Delegable Provable Data Possession for Remote Data in the Clouds

Abstract

Many storage systems need to do authorized verification for data integrity. For example, a user stores his data into cloud storage servers and shares his data with his friends. They check data integrity periodically to ensure data intact. However, they don't want a stranger to check data integrity on their data. Therefore, public verification is undesired in this situation. The user can share his private key to his friends for private verification. However, his friends may reveal his private key to others. In this paper, we proposed the delegable provable data possession (delegable PDP) model to solve this problem. Delegable PDP allows a user to control who can check data integrity of his data, and guarantee that delegated verifiers cannot re-delegate this verification capability to others. Delegable PDP enjoys advantage of authorized verification and convenience of public verification. We define a delegable PDP model and provide a construction for it. User U generates verifiable tags of his data and the delegation key dk(upsilon ->nu) for delegated verifier nu, upsilon uploads his data, tags, and dk(upsilon ->nu) to storage servers. When integrity check, storage servers can use dku v to transform U's tags into the form that V can verify with his private key sky. Our model allows U to revoke V's verification capability by removing dku v from storage servers directly. We prove our protocol secure in the random oracle model. Our protocol achieves proof unforgeability, proof indistinguishability, and delegation key unforgeability.