A framework with data-centric accountability and auditability for cloud storage

The cross-domain characteristic of cloud storage service decides that both users and service providers have limited trust toward each other. Judging from a real-world perspective, both parties may have the motivation to engage in dishonest activity for monetary reasons. Hence, accountability should be seriously treated in designing storage systems with practical security. This paper proposes a general accountable framework for cloud storage in a data-centric manner. We design non-repudiable action records to log all data-related access behavior, and through later auditing to detect possible misbehavior. To resist replay attacks, we adopt signature exchange idea to let both parties verify and maintain different metadata signatures signed by the other party. For potential disputes about data content or access records, we also design arbitration protocol to fairly and efficiently settle the dispute and find out the cheating party. Experimental evaluation of our prototype shows that cryptographic cost, storage overhead and throughput are reasonable and acceptable.