Article Preview
TopIntroduction
Existence of cloud storage services has enabled users to outsource their data to the cloud servers which are made available and then use that data from anywhere using the internet. These kinds of services provide users with an efficient method to handle their data, at the same time users are borne less storage costs. Though these kinds of cloud storage services (Suresh et al., 2014) are highly beneficial for users, they bring in security related issues (Hoon et al., 2018). An important security concern is that of data integrity. In traditional data management systems, users store their data locally, but in this system, users would not physically own their data once they are outsourced. Thus, data integrity becomes a major issue of user concern.
Public verification techniques enable users to outsource the verification required to ensure data integrity to other third-party auditors (Pooja et al., 2016). Those auditors at regular intervals check the data for its integrity. The users are informed in case the data is corrupted. In the public verification techniques often used, the auditor is expected to be honest and reliable. If the auditor is compromised, these schemes are going to be invalidated (Thangavel et al., 2019). For example, an irresponsible auditor may always generate a good integrity report without performing the verification to avoid the verification costs. Such reporting imposes serious data integrity issues.
Even a malicious auditor may conspire with the cloud servers in order to bring out a biased verification report. To ensure the security of the user and his data, in purview of existing unreliable auditors, the users are required to monitor the auditor’s behaviors. During each verification work the auditor records the information used to verify the data integrity, which enables the user to audit the validity of the auditor’s behavior. After the transaction is recorded into the blockchain, the user is able to verify the time when the auditor performs the verification by checking the generation time of the transaction (Zhang, Xu, Lin, & Shen, 2019). In general, in a blockchain system, the more the participants are, the stronger the security and assurance, it can provide. In public verification techniques, after data outsourcing, the user normally sets the verification period the interval with which the auditor should perform the verification. According to that, the auditor has to verify the outsourced data for its integrity at the corresponding timings.
The auditor then generates a data verification report which has all the verification results obtained so far. In case, the verification result is “Data Compromised”, it means that the data may be corrupted and the auditor needs to inform the user at once. Otherwise, the auditor generates a verification log and provides the user with the log at the end of each epoch. Since the auditor is able to verify the data integrity without the user, the user can assign the auditor to perform the verification based on the requirement (Zhang et al., 2019). Thus, data auditing has gained more importance and new combined approach for cloud data auditing need to be put forth and tested.
In this paper, a cloud data auditing system is proposed. The proposed cloud data auditing system integrates Merkle Tree-based Cloud audit and the blockchain-based audit recording system. These two powerful methods in cloud audit are integrated together to form a stronger and more powerful cloud auditing mechanism. SHA-256 is used for hashing. The rest of the paper is organized as follows: Section 2 discusses the various works carried out related to cloud data auditing. Section 3 details the proposed cloud data auditing system, the elements of it, the utilization of blockchain and Merkle Tree in data auditing. Section 4 presents the implementation details and results obtained. Section 5 summarizes the result analysis and the discussion on the inferences and the next section concludes the work.