Adjacency-Hash-Table Based Public Auditing for Data Integrity in Mobile Cloud Computingdownloads.hindawi.com › journals › wcmc › 2018 › 3471312.pdf · 2019-07-30 · Adjacency-Hash-Table

Research ArticleAdjacency-Hash-Table Based Public Auditing for Data Integrityin Mobile Cloud Computing

Wenqi Chen1 Hui Tian 1 Chin-Chen Chang 2 Fulin Nan1 and Jing Lu3

1College of Computer Science and Technology National Huaqiao University Xiamen 361021 China2Department of Information Engineering and Computer Science Feng Chia University Taichung 40724 Taiwan3Network Technology Center National Huaqiao University Xiamen 361021 China

Correspondence should be addressed to Hui Tian htianhqueducn

Received 1 May 2018 Accepted 28 August 2018 Published 13 September 2018

Academic Editor Ke Xiong

Copyright copy 2018 Wenqi Chen et al This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

Cloud storage one of the core services of cloud computing provides an effective way to solve the problems of storage andmanagement caused by high-speed data growth Thus a growing number of organizations and individuals tend to store their datain the cloud However due to the separation of data ownership and management it is difficult for users to check the integrityof data in the traditional way Therefore many researchers focus on developing several protocols which can remotely check theintegrity of data in the cloud In this paper we propose a novel public auditing protocol based on the adjacency-hash table wheredynamic auditing and data updating are more efficient than those of the state of the arts Moreover with such an authenticationstructure computation and communication costs can be reduced effectively The security analysis and performance evaluationbased on comprehensive experiments demonstrate that our protocol can achieve all the desired properties and outperform thestate-of-the-art ones in computing overheads for updating and verification

1 Introduction

Cloud storage is one of cloud computing services and pro-vides a way to effectively store and manage big data [1] Inrecent years more and more individuals and businesses tendto outsource their data to the cloud since outsourcing datacan render the advantages of location independent resourcepooling flexible resources universal network access andusage-based pricing [2ndash6] Although the benefits of cloudstorage services are many and huge it also faces a lot ofchallenges [2 4] For example the security of data sharingand storage in the same group is an urgent issue to be solvedin the cloud environment [7] In addition data deduplicationin cloud storage is also one of the vital techniques to reducethe amount of storage space and save bandwidth [8 9]Particularly due to the separation of data ownership andmanagement cloud users (data owners) cannot verify theintegrity of their data in the traditional techniques whichleads to a trust gap between cloud users and the CloudService Provider (CSP) In addition Cloud storage is alsofacedwithmany internal and external security threats [10ndash15]

(eg byzantine failures hacker attacks etc) which may leadto cloud data corruption or loss To solve these concerns thecloud data auditing whose purposes are to enhance the datasecurity of cloud storage platforms and to improve mutualtrust between users and the CSP is proposed

The most core challenge of cloud data auditing is howto efficiently check the cloud data integrity To address thisproblem a provable data possession (PDP) protocol and aproof of retrievability (PoR) protocol have been providedrespectively by work [16] and work [17] In typical PDPprotocols the user first generates some metadata (such asblock tags) for a data file to verify integrity of the data oncloud servers Later the user sends the file and metadata tothe cloud servers and removes them from its local storagePDP employs a challenge-response mode for the remoteverification ie the CSP can generate a proof for the verifierrsquoschallenge Compared with the former the latter (PoR) is acomplementary protocol to PDP In initial PoR protocolsthe user first encodes the data file with error-correcting codebefore outsourcing data to the CSP Therefore the user canreconstruct the entire file from theCSPrsquos partial responseThe

HindawiWireless Communications and Mobile ComputingVolume 2018 Article ID 3471312 12 pageshttpsdoiorg10115520183471312

2 Wireless Communications and Mobile Computing

PoR model focuses on static data Compared with PoR PDPis more suitable for dynamic data auditing see [18ndash28]

The existing PDP protocols can be generally divided intotwo categories private auditing and public auditing In pri-vate auditing the user is as an only verifier to remotely verifythe data integrity with low overhead Due to no trust betweenthe user and the CSP the user cannot provide convincingresults for verification What is more it is not advisable forthe user to conduct the audits for their data frequently sinceone of the important motivations of outsourcing data is toreduce the userrsquos burden of storage management To addressthis problem a public auditing protocol was first providedby Ateniese et al [16] in which an independent authorizedauditor (Third Party Auditor TPA) not only the user canremotely verify the data integrity Therefore the TPA cannot only provide independent audit results but also bearthe communication overhead and computation costs in theentire verification phase The public audit for cloud storageshould also achieve some security and function requirementsas follows

(i) Privacy preserving in public auditing the TPA onbehalf of the user periodically verifies the integrityof data on the cloud servers Thus auditing protocolsshould design a mechanism to ensure that the TPAcannot derive userrsquos data contents from the collectedinformation during the verification phase

(ii) Batch auditing batch auditing is defined as the TPAcan deal with auditing tasks from multiple varioususers simultaneously which not only reduces thenumbers of communications between the TPA andthe CSP during the auditing phase but also enhancesthe verification efficiency

(iii) Dynamic auditing in the cloud storage environmentsthere are a lot of various application data (financialtrade social media etc) which need to be updatedfrequently Therefore dynamic data auditing is asignificant function for cloud storage auditing

For the dynamic data audit Erway el at [19] first providedan extended PDP protocol named as dynamic provable datapossession (DPDP) which introduced a dynamic authenti-cated data structure rank-based authenticated skip list tosupport data updating Later Wang el at [20] proposed aprotocol based on the BLS signature which utilized MerkleHash Tree (MHT) to achieve data updating However theabove two protocols would cause heavy computational over-head of the TPA and large communication costs during theverification phase and the updating phase Further [23] [26]and [27] respectively design the dynamic authenticated datastructures Index Hash Table (IHT) Dynamic Hash Table(DHT) and Doubly Linked Info Table (DLIT) to improveaudit efficiency and the structures are stored in theTPA ratherthan the CSP to reduce communication costs Though theabove protocols achieve auditing effectively the methods stillhave some drawbacks In [23] updating operations incurlarge computational overhead especially insertion and deleteoperationsThus [26] and [27] respectively design the struc-tures to overcome the above drawbacks in [23] However

search operations in [26 27] are relatively inefficient in theverification phase and the updating phase

In view of above problems this paper introduces a noveldynamic data authenticated structure adjacency-hash table(AHT) in our public auditing protocol (AHT-PA)We employthe AHT to achieve dynamic auditing Moreover due toAHTstored in the TPA instead of CSP its computational overheadand communication costs are significantly less than boththe protocol based on the skip list [19] and the one usingMHT [20] In the verification phase and the updating phaseAHT-PA also outperforms the protocols [23 26 27] Weexploit the bilinear maps and Boneh-Lynn-Shacham (BLS)signatures to support batch auditing and employ randommasking to achieve privacy preserving Our contributionscan be summarized as follows

(1) We propose a novel public auditing protocol whichcan simultaneously support the essential functionsprivacy preserving batch auditing and dynamic dataauditing

(2) We introduce a novel dynamic structure AHT tosave data properties for dynamic data auditing Withsuch structure our protocol can effectively achievethe dynamic data auditing and the data updating

(3) We prove the security of the presented protocol andjustify the auditing performance by concrete exper-imental comparisons with the state of the arts Theresults demonstrate that our protocol can efficientlyachieve secure auditing and outperform the previousones in computational overhead and communicationcosts

The rest of the paper is organized as follows in Section 2we review the related work concerning cloud storage audit-ing particularly regarding the dynamic data auditing Thenwe introduce the background and the necessary preliminariesfor our work in Section 3 Section 4 gives the detaileddescription of our protocol Section 5 presents the securityproofs of our protocol and Section 6 gives the comprehensiveperformance evaluations through experimental comparisonswith some existing protocols Finally Section 7 gives theconcluding remark of this paper

2 Related Work

In recent years many researchers have focused on cloudstorage auditing In 2007 Atenises et al [16] proposed one ofthe earliest related works ldquoprovable data possession (PDP)rdquowhich employs the based-RSA homomorphic authenticatorto check the data integrity At the same year Juels el at [17]presented a complementary protocol ldquoProof of Retrievability(PoR)rdquo which can not only check the correctness of dataon cloud but also ensure the retrievability of cloud datawith an encoding method (error-correcting code) Howeverdue to encoding the file before outsourcing to the CSP thePoR model focuses on static data such as archive dataCompared with PoR PDP is more suitable for dynamic dataauditing As mentioned earlier the public auditing has someadvantages over private auditing In public auditing TPA

Wireless Communications and Mobile Computing 3

Table 1 Function comparison of auditing protocols

Protocols Public auditing Privacy protection Dynamic auditing Batch auditingPDP[16] times times timesPoR[17] times otimes times timesIHT-PA[23] ⊙DAP[22] DPDP(skip list)[19] times otimes timesDPDP(MHT)[20] DHT-PA[26] DLIT-PA[27] times AHT-PA Note ldquordquo means ldquosupportrdquo ldquotimesrdquo means ldquonot supportrdquo ldquootimesrdquo means ldquono demandrdquo and ldquo⊙rdquo means ldquonot mentionedrdquo

can not only provide independent audit results but alsobear the communication overhead and computation costsfor the entire verification phase Therefore it is considered amore practical model [15 26] Besides public auditing shouldalso achieve some security and function requirements forexample privacy preserving batch auditing and dynamicauditing

To overcome the data leakage to the TPA Wang et al[28] first provided a public auditing protocol for privacy pre-serving where the CSP integrates the aggregate value of thedata blocks with random masking Therefore this protocolcan guarantee that the TPA cannot learn any knowledge ofthe user data during the verification phase Later [22 2326] show that privacy preserving is indispensable in publicauditing Moreover [15] and [28] are extended to preformaudit tasks from multiple users simultaneously for betterperformance In work [15] and work [28] the approach forbatch auditing is that the CSP aggregates the data block tagsgenerated by various users and then the TPA uses them andrelated block information responded from the CSP to verifythe integrity of the cloud data

For the auditing dynamic data Erway el at [19] pro-vided an extended PDP protocol named dynamic provabledata possession (DPDP) which first introduced a dynamicauthenticated data structure rank-based authenticated skiplist to support data updating LaterWang el at [20] proposeda protocol based on the BLS signature which utilized MerkleHash Tree to achieve data updating However the abovetwo protocols would cause heavy computational overheadof the TPA and large communication costs during theverification phase and the updating phase Further [23] [26]and [27] respectively designed the dynamic authenticateddata structures Index Hash Table (IHT) Dynamic HashTable (DHT) and Doubly Linked Info Table (DLIT) toimprove audit efficiency and to reduce communication costsby storing the structures in the TPA instead of the CSPThough the above protocols can effectively achieve publicauditing the methods still have some drawbacks In [23]updating operations incur large computational overheadespecially insertion and delete operations Thus [26] and[27] respectively design the structure to overcome the abovedrawbacks in [23] However search operation in [26 27] isrelatively inefficient in the verification phase and the updating

phase Therefore this paper introduces a novel dynamicdata authenticated structure adjacency-hash table (AHT) toachieve better auditing and updating efficiency

To highlight the difference between our protocol and theexisting ones Table 1 shows comparison results of functionsamong them It is clear that the presented protocol (AHT-PA)supports all the mentioned audit functions

3 Background and Preliminaries

31 Problem Statement As illustrated in Figure 1 we con-centrate on designing an AHT-based public audit protocolwhich includes the following three entities Users have largeamounts of data and outsource their data to the cloud CloudService Provider (CSP) has large-scale computing and storagedevices and provides users with cloud storage services ThirdParty Auditor (TPA) undertakes audit tasks for users andprovides fair and objective audit results Users outsource theirdata to the cloud to enjoy the reliability of data storage andhigh-performance services and to reduce its maintenanceoverhead However since the CSP manages their data on thecloud rather than users users strongly desire to periodicallycheck the integrity and correctness of their data

As mentioned in the existing protocols [18 19 23 26]the TPA is pointed out to be credible but curious In otherwords although the TPA can credibly perform the audit inthe verification phase it may be curious about the privacyinformation of usersrsquo data and even may try to derive theusersrsquo data contents In addition the CSP is considered asan untrustworthy party For gaining benefits or maintainingtheir reputations the CSP may hide the fact of data lossand even delete some data that users rarely access Inparticular the CSP may further launch three attacks to theTPA

(i) Forge attack the CSP may attempt to forge the datablocks and their corresponding tags to pass the audit

(ii) Replacing attack the CSP may attempt to pass theaudit by replacing a corrupted block and its tag withanother block and its corresponding tag

(iii) Reply attack the CSP may attempt to pass the auditusing the proof messages generated previously


ird Party Auditor(TPA)

Adjacency Hash Table

Data flow

Cloud Server Provider(CSP)

Users

Auditing R

equests

Auditing R

esults

ChallengesProofs

Figure 1 System architecture for public auditing

To achieve the secure and efficient public auditing ourprotocol aims to meet the following desired properties

(1) Public auditing it allows any authorized TPA to verifythe correctness and integrity of userrsquos data on thecloud servers

(2) Blockless verification it allows TPA to audit clouddata without retrieving the data blocks

(3) Storage correctness the CSP who does not store theintact data as required cannot pass the audit

(4) Dynamic data audit it allows the users to performdynamic data operations (insertion modificationand deletion) and achieves the efficient public audit-ing

(5) Privacy preserving it ensures that TPA cannot learnknowledge of usersrsquo data from the information col-lected during verification phase

(6) Batch auditing the TPAhas the capability to deal withmultiple auditing tasks from various users in a cost-effective way

(7) Lightweight it allows the TPA to perform publicverificationwithminimumcommunication and com-putation costs

32 Adjacency-Hash Table As mentioned earlier [19] and[20] respectively introduced the authenticated skip list andthe MHT to support public dynamic auditing Howeverthe above two protocols would cause heavy computationaloverhead of the TPA and large communication costs duringthe verification phase and the updating phase Further [26]and [27] respectively designed Dynamic Hash Table (DHT)and Doubly Linked Info Table (DLIT) to improve auditefficiency and to reduce communication costs by storing thestructures in the TPA rather than the CSP Note that the DHTis a single linked table and the DLIT is a double linked table

Though the above protocols [26 27] can achieve efficientauditing themethods still have somedrawbacks Particularlythe search operation in [26 27] is relatively inefficient inthe verification phase and the updating phase Thereforethis paper introduces a novel dynamic data authenticatedstructure adjacency-hash table (AHT) to achieve better theauditing and updating efficiency

The AHT is utilized by the TPA to store the latest versioninformation (VI) of data blocks as illustrated in Figure 2The AHT is divided into file elements and the correspondingtables called Adjacency Tables (AT) Every file element in filearrays includes the index number (NOj) the file identifier(IDj) of the given file (eg 119865119895) and a pointer indicating anAT Each AT consists of block elements and a counter arraywhose every element contains a pointer indicating a blockelement and a value (cValuei) which records the number ofblock elements after the corresponding pointer Each file isorganized by a file element and the corresponding AT Eachblock element (eg the element corresponding the 119894-th blockof the j-th file 119898119895119894) in the AT consists of the current versionnumber of the block V119895119894 its time stamp 119905119895119894 and a pointer tothe next node Accordingly the operations on the AHT aredivided into file operations and block operations To searchthe 119909-th (1 le 119909 le 119899) block element the TPA first determinesthe value 119886 according to

119886

sum119894=0

119888119881119886119897119906119890119894 lt 119909 le119886+1

sum119894=0

119888119881119886119897119906119890119894 (1)

where 119894 is the index of the counter array (0 le 119894 le 119899) and thehead element whose index is 0 in the counter array is used toindicate that cValue0 should be set to 0 Note that the head isnot drawn in Figure 2 because it is virtual Further the TPAcalculates the distance dis namely

119889119894119904 = 119909 minus119886

sum119894=0

119888119881119886119897119906119890119894 (2)


NO ID

1

2

3

3

hellip hellip

i

hellip hellip

m

1 Λ

1 hellip 1 1

1 Λ 1 Λ

File deletion

2 Λ

1 hellip 0 Λ 2

Block deletion

1 Λ 1

File insertion

1 Λ

Block insertion

Block modification

ID1

ID2

ID3

ID4

IDi

IDm

tmntmn-1

t1nt1n-1t11

1

lowast

Figure 2 Adjacency-hash table (AHT)

Apparently the x-th block element is the dis-th block elementafter the pointer of (a+1)-th element in the counter arrayTo insert a block element after an existing block the TPAfirst tracks the given node (the given block element) andinserts the new node after it the deletion of the given blockelement is to first track the given node and to delete it fromthe current AT Besides when the value (cValuei) is equal toldquo0rdquo the corresponding element in the counter array should bedeletedThe search process of a file is to locate the file elementaccording to its identifier or index the insertion of the givenfile is to first insert a file element in the file array and thento construct a AT which includes related block elements thedeletion of the given file is to first remove the AT and to deleteits file element the modification of the given file is to updatethe file element and corresponding block elements

33 Preliminaries To facilitate understanding for readersthis section first introduces some necessary knowledge ofcryptography for the presented protocol

Bilinear Map Let G G119879 be multiplicative cyclic groups ofa large prime order 119901 A map function e G times G 997888rarr G119879

with the following properties (1) Bilinear forall119906 V ℎ isin G andforall119886 119887 isin Z119901 119890(119906119886 119906119887) = 119890(119906 V)119886119887 and 119890(119906 V sdot ℎ) = 119890(119906 sdot ℎ V) =119890(119906 V) sdot 119890(119906 ℎ) (2) Computable e is an efficient computablealgorithm (3) Nondegeneracy if 119892 is a generator of G then119890(119892 119892) = 1BLS-Based Homomorphic Verifiable Authenticator (BLS-HVA) BLS-HVA is widely utilized for public auditing proto-cols [15 18 19 22ndash24 26ndash29] which can enable a public ver-ifier to verify the cloud data integrity without downloadingits original data To be specific BLS-HVAs are generated byBLS signatures in public auditing Consequently BLS-HVAssatisfy the properties as follows

(i) Blockless verifiability [16] constructing the proof inthe BLS-HVA the TPA can verify the cloud dataintegrity without its actual data content

(ii) Homomorphism [16] let G and H be multiplicativegroups of a large prime order p and ldquooplusrdquo and ldquootimesrdquo beoperations inG and H respectively If a map functionf G 997888rarr H satisfies homomorphism then forallℎ1 ℎ2 isinG 119891(ℎ1 oplus ℎ2) = 119891(ℎ1) otimes 119891(ℎ2)

(iii) Nonmalleability [30] let 1205901 and 1205902 denote signatureson blocks 1198981 and 1198982 respectively and 1205731 and 1205732

two random numbers in Z119901 For the given blockmrsquo = 12057311198981 + 12057321198982 a user who does not know theprivate key sk cannot generate the signature 120590rsquo of mrsquoby combining 1205901 and 1205902

34 Secure Assumptions The security of the present protocolis based on the following assumptions

Computational Diffe-Hellman (CDH) Assumption Let G bemultiplicative cyclic groups of a large prime order 119901 Given119892119886 and 119892119887 where 119892 is a generator of G and 119886 119887 isin Z119901it is computationally intractable to compute 119892119886119887 For anyprobabilistic polynomial-time adversaryA the probability ofsolving the CDH problem is negligible namely

119875119903 (ACDH (119892 119892119886 119892119887 isin G) 997888rarr 119892119886119887 isin G forall119886 119887 isin119877Z119901)

le 120576(3)

Discrete Logarithm (DL) Assumption Let G be multiplicativecyclic groups of a large prime order119901 Given h (such as h=119892119886where119892 is a generator ofG and 119886 isin Z119901) it is computationallyintractable to compute 119886 For any probabilistic polynomial-time adversary A the probability of solving the DL problemis negligible namely

119875119903 (ADL (119892 ℎ isin G) 997888rarr 119886 isin Z119901 st ℎ = 119892119886) le 120576 (4)

4 The Proposed Protocol Based on AHT

In this section we will present the core of our protocol basedon AHT which consists of the dynamic verification protocol


User CSPTPA

1 e user generates a pair of key (SK =x sk PK=g u v y pk)

4 e C S P stores data from the user

2 e user generates the version

3 e user generates block tags Setup

information Φ= (i ti) |1 le i le n

Λ=i|1leilen

F i|1leilen

Φ= (i ti) | 1le i le n

Figure 3 The workflow of the setup phase

TPA CSP

1 e TPA randomly selects c

2 e TPA generates the cha-llenge information chal = (Q S

M T Λ

Verification Challenge chal

3 e CSP generates proof messages M T Λ

4 e TPA verifies proof messages from the CSP

block indexes Q = Ｍ1 Ｍ2 Ｍc

= si | iisinQ )

TPATPATPATPATPA CSPCSPCSPCSPCSPSP


2 e TPA generates the cha-llenge information chal = (l Q S

M T Λ

ion Challenge chal



= si | iisinQ )

Figure 4 The workflow of the verification phase

with privacy protection described in Section 41 the updatingoperations detailed in Section 42 and the batch verificationprotocol in Section 43

41 Dynamic Verification with Privacy Preserving Let G G119879

be multiplicative cyclic groups of a large prime order p and119892 be the generator of G A map function 119890 is defined as G timesG 997888rarr G119879119867(sdot) 0 1lowast 997888rarr Z119901 is a secure hash functionThefile outsourced to the cloud is denoted as F which is dividedinto 119899 blocks namely 119865 = 1198981 1198982 119898119899 Our dynamicauditing protocol involves the following algorithms KeyGenand TagGen in the setup phase (see Figure 3) and ChallengeProofGen and Verify in the verification phase (see Figure 4)

KeyGen (Key Generation) The user performs KeyGen togenerate public and secret keys (119875119870 = 119892 119910 V 119906 119901119896 SK =

119909 119904119896) where (119901119896 119904119896) is a key pair for signature V 119906 isin G

are the random elements 119909 isin Z119901 is a random number and119910 = 119892119909

TagGen (Tag Generation) For each block 119898119894 (119894 = 1 2 119899)the user generates the signature 120590119894

120590119894 = (119906119867(V119894119905119894) sdot V119898119894)119909 (5)

where V119894 is the version number of119898119894 and 119905119894 is its time stampand lsquorsquo is the connection operation This signature calledblock tag [16] should be uploaded to the cloud for verificationalong with the corresponding block All version information(ie V119894 and 119905119894) will be sent to the TPA for storing them in the


AHT Moreover the user generates a file tag 120599 to ensure theintegrity of the file identifier ID

120599 = 119868119863 119878119868119866 (119904119896 119868119863) (6)

where 119878119868119866(119904119896 119868119863) is the signature on ID with sk and sends italong with file identifier ID to the CSP

Challenge The TPA first retrieves the file tag 120599 and verifiesthe signature 119878119868119866(119904119896 119868119863) with the public key pk If theverification is failed the TPA directly stops the verificationby emitting FALSE otherwise it generates the followinginformation 119888ℎ119886119897 = (119876 = 119894119889119909119894 | 1 le 119894 le 119888 119888 le 119899119878 = 119904119894 | 119894 isin 119876 120593) where 119876 = 119894119889119909119894 | 1 le 119894 le 119888 isthe set of the block indexes to be verified 119878 = 119904119894 | 119894 isin 119876is the set of random numbers and 119904119894 is randomly selectedform Z119901 120593 = 119892120591 and 120591 isin Z119901 is the random number Inparticular the TPA computes 120578 = 119910120591 for the verificationUpon completion the TPA sends the challenge informationchal to the CSP

ProofGen (Proof Generation) While receiving the challengethe CSP would produce a response proof for the verificationwhich consists of the tag proof the block proof and anauxiliary auditing factor For the challenged block the CSPgenerates the tag proof

119879 = prod119894isin119876

119890 (120590119894 120593)119904119894 (7)

and the block proof

119872 = sum119894isin119876

119898119894 sdot 119904119894 + 119903 (8)

where 119903 isin Z119901 called random mask is used for protectingthe data privacy Moreover the CSP calculates the auxiliaryauditing factor

Λ = 119890 (V 119910)minus119903 (9)

Upon completion the CSP sends (T M Λ) back to the TPAas the response for the challenge

Verify To verify the response messages returned from theCSP the TPA can perform the following equation

Λ120591 sdot 119890 (119906sum119894isin119876119867(V119894119905119894)sdot119904119894 sdot V119872 120578) = 119879 (10)

If it holds the algorithm outputs TRUE otherwise FALSEThe correctness of the above verification equation can be

demonstrated as follows

Λ120591 sdot 119890 (119906sum119894isin119876119867(V119894119905119894)sdot119904119894 sdot V119872 120578)= 119890 (V 120578)minus119903 sdot 119890 (119906sum119894isin119876119867(V119894119905119894)sdot119904119894 sdot Vsum119894isin119876119898119894sdot119904119894+119903 120578)= 119890 (119906sum119894isin119876119867(V119894119905119894)sdot119904119894 sdot Vsum119894isin119876119898119894sdot119904119894+119903 sdot Vminus119903 120578)

= prod119894isin119876

119890 ((119906119867(V119894119905119894) sdot V119898119894)119909sdot119904119894 120593) = prod119894isin119876

119890 (120590119894 120593)119904119894 = 119879

(11)

42 Dynamic Updating To support the efficient updatingoperations for data blocks and files we design the AHT inour protocolThe specific operations of block consist of blockmodification (B119898119900119889119894119891119910) block insertion (B119894119899119904119890119903119905) and blockdeletion (B119889119890119897119890119905119890) as followsBlock Modification Suppose the 119894-th block 119898119894 of the file119865 will be modified to 1198981015840

119894 The user first generates thecorresponding version information (V1015840

119894 1199051015840119894) and then sends119880TPA = (119865B119898119900119889119894119891119910 119894 V1015840

119894 1199051015840119894) to the TPA Upon receipt theTPA updates the AHT Simultaneously the user generates thenew signature 1205901015840

119894 for 1198981015840119894 according to (5) and then sends

119880CSP = (119865B119898119900119889119894119891119910 119894 1198981015840119894 1205901015840

119894) to the CSP Upon receiving theCSP directly modifies119898119894 and 120590119894 as indicated

Block Insertion Suppose a new block 119898lowast of the file 119865 will beinserted after 119898119894 The user first generates the correspondingversion information (Vlowast 119905lowast) and sends an insertion request119880TPA = (119865B119894119899119904119890119903119905 119894 Vlowast 119905lowast) to the TPA Upon receiving theTPA performs the insertion request as indicated in the AHTMeanwhile the user generates the new signature 120590lowast for 119898lowast

according to (5) and then sends119880CSP = (119865B119898119900119889119894119891119910 119894 119898lowast 120590lowast)to the CSP Once receiving the request the CSP inserts thenew block119898lowast after119898119894 and the new tag 120590lowast behind 120590119894

Block Deletion Suppose the 119894-th block 119898119894 of the file 119865will be deleted The user sends a deletion request 119880TPA =(119865B119889119890119897119890119905119890 119894) to the TPA Upon receipt the TPA executesthe deletion request to delete the corresponding versioninformation in the AHT Moreover the user sends a deletionrequest 119880CSP = (119865B119889119890119897119890119905119890 119894) to the CSP Upon receiving theCSP directly deletes119898119894 and 120590119894 as indicated

The updating operations on file include the file appendingand the file deletion which are very straightforward Wesuppose that a new file 119865lowast will be appended The user needsto execute the algorithm TagGen once again Moreover whiledeleting a file F the user first sends deletion instructionsto the TPA and the CSP respectively Once receiving therequests the TPA will delete the file element and its corre-sponding AT in the AHT and the CSP will delete the file 119865and all of its tags

43 Batch Verification In reality the TPA may simulta-neously handle multiple audit tasks from different usersrsquodelegations To achieve the minimum communication andcomputation costs the batch auditing is introduced to dealwith multiple auditing tasks from various usersrsquo delegations

Suppose that the TPA sends 119908 challenges for 119908 usersrsquodelegations to the CSP Once receipt the CSP first calculatesthe tag proof (Tk) the data proof (119872119896) and the auxiliaryauditing factor (Λ 119896) and then computes the aggregate tagproof 119879B according to the following equations

119879Β =119908

prod119896=1

119879119896 (12)

Finally the CSP responds with (119879B 119872119896 Λ 1198961le119896le119908)


Table 2 Communication costs comparison

Protocols Verification phase Updating phaseDPDP(skip list)[6] 119888119874(log 119899) 119874(log 119899)DPDP(MHT)[7] 119888119874(log 119899) 119874(log 119899)IHT-PA[10] O(c) 119874(1)DHT-PA[13] O(c) 119874(1)DLIT-PA[14] O(c) 119874(1)AHT-PA O(c) 119874(1)

To verify the response messages the TPA checks if thefollowing equation holds

119908

prod119896=1

(Λ120591119896119896 sdot 119890 (119906

sum119894isin119876119896119867(V119896119894119905119896119894)sdot119904119896119894

119896 sdot V119872119896119896 120578119896)) = 119879Β (13)

where V119896119894 and 119905119896119894 are the version number of 119898119894 and its timestamp for the k-th user 119906119896 and V119896 are the public keys ofthe k-th user and 120591119896 120578119896 119876119896 = 119894119889119909119896119894 | 1 le 119894 le 119888 and119878119896 = 119904119896119894 | 119894 isin 119876119896 belong to the challenge information forthe k-th user If (13) holds the integrity of all the challengedfiles can be ensured Otherwise one or some of them arecorruptedThe correctness of the above batch verification canbe demonstrated as follows

119908

prod119896=1

(Λ120591119896119896 sdot 119890 (119906

sum119894isin119876119896119867(V119896119894119905119896119894)sdot119904119896119894

119896 sdot V119872119896119896 120578119896)) =

119908

prod119896=1

119879119896

= 119879Β

(14)

5 Security Analysis

We will evaluate the security of the presented protocol withproofs of the following theorems

eorem 1 (unforgeability of BLS-HVA) In our protocolit is computationally infeasible for any adversary to forge avalid BLS-HVA if the computational Diffe-Hellman (CDH)assumption in bilinear groups holds

Proof As demonstrated in the security analysis of [21] theBLS-HVA is effectively unforgeable when the CDH problemis hard in bilinear groups [31]Thus the proof is omitted here

eorem 2 (unforgeability of proof) The presented protocolcan efficiently resist the forging attacks generated by the CSP Inother words it is impossible for the CSP to forge effective proofsto pass the auditing verification

Proof To respond for a challenge the CSP sends a proofmessage (T M Λ) back to the TPA If the auxiliary auditingfactor Λ is fake the verification equation (10) does not holdeven though the other proofs are valid As demonstrated inTheorem 1 BLS-HVAs are unforgeable Therefore the tagproof 119879 cannot be forged Finally we just need to prove thatthe block proof119872 is unforgeable

To prove this we first define the following gameTheTPAsends a fake proof message 119875lowast = (119879119872lowast Λ) where

119872 = sum119894isin119876

119898119894 sdot 119904119894 + 119903 = 119872lowast = sum119894isin119876

119898lowast119894 sdot 119904119894 + 119903 (15)

If the CSP can still pass the verification then heshe wins thisgame otherwise heshe does not Assume that the CSP winsthis game then

Λ120591 sdot 119890 (119906sum119894isin119876119867(V119894119905119894)sdot119904119894 sdot V119872lowast 120578)= Λ120591 sdot 119890 (119906sum119894isin119876119867(V119894119905119894)sdot119904119894 sdot Vsum119894isin119876119898lowast119894 sdot119904119894+119903 120578)

(16)

Moreover for the valid proofs we have

Λ120591 sdot 119890 (119906sum119894isin119876119867(V119894119905119894)sdot119904119894 sdot V119872 120578)= Λ120591 sdot 119890 (119906sum119894isin119876119867(V119894119905119894)sdot119904119894 sdot Vsum119894isin119876119898119894sdot119904119894+119903 120578) (17)

According to the properties of bilinear maps we can derivethat

sum119894isin119876

119898119894 sdot 119904119894 + 119903 = sum119894isin119876

119898lowast119894 sdot 119904119894 + 119903 (18)

which contradicts the above assumption That is to say theblock proof is unforgeable This accomplishes the proof of thetheorem

The security of our protocol for resisting replacing andreplay attacks is similar to the work [27] Thus we omit thecorresponding proofs here

6 Performance Evaluation

In this section we will evaluate the performance of ourprotocol (AHT-PA) and compare it with the state of the arts

61 Communication Costs In this section the communica-tion costs of AHT-PA protocol are analyzed and comparedduring the verification phase (ie challenge and response)and updating phase In the verification phase the challengeand response messages between the TPA and the CSP bringcommunication overhead of 119874(119888) where 119888 is denoted as thenumber of challenged blocks Moreover during the updatingphase the user should send an updating request to the CSPand the TPA respectively which costs 119874(1)

Table 2 presents the communication costs of some proto-cols during the verification phase and updating phase where


DLIT-PA

DHT-PA

AHT-PA

100

200

300

400

500

600

700

800

e g

ener

atio

n tim

e of b

lock

tags

(s)

20 40 60 80 100 120 1400e size of data block (KB)

Figure 5 The tag generation time for different block sizes (thenumber of data blocks = 50000)

119899 represents the number of data blocks in a given file and 119888is the number of challenged blocks Obviously our protocolonly requires a small amount of communication overheadand is substantially much efficient than the other protocols

62 Computational Costs The computational costs of AHT-PA protocol are evaluated and presented in this sectionThuswe implement all algorithms in the AHT-PAbased on PairingBase Cryptography (PBC) Library (0514) The algorithmsin experiments are evaluated on a DELL workstation withan Intel Xeon E3-1225v5 330GHz 16GB DDR4-2133 ECC(2x8GB) RAM and 2TB 7200 RPM SATA 1st HDD Werun the programs under a Linux (ubuntu 16042 LTS x64)operating system whose kernel version is 480 and use aMNT d159 curve which has a 160-bit group order The finalresults are the averages of 20 runs

Computational Costs for Generating Tags Figures 5 and 6indicate the comparison results of the time of tag generationfor different block sizes and for different numbers of datablocks respectively from which we can learn that (1) thegeneration time for the user is proportional to the block sizeor block number (2) to deal with the same block size or sameblock number in the above two scenarios AHT-PA takesless time than DHT-PA and DLIT-PA In other words thecomputation overhead of tag generation in AHT-PA is lessthan those in DHT-PA and DLIT-PA

Computational Costs for Verification Figure 7 indicates theexperimental results of the verification time for differentnumbers of challenged blocks from which we can learnthat the verification time increases rapidly with the numberof challenge blocks in the DHT-PA and DLIT-PA but theverification time of AHT-PA remains stable and is much lessthan the previous two protocols

DLIT-PA

DHT-PA

AHT-PA

10000 20000 30000 40000 500000e number of blocks

0

50

100

150

200

250

300

e g

ener

atio

n tim

e of b

lock

tags

(s)

Figure 6The time of tag generation for different numbers of blocks(block size = 4KB)

DLIT-PADHT-PAAHT-PA

e v

erifi

catio

n tim

e (m

s)

320 340 360 380 400 420 440 460300e number of challenged blocks

800100012001400160018002000

0

10

20

30

40

Figure 7 The verification time for different numbers of challengedblocks (the number of total data blocks = 50000 the block size =4KB)

Computational Costs for Batch Auditing In the batch auditingscenario we will evaluate the performance of AHT-PA andcompare it with DHT-PA and DLIT-PA The comparisonresults as shown in Figure 8 demonstrate that (1) threeprotocols can simultaneously handle various audits frommultiple users and (2) at the same number of auditing tasksthe average audit time per task in AHT-PA is significantlyless than in DHT-PA and DLIT-PA That is to say the batchauditing protocol in AHT-PA is much more efficient thanthose in DHT-PA and DLIT-PA


e Aud

iting

tim

e per

task

(ms)

DLIT-PADHT-PAAHT-PA

120013001400150016001700180019002000

0

10

20

30

40

20 25 30 35 40 45 5015e number of auditing tasks

Figure 8 The average audit time per task for the various numbersof auditing tasks (the number of challenged blocks = 460 the totalnumber of data blocks for each file = 50000 and the block size =4KB)

Search Efficiency We design two experiments on a singlefile to evaluate block-search efficiency of AHT-PA The firstexperiment is performed under various total numbers ofdata blocks from 2 times 104 to 2 times 105 with 5000 challengedblocks and another is performed under various numbersof challenged blocks with 2 times 105 data blocks In the twoexperiments we add an extra comparison item for DLIT-PAnamed DLIT-PA (opt) whose results were obtained by firstsorting the index set of challenged blocks to get its ascendingset and then counting the corresponding frequency forsearching block elements As is well known to locate a blockelement in the single linked list or double linked list it isnecessary to visit the whole list from the first element in thefirst search round After that if we previously sort the indexset of the required blocks the searching element in the singlelinked list or double linked list can start from the currentelement to the next element behind the current element Inthis sense in terms of search frequency DLIT-PA (opt) ismore efficient than DLTI-PA and identical to DHT-PA

The results of the experiment under 5000 challengedblocks are shown in Figure 9 from which we can learnthat AHT-PA outperforms the other protocols Moreoverthe larger the number of data blocks the greater the searchfrequency gap Figure 10 gives the experimental results under2times 105 data blocks Apparently the search frequency in AHT-PA slowly rises with the increasing number of challengedblocks However for the same number of challenged blocksthe search frequency in AHT-PA is much less than the onesin other protocols

In summary the public auditing protocol proposed in thispaper can achieve better performance To be specific in thetag generation phase and verification phase the computationcost is less than those of the state of the arts while achieving

Sear

ch F

requ

ency

DLIT-PADLIT-PA(opt)DHT-PAAHT-PA

500100015002000250030003500

00

05

10

15

20

4 6 8 10 12 14 16 18 202e number of blocks

times105

times104

Figure 9 The search frequency under 5000 challenged blocksSe

arch

freq

uenc

y


times105

times10320 30 40 5010

e number of challenged blocks

5000100001500020000250003000035000

02040608101214161820

Figure 10 The search frequency under 2 times 105 data blocks

better block-search efficiency in the verification phase and theupdating phase

7 Conclusions

In this paper we present a novel auditing protocol for cloudstorage Differing from the state of the arts we design a newstructure called adjacency-hash table to support efficientdata updating as well as reduce computational costs More-over to achieve privacy preserving our protocol employsthe random masking technique to prevent the TPA from


learning the usersrsquo data contents in the verification phaseSufficient formal proofs indicate that our protocol is secureThe theoretical analysis and the experimental results showthat our protocol is feasible and efficient and outperforms thestate of the arts in both the computation overhead and thecommunication costs

Data Availability

The data used to support the findings of this study areincluded within the article

Conflicts of Interest

The authors declare that they have no conflicts of interest

Acknowledgments

This work was supported in part by the National NaturalScience Foundation of China under Grant Nos U1405254and U1536115 the Natural Science Foundation of FujianProvince of China under Grant No 2018J01093 the Pro-gram for New Century Excellent Talents in Fujian ProvinceUniversity under Grant No MJK2016-23 the Program forOutstanding Youth Scientific and Technological Talents inFujian Province University under Grant NoMJK2015-54 thePromotion Program for Young and Middle-Aged Teachersin Science and Technology Research of Huaqiao Universityunder Grant No ZQN-PY115 the Opening Project of Shang-hai Key Laboratory of Integrated Administration Technolo-gies for Information Security under Grant No AGK201710Subsidized Project for Postgraduatesrsquo Innovative Fund inScientific Research of Huaqiao University and Program forScience ampTechnology Innovation Teams and Leading Talentsof Huaqiao University under Grant No 2014KJTD13

References

[1] H Wang Z Zheng L Wu and P Li ldquoNew directly revocableattribute-based encryption scheme and its application in cloudstorage environmentrdquo Cluster Computing vol 20 no 3 pp2385ndash2392 2017

[2] M N O Sadiku S M Musa and O D Momoh ldquoCloudcomputing Opportunities and challengesrdquo IEEE Potentials vol33 no 1 pp 34ndash36 2014

[3] R Buyya C S Yeo S Venugopal J Broberg and I BrandicldquoCloud computing and emerging IT platforms vision hypeand reality for delivering computing as the 5th utilityrdquo FutureGeneration Computer Systems vol 25 no 6 pp 599ndash616 2009

[4] K Yang and X Jia ldquoData storage auditing service in cloudcomputing challenges methods and opportunitiesrdquo WorldWide Web vol 15 no 4 pp 409ndash428 2012

[5] Z Xia X Wang X Sun Q Liu and Q Wang ldquoA secure anddynamic multi-keyword ranked search scheme over encryptedcloud datardquo IEEE Transactions on Parallel and DistributedSystems vol 27 no 2 pp 340ndash352 2016

[6] Z Fu X Sun Q Liu L Zhou and J Shu ldquoAchieving effi-cient cloud search services multi-keyword ranked search overencrypted cloud data supporting parallel computingrdquo IEICE

Transactions on Communications vol E98B no 1 pp 190ndash2002015

[7] J Shen T Zhou X Chen J Li and W Susilo ldquoAnonymousand Traceable Group Data Sharing in Cloud Computingrdquo IEEETransactions on Information Forensics and Security vol 13 no4 pp 912ndash925 2018

[8] J Li Y K Li X Chen P P C Lee and W Lou ldquoA HybridCloud Approach for Secure Authorized Deduplicationrdquo IEEETransactions on Parallel and Distributed Systems vol 26 no 5pp 1206ndash1216 2015

[9] J Li X Chen X Huang et al ldquoSecure distributed deduplicationsystems with improved reliabilityrdquo IEEE Transactions on Com-puters vol 64 no 12 pp 3569ndash3579 2015

[10] Q Jiang J Ma and F Wei ldquoOn the security of a privacy-awareauthentication scheme for distributed mobile cloud computingservicesrdquo IEEE Systems Journal 2016

[11] D A B Fernandes L F B Soares J V Gomes M M Freireand P R M Inacio ldquoSecurity issues in cloud environments Asurveyrdquo International Journal of Information Security vol 13 no2 pp 113ndash170 2014

[12] L F B Soares D A B Fernandes J V Gomes M M Freireand P R M Inacio ldquoCloud security State of the artrdquo SecurityPrivacy and Trust in Cloud Systems vol 9783642385865 pp 3ndash44 2014

[13] Z Fu X Wu C Guan X Sun and K Ren ldquoToward EfficientMulti-Keyword Fuzzy Search over Encrypted Outsourced Datawith Accuracy Improvementrdquo IEEE Transactions on Informa-tion Forensics and Security vol 11 no 12 pp 2706ndash2716 2016

[14] Q Jiang M K Khan X Lu J Ma and D He ldquoA privacypreserving three-factor authentication protocol for e-healthcloudsrdquo Journal of Supercomputing vol 72 no 10 pp 3826ndash3849 2016

[15] CWang S SMChowQWang K Ren andW Lou ldquoPrivacy-preserving public auditing for secure cloud storagerdquo IEEETransactions on Computers vol 62 no 2 pp 362ndash375 2013

[16] G Ateniese R Burns R Curtmola et al ldquoProvable datapossession at untrusted storesrdquo in Proceedings of the 14th ACMConference on Computer and Communications Security (CCSrsquo07) pp 598ndash609 Virginia Va USA November 2007

[17] A Juels and B S Kaliski Jr ldquoPors proofs of retrievabilityfor large filesrdquo in Proceedings of the 14th ACM Conference onComputer and Communications Security (CCS rsquo07) pp 584ndash597ACM Alexandria VA USA November 2007

[18] CWang QWang K Ren N Cao andW Lou ldquoToward secureand dependable storage services in cloud computingrdquo IEEETransactions on Services Computing vol 5 no 2 pp 220ndash2322012

[19] C Erway A Kupcu C Papamanthou and R TamassialdquoDynamic provable data possessionrdquo in Proceedings of theProceedings of the 16th ACM Conference on Computer and Com-munications Security (CCS rsquo09) pp 213ndash222 ACM Chicago IllUSA November 2009

[20] Q Wang C Wang J Li K Ren and W Lou ldquoEnablingpublic verifiability and data dynamics for storage security incloud computingrdquo Lecture Notes in Computer Science (includingsubseries LectureNotes in Artificial Intelligence and LectureNotesin Bioinformatics) Preface vol 5789 pp 355ndash370 2009

[21] Q-A Wang C Wang K Ren W-J Lou and J Li ldquoEnablingpublic auditability and data dynamics for storage security incloud computingrdquo IEEE Transactions on Parallel and Dis-tributed Systems vol 22 no 5 pp 847ndash859 2011


[22] K Yang and X Jia ldquoAn efficient and secure dynamic auditingprotocol for data storage in cloud computingrdquo IEEE Transac-tions on Parallel and Distributed Systems vol 24 no 9 pp 1717ndash1726 2012

[23] Y Zhu G-J Ahn H Hu S S Yau H G An and C-J HuldquoDynamic audit services for outsourced storages in cloudsrdquoIEEE Transactions on Services Computing vol 6 no 2 pp 227ndash238 2013

[24] C Liu J Chen L T Yang et al ldquoAuthorized public auditing ofdynamic big data storage on cloud with efficient verifiable fine-grained updatesrdquo IEEE Transactions on Parallel and DistributedSystems vol 25 no 9 pp 2234ndash2244 2014

[25] H Jin H Jiang and K Zhou ldquoDynamic and Public Auditingwith Fair Arbitration for Cloud Datardquo IEEE Transactions onCloud Computing vol 6 no 3 pp 680ndash693 2018

[26] H Tian Y Chen C-C Chang et al ldquoDynamic-Hash-TableBased Public Auditing for Secure Cloud Storagerdquo IEEE Trans-actions on Services Computing vol 10 no 5 pp 701ndash714 2017

[27] J Shen J Shen X Chen X Huang and W Susilo ldquoAn efficientpublic auditing protocol with novel dynamic structure for clouddatardquo IEEE Transactions on Information Forensics and Securityvol 12 no 10 pp 2402ndash2415 2017

[28] C Wang Q Wang K Ren and W Lou ldquoPrivacy-preservingpublic auditing for data storage security in cloud computingrdquo inProceedings of the IEEE INFO-COM pp 525ndash533 March 2010

[29] H Shacham and B Waters ldquoCompact proofs of retrievabilityrdquoin Advances in CryptologymdashASIACRYPT 2008 Proceedings ofthe 14th International Conference on the Theory and Applicationof Cryptology and Information Security Melbourne AustraliaDecember 2008 vol 5350 of Lecture Notes in Computer Sciencepp 90ndash107 Springer Berlin Germany 2008

[30] BWang B Li andH Li ldquoPanda Public auditing for shareddatawith efficient user revocation in the cloudrdquo IEEE Transactionson Services Computing vol 8 no 1 pp 92ndash106 2015

[31] D Boneh B Lynn and H Shacham ldquoShort signatures fromthe weil pairingrdquo inAdvances in CryptologymdashASIACRYPT 2001vol 2248 of Lecture Notes in Computer Science pp 514ndash532Springer Berlin Germany 2001

International Journal of

AerospaceEngineeringHindawiwwwhindawicom Volume 2018

RoboticsJournal of

Hindawiwwwhindawicom Volume 2018


Active and Passive Electronic Components

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics

Hindawiwwwhindawicom

Volume 2018

Hindawi Publishing Corporation httpwwwhindawicom Volume 2013Hindawiwwwhindawicom

The Scientific World Journal

Volume 2018

Control Scienceand Engineering

Journal of



Journal ofEngineeringVolume 2018

SensorsJournal of



RotatingMachinery


Modelling ampSimulationin EngineeringHindawiwwwhindawicom Volume 2018


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation


Hindawi

wwwhindawicom Volume 2018

Advances in

Multimedia

Submit your manuscripts atwwwhindawicom


PoR model focuses on static data Compared with PoR PDPis more suitable for dynamic data auditing see [18ndash28]

The existing PDP protocols can be generally divided intotwo categories private auditing and public auditing In pri-vate auditing the user is as an only verifier to remotely verifythe data integrity with low overhead Due to no trust betweenthe user and the CSP the user cannot provide convincingresults for verification What is more it is not advisable forthe user to conduct the audits for their data frequently sinceone of the important motivations of outsourcing data is toreduce the userrsquos burden of storage management To addressthis problem a public auditing protocol was first providedby Ateniese et al [16] in which an independent authorizedauditor (Third Party Auditor TPA) not only the user canremotely verify the data integrity Therefore the TPA cannot only provide independent audit results but also bearthe communication overhead and computation costs in theentire verification phase The public audit for cloud storageshould also achieve some security and function requirementsas follows

(i) Privacy preserving in public auditing the TPA onbehalf of the user periodically verifies the integrityof data on the cloud servers Thus auditing protocolsshould design a mechanism to ensure that the TPAcannot derive userrsquos data contents from the collectedinformation during the verification phase

(ii) Batch auditing batch auditing is defined as the TPAcan deal with auditing tasks from multiple varioususers simultaneously which not only reduces thenumbers of communications between the TPA andthe CSP during the auditing phase but also enhancesthe verification efficiency

(iii) Dynamic auditing in the cloud storage environmentsthere are a lot of various application data (financialtrade social media etc) which need to be updatedfrequently Therefore dynamic data auditing is asignificant function for cloud storage auditing

For the dynamic data audit Erway el at [19] first providedan extended PDP protocol named as dynamic provable datapossession (DPDP) which introduced a dynamic authenti-cated data structure rank-based authenticated skip list tosupport data updating Later Wang el at [20] proposed aprotocol based on the BLS signature which utilized MerkleHash Tree (MHT) to achieve data updating However theabove two protocols would cause heavy computational over-head of the TPA and large communication costs during theverification phase and the updating phase Further [23] [26]and [27] respectively design the dynamic authenticated datastructures Index Hash Table (IHT) Dynamic Hash Table(DHT) and Doubly Linked Info Table (DLIT) to improveaudit efficiency and the structures are stored in theTPA ratherthan the CSP to reduce communication costs Though theabove protocols achieve auditing effectively the methods stillhave some drawbacks In [23] updating operations incurlarge computational overhead especially insertion and deleteoperationsThus [26] and [27] respectively design the struc-tures to overcome the above drawbacks in [23] However

search operations in [26 27] are relatively inefficient in theverification phase and the updating phase

In view of above problems this paper introduces a noveldynamic data authenticated structure adjacency-hash table(AHT) in our public auditing protocol (AHT-PA)We employthe AHT to achieve dynamic auditing Moreover due toAHTstored in the TPA instead of CSP its computational overheadand communication costs are significantly less than boththe protocol based on the skip list [19] and the one usingMHT [20] In the verification phase and the updating phaseAHT-PA also outperforms the protocols [23 26 27] Weexploit the bilinear maps and Boneh-Lynn-Shacham (BLS)signatures to support batch auditing and employ randommasking to achieve privacy preserving Our contributionscan be summarized as follows

(1) We propose a novel public auditing protocol whichcan simultaneously support the essential functionsprivacy preserving batch auditing and dynamic dataauditing

(2) We introduce a novel dynamic structure AHT tosave data properties for dynamic data auditing Withsuch structure our protocol can effectively achievethe dynamic data auditing and the data updating

(3) We prove the security of the presented protocol andjustify the auditing performance by concrete exper-imental comparisons with the state of the arts Theresults demonstrate that our protocol can efficientlyachieve secure auditing and outperform the previousones in computational overhead and communicationcosts

The rest of the paper is organized as follows in Section 2we review the related work concerning cloud storage audit-ing particularly regarding the dynamic data auditing Thenwe introduce the background and the necessary preliminariesfor our work in Section 3 Section 4 gives the detaileddescription of our protocol Section 5 presents the securityproofs of our protocol and Section 6 gives the comprehensiveperformance evaluations through experimental comparisonswith some existing protocols Finally Section 7 gives theconcluding remark of this paper

2 Related Work

In recent years many researchers have focused on cloudstorage auditing In 2007 Atenises et al [16] proposed one ofthe earliest related works ldquoprovable data possession (PDP)rdquowhich employs the based-RSA homomorphic authenticatorto check the data integrity At the same year Juels el at [17]presented a complementary protocol ldquoProof of Retrievability(PoR)rdquo which can not only check the correctness of dataon cloud but also ensure the retrievability of cloud datawith an encoding method (error-correcting code) Howeverdue to encoding the file before outsourcing to the CSP thePoR model focuses on static data such as archive dataCompared with PoR PDP is more suitable for dynamic dataauditing As mentioned earlier the public auditing has someadvantages over private auditing In public auditing TPA


















Data flow


Users

Auditing R

equests

Auditing R

esults

ChallengesProofs













119886

sum119894=0

119888119881119886119897119906119890119894 lt 119909 le119886+1

sum119894=0

119888119881119886119897119906119890119894 (1)


119889119894119904 = 119909 minus119886

sum119894=0

119888119881119886119897119906119890119894 (2)


NO ID

1

2

3

3

hellip hellip

i

hellip hellip

m

1 Λ

1 hellip 1 1

1 Λ 1 Λ

File deletion

2 Λ

1 hellip 0 Λ 2

Block deletion

1 Λ 1

File insertion

1 Λ

Block insertion

Block modification

ID1

ID2

ID3

ID4

IDi

IDm

tmntmn-1

t1nt1n-1t11

1

lowast













le 120576(3)






User CSPTPA






Λ=i|1leilen

F i|1leilen



TPA CSP



M T Λ





= si | iisinQ )




M T Λ

ion Challenge chal



= si | iisinQ )









120590119894 = (119906119867(V119894119905119894) sdot V119898119894)119909 (5)




120599 = 119868119863 119878119868119866 (119904119896 119868119863) (6)




119879 = prod119894isin119876

119890 (120590119894 120593)119904119894 (7)

and the block proof

119872 = sum119894isin119876

119898119894 sdot 119904119894 + 119903 (8)


Λ = 119890 (V 119910)minus119903 (9)







= prod119894isin119876


119890 (120590119894 120593)119904119894 = 119879

(11)






119880CSP = (119865B119898119900119889119894119891119910 119894 1198981015840119894 1205901015840








119879Β =119908

prod119896=1

119879119896 (12)






119908

prod119896=1

(Λ120591119896119896 sdot 119890 (119906

sum119894isin119876119896119867(V119896119894119905119896119894)sdot119904119896119894

119896 sdot V119872119896119896 120578119896)) = 119879Β (13)


119908

prod119896=1

(Λ120591119896119896 sdot 119890 (119906

sum119894isin119876119896119867(V119896119894119905119896119894)sdot119904119896119894

119896 sdot V119872119896119896 120578119896)) =

119908

prod119896=1

119879119896

= 119879Β

(14)

5 Security Analysis







119872 = sum119894isin119876


119898lowast119894 sdot 119904119894 + 119903 (15)



(16)




sum119894isin119876

119898119894 sdot 119904119894 + 119903 = sum119894isin119876

119898lowast119894 sdot 119904119894 + 119903 (18)








DLIT-PA

DHT-PA

AHT-PA

100

200

300

400

500

600

700

800

e g

ener

atio

n tim

e of b

lock

tags

(s)







DLIT-PA

DHT-PA

AHT-PA


0

50

100

150

200

250

300

e g

ener

atio

n tim

e of b

lock

tags

(s)


DLIT-PADHT-PAAHT-PA

e v

erifi

catio

n tim

e (m

s)


800100012001400160018002000

0

10

20

30

40




e Aud

iting

tim

e per

task

(ms)

DLIT-PADHT-PAAHT-PA

120013001400150016001700180019002000

0

10

20

30

40






Sear

ch F

requ

ency


500100015002000250030003500

00

05

10

15

20


times105

times104


arch

freq

uenc

y


times105

times10320 30 40 5010


5000100001500020000250003000035000

02040608101214161820



7 Conclusions




Data Availability




Acknowledgments


References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



















Data flow


Users

Auditing R

equests

Auditing R

esults

ChallengesProofs













119886

sum119894=0

119888119881119886119897119906119890119894 lt 119909 le119886+1

sum119894=0

119888119881119886119897119906119890119894 (1)


119889119894119904 = 119909 minus119886

sum119894=0

119888119881119886119897119906119890119894 (2)


NO ID

1

2

3

3

hellip hellip

i

hellip hellip

m

1 Λ

1 hellip 1 1

1 Λ 1 Λ

File deletion

2 Λ

1 hellip 0 Λ 2

Block deletion

1 Λ 1

File insertion

1 Λ

Block insertion

Block modification

ID1

ID2

ID3

ID4

IDi

IDm

tmntmn-1

t1nt1n-1t11

1

lowast













le 120576(3)






User CSPTPA






Λ=i|1leilen

F i|1leilen



TPA CSP



M T Λ





= si | iisinQ )




M T Λ

ion Challenge chal



= si | iisinQ )









120590119894 = (119906119867(V119894119905119894) sdot V119898119894)119909 (5)




120599 = 119868119863 119878119868119866 (119904119896 119868119863) (6)




119879 = prod119894isin119876

119890 (120590119894 120593)119904119894 (7)

and the block proof

119872 = sum119894isin119876

119898119894 sdot 119904119894 + 119903 (8)


Λ = 119890 (V 119910)minus119903 (9)







= prod119894isin119876


119890 (120590119894 120593)119904119894 = 119879

(11)






119880CSP = (119865B119898119900119889119894119891119910 119894 1198981015840119894 1205901015840








119879Β =119908

prod119896=1

119879119896 (12)






119908

prod119896=1

(Λ120591119896119896 sdot 119890 (119906

sum119894isin119876119896119867(V119896119894119905119896119894)sdot119904119896119894

119896 sdot V119872119896119896 120578119896)) = 119879Β (13)


119908

prod119896=1

(Λ120591119896119896 sdot 119890 (119906

sum119894isin119876119896119867(V119896119894119905119896119894)sdot119904119896119894

119896 sdot V119872119896119896 120578119896)) =

119908

prod119896=1

119879119896

= 119879Β

(14)

5 Security Analysis







119872 = sum119894isin119876


119898lowast119894 sdot 119904119894 + 119903 (15)



(16)




sum119894isin119876

119898119894 sdot 119904119894 + 119903 = sum119894isin119876

119898lowast119894 sdot 119904119894 + 119903 (18)








DLIT-PA

DHT-PA

AHT-PA

100

200

300

400

500

600

700

800

e g

ener

atio

n tim

e of b

lock

tags

(s)







DLIT-PA

DHT-PA

AHT-PA


0

50

100

150

200

250

300

e g

ener

atio

n tim

e of b

lock

tags

(s)


DLIT-PADHT-PAAHT-PA

e v

erifi

catio

n tim

e (m

s)


800100012001400160018002000

0

10

20

30

40




e Aud

iting

tim

e per

task

(ms)

DLIT-PADHT-PAAHT-PA

120013001400150016001700180019002000

0

10

20

30

40






Sear

ch F

requ

ency


500100015002000250030003500

00

05

10

15

20


times105

times104


arch

freq

uenc

y


times105

times10320 30 40 5010


5000100001500020000250003000035000

02040608101214161820



7 Conclusions




Data Availability




Acknowledgments


References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia





Data flow


Users

Auditing R

equests

Auditing R

esults

ChallengesProofs













119886

sum119894=0

119888119881119886119897119906119890119894 lt 119909 le119886+1

sum119894=0

119888119881119886119897119906119890119894 (1)


119889119894119904 = 119909 minus119886

sum119894=0

119888119881119886119897119906119890119894 (2)


NO ID

1

2

3

3

hellip hellip

i

hellip hellip

m

1 Λ

1 hellip 1 1

1 Λ 1 Λ

File deletion

2 Λ

1 hellip 0 Λ 2

Block deletion

1 Λ 1

File insertion

1 Λ

Block insertion

Block modification

ID1

ID2

ID3

ID4

IDi

IDm

tmntmn-1

t1nt1n-1t11

1

lowast













le 120576(3)






User CSPTPA






Λ=i|1leilen

F i|1leilen



TPA CSP



M T Λ





= si | iisinQ )




M T Λ

ion Challenge chal



= si | iisinQ )









120590119894 = (119906119867(V119894119905119894) sdot V119898119894)119909 (5)




120599 = 119868119863 119878119868119866 (119904119896 119868119863) (6)




119879 = prod119894isin119876

119890 (120590119894 120593)119904119894 (7)

and the block proof

119872 = sum119894isin119876

119898119894 sdot 119904119894 + 119903 (8)


Λ = 119890 (V 119910)minus119903 (9)







= prod119894isin119876


119890 (120590119894 120593)119904119894 = 119879

(11)






119880CSP = (119865B119898119900119889119894119891119910 119894 1198981015840119894 1205901015840








119879Β =119908

prod119896=1

119879119896 (12)






119908

prod119896=1

(Λ120591119896119896 sdot 119890 (119906

sum119894isin119876119896119867(V119896119894119905119896119894)sdot119904119896119894

119896 sdot V119872119896119896 120578119896)) = 119879Β (13)


119908

prod119896=1

(Λ120591119896119896 sdot 119890 (119906

sum119894isin119876119896119867(V119896119894119905119896119894)sdot119904119896119894

119896 sdot V119872119896119896 120578119896)) =

119908

prod119896=1

119879119896

= 119879Β

(14)

5 Security Analysis







119872 = sum119894isin119876


119898lowast119894 sdot 119904119894 + 119903 (15)



(16)




sum119894isin119876

119898119894 sdot 119904119894 + 119903 = sum119894isin119876

119898lowast119894 sdot 119904119894 + 119903 (18)








DLIT-PA

DHT-PA

AHT-PA

100

200

300

400

500

600

700

800

e g

ener

atio

n tim

e of b

lock

tags

(s)







DLIT-PA

DHT-PA

AHT-PA


0

50

100

150

200

250

300

e g

ener

atio

n tim

e of b

lock

tags

(s)


DLIT-PADHT-PAAHT-PA

e v

erifi

catio

n tim

e (m

s)


800100012001400160018002000

0

10

20

30

40




e Aud

iting

tim

e per

task

(ms)

DLIT-PADHT-PAAHT-PA

120013001400150016001700180019002000

0

10

20

30

40






Sear

ch F

requ

ency


500100015002000250030003500

00

05

10

15

20


times105

times104


arch

freq

uenc

y


times105

times10320 30 40 5010


5000100001500020000250003000035000

02040608101214161820



7 Conclusions




Data Availability




Acknowledgments


References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



NO ID

1

2

3

3

hellip hellip

i

hellip hellip

m

1 Λ

1 hellip 1 1

1 Λ 1 Λ

File deletion

2 Λ

1 hellip 0 Λ 2

Block deletion

1 Λ 1

File insertion

1 Λ

Block insertion

Block modification

ID1

ID2

ID3

ID4

IDi

IDm

tmntmn-1

t1nt1n-1t11

1

lowast













le 120576(3)






User CSPTPA






Λ=i|1leilen

F i|1leilen



TPA CSP



M T Λ





= si | iisinQ )




M T Λ

ion Challenge chal



= si | iisinQ )









120590119894 = (119906119867(V119894119905119894) sdot V119898119894)119909 (5)




120599 = 119868119863 119878119868119866 (119904119896 119868119863) (6)




119879 = prod119894isin119876

119890 (120590119894 120593)119904119894 (7)

and the block proof

119872 = sum119894isin119876

119898119894 sdot 119904119894 + 119903 (8)


Λ = 119890 (V 119910)minus119903 (9)







= prod119894isin119876


119890 (120590119894 120593)119904119894 = 119879

(11)






119880CSP = (119865B119898119900119889119894119891119910 119894 1198981015840119894 1205901015840








119879Β =119908

prod119896=1

119879119896 (12)






119908

prod119896=1

(Λ120591119896119896 sdot 119890 (119906

sum119894isin119876119896119867(V119896119894119905119896119894)sdot119904119896119894

119896 sdot V119872119896119896 120578119896)) = 119879Β (13)


119908

prod119896=1

(Λ120591119896119896 sdot 119890 (119906

sum119894isin119876119896119867(V119896119894119905119896119894)sdot119904119896119894

119896 sdot V119872119896119896 120578119896)) =

119908

prod119896=1

119879119896

= 119879Β

(14)

5 Security Analysis







119872 = sum119894isin119876


119898lowast119894 sdot 119904119894 + 119903 (15)



(16)




sum119894isin119876

119898119894 sdot 119904119894 + 119903 = sum119894isin119876

119898lowast119894 sdot 119904119894 + 119903 (18)








DLIT-PA

DHT-PA

AHT-PA

100

200

300

400

500

600

700

800

e g

ener

atio

n tim

e of b

lock

tags

(s)







DLIT-PA

DHT-PA

AHT-PA


0

50

100

150

200

250

300

e g

ener

atio

n tim

e of b

lock

tags

(s)


DLIT-PADHT-PAAHT-PA

e v

erifi

catio

n tim

e (m

s)


800100012001400160018002000

0

10

20

30

40




e Aud

iting

tim

e per

task

(ms)

DLIT-PADHT-PAAHT-PA

120013001400150016001700180019002000

0

10

20

30

40






Sear

ch F

requ

ency


500100015002000250030003500

00

05

10

15

20


times105

times104


arch

freq

uenc

y


times105

times10320 30 40 5010


5000100001500020000250003000035000

02040608101214161820



7 Conclusions




Data Availability




Acknowledgments


References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



User CSPTPA






Λ=i|1leilen

F i|1leilen



TPA CSP



M T Λ





= si | iisinQ )




M T Λ

ion Challenge chal



= si | iisinQ )









120590119894 = (119906119867(V119894119905119894) sdot V119898119894)119909 (5)




120599 = 119868119863 119878119868119866 (119904119896 119868119863) (6)




119879 = prod119894isin119876

119890 (120590119894 120593)119904119894 (7)

and the block proof

119872 = sum119894isin119876

119898119894 sdot 119904119894 + 119903 (8)


Λ = 119890 (V 119910)minus119903 (9)







= prod119894isin119876


119890 (120590119894 120593)119904119894 = 119879

(11)






119880CSP = (119865B119898119900119889119894119891119910 119894 1198981015840119894 1205901015840








119879Β =119908

prod119896=1

119879119896 (12)






119908

prod119896=1

(Λ120591119896119896 sdot 119890 (119906

sum119894isin119876119896119867(V119896119894119905119896119894)sdot119904119896119894

119896 sdot V119872119896119896 120578119896)) = 119879Β (13)


119908

prod119896=1

(Λ120591119896119896 sdot 119890 (119906

sum119894isin119876119896119867(V119896119894119905119896119894)sdot119904119896119894

119896 sdot V119872119896119896 120578119896)) =

119908

prod119896=1

119879119896

= 119879Β

(14)

5 Security Analysis







119872 = sum119894isin119876


119898lowast119894 sdot 119904119894 + 119903 (15)



(16)




sum119894isin119876

119898119894 sdot 119904119894 + 119903 = sum119894isin119876

119898lowast119894 sdot 119904119894 + 119903 (18)








DLIT-PA

DHT-PA

AHT-PA

100

200

300

400

500

600

700

800

e g

ener

atio

n tim

e of b

lock

tags

(s)







DLIT-PA

DHT-PA

AHT-PA


0

50

100

150

200

250

300

e g

ener

atio

n tim

e of b

lock

tags

(s)


DLIT-PADHT-PAAHT-PA

e v

erifi

catio

n tim

e (m

s)


800100012001400160018002000

0

10

20

30

40




e Aud

iting

tim

e per

task

(ms)

DLIT-PADHT-PAAHT-PA

120013001400150016001700180019002000

0

10

20

30

40






Sear

ch F

requ

ency


500100015002000250030003500

00

05

10

15

20


times105

times104


arch

freq

uenc

y


times105

times10320 30 40 5010


5000100001500020000250003000035000

02040608101214161820



7 Conclusions




Data Availability




Acknowledgments


References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia




120599 = 119868119863 119878119868119866 (119904119896 119868119863) (6)




119879 = prod119894isin119876

119890 (120590119894 120593)119904119894 (7)

and the block proof

119872 = sum119894isin119876

119898119894 sdot 119904119894 + 119903 (8)


Λ = 119890 (V 119910)minus119903 (9)







= prod119894isin119876


119890 (120590119894 120593)119904119894 = 119879

(11)






119880CSP = (119865B119898119900119889119894119891119910 119894 1198981015840119894 1205901015840








119879Β =119908

prod119896=1

119879119896 (12)






119908

prod119896=1

(Λ120591119896119896 sdot 119890 (119906

sum119894isin119876119896119867(V119896119894119905119896119894)sdot119904119896119894

119896 sdot V119872119896119896 120578119896)) = 119879Β (13)


119908

prod119896=1

(Λ120591119896119896 sdot 119890 (119906

sum119894isin119876119896119867(V119896119894119905119896119894)sdot119904119896119894

119896 sdot V119872119896119896 120578119896)) =

119908

prod119896=1

119879119896

= 119879Β

(14)

5 Security Analysis







119872 = sum119894isin119876


119898lowast119894 sdot 119904119894 + 119903 (15)



(16)




sum119894isin119876

119898119894 sdot 119904119894 + 119903 = sum119894isin119876

119898lowast119894 sdot 119904119894 + 119903 (18)








DLIT-PA

DHT-PA

AHT-PA

100

200

300

400

500

600

700

800

e g

ener

atio

n tim

e of b

lock

tags

(s)







DLIT-PA

DHT-PA

AHT-PA


0

50

100

150

200

250

300

e g

ener

atio

n tim

e of b

lock

tags

(s)


DLIT-PADHT-PAAHT-PA

e v

erifi

catio

n tim

e (m

s)


800100012001400160018002000

0

10

20

30

40




e Aud

iting

tim

e per

task

(ms)

DLIT-PADHT-PAAHT-PA

120013001400150016001700180019002000

0

10

20

30

40






Sear

ch F

requ

ency


500100015002000250030003500

00

05

10

15

20


times105

times104


arch

freq

uenc

y


times105

times10320 30 40 5010


5000100001500020000250003000035000

02040608101214161820



7 Conclusions




Data Availability




Acknowledgments


References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia






119908

prod119896=1

(Λ120591119896119896 sdot 119890 (119906

sum119894isin119876119896119867(V119896119894119905119896119894)sdot119904119896119894

119896 sdot V119872119896119896 120578119896)) = 119879Β (13)


119908

prod119896=1

(Λ120591119896119896 sdot 119890 (119906

sum119894isin119876119896119867(V119896119894119905119896119894)sdot119904119896119894

119896 sdot V119872119896119896 120578119896)) =

119908

prod119896=1

119879119896

= 119879Β

(14)

5 Security Analysis







119872 = sum119894isin119876


119898lowast119894 sdot 119904119894 + 119903 (15)



(16)




sum119894isin119876

119898119894 sdot 119904119894 + 119903 = sum119894isin119876

119898lowast119894 sdot 119904119894 + 119903 (18)








DLIT-PA

DHT-PA

AHT-PA

100

200

300

400

500

600

700

800

e g

ener

atio

n tim

e of b

lock

tags

(s)







DLIT-PA

DHT-PA

AHT-PA


0

50

100

150

200

250

300

e g

ener

atio

n tim

e of b

lock

tags

(s)


DLIT-PADHT-PAAHT-PA

e v

erifi

catio

n tim

e (m

s)


800100012001400160018002000

0

10

20

30

40




e Aud

iting

tim

e per

task

(ms)

DLIT-PADHT-PAAHT-PA

120013001400150016001700180019002000

0

10

20

30

40






Sear

ch F

requ

ency


500100015002000250030003500

00

05

10

15

20


times105

times104


arch

freq

uenc

y


times105

times10320 30 40 5010


5000100001500020000250003000035000

02040608101214161820



7 Conclusions




Data Availability




Acknowledgments


References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



DLIT-PA

DHT-PA

AHT-PA

100

200

300

400

500

600

700

800

e g

ener

atio

n tim

e of b

lock

tags

(s)







DLIT-PA

DHT-PA

AHT-PA


0

50

100

150

200

250

300

e g

ener

atio

n tim

e of b

lock

tags

(s)


DLIT-PADHT-PAAHT-PA

e v

erifi

catio

n tim

e (m

s)


800100012001400160018002000

0

10

20

30

40




e Aud

iting

tim

e per

task

(ms)

DLIT-PADHT-PAAHT-PA

120013001400150016001700180019002000

0

10

20

30

40






Sear

ch F

requ

ency


500100015002000250030003500

00

05

10

15

20


times105

times104


arch

freq

uenc

y


times105

times10320 30 40 5010


5000100001500020000250003000035000

02040608101214161820



7 Conclusions




Data Availability




Acknowledgments


References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



e Aud

iting

tim

e per

task

(ms)

DLIT-PADHT-PAAHT-PA

120013001400150016001700180019002000

0

10

20

30

40






Sear

ch F

requ

ency


500100015002000250030003500

00

05

10

15

20


times105

times104


arch

freq

uenc

y


times105

times10320 30 40 5010


5000100001500020000250003000035000

02040608101214161820



7 Conclusions




Data Availability




Acknowledgments


References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia




Data Availability




Acknowledgments


References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia















RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia




RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia


Documents

Adjacency-Hash-Table Based Public Auditing for Data Integrity in Mobile Cloud Computingdownloads.hindawi.com › journals › wcmc › 2018 › 3471312.pdf · 2019-07-30 · Adjacency-Hash-Table