Journal Pre-proofs

A Modified Boneh-Lynn-Shacham Signing Dynamic Auditing In Cloud Com‐

puting

Adnan Alrabea

PII: S1319-1578(20)30389-X
DOI: https://doi.org/10.1016/j.jksuci.2020.06.001
Reference: JKSUCI 797

To appear in: Journal of King Saud University - Computer and

Information Sciences

Received Date: 28 March 2020

Revised Date: 22 May 2020
Accepted Date: 1 June 2020

Please cite this article as: Alrabea, A., A Modified Boneh-Lynn-Shacham Signing Dynamic Auditing In Cloud
Computing, Journal of King Saud University - Computer and Information Sciences (2020), doi: https://doi.org/
10.1016/j.jksuci.2020.06.001

This is a PDF file of an article that has undergone enhancements after acceptance, such as the addition of a cover
page and metadata, and formatting for readability, but it is not yet the definitive version of record. This version
will undergo additional copyediting, typesetting and review before it is published in its final form, but we are
providing this version to give early visibility of the article. Please note that, during the production process, errors
may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.

© 2020 Production and hosting by Elsevier B.V. on behalf of King Saud University.
 A MODIFIED BONEH-LYNN-SHACHAM SIGNING DYNAMIC
AUDITING IN CLOUD COMPUTING

Adnan Alrabea

Prince Abdullah Ben Ghazi Faculty of Information and Communication Technology

Al-Balqa Applied University, Al-Salt, Jordan

[email protected]

ABSTRACT
Cloud Computing is an alternative to conventional IT Outsourcing. As a result, cloud computing migration
between organizations is rapidly growing. The adoption of this technology brings many positive aspects,
but prescribes various risks and concerns. An organization that officially provides its cloud computing
services to external providers and implies that its IT functions and process are outsourced to third-party
providers of BPO services.For the purposes of privacy-making public audit processes in dynamic cloud
data storage, a modified Boneh-Lynn-Shachame Dynamic Auditing (MBLSSDA) algorithm is suggested.
The proposed algorithm executes an audit process for many users on the basis of a batch audit
simultaneously and effectively in order to enable Third Party Auditing. This paper integrates the
homomorphic authenticator in an algorithm of dynamic signing audit by random marking in terms of the
privacy conserving public auditing process.

Keywords: Cloud Computing, Auditing, Security, Multiple Batch, Cloud Security

 A MODIFIED BONEH-LYNN-SHACHAM SIGNING DYNAMIC
AUDITING IN CLOUD COMPUTING

ABSTRACT
Cloud Computing is an alternative to conventional IT Outsourcing. As a result, cloud computing migration
between organizations is rapidly growing. The adoption of this technology brings many positive aspects,
but prescribes various risks and concerns. An organization that officially provides its cloud computing
services to external providers and implies that its IT functions and process are outsourced to third-party
providers of BPO services.For the purposes of privacy-making public audit processes in dynamic cloud
data storage, a modified Boneh-Lynn-Shachame Dynamic Auditing (MBLSSDA) algorithm is suggested.
The proposed algorithm executes an audit process for many users on the basis of a batch audit
simultaneously and effectively in order to enable Third Party Auditing. This paper integrates the
homomorphic authenticator in an algorithm of dynamic signing audit by random marking in terms of the
privacy conserving public auditing process.

Keywords: Cloud Computing, Auditing, Security, Multiple Batch, Cloud Security

1. INTRODUCTION
Cloud storage system can give a flexible on-demand data storage service to the cloud user at anytime and
anywhere [1]. However, the Cloud Service Provider (CSP) owned the user data physically as well as
virtually. In this cloud environment, the cloud data are not controlled by the cloud user. Instead cloud
auditors manage the cloud data. But this process doesn’t ensure the data integrity which means
unauthorized cloud user can alter the data without owner’s knowledge. The individual belong to a group
can alter the data of other members in the same group.

Thus to avoid these kinds of issues this work proposed a Modified Boneh-Lynn-Shacham Signing Dynamic
Auditing (MBLSSDA) algorithm for privacy-preserving public auditing process in dynamic storage in
cloud. To enable the Third Party Auditing (TPA) simultaneously and efficiently,auditing process for single
users as well as batch auditing for multiple users is efficiently done in this proposed work. Additionally,
this work implements the Rijndael algorithm forgenerating an encryption key by data owner at the time
of group user requesting the data owner to access the data. This process is done based on the algorithm
SHA-512 for creating the hash key which is used by TPA for checking the integrity of cloud data and one
of the added advantages of this proposed work is one-time password verification scheme.
2. PRIVACY-PRESERVING PUBLIC AUDITING SCHEME
This work integrates an authenticator with random marking approach in terms of privacy-preserving public
auditing process using Modified Boneh-Lynn-Shacham Signing Dynamic Auditing (MBLSSDA)
algorithm. A linear combination of sampled blocks in cloud service answer is masked with randomly
generated Pseudo-Random Function (PRF). In the random making, the Third Parity Auditor (TPA) no
longer as need the user data to build a correct group and therefore cannot originate the data content of the
user [13][14] .A public auditing scheme basically contains four different algorithms such as VerifyProof,
GenProof, SigGen, KeyGen which runs according to the user implantation setup.

Figure.1 Basic Privacy Preserving in Public Auditing

The data owner uses SigGen to produce authentication metadata, which may contain MAC signatures or
related auditing material (T.Vijayalakshmi et al., 2014), (Mehmet SabırKiraz et. al., 2015), (Jachak K.B et
al., 2012). GenProof is run by the cloud service to assert data storage accuracy, while the TPA applies
VerifyProof to verify cloud service code proof.This proposed work adapts a batch auditing scheme
usingRijndael algorithm.

2.1 Public Auditing

It permits the TPA to verify the cloud data correctness on demand and without take care of actual cloud
data. In addition, by presenting any added online burden to the cloud authenticated users [15]. This process
has two different phases such as built the public auditing system and auditing process.

2.2 Batch Auditing

Users may concurrently request the auditing service from the TPA and each auditing task for individual
group or cloud user [16]. But this process directs very inefficient and creates the added burden on the
Utilization of batch auditing is one of the solutions of these kinds of issues. Here the TPA can concurrently
perform the multiple auditing tasks for the different cloud users. During this process, multiple users'
forwards aggregate authenticator to the TPA, after this process the TPA batches together all the incoming
requests and forwards it as a single request to the CSP. Then the CSP compute the aggregate authenticator
and again forward it to the TPA [2].

2.3 Data Dynamics

The cloud External auditor has to manage the data integrity where the cloud user may wish to do some of
the data block level processes, for example, modify, delete and update the files. Hence, this proposed
system offers the dynamic support.
Block Insertion:In the block insertion operation, server can insert anything on the existing client's file
or introduce new client file.
Block Deletion:In data block deletion operation, a server or user can delete anything on the user's data
file at any time.
Block Modification:In data block modification operation, a user or server can modify anything on the
user's data file at any time.
Block Verification:In block verification operation the TPA offers acknowledgment regarding whether
the block is altered or not altered.
Log History:log details about the user activity is maintained in log file.

3. MULTIPLE BATCH AUDITING

Another important process in public auditing process is multiple batch auditing. In this multiple batch
auditing process the TPA may simultaneously handle the multiple auditing processes upon various requests
of the user. In the separate auditing tasks, the TPA can be tedious and also this process leads to
inefficiently. For example, given K auditing process on K different data form k distinct cloud users, it is
more beneficial for TPA to process the batch auditing process and these multiple tasks are collected and
audit at one-time process[3][4].
Thus, keeping this necessary demand in mind this work proposed a new Modified Boneh-Lynn-Shacham
Signing Dynamic Auditing (MBLSSDA) algorithm which is used to support the multiple signatures'
aggregation is done by different signers on different messages into a single signature[5][6]. Hence, this
process gives the efficient verification during the authentication for each data blocks. Utilizing this
MBLSSDA process can achieve the simultaneous auditing process of multiple tasks at a time.
4. MODIFIED BONEH-LYNN-SHACHAM SIGNING DYNAMIC AUDITING
In this proposed work the data sharing between users in a group is done with the great secure way in the
cloud. The authorized group members only can access the shared data and it is done by using Rijndael
algorithm based on the SHA-512 algorithm and Random key generation procedure. It also consider the
user revocation process and data integrity during the public verification process without downloading the
whole data. It identifies signer on each and every data blocks in shared data and preserved the private
information from the public verifier. This approach also offers a novel public preserving auditing
mechanism for the shared data integrity with efficient group member revocation. Additionally, this work
uses,one-time password generation scheme for attaining the high data integrity which is depicted in the
following Figure 2.

User
Key validation for
registration and User Profile
email id verification
email id Interface
(First Time)
verification

File Search
File Upload and
User Login
Download

Split Sub
blocks OTP generation and
Encrypt the send mail
spited files
Stored in to Multi
Cloud Server OTP
Validation

Decryption and
Merging

Download

Data Base

Figure.2 User Validations Using One Time Password

4.1 USER REGISTRATION

The user registration is a typical procedure which is done by the cloud admin; during this registration
process, the group user must register their details using their personal information. After the registration
process, the user gets a personal ID for processing the cloud dynamic data sharing operation. For example,
add or delete. In case any user needs to edit their personal information they have to submit the
appropriately altered details to the cloud admin, then the cloud admin can update and edit that appropriate
user information and this whole process is controlled by cloud admin as shown in Figure 3
 Registration

Secure Data
Sharing

User 1

User 2 Cloud
Account Detail
server

User n

File
uploading Request
Private and DB
public data

Revocation Admin

Figure.3 User Revocations and Public Auditing.

4.2 File Uploading

The file uploading process the information is shared by the group user and in this work, encrypted
operation is done by using Rijndael algorithm based on a SHA-512 algorithm.

4.2.1 Rijndael Algorithm

Rijndael is well-known block cipher and standard symmetric key encryption algorithm which is to be
utilized to encrypt sensitive data [7]. Therefore, the decryption or encryption of the data block is
accomplished by multiple iterations with particular transformation (round function see Figure 4). This
algorithm has also defined an approach by creating a series of sub keys from the users’ original key.The
created sub key are utilized as input with round function. The basic pseudo code is as follows:

//Consider the Number of rounds performed is Nr //data block (Nb)

//length of the key (Nk)
//cipher results=state
Rijndael(State,CipherKey) {
KeyExpansion(CipherKey,ExpandedKey);AddRoundKey(State,ExpandedKey);
For(i=1 ; iFinalRound(State,ExpandedKey + Nb*Nr);
}

//The Round function is

Round(State,RoundKey) {
ByteSub(State);
ShiftRow(State);
MixColumn(State);
AddRoundKey(State,RoundKey);
}

5. Modified Boneh-Lynn-Shacham using Cloud Data Auditing

In this proposed work the cloud data auditing process is done by using Modified Boneh-Lynn-Shacham
Signing System in every Gap Diffie-Hellman (GDP) category G. It also includes a hash function from
message space to group G and is aligned with the proven signature scheme of the Pedersen and Chaum
[8][9][10].
Exactly, Consider G = 〈g〉is a Gap Diffie-Hellman group of prime order p, with a hash function H : {0,1}
∗ → G, considered a random oracle, any string may be signed and a signature identified as a single element
of group G. The scheme contains following algorithms.

Key Gen Algorithm

//generates an asymmetric key pair (x,v) ∈ Zn * Gn with public key v and private key x

Data:generator g2 for G2,prime number p

Result:private key x ∈Zn,public key v ∈ G2
Choose random x ∈ Zn
V→ g2x
Return (x,v)

SigGen Algorithm

//SigGen used when signing a message M with the private key x.

// This algorithm needs a hash function H that can hash the message to an elementh∈ G1.
//Assume that H is a random hash function.
Data: private key x ∈Zn,message M ∈ {0,1}*
Result: signature σ ∈ G1
h ←H(M) ∈ G1
σ← h^x
Return σ

Verify Algorithm
//Verify the signature with public key
Data: public key v ∈ G2,signature σ ∈ G1,message M ∈ {0,1}*
Result: boolean value
h ←H(M) ∈ G1
Return Test ((g^2,v,h,σ)
During this auditing processas shown in Figure 5, each and every group user are authenticated by using
one-time password approach and this password generated by using a SHA-512 algorithm.
The Secure Hash Algorithm (SHA) was developed by according to Federal Information Processing
Standard (FIPS 180) and National Institute of Standards and Technology (NIST) in 1993 [11][12]. SHA is
worked based on the hash function MD4. SHA-1 is also stated in RFC 3174.

5.1 Forwarding OTP to Cloud User

After generating the OTP it should be sent to the cloud user by using a gateway operation to the user mail
or mobile. Here, the URL is used for this process as a library and command line tool for transferring data
across it.
1.curl_init(): It is utilized to initialize a session.
2.curl_setopt(): Set a possibility for the URL transfer.
3.curl_exec():Perform a cURL session.
4.curl_close():Close a cURL session and set free all the cloud resources.

SignGen

Verification
KeyGen
Metadata

Group users Public and

secret

TPA

Issues an audit message

or challenge to

CSP
TPA

GenProof

CSP File F

VerifyProof Verification Meta data

User Personal
TPA information

User Admin
 Figure.5 Proposed Modified Boneh-Lynn-Shacham Based Cloud Auditing

Following procedure shows the overall process of proposed Modified Boneh-Lynn-Shacham Based
cloud auditing with Rijndael algorithm based data integrity checking process[17].

A Modified Boneh-Lynn-Shacham Signing Dynamic Auditing

Step 1: Cloud service controller or community customer first do server registration. After
authentication, OTP is created to transfer user phone or mail. Entering OTP number user can login
and view their cloud info. Using Rijandael algorithm is generated when user operations are complete
performance.

Step 2: Cloud user register and after enter the OTP to login. If the user want to access a file, initially
user send the request to server for authorization of file.
Step 3: Cloud server block the user or accepts request or itdepends on user validation. After accept
the request, server sends the encryption key to the users mobile or mail. Rijandael algorithm is used
for generating the Encryption key which is used for security purpose.
Step 4: Entering the encryption key user can modify or update the file and upload the file to the cloud
server again. A new hash value is generated after the file is uploaded.
Step 5: Now, the Third Party Administrator login and batch auditby comparing changed file hash
value and original file, if the hash valuesobtained is same, then file is not altered otherwise it is
altered by User.

Step 6: After this process cloud admin do login and will send the list of files that have been altered
over the SMS or mail to the cloud user.

Step 7: The cloud user will review the tempered files and will discard the change made by user or
overwrite the original file.

5.2 Download Verification

The final process is verification of integrity which is shown in Figure 6, here the TPA request to the
user for the secret key to check the file integrity. The data owner in the group grantswq2 permission
to TPA for downloading the file and after this process, TPA can check the integrity. In case any
altered or modification is performed on the file it will be reflected on cloud admin sideand the data
owner side. At this time the cloud admin sends warning to data owner in case the proposed files
have any alteration or modification by TPA. Without any secret key verification or metadata
verification, the data owner can understand the data is altered.
6. RESULTS& DISCUSSION
This proposed work implemented using Java and Cloud Sim. From the result in Figure 6shows that
the public key generation time is comparative to the group size of proposed Modified Boneh-Lynn-
Shacham
Signing
Dynamic
Auditing
(MBLSSDA)
with Rijndael
algorithm.

Figure.6 Key
Generation Time of
MBLSSDA-
RIJNDAEL
Algorithm

Figure 7shows that the signature generation time is comparative to the block size. since the master
user required to create secret keys for each and every group user during the catch auditing process
individually.

120
Authentication Signature
Generation Time (sec)

100

80

60 Authentication
Signature
40
Generation Time
20

0
1 2 3 4 5 6 7 8 9 10
Number of Block
Figure.7 Authentication Signature Generation Time ofMBLSSDA-RIJNDAEL Algorithm
Figure 8 shows the comparison results of proposed Modified Boneh-Lynn-Shacham Signing Dynamic
Auditing (MBLSSDA) with Rijndael algorithm and ELGAMAL digital signature scheme with Merkle B-
tree (Nayana.S.R et al., 2013) in terms of user verification time.
User Verification Time (Sec)
100

80

60
MBLSSDA-
40 RIJNDAEL
ELGAMAL-Merkle B-
20 tree
0
1 2 3 4 5 6 7 8 9 10
File Size (Block Number)

Figure.8User Verification Time of MBLSSDA-RIJNDAEL

From the results it indicates that, although ELGAMAL-Merkle B-tree scheme has very high User
verification time when compared with the proposed work. This is because ELGAMAL-Merkle B-tree
scheme needs a number of multiplication operations and exponentiation operations on Group
number during the batch auditing process for challenging blocks.

7. CONCLUSION
This paper presents MBLSSDA algorithm for privacy-preserving public auditing process in term of
dynamic cloud data storage. It enables the TPA to perform efficient auditing process for multiple
users as well as doing in the batch auditing for multiple users. Additionally, this work implements
the Rijndael algorithm to generate encryption key by data owner and at the time of other group user
requesting the data owner to access the data.
This process is done based on the SHA-512 algorithm for creating the hash key which is used for TPA
to check the integrity of cloud data and one of the added advantages of this proposed work is one-
time password verification scheme. At last, the TPA verifies the data integrity. The result proves that
by comparing single auditing with batch auditing process, the later one performs better and it
enhances the whole system performance
REFERENCE
[1] Qiu, M., Dai, W., &Vasilakos, A. V. (2016). Loop Parallelism Maximization for Multimedia Data
Processing in Mobile Vehicular Clouds. IEEE Transactions on Cloud Computing, 7(1), 250-258.

[2] Patidar, P., & Bhardwaj, A. (2011). Network security through SSL in cloud computing
environment. International Journal of Computer Science and Information Technologies, 2 (6) ,
2011, 2800-2803

[3] Jose, G. J. A., Sajeev, C., &Suyambulingom, D. C. (2011). Implementation of data security in
cloud computing. International Journal of P2P Network Trends and Technology, 1(1), 18-22.

[4] GarimaKumari, Lakshmi madhuri. Key Aggregate Cryptosystem & Intrusion Detection For Data
sharing In Cloud. Multidisciplinary Journal of Research in Engineering and Technology, 1(3),
308-317

[5] Mahalle, R. V., &Pawade, P. P. (2014). A review of secure data sharing in cloud using key
aggregate cryptosystem and decoy technology. Int J Sci Res, 3(12), 2694-2697.

[6] Hemlatha, S. M., & Ganesh, S. (2013). A brief survey on encryption schemes on cloud
environments. Int. J. Comput. Org. Trends, 3(9).

[7] Khan, K. M., &Malluhi, Q. (2013). Trust in cloud services: providing more controls to
clients. Computer, (7), 94-96.

[8] Cimato, S., Damiani, E., Zavatarelli, F., &Menicocci, R. (2013, June). Towards the certification of
cloud services. In 2013 IEEE Ninth World Congress on Services (pp. 92-97). IEEE.

[9] Nagarajan, M., &Karthikeyan, S. (2012, March). A new approach to increase the life time and
efficiency of wireless sensor network. In International Conference on Pattern Recognition,
Informatics and Medical Engineering (PRIME-2012) (pp. 231-235). IEEE.

[10] Vasarhelyi, M. A., &Halper, F. B. (1991). The continuous audit of online systems. In Auditing: A
Journal of Practice and Theory.10(1),110-125.

[11] Massonet, P., Naqvi, S., Ponsard, C., Latanicki, J., Rochwerger, B., &Villari, M. (2011, May). A
monitoring and audit logging architecture for data location compliance in federated cloud
infrastructures. In 2011 IEEE International Symposium on Parallel and Distributed Processing
Workshops and Phd Forum (pp. 1510-1517). IEEE.

[12] Ezhilarasi, M., &Krishnaveni, V. (2018). A survey on wireless sensor network: energy and
lifetime perspective. Taga Journal of Graphic Technology, 14.
 [13] Zhang, C., Cai, Z., Chen, W., Luo, X., & Yin, J. (2012). Flow level detection and filtering of low-
rate DDoS. Computer Networks, 56(15), 3417-3431.

[14] Wu, Y., Zhao, Z., Bao, F., & Deng, R. H. (2015). Software puzzle: A countermeasure to resource-
inflated denial-of-service attacks. IEEE Transactions on Information Forensics and security, 10(1),
168-177.

[15] Ezhilarasi, M. &Krishnaveni, V. "An evolutionary multipath energy-efficient routing protocol

(EMEER) for network lifetime enhancement in wireless sensor networks" Soft Computing,
(2019). https://doi.org/10.1007/s00500-019-03928-1

[16] McNevin, T. J., Park, J. M., &Marchany, R. (2004). pTCP: A client puzzle protocol for defending
against resource exhaustion denial of service attacks. Virginia Tech Univ., Dept. Elect. Comput.
Eng., Blacksburg, VA, USA, Tech. Rep. TR-ECE-04-10.

[17] Tsai, H. Y., Huang, Y. L., & Wagner, D. (2009). A graph approach to quantitative analysis of
control-flow obfuscating transformations. IEEE Transactions on Information Forensics and
Security, 4(2), 257-267.

Conflict of interest: Adnan I Alrabea declares that he has no conflict of

interest.