Abstract— Cloud storage auditing schemes for shared data refer to checking the integrity of cloud data shared by a group of users. User revocation is commonly supported in such schemes, as users may be subject to group membership changes for various reasons. Previously, the computational overhead for user revocation in such schemes is linear with the total number of file blocks possessed by a revoked user. The overhead, however, may become a heavy burden because of the sheer amount of the shared cloud data. Thus, how to reduce the computational overhead caused by user revocations becomes a key research challenge for achieving practical cloud data auditing. A novel storage auditing scheme that achieve highly-efficient user revocation independent of the total number of file blocks possessed by the revoked user in the cloud was proposed. This is achieved by exploring a novel strategy for key generation and a new private key update technique. Using this strategy and the technique, user revocation by just updating the non-revoked group users’ private keys rather than authenticators of the revoked user was realized. The integrity auditing of the revoked user’s data can still be correctly performed when the authenticators are not updated. Meanwhile, the proposed scheme is based on identity-base cryptography, which eliminates the complicated certificate management in traditional Public Key Infra structure (PKI) systems. The security and efficiency of the proposed scheme are validated via both analysis and experimental results.
Index Terms—Cloud computing; cloud storage auditing; user revocation; big data; identity-based cryptography