Journal Home > Volume 24 , Issue 5
Tsinghua Science and Technology 2019, 24(5): 557-574 https://doi.org/10.26599/TST.2018.9010132
Open Access | Issue | Published: 29 April 2019

SIV: A Structural Integrity Verification Approach of Cloud Components with Enhanced Privacy

Show Author's Information Bo Zhao Peiru Fan( ) Pengyuan Zhao Mingtao Ni Jinhui Liu
School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China.
School of Computer Science, Shaanxi Normal University, Xi’an 710062, China.
Keywords:
privacy, integrity verification, cloud components, structural feature
Cite this article:
Zhao B, Fan P, Zhao P, et al. SIV: A Structural Integrity Verification Approach of Cloud Components with Enhanced Privacy. Tsinghua Science and Technology, 2019, 24(5): 557-574. https://doi.org/10.26599/TST.2018.9010132
Download citation
EndNote(RIS)
BibTeX

546

Views

30

Downloads

Citations

4

Crossref

N/A

WoS

4

Scopus

0

CSCD

Abstract Full text About this article

Private data leakage is a threat to current integrity verification schemes of cloud components. To address this issue, this work proposes a privacy-enhancing Structural Integrity Verification (SIV) approach. It is made up of three processes: proof organization, proof transformation, and integrity judgement. By introducing a Merkle tree technique, the integrity of a constituent part of a cloud component on a node is represented by a root value. The value is then masked to cipher texts in proof transformation. With the masked proofs, a structural feature is extracted and validated in an integrity judgement by a third-party verification provider. The integrity of the cloud component is visually displayed in the output result matrix. If there are abnormities, the corrupted constituent parts can be located. Integrity is verified through the encrypted masked proofs. All raw proofs containing sensitive information stay on their original nodes, thus minimizing the attack surface of the proof data, and eliminating the risk of leaking private data at the source. Although some computations are added, the experimental results show that the time overhead is within acceptable bounds.


menu
Abstract
Full text
Outline
About this article

SIV: A Structural Integrity Verification Approach of Cloud Components with Enhanced Privacy

Show Author's information Bo ZhaoPeiru Fan( )Pengyuan ZhaoMingtao NiJinhui Liu
School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China.
School of Computer Science, Shaanxi Normal University, Xi’an 710062, China.

Abstract

Private data leakage is a threat to current integrity verification schemes of cloud components. To address this issue, this work proposes a privacy-enhancing Structural Integrity Verification (SIV) approach. It is made up of three processes: proof organization, proof transformation, and integrity judgement. By introducing a Merkle tree technique, the integrity of a constituent part of a cloud component on a node is represented by a root value. The value is then masked to cipher texts in proof transformation. With the masked proofs, a structural feature is extracted and validated in an integrity judgement by a third-party verification provider. The integrity of the cloud component is visually displayed in the output result matrix. If there are abnormities, the corrupted constituent parts can be located. Integrity is verified through the encrypted masked proofs. All raw proofs containing sensitive information stay on their original nodes, thus minimizing the attack surface of the proof data, and eliminating the risk of leaking private data at the source. Although some computations are added, the experimental results show that the time overhead is within acceptable bounds.

Keywords: privacy, integrity verification, cloud components, structural feature

References(30)

[1]
S. S. Rizvi, T. A. Bolish, and J. R. Pfeffer, Security evaluation of cloud service providers using third party auditors, in Proc. 10th Int. Internet of Things Conf., Exeter, UK, 2017, pp. 1-6.
DOI
[2]
S. Khan, A. Gani, A. A. Wahab, M. A. Bagiwa, M. Shiraz, S. U. Khan, R. Buyya, and A. Y. Zomaya, Cloud log forensics: Foundations, state of the art, and future directions, ACM Computing Surveys (CSUR), vol. 49, no. 1, pp. 1-42, 2016.
DOI Google Scholar
[3]
S. Saibharath and G. Geethakumari, Cloud forensics: Evidence collection and preliminary analysis, in Proc. of 2015 IEEE Int. Advance Computing Conf., Bangalore, India, 2015, pp. 464-467.
DOI
[4]
L. Tan, J. Chen, and M. T. Zhou, Trustworthiness evidence collection mechanism of running dynamic environment of trusted terminal, (in Chineses), Acta Electronica Sinica, vol. 41, no. 1, pp. 77-85, 2013.
Google Scholar
[5]
L. Chen, R. Landfermann, H. Lohr, M. Rohe, A. Sadeghi, and C. Stuble, A protocol for property-based attestation, in Proc. 1st ACM Workshop on Scalable Trusted Computing, Fairfax, Virginia, USA, 2006, pp. 7-16.
DOI
[6]
R. Sailer, X. Zhang, T. Jaeger, and L. V. Doorn, Design and implementation of a TCG-based integrity measurement architecture, in Proc. 13th Int. Usenix Security Symposium, San Diego, CA, USA, 2004.
[7]
V. Varadharajan and U. Tupakula, Counteracting security attacks in virtual machines in the cloud using property based attestation, Journal of Network & Computer Applications, vol. 40, no. 1, pp. 31-45, 2014.
DOI Google Scholar
[8]
Y. Han, T. Alpcan, J. Chan, and C. Leckie, Security games for virtual machine allocation in cloud computing, in Proc. 4th Int. Decision and Game Theory for Security Conf., Fort Worth, TX, USA, 2013, pp. 99-118.
DOI
[9]
A. Singh and K. Chatterjee, Cloud security issues and challenges: A survey, Journal of Network and Computer Applications, vol. 79, pp. 88-115, 2017.
DOI Google Scholar
[10]
M. R. Watson, N. H. Shirazi, A. K. Marnerides, A. Mauthe, and D. Hutchison, Malware detection in cloud computing infrastructures, IEEE Transactions on Dependable and Secure Computing, vol. 13, no. 2, pp. 192-205, 2016.
DOI Google Scholar
[11]
T. Zhang and R. B. Lee, Monitoring and attestation of virtual machine security health in cloud computing, IEEE Micro, vol. 36, no. 5, pp. 28-37, 2016.
DOI Google Scholar
[12]
Z. H. Ning, W. Jiang, J. Zhan, and P. Liang, Property-based anonymous attestation in trusted cloud computing, Journal of Electrical and Computer Engineering, vol. 17, pp. 1-7, 2014.
DOI Google Scholar
[13]
G. Proudler, L. Chen, and C. Dalton, Trusted Computing Platforms: TPM2. 0 in Context. Springer, 2015.
Google Scholar
[14]
V. Costan and S. Devadas, Intel SGX explained, Cryptology ePrint Archive, p.86, 2016.
Google Scholar
[15]
T. Alves and D. felton, Trustzone: Integrated hardware and software security, ARM, White paper, vol. 3, no. 4, pp. 18-24, 2004.
Google Scholar
[16]
R. Perez, R. Sailer, and L. V. Doorn, vTPM: Virtualizing the trusted platform module, in Proc. 15th USENIX Security Symposium, Vancouver, Canada, 2006, pp. 305-320.
[17]
C. Chen, H. Raj, S. Saroiu, and A. Wolman, cTPM: A cloud TPM for cross-device trusted applications, in Proc. 11th USENIX Symposium on Networked Systems Design and Implementation, Seattle, WA, USA, 2014, pp. 187-201.
[18]
F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar-Ruiz, and M. Russinovich, VC3: Trustworthy data analytics in the cloud using SGX, in Proc. 36th IEEE Symposim on Security and Privacy, San Jose, CA, USA, 2015, pp. 38-54.
DOI
[19]
T. Brito, N. O. Duarte, and N. Santos, ARM TrustZone for secure image processing on the cloud, in Proc. 35th Symposium on Reliable Distributed Systems, Budapest, Hungary, 2016, pp. 37-42.
DOI
[20]
A. H. Aljammal, H. Bani-Salameh, A. Alsarhan, M. Kharabsheh, and M. Obiedat, Node verification to join the cloud environment using third party verification server, International Journal of Interactive Mobile Technologies (iJIM), vol. 11, no. 4, pp. 55-65, 2017.
DOI Google Scholar
[21]
T. S. Khatri and G. B. Jethava, Improving dynamic data integrity verification in cloud computing, in Proc. 4th Int. Computing, Communications and Networking Technologies Conf., Tiruchengode, India, 2013, pp. 1-6.
DOI
[22]
M. Yi, J. Wei, and L. Song, Efficient integrity verification of replicated data in cloud computing system, Computers and Security, vol. 65, pp. 202-212, 2017.
DOI Google Scholar
[23]
B. Imene and H. Salima, Verifiable outsourced computation integrity in cloud-assisted big data processing, in Proc. 13th Symposium on Programming and Systems (ISPS), 2018, pp. 1-6.
DOI
[24]
I. Eyal and E. G. Sirer, Majority is not enough: Bitcoin mining is vulnerable, in Proc. Int. Financial Cryptography and Data Security, Berlin, Germany, 2014, pp. 436-454.
DOI
[25]
M. Jakobsson, T. Leighton, S. Micali, and M. Szydlo, Fractal Merkle tree representation and traversal, in Proc. Int. Cryptographers’ Track at the RSA Conf., Berlin, Germany, 2003, pp. 314-326.
DOI
[26]
The installation and usage of OpenSSL on windows system, https://my.oschina.net/vazor/blog/95488, 2012.
[27]
OpenSSL, https://www.openssl.org/, 2018.
[28]
Python, https://www.python.org/, 2018.
[29]
Y. Wang, B. Jin, and J. Dong, Security log with integrity verification support, (in Chinese), Journal of Tsinghua University, vol. 56, no. 3, pp. 237-245, 2016.
Google Scholar
[30]
Tripwire, https://www.ibm.com/developerworks/cn/aix/library/au-usingtripwire, 2012.
Publication history
Copyright
Acknowledgements
Rights and permissions

Publication history

Received: 15 October 2018
Accepted: 10 November 2018
Published: 29 April 2019
Issue date: October 2019

Copyright

© The author(s) 2019

Acknowledgements

Acknowledgements

The author would like to thank the anonymous reviewers for their constructive comments and suggestions. This work was supported by the National Key Basic Research and Development (973) Program of China (No. 2014CB340600), Wuhan FRONTIER Program of Application Foundation (No. 2018010401011295), the National Natural Science Foundation of China (No. 61802239), the Fundamental Research Funds for the Central Universities (No. GK201803061), and China Postdoctoral Science Foundation (No. 2018M631121).

Rights and permissions

Return