ENABLING CLOUD STORAGE AUDITING VIA VERIFIABLE KEY UPDATE OUTSOURCING

Abstract

Addressing the critical issue of key exposure resistance in cloud storage auditing has
been a significant concern in security applications. Recent research has focused on finding
solutions to this problem, which typically involve clients regularly updating their secret keys.
However, this approach can be burdensome for clients with limited computational resources, such
as mobile devices. To enhance client transparency during key updates, we propose a novel
paradigm in this paper: cloud storage auditing combined with verifiable outsourcing of key
updates. In our proposed model, clients can delegate the task of key updates to a trusted third
party, alleviating the need for them to manage this process. We extend the role of the third-party
auditor (TPA) from existing public auditing designs to include responsibility for both storage
auditing and key security updates, thus preventing key exposure. Our scheme ensures that the TPA
maintains only an encrypted copy of the client's secret key while performing these tasks on behalf
of the client. During data transfer to the cloud, the client retrieves the encrypted secret key from
the TPA. Additionally, our architecture provides mechanisms for the client to verify the
authenticity of the encrypted secret keys supplied by the TPA. These features aim to make the
auditing process with key exposure resistance as transparent as possible to the client. We formally
outline the definition and underlying security model of this paradigm. Our implementations,
rigorously tested and simulated, demonstrate the safety and effectiveness of the proposed designs
in practice.