TPA. On one hand, most of the blocks in shared file are
would like to utilize the owners data via the cloud or a
signed by Alice, which may indicate that Alice is a
third-party auditor (TPA) who can provide expert integrity
important role in this group, such as a group leader. On the
checking services. Moving a step forward, Wang et al.
other hand, the 8-th block is frequently modified by
designed an advanced auditing mechanism .so that during
different users. It means this block may contain high value
public auditing on cloud data, the content of private data
data, such as a final bid in an auction, that Alice and Bob
belonging to a personal user is not disclosed to any public
need to discuss and change it several times. As described in
verifiers. Unfortunately, current public auditing solutions
the example above, the identities of signers on shared data
mentioned above only focus on personal data in the cloud
may indicate which user in the group or block in shared
.We believe that sharing data among multiple users is
data is a higher valuable target than others. Such
perhaps one of the most engaging features that motivate
information is confidential to the group and should not be
cloud storage. Therefore, it is also necessary to ensure the
revealed to any third party. However, no existing
integrity of shared data in the cloud is correct. Existing
mechanism in the literature is able to perform public
public auditing mechanisms can actually be extended to
auditing on shared data in the cloud while still preserving
verify shared data integrity. However, a new significant
identity privacy. In this paper, we propose Oruta1, a new
privacy issue introduced in the case of shared data with the
privacy preserving public auditing mechanism for shared
use of existing mechanisms is the leakage of identity
data in an untrusted cloud.
privacy to public verifiers.
In Oruta, we utilize ring signatures [5], [6] to construct
homomorphic authenticators [3], [7], so that the third party
auditor is able to verify the integrity of shared data for a
group of users without retrieving the entire data while the
identity of the signer on each block in shared data is kept
private from the TPA. In addition, we further extend our
mechanism to support batch auditing, which can audit
multiple shared data simultaneously in a single auditing
task. Meanwhile, Oruta continues to use random masking
[4] to support data privacy during public auditing, and
leverage index hash tables [8] to support fully dynamic
operations on shared data. A dynamic operation indicates
an insert, delete or update operation on a single block in
shared data. A high-level comparison between Oruta and
existing mechanisms in the literature is shown in Table 1.
To our best knowledge, this paper represents the first
attempt towards designing an effective privacy preserving
public auditing mechanism for shared data in the cloud.
TABLE I: Comparison with Existing Mechanisms

The remainder of this paper is organized as follows. In

SectionII, we present the Existing and Proposed Systems.
In SectionIII, Literature Survey .In SectionIV, we evaluate
the performance of Oruta. Finally, we conclude this paper
in SectionV.
II. EXISTING AND PROPOSED SYSTEMS
A. Existing System
Many mechanisms have been proposed to allow not only
a data owner itself but also a public verifier to efficiently
perform integrity checking without downloading the entire
data from the cloud, which is referred to as public auditing .
In these mechanisms, data is divided into many small
blocks, where each block is independently signed by the
owner; and a random combination of all the blocks instead

Disadvantages of Existing System:

Failing to preserve identity privacy on shared data
during public auditing will reveal significant
confidential information to public verifiers.
Protect this confidential information is essential and
critical to preserve identity privacy from public
verifiers during public auditing.
B. Proposed System
In this paper, to solve the above privacy issue on shared
data, we propose Oruta, a novel privacy-preserving public
auditing mechanism. More specifically, we utilize ring
signatures to construct homomorphic authenticators in
Oruta, so that a public verifier is able to verify the integrity
of shared data without retrieving the entire data while the
identity of the signer on each block in shared data is kept
private from the public verifier. In addition, we further
extend our mechanism to support batch auditing, which can
perform multiple auditing tasks simultaneously and
improve the efficiency of verification for multiple auditing
tasks. Meanwhile, Oruta is compatible with random
masking, which has been utilized in WWRL and can
preserve data privacy from public verifiers. Moreover, we
also leverage index hash tables from a previous public
auditing solution to support dynamic data. A high-level
comparison among Oruta and existing mechanisms is
presented.
Advantages of Proposed System
A public verifier is able to correctly verify shared data
integrity.
A public verifier cannot distinguish the identity of the
signer on each block in shared data during the process
of auditing.
The ring signatures generated for not only able to
preserve identity privacy but also able to support
block less verifiability.
C. System Architecture
As illustrated in Fig. 2, the system model in this paper
involves three parties: the cloud server, a group of users

International Journal of Scientific Engineering and Technology Research

Volume.04, IssueNo.10, April-2015, Pages: 1911-1916

Confidentiality in Public Auditing for Shared Data in the Cloud

and a public verifier. There are two types of users in a
public key is known well in advance. Examples of
group: the original user and a number of group users. The
symmetric algorithm comprise of Data encryption standard
original user initially creates shared data in the cloud, and
(DES), International data encryption algorithm (IDEA),
shares it with group users. Both the original user and group
advanced encryption standard (AES) on the other hand
users are members of the group. Every member of the
asymmetric key algorithm include RSA algorithm.
group is allowed to access and modify shared data. Shared
Asymmetric algorithms are best suited for real world
data and its verification metadata (i.e. signatures) are both
use and provides undeniable advantages in terms of
stored in the cloud server. A public verifier, such as a thirdfunctionality whereas symmetric algorithms is ideally
party auditor (TPA) providing expert data auditing services
suited for security applications like remote authentication
or a data user outside the group intending to utilize shared
for restricted websites which do not require full-fledged
data, is able to publicly verify the integrity of shared data
asymmetric set up. The use of passwords for authentication
stored in the cloud server. When a public verifier wishes to
process is popular among the users but the transmission of
check the integrity of shared data, it first sends an auditing
messages containing password may be vulnerable to illegal
challenge to the cloud server. After receiving the auditing
recording by the hackers hence posing a security breach in
challenge, the cloud server responds to the public verifier
the system. Some more advanced authentication techniques
with an auditing proof of the possession of shared data.
may employ the concept of single-usage-password where
Then, this public verifier checks the correctness of the
the system may generate challenge token expecting the user
entire data by verifying the correctness of the auditing
to respond with an encrypted message using his secret key
proof. Essentially, the process of public auditing is a
which converts the password to some derived value
challenge and-response protocol between a public verifier
enabling. While using the cryptographic techniques for
and the cloud server.
ensuring data security care should be taken for storing
encryption and decryption keys. Rigorous methods should
be adopted to prevent insiders and privileged user from
gaining access to the encrypted data and decryption key
simultaneously. Thus, the importance of SLAs is
recognized in this context. The policies responsible for user
data protection must be clearly mentioned in the providers
contract. After reviewing the data security requirements
following recommendations have been included in
multiparty SLA suggested at the end to ensure data security
in cloud:
Encrypted data and decryption key must not be
stored at the same place
Access control techniques should be applicable for
malicious insiders and privileged users
Independent audits must be conducted to access the
effectiveness of techniques employed for data
storage
Fig.2. Our system model includes the cloud server, the

Service providers must abide the ethics and legal

third party auditor and users.
laws and should be responsible for discrepancies if
III. LITERATURE SURVEY
any
For some years, tools for defending against hackers
Backup and reset methods against system crash and
have been in the form of software to be installed on each
failures.
device being protected or appliances deployed on-premise.
In many applications, it is desirable to work with
However, to be effective, such protection needs to be
signatures that are both short and yet where many messages
constantly updated. Common methods for ensuring security
from different signers are verified very quickly. RSA
of data in cloud consist of data encryption (cryptographic
signatures satisfy the latter condition, but are generally
process) before storage, authentication process before
thousands of bits in length. Recent developments in pairing
storage or retrieval and constructing secure channels for
based cryptography produced a number of short signatures
data transmission. The protection methods find their routes
which provide equivalent security in a fraction of the space.
in cryptographic algorithms and digital signature
Unfortunately, verifying these signatures is computationally
techniques. The cryptographic algorithms are classified into
intensive due to the expensive pairing operation. In an
two categories: symmetric and asymmetric algorithms.
attempt to simultaneously achieve short and fast signatures,
Symmetric algorithm uses a single key known as secret key
it was proved how to batch verify two pairing-based
both for encryption and decryption process whereas
schemes so that the total number of pairings was
asymmetric algorithm uses two keys; one is the public key
independent of the number of signatures to verify. On the
made available publically and the other one is the private
theoretical side, we introduce new batch verifiers for a wide
key, which is kept secret used to decrypt the data. Breaking
variety of regular, identity based, group, ring and aggregate
the private key is rarely possible even if the corresponding
signature schemes. Our goal is to test whether batching is
International Journal of Scientific Engineering and Technology Research
Volume.04, IssueNo.10, April-2015, Pages: 1911-1916

G. CHINNA RAMALINGA REDDY, DR. G. SUNIL VIJAYA KUMAR

practical; that is, whether the benefits of removing pairings
due to the increasing number of exponentiations and pairing
significantly outweigh the cost of the additional operations
operations.
required for batching, such as group membership testing,
randomness
generation,
and
additional
modular
exponentiations and multiplications.
IV. PERFORMANCE
In this section, we first analyze the computation and
communication costs of Oruta, and then evaluate the
performance of Oruta in experiments.
A. Computation Cost
During an auditing task, the public verifier first generates
some random values to construct an auditing challenge,
which only introduces a small cost in computation. Then,
after receiving the auditing challenge, the cloud server
needs to compute an auditing proof {, , ,{id j}jJ}. Based
on the description in the computation cost of calculating an
auditing proof is about (k+dc) ExpG1+ dcMulG1+ ckMulZp
+ kHashZp, where ExpG1 denotes the cost of computing one
exponentiation in G1, MulG1 denotes the cost of computing
one multiplication in G1, MulZp and HashZp respectively
denote the cost of computing one multiplication and one
hashing operation in Zp. To check the correctness of an
auditing proof {, , , {idj}jJ}, a public verifier audits.
The total cost of verifying this auditing proof is about
(2k+c) ExpG1 +(2k + c) MulG1 + dMulGT + cHashG1 + (d +
2)Pair. We use Pair to denote the cost of computing one
pairing operation one: G1 G2 GT.
B. Communication Cost
The communication cost of Oruta is mainly introduced
by two aspects: the auditing challenge and auditing proof.
For each auditing challenge {j, yj} jJ, the communication
cost is c (|q|+ |n|) bits, where |q| is the length of an element
of Zq and |n| is the length of an index. Each auditing proof
{, , ,{idj}jJ} contains (k+ d) elements of G1, k elements
of Zp and c elements of Zq, therefore the communication
cost of one auditing proof is (2k + d)|p|+c|q| bits.
C. Experimental Results
We now evaluate the efficiency of Oruta in experiments.
In our experiments, we utilize the GNU Multiple Precision
Arithmetic (GMP) library and Pairing Based Cryptography
(PBC) library. All the following experiments are based on
C and tested on a 2.26 GHz Linux system over 1,000 times.
Because Oruta needs more exponentiations than pairing
operations during the process of auditing, the elliptic curve
we choose in our experiments is an MNT curve with a base
field size of 159 bits, which has a better performance than
other curves on computing exponentiations. We choose |p|=
160 bits and |q| = 80 bits. We assume the total number of
blocks in shared data is n = 1,000, 000 and |n| = 20 bits. The
size of shared data is 2GB. To keep the detection
probability greater than 99 percent, we set the number of
selected blocks in an auditing task as c = 460 [10]. If only
300 blocks are selected, the detection probability is greater
than 95 percent. We also assume the size of the group d [2,
20] in the following experiments. Certainly, if a larger
group size is used, the total computation cost will increase

Fig.3. Performance of signature generation.

Performance of Signature Generation According to, the
generation time of a ring signature on a block is determined
by the number of users in the group and the number of
elements in each block. As illustrated in Figs. 3a and 10b,
when k is fixed, the generation time of a ring signature is
linearly increasing with the size of the group; when d is
fixed, the generation time of a ring signature is linearly
increasing with the number of elements in each block.
Specifically, when d = 10 and k = 100, a user in the group
requires about 37 milliseconds to compute a ring signature
on a block in shared data. Performance of Auditing Based
on our proceeding analyses, the auditing performance of
Oruta under different detection probabilities is illustrated in
Figs. 4a and 5b, and Table 2. As shown in Fig. 4a, the
auditing time is linearly increasing with the size of the
group. When c = 300, if there are two users sharing data in
the cloud, the auditing time is only about 0.5 seconds; when
the number of group member increases to 20, it takes about
2.5 seconds to finish the same auditing task.

Fig.4. Performance of auditing time.

The communication cost of an auditing task under
different parameters is presented in Figs. 5a and 5b.
Compared to the size of entire shared data, the
communication cost that a public verifier consumes in an

International Journal of Scientific Engineering and Technology Research

Volume.04, IssueNo.10, April-2015, Pages: 1911-1916

Confidentiality in Public Auditing for Shared Data in the Cloud

auditing task is very small. It is clear in Table 2 that when
100 and the number of users in the group is d = 10. Let A
maintaining a higher detection probability, a public verifier
denote the number of incorrect auditing proofs. In addition,
needs to consume more computation and communication
we also assume that it always requires the worst case
overhead to finish the auditing task. Specifically, when c =
algorithm to detect the incorrect auditing proofs in the
300, it takes a public verifier 1.32 seconds to audit the
experiment; the extra computation cost in binary search is
correctness of shared data, where the size of shared data is
mainly introduced by extra pairing operations. As shown in
2GB; when c = 460, a public verifier needs 1.94 seconds to
Fig. 7a, if all the 128 auditing proofs are for different
verify the integrity of the same shared data.
groups, when the number of incorrect auditing proofs is less
than 16 (12 percent of all the auditing proofs), batching
auditing is still more efficient than separate auditing.
Similarly, in Fig. 7b, if all the auditing proofs are for the
same group, when the number of incorrect auditing proofs
is more than 16, batching auditing is less efficient than
verifying these auditing proofs separately.
TABLE II: Performance of Auditing

Fig.5. Performance of communication cost.

As we discussed in the previous section, the privacy
performance of our mechanism depends on the number of
members in the group. Given a block in shared data, the
probability that a public verifier fails to reveal the identity
of the signer is 1-1/d, where d 2. Clearly, when the
number of group members is larger, our mechanism has a
better performance in terms of privacy. As we can see from
Fig. 6a, this privacy performance increases with an increase
of the size of the group. Performance of Batch Auditing As
we discussed when there are multiple auditing proofs, the
public verifier can improve the efficiency of verification by
performing batch auditing. In the following experiments,
we choose c = 300, k = 100 and d = 10. Compared to
verifying a number of B auditing proofs one by one, if these
B auditing proofs are for different groups, batching auditing
can save 2.1 percent of the auditing time per auditing proof
on average (as shown in Fig. 7a). If these B auditing tasks
are for the same group, batching auditing can save 12.6
percent of the average auditing time per auditing proof (as
shown in Fig. 7b).

Fig.6. Performance of privacy and batch auditing.

Now we evaluate the performance of batch auditing

when incorrect auditing proofs exist among the B auditing
proofs. As we mentioned we can use binary search in batch
auditing, so that we can distinguish the incorrect ones from
the B auditing proofs. However, the increasing number of
incorrect auditing proofs will reduce the efficiency of batch
Fig.7. Efficiency of batch auditing with incorrect proofs.
auditing. It is important for us to find out the maximal
number of incorrect auditing proofs exist in the B auditing
V. CONCLUSION AND FUTURE WORK
proofs, where the batch auditing is still more efficient than
In this paper, we propose Oruta, the first privacy
preserving public auditing mechanism for shared data in the
separate auditing. In this experiment, we assume the total
cloud. We utilize ring signatures to construct homomorphic
number of auditing proofs in the batch auditing is B = 128
authenticators, so the TPA is able to audit the integrity of
(because we leverage binary search, it is better to set B as a
shared data, yet cannot distinguish who is the signer on
power of 2), the number of elements in each block is k =
International Journal of Scientific Engineering and Technology Research
Volume.04, IssueNo.10, April-2015, Pages: 1911-1916

G. CHINNA RAMALINGA REDDY, DR. G. SUNIL VIJAYA KUMAR

each block, which can achieve identity privacy. To improve
Application of Cryptology and Information Security:
the efficiency of verification for multiple auditing tasks, we
Advances in Cryptology (ASIACRYPT 08), pp. 90-107,
further extend our mechanism to support batch auditing. An
2008.
interesting problem in our future work is how to efficiently
[12] C. Erway, A. Kupcu, C. Papamanthou, and R.
audit the integrity of shared data with dynamic groups
Tamassia, Dynamic Provable Data Possession, Proc. 16th
while still preserving the identity of the signer on each
ACM Conf. Computer and Comm. Security (CCS09), pp.
block from the third party auditor. There are two interesting
213-222, 2009.
problems we will continue to study for our future work.
One of them is traceability, which means the ability for the
group manager (i.e., the original user) to reveal the identity
of the signer based on verification metadata in some special
situations. Since Oruta is based on ring signatures, where
the identity of the signer is unconditionally protected, the
current design of ours does not support traceability. To the
best of our knowledge, designing an efficient public
auditing mechanism with the capabilities of preserving
identity privacy and supporting traceability is still open.
Another problem for our future work is how to prove data
freshness (prove the cloud possesses the latest version of
shared data) while still preserving identity privacy.
VI. REFERENCES
[1] Boyang Wang, Student Member, IEEE, Baochun Li,
Senior Member, IEEE, and Hui Li, Member, IEEE, Oruta:
Privacy-Preserving Public Auditing for Shared Data in the
Cloud, IEEE Transactions on Cloud Computing, Vol. 2,
No. 1, January-March 2014.
[2] B. Wang, B. Li, and H. Li, Oruta: Privacy-Preserving
Public Auditing for Shared Data in the Cloud, Proc. IEEE
Fifth Intl Conf. Cloud Computing, pp. 295-302, 2012.
[3] M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, R.H.
Katz, A. Konwinski, G. Lee, D.A. Patterson, A. Rabkin, I.
Stoica, and M. Zaharia, A View of Cloud Computing,
Comm. ACM, vol. 53, no. 4, pp. 50-58, Apr. 2010.
[4] K. Ren, C. Wang, and Q. Wang, Security Challenges
for the Public Cloud, IEEE Internet Computing, vol. 16,
no. 1, pp. 69-73, 2012.
[5] D. Song, E. Shi, I. Fischer, and U. Shankar, Cloud
Data Protection for the Masses, Computer, vol. 45, no. 1,
pp. 39-45, 2012.
[6] C. Wang, Q. Wang, K. Ren, and W. Lou, PrivacyPreserving Public Auditing for Data Storage Security in
Cloud Computing, Proc. IEEE INFOCOM, pp. 525-533,
2010.
[7] B. Wang, M. Li, S.S. Chow, and H. Li, Computing
Encrypted Cloud Data Efficiently under Multiple Keys,
Proc. IEEE Conf. Comm. and Network Security (CNS 13),
pp. 90-99, 2013.
[8] R. Rivest, A. Shamir, and L. Adleman, A Method for
Obtaining Digital Signatures and Public Key
Cryptosystems, Comm. ACM, vol. 21, no. 2, pp. 120-126,
1978.
[9] The MD5 Message-Digest Algorithm (RFC1321).
https://tools. ietf.org/html/rfc1321, 2014.
[10] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L.
Kissner, Z. Peterson, and D. Song, Provable Data
Possession at Untrusted Stores, Proc. 14th ACM Conf.
Computer and Comm. Security (CCS 07), pp. 598-610,
2007.
[11] H. Shacham and B. Waters, Compact Proofs of
Retrievability, Proc. 14th Intl Conf. Theory and
International Journal of Scientific Engineering and Technology Research
Volume.04, IssueNo.10, April-2015, Pages: 1911-1916