DOTNET PROJECT
Data Integrity
Auditing without Private Key Storage for Secure Cloud Storage
Abstract:
Using cloud storage services, users can store their data in the cloud to
avoid the expenditure of local data storage and maintenance. To ensure the
integrity of the data stored in the cloud, many data integrity auditing schemes
have been proposed. In most, if not all, of the existing schemes, a user needs
to employ his private key to generate the data authenticators for realizing the
data integrity auditing. Thus, the user has to possess a hardware token (e.g.
USB token, smart card) to store his private key and memorize a password to
activate this private key. If this hardware token is lost or this password is
forgotten, most of the current data integrity auditing schemes would be unable
to work. In order to overcome this problem, we propose a new paradigm called
data integrity auditing without private key storage and design such a scheme.
In this scheme, we use biometric data (e.g. iris scan, fingerprint) as the
user's fuzzy private key to avoid using the hardware token. Meanwhile, the
scheme can still effectively complete the data integrity auditing.We utilize a
linear sketch with coding and error correction processes to confirm the
identity of the user. In addition, we design a new signature scheme which not
only supports blockless verifiability, but also is compatible with the linear
sketch. The security proof and the performance analysis show that our proposed
scheme achieves desirable security and efficiency.
No comments:
Post a Comment