AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
Powered by AMiner. Clicking this button will take you away from SciOpen.
Home Tsinghua Science and Technology Article
PDF (1 MB)
Cite
EndNote(RIS) BibTeX
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

SIV: A Structural Integrity Verification Approach of Cloud Components with Enhanced Privacy

School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China.
School of Computer Science, Shaanxi Normal University, Xi’an 710062, China.
Show Author Information

Abstract

Private data leakage is a threat to current integrity verification schemes of cloud components. To address this issue, this work proposes a privacy-enhancing Structural Integrity Verification (SIV) approach. It is made up of three processes: proof organization, proof transformation, and integrity judgement. By introducing a Merkle tree technique, the integrity of a constituent part of a cloud component on a node is represented by a root value. The value is then masked to cipher texts in proof transformation. With the masked proofs, a structural feature is extracted and validated in an integrity judgement by a third-party verification provider. The integrity of the cloud component is visually displayed in the output result matrix. If there are abnormities, the corrupted constituent parts can be located. Integrity is verified through the encrypted masked proofs. All raw proofs containing sensitive information stay on their original nodes, thus minimizing the attack surface of the proof data, and eliminating the risk of leaking private data at the source. Although some computations are added, the experimental results show that the time overhead is within acceptable bounds.

Keywords

privacyintegrity verificationcloud componentsstructural feature

References

[1]
S. S. Rizvi, T. A. Bolish, and J. R. Pfeffer, Security evaluation of cloud service providers using third party auditors, in Proc. 10th Int. Internet of Things Conf., Exeter, UK, 2017, pp. 1-6.
Crossref
[2]
S. Khan, A. Gani, A. A. Wahab, M. A. Bagiwa, M. Shiraz, S. U. Khan, R. Buyya, and A. Y. Zomaya, Cloud log forensics: Foundations, state of the art, and future directions, ACM Computing Surveys (CSUR), vol. 49, no. 1, pp. 1-42, 2016.
Crossref Google Scholar
[3]
S. Saibharath and G. Geethakumari, Cloud forensics: Evidence collection and preliminary analysis, in Proc. of 2015 IEEE Int. Advance Computing Conf., Bangalore, India, 2015, pp. 464-467.
Crossref
[4]
L. Tan, J. Chen, and M. T. Zhou, Trustworthiness evidence collection mechanism of running dynamic environment of trusted terminal, (in Chineses), Acta Electronica Sinica, vol. 41, no. 1, pp. 77-85, 2013.
Google Scholar
[5]
L. Chen, R. Landfermann, H. Lohr, M. Rohe, A. Sadeghi, and C. Stuble, A protocol for property-based attestation, in Proc. 1st ACM Workshop on Scalable Trusted Computing, Fairfax, Virginia, USA, 2006, pp. 7-16.
Crossref
[6]
R. Sailer, X. Zhang, T. Jaeger, and L. V. Doorn, Design and implementation of a TCG-based integrity measurement architecture, in Proc. 13th Int. Usenix Security Symposium, San Diego, CA, USA, 2004.
[7]
V. Varadharajan and U. Tupakula, Counteracting security attacks in virtual machines in the cloud using property based attestation, Journal of Network & Computer Applications, vol. 40, no. 1, pp. 31-45, 2014.
Crossref Google Scholar
[8]
Y. Han, T. Alpcan, J. Chan, and C. Leckie, Security games for virtual machine allocation in cloud computing, in Proc. 4th Int. Decision and Game Theory for Security Conf., Fort Worth, TX, USA, 2013, pp. 99-118.
Crossref
[9]
A. Singh and K. Chatterjee, Cloud security issues and challenges: A survey, Journal of Network and Computer Applications, vol. 79, pp. 88-115, 2017.
Crossref Google Scholar
[10]
M. R. Watson, N. H. Shirazi, A. K. Marnerides, A. Mauthe, and D. Hutchison, Malware detection in cloud computing infrastructures, IEEE Transactions on Dependable and Secure Computing, vol. 13, no. 2, pp. 192-205, 2016.
Crossref Google Scholar
[11]
T. Zhang and R. B. Lee, Monitoring and attestation of virtual machine security health in cloud computing, IEEE Micro, vol. 36, no. 5, pp. 28-37, 2016.
Crossref Google Scholar
[12]
Z. H. Ning, W. Jiang, J. Zhan, and P. Liang, Property-based anonymous attestation in trusted cloud computing, Journal of Electrical and Computer Engineering, vol. 17, pp. 1-7, 2014.
Crossref Google Scholar
[13]
G. Proudler, L. Chen, and C. Dalton, Trusted Computing Platforms: TPM2. 0 in Context. Springer, 2015.
Google Scholar
[14]
V. Costan and S. Devadas, Intel SGX explained, Cryptology ePrint Archive, p.86, 2016.
Google Scholar
[15]
T. Alves and D. felton, Trustzone: Integrated hardware and software security, ARM, White paper, vol. 3, no. 4, pp. 18-24, 2004.
Google Scholar
[16]
R. Perez, R. Sailer, and L. V. Doorn, vTPM: Virtualizing the trusted platform module, in Proc. 15th USENIX Security Symposium, Vancouver, Canada, 2006, pp. 305-320.
[17]
C. Chen, H. Raj, S. Saroiu, and A. Wolman, cTPM: A cloud TPM for cross-device trusted applications, in Proc. 11th USENIX Symposium on Networked Systems Design and Implementation, Seattle, WA, USA, 2014, pp. 187-201.
[18]
F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar-Ruiz, and M. Russinovich, VC3: Trustworthy data analytics in the cloud using SGX, in Proc. 36th IEEE Symposim on Security and Privacy, San Jose, CA, USA, 2015, pp. 38-54.
Crossref
[19]
T. Brito, N. O. Duarte, and N. Santos, ARM TrustZone for secure image processing on the cloud, in Proc. 35th Symposium on Reliable Distributed Systems, Budapest, Hungary, 2016, pp. 37-42.
Crossref
[20]
A. H. Aljammal, H. Bani-Salameh, A. Alsarhan, M. Kharabsheh, and M. Obiedat, Node verification to join the cloud environment using third party verification server, International Journal of Interactive Mobile Technologies (iJIM), vol. 11, no. 4, pp. 55-65, 2017.
Crossref Google Scholar
[21]
T. S. Khatri and G. B. Jethava, Improving dynamic data integrity verification in cloud computing, in Proc. 4th Int. Computing, Communications and Networking Technologies Conf., Tiruchengode, India, 2013, pp. 1-6.
Crossref
[22]
M. Yi, J. Wei, and L. Song, Efficient integrity verification of replicated data in cloud computing system, Computers and Security, vol. 65, pp. 202-212, 2017.
Crossref Google Scholar
[23]
B. Imene and H. Salima, Verifiable outsourced computation integrity in cloud-assisted big data processing, in Proc. 13th Symposium on Programming and Systems (ISPS), 2018, pp. 1-6.
Crossref
[24]
I. Eyal and E. G. Sirer, Majority is not enough: Bitcoin mining is vulnerable, in Proc. Int. Financial Cryptography and Data Security, Berlin, Germany, 2014, pp. 436-454.
Crossref
[25]
M. Jakobsson, T. Leighton, S. Micali, and M. Szydlo, Fractal Merkle tree representation and traversal, in Proc. Int. Cryptographers’ Track at the RSA Conf., Berlin, Germany, 2003, pp. 314-326.
Crossref
[26]
The installation and usage of OpenSSL on windows system, https://my.oschina.net/vazor/blog/95488, 2012.
[27]
OpenSSL, https://www.openssl.org/, 2018.
[28]
Python, https://www.python.org/, 2018.
[29]
Y. Wang, B. Jin, and J. Dong, Security log with integrity verification support, (in Chinese), Journal of Tsinghua University, vol. 56, no. 3, pp. 237-245, 2016.
Google Scholar
[30]
Tripwire, https://www.ibm.com/developerworks/cn/aix/library/au-usingtripwire, 2012.
Tsinghua Science and Technology
Volume 24 Issue 5,
October 2019
Pages 557-574
DOI: 10.26599/TST.2018.9010132
Cite this article:
Zhao B, Fan P, Zhao P, et al. SIV: A Structural Integrity Verification Approach of Cloud Components with Enhanced Privacy. Tsinghua Science and Technology, 2019, 24(5): 557-574. https://doi.org/10.26599/TST.2018.9010132

651

Views

31

Downloads

4

Crossref

N/A

Web of Science

4

Scopus

0

CSCD

Altmetrics
Received: 15 October 2018
Accepted: 10 November 2018
Published: 29 April 2019
© The author(s) 2019
Return