A mutual nonrepudiation protocol for cloud storage with interchangeable accesses of a single account from multiple devices

Gwan Hwan Hwang; Jenn Zjone Peng; Wei Sian Huang

doi:10.1109/TrustCom.2013.55

A mutual nonrepudiation protocol for cloud storage with interchangeable accesses of a single account from multiple devices

Gwan Hwan Hwang^*, Jenn Zjone Peng, Wei Sian Huang

^*Corresponding author for this work

Department of Computer Science and Information Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

14 Citations (Scopus)

Abstract

Obtaining mutual nonrepudiation between the user and service provider is crucial in cloud storage. One of the solutions for mutual nonrepudiation is based on logging attestations, which are signed messages. For every request, clients and service provider exchange attestations. These attestations will be used in an auditing protocol to verify their behavior. The chain-hashing scheme chains attestations and stores them in service provider for supporting write serializability and read freshness of files. However, the chain-hashing scheme is inefficient when files in an account can be accessed by multiple client devices interchangeably. In this paper we first show that the chain-hashing scheme cannot resist roll-back attack from service provider unless client devices keep all the attestations or there exists a way to broadcast the last attestation to all the client devices. We propose a scheme that can guarantee mutual nonrepudiation between the user and service provider without requiring the client devices to exchange any messages, and each client device only has to store the last attestation it received. We also propose how to apply the hash tree to remove accumulated attestations. The results from related experiments demonstrate the feasibility of the proposed scheme. A service provider of cloud storage can use the proposed scheme to provide a mutual nonrepudiation guarantee in their service-level agreement.

Original language	English
Title of host publication	Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013
Pages	439-446
Number of pages	8
DOIs	https://doi.org/10.1109/TrustCom.2013.55
Publication status	Published - 2013
Event	12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013 - Melbourne, VIC, Australia Duration: 2013 Jul 16 → 2013 Jul 18

Publication series

Name	Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013

Other

Other	12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013
Country/Territory	Australia
City	Melbourne, VIC
Period	2013/07/16 → 2013/07/18

Keywords

cloud security
cloud storage
hash tree
Nonrepudiation
service-level agreement
SLA

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1109/TrustCom.2013.55

Cite this

Hwang, G. H., Peng, J. Z., & Huang, W. S. (2013). A mutual nonrepudiation protocol for cloud storage with interchangeable accesses of a single account from multiple devices. In Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013 (pp. 439-446). Article 6680872 (Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013). https://doi.org/10.1109/TrustCom.2013.55

A mutual nonrepudiation protocol for cloud storage with interchangeable accesses of a single account from multiple devices. / Hwang, Gwan Hwan; Peng, Jenn Zjone; Huang, Wei Sian.
Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013. 2013. p. 439-446 6680872 (Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Hwang, GH, Peng, JZ & Huang, WS 2013, A mutual nonrepudiation protocol for cloud storage with interchangeable accesses of a single account from multiple devices. in Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013., 6680872, Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013, pp. 439-446, 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013, Melbourne, VIC, Australia, 2013/07/16. https://doi.org/10.1109/TrustCom.2013.55

Hwang GH, Peng JZ, Huang WS. A mutual nonrepudiation protocol for cloud storage with interchangeable accesses of a single account from multiple devices. In Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013. 2013. p. 439-446. 6680872. (Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013). doi: 10.1109/TrustCom.2013.55

Hwang, Gwan Hwan ; Peng, Jenn Zjone ; Huang, Wei Sian. / A mutual nonrepudiation protocol for cloud storage with interchangeable accesses of a single account from multiple devices. Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013. 2013. pp. 439-446 (Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013).

@inproceedings{29018ea750a3415da4008ef2b7ec4e99,

title = "A mutual nonrepudiation protocol for cloud storage with interchangeable accesses of a single account from multiple devices",

abstract = "Obtaining mutual nonrepudiation between the user and service provider is crucial in cloud storage. One of the solutions for mutual nonrepudiation is based on logging attestations, which are signed messages. For every request, clients and service provider exchange attestations. These attestations will be used in an auditing protocol to verify their behavior. The chain-hashing scheme chains attestations and stores them in service provider for supporting write serializability and read freshness of files. However, the chain-hashing scheme is inefficient when files in an account can be accessed by multiple client devices interchangeably. In this paper we first show that the chain-hashing scheme cannot resist roll-back attack from service provider unless client devices keep all the attestations or there exists a way to broadcast the last attestation to all the client devices. We propose a scheme that can guarantee mutual nonrepudiation between the user and service provider without requiring the client devices to exchange any messages, and each client device only has to store the last attestation it received. We also propose how to apply the hash tree to remove accumulated attestations. The results from related experiments demonstrate the feasibility of the proposed scheme. A service provider of cloud storage can use the proposed scheme to provide a mutual nonrepudiation guarantee in their service-level agreement.",

keywords = "cloud security, cloud storage, hash tree, Nonrepudiation, service-level agreement, SLA",

author = "Hwang, {Gwan Hwan} and Peng, {Jenn Zjone} and Huang, {Wei Sian}",

year = "2013",

doi = "10.1109/TrustCom.2013.55",

language = "English",

isbn = "9780769550220",

series = "Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013",

pages = "439--446",

booktitle = "Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013",

note = "12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013 ; Conference date: 16-07-2013 Through 18-07-2013",

}

TY - GEN

T1 - A mutual nonrepudiation protocol for cloud storage with interchangeable accesses of a single account from multiple devices

AU - Hwang, Gwan Hwan

AU - Peng, Jenn Zjone

AU - Huang, Wei Sian

PY - 2013

Y1 - 2013

N2 - Obtaining mutual nonrepudiation between the user and service provider is crucial in cloud storage. One of the solutions for mutual nonrepudiation is based on logging attestations, which are signed messages. For every request, clients and service provider exchange attestations. These attestations will be used in an auditing protocol to verify their behavior. The chain-hashing scheme chains attestations and stores them in service provider for supporting write serializability and read freshness of files. However, the chain-hashing scheme is inefficient when files in an account can be accessed by multiple client devices interchangeably. In this paper we first show that the chain-hashing scheme cannot resist roll-back attack from service provider unless client devices keep all the attestations or there exists a way to broadcast the last attestation to all the client devices. We propose a scheme that can guarantee mutual nonrepudiation between the user and service provider without requiring the client devices to exchange any messages, and each client device only has to store the last attestation it received. We also propose how to apply the hash tree to remove accumulated attestations. The results from related experiments demonstrate the feasibility of the proposed scheme. A service provider of cloud storage can use the proposed scheme to provide a mutual nonrepudiation guarantee in their service-level agreement.

AB - Obtaining mutual nonrepudiation between the user and service provider is crucial in cloud storage. One of the solutions for mutual nonrepudiation is based on logging attestations, which are signed messages. For every request, clients and service provider exchange attestations. These attestations will be used in an auditing protocol to verify their behavior. The chain-hashing scheme chains attestations and stores them in service provider for supporting write serializability and read freshness of files. However, the chain-hashing scheme is inefficient when files in an account can be accessed by multiple client devices interchangeably. In this paper we first show that the chain-hashing scheme cannot resist roll-back attack from service provider unless client devices keep all the attestations or there exists a way to broadcast the last attestation to all the client devices. We propose a scheme that can guarantee mutual nonrepudiation between the user and service provider without requiring the client devices to exchange any messages, and each client device only has to store the last attestation it received. We also propose how to apply the hash tree to remove accumulated attestations. The results from related experiments demonstrate the feasibility of the proposed scheme. A service provider of cloud storage can use the proposed scheme to provide a mutual nonrepudiation guarantee in their service-level agreement.

KW - cloud security

KW - cloud storage

KW - hash tree

KW - Nonrepudiation

KW - service-level agreement

KW - SLA

UR - http://www.scopus.com/inward/record.url?scp=84893476101&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84893476101&partnerID=8YFLogxK

U2 - 10.1109/TrustCom.2013.55

DO - 10.1109/TrustCom.2013.55

M3 - Conference contribution

AN - SCOPUS:84893476101

SN - 9780769550220

T3 - Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013

SP - 439

EP - 446

BT - Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013

T2 - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013

Y2 - 16 July 2013 through 18 July 2013

ER -

A mutual nonrepudiation protocol for cloud storage with interchangeable accesses of a single account from multiple devices

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this