Indonesian J
ournal of Ele
c
trical Engin
eering and
Computer Sci
e
nce
Vol. 2, No. 2,
May 2016, pp
. 452 ~ 460
DOI: 10.115
9
1
/ijeecs.v2.i2.pp45
2-4
6
0
452
Re
cei
v
ed
Jan
uary 5, 2016;
Re
vised Ap
ril
18, 2016; Accepte
d
May 1
,
2016
Ensuring Data Integrity Scheme Based
on Digital
Signature and Iris Features in Cloud
1
Salah H Re
f
i
sh*,
2
Zaid Ameen Abdul jabbar,
3
Zaid Alaa Hu
ssie
n
4
Thair A Kadhim,
2
Ali A Yassin,
2
Moha
mmed Abdul
ridha Hus
sai
n,
5
Salam Wale
y
1
Huazh
ong U
n
i
v
ersit
y
of Sci
e
n
c
e and T
e
chno
log
y
, W
uha
n, Chin
a
2
Universit
y
of B
a
srah, Basra
h
, Iraq
3
Southern T
e
chnic
a
l Un
iversit
y
, Basra
h
, Iraq
4
Directorate of
Educati
on-B
a
b
y
l
on, Iraq
5
Universit
y
of T
e
chn
o
lo
g
y
, Ba
ghd
ad, Iraq
*Corres
p
o
ndi
n
g
author, e-ma
i
l
: manather
aa
@
y
ah
oo.com
A
b
st
r
a
ct
Clou
d
co
mp
uti
ng is a n
o
vel
para
d
ig
m th
at allow
s
users t
o
remotely ac
cess their d
a
ta throug
h
w
eb- bas
ed
to
ols
and
a
ppl
ica
t
ions. L
a
ter, th
e us
ers
do
not
have
the
a
b
ility
to
mo
nitor
or
a
rrang
e th
eir
dat
a.
In this case,
m
a
ny security challe
n
ges
h
a
ve b
e
e
n
rais
ed. One
of t
hese ch
all
e
n
g
e
s
is data
inte
grity.
Conte
n
tio
u
sly,
the us
er can
n
o
t
acce
ss h
i
s d
a
t
a directly
an
d
he co
ul
d n
o
t kn
ow
w
hether his
data
is
mod
i
fie
d
or not. T
h
erefo
r
e, the cl
ou
d s
e
rvice
provi
der
sho
u
ld
pr
ov
ide
efficie
n
t w
a
ys for the
user to
ascertai
n w
het
he
r
the integr
ity of his data is
pr
otected or co
mp
romised. In thi
s
paper, w
e
focus on the pr
o
b
le
m of ens
uri
n
g
the integrity of
data stored in t
he cloud. A
ddit
i
onally, we
propose a m
e
thod
whic
h com
b
ines biom
etric and
cryptogra
phy t
e
chn
i
qu
es i
n
a
cost-effective
ma
nn
er for
d
a
ta ow
ners to
ga
in trust in th
e c
l
ou
d. W
e
pres
ent
efficient
an
d s
e
cure
inte
grity b
a
sed
o
n
th
e ir
i
s
featur
e
extra
c
tion
an
d d
i
git
a
l si
gnatur
e. Iri
s
reco
gniti
on
h
a
s
beco
m
e a ne
w
,
emerge
nt appro
a
ch to in
d
i
vidu
al i
d
e
n
tific
a
tion i
n
the la
st dec
ade. It is one of the
mos
t
accurate identity
ve
rification
system
s. This
technique giv
e
s t
he cloud us
er more co
nfidence in
detecting
any bl
ock that has bee
n ch
ang
ed. Add
i
tio
nally, o
u
r
prop
osed sch
e
m
e
empl
oys user
’s iris features
to
secure
an
d i
n
t
egrate
dat
a i
n
a
ma
nner
diffic
u
lt for
any
inte
rnal or externa
l
u
nauth
o
ri
z
e
d entity
to
tak
e
o
r
compro
mis
e
it. Iris recogn
itio
n is an
intern
a
l
orga
n
that is
w
e
ll protecte
d
aga
in
st da
mag
e
an
d w
ear by
a
hig
h
ly tra
n
sp
ar
ent a
n
d
se
nsiti
v
e
me
mbran
e
.
Extensiv
e
s
e
c
u
rity a
n
d
perfo
rma
n
ce
an
alys
is sh
ow
that
o
u
r
prop
osed sc
he
me is h
i
g
h
ly efficient a
nd pr
ov
ably sec
u
re.
Ke
y
w
ords
: Cl
oud co
mputi
n
g
;
data integrity;
iris features; di
gital si
gnat
ure
Copy
right
©
2016 In
stitu
t
e o
f
Ad
van
ced
En
g
i
n
eerin
g and
Scien
ce. All
rig
h
t
s reser
ve
d
.
1. Introduc
tion
There are m
any benefici
a
l cha
r
a
c
teri
stics
of clou
d comp
uting,
such as be
ing on-
deman
d
self- se
rvice, b
r
o
ad net
wo
rk
a
c
cess, re
source p
oolin
g, rapid
el
asti
city, and me
asured
servi
c
e [1].
Conve
r
sely, there
exist m
any se
cu
rity chall
enge
s [2
, 3]. Cloud
storage
which
is
sup
p
lied by t
he clo
ud
serv
er an
d provid
ed to the
cl
o
ud users a
s
a se
rvice i
s
consi
dered o
n
e
o
f
these ch
allen
ges. On
the
one
h
and, cl
oud
inf
r
a
s
tru
c
ture
s are
m
o
re po
werful
and reliabl
e
t
han
person
a
l co
m
puting devi
c
e
s
, althoug
h in
ternal an
d ex
ternal th
reat
s to data integrit
y still exist. O
n
the othe
r ha
nd, there exi
s
t vario
u
s i
n
centives fo
r th
e clo
ud
se
rvice p
r
ovid
er
(CSP) to b
e
h
a
ve
dish
ono
rably
towards
clo
u
d
users, su
ch
as finan
cial
reason
s or
rep
u
tation. All these i
s
sue
s
a
r
i
s
e
becau
se once
the clo
ud
u
s
ers outsou
r
ce
their
data
to the
CSP th
ey no l
onge
r
have p
o
sse
s
sio
n
of a local
copy of their data. At the sam
e
time,
cloud users l
o
se the
ability to monitor and
control
their data in the clou
d, so i
t
can be ea
sil
y
corr
upted,
modified, or d
e
leted due to
hard
w
a
r
e fail
ure
or hum
an errors.
Thus,
protect
i
ng the i
n
teg
r
ity of data is hi
ghly e
s
sen
t
ial and
se
cu
rity chall
eng
e
in the
clou
d. Additio
nally, the dat
a sto
r
ed
in th
e cl
oud
i
s
not
only a
c
cesse
d
but al
so
fre
quently up
dat
ed
by cloud u
s
e
r
, includin
g
insertion, deletio
n, modifica
tio
n
etc. Thu
s
, it is imperative to suppo
rt the
dynamic feat
ure
s
of cloud
storag
e. The pro
c
e
ss of
saving data in the remote
ly located clo
u
d
serve
r
s i
s
ca
lled
clou
d
st
orag
e [4].Cl
o
ud u
s
e
r
s
ca
n upl
oad
the
i
r d
a
ta to
th
e cl
oud
a
nd
can
acce
ss the
s
e
data anytime and any
where. Th
ere
are key cha
r
acteri
stics th
at make cl
o
u
d
stora
ge b
e
tter than traditi
onal
stora
ge.
The
s
e
cha
r
acteri
stics a
r
e (1
) pe
rf
ormance: with
this
Evaluation Warning : The document was created with Spire.PDF for Python.
ISSN: 25
02-4
752
IJEECS
Vol.
2, No. 2, May 2016 : 452 –
460
453
feature th
e cl
oud
can
mov
e
hug
e am
ou
nts of d
a
ta o
v
er the gl
oba
l intern
et; (2) mana
gea
bility:
clou
d
stora
g
e
redu
ce
s th
e bu
rde
n
of
mainten
a
n
c
e at the
clie
nt sid
e
whe
n
data
is st
ored
remotely in
the cl
oud;
(3
) availability: in cl
o
ud
storage, data
are retri
e
ved freque
ntly, rapi
dly,
and securely
[5].
Most
re
sea
r
chers h
a
ve be
en workin
g to
introd
uce the
be
st option
s
to the cl
oud
u
s
ers
on
posse
ssion
a
nd inte
grity of
data [6
-1
1].Table I
sh
ows
the main
diffe
ren
c
e
s
b
e
twe
en o
u
r sch
e
m
e
and
other scheme
s
. In thi
s
p
ape
r, we
pre
s
ent
a
m
e
thod fo
r en
su
ring th
e inte
g
r
ity of data. T
h
is
method i
s
ba
sed
on
biom
e
t
ric te
ch
nolog
y, which i
s
co
nsid
ere
d
o
ne
of the m
ode
rn ap
pro
a
che
s
in
the security field. Gen
e
rall
y, biometri
c
emplo
ys phy
siolo
g
ical o
r
behavio
ral
chara
c
te
risti
c
s to
pre
c
isely iden
tify each
subj
ect. Co
mmon
l
y used
biom
etric fe
ature
s
inclu
de the fa
ce, finge
rp
rint
s,
voice, iri
s
, ret
i
na, gait, pal
m print, ha
nd
geomet
ry,
dental ra
diog
raph, etc. O
u
r work involve
s
the
iris. Iris recog
n
ition has b
e
c
ome a ne
w, emergent
ap
proa
ch to indi
vidual identification du
rin
g
the
last de
ca
de [
12]. In ou
r p
r
opo
sed
meth
od, the i
r
is
f
eature
s
are
dire
ctly obtai
n from th
e
cl
oud
use
r
.
We
pro
v
ide an
ap
proach that
su
pplie
s p
r
oof
of data i
n
teg
r
ity whi
c
h t
h
e
clo
ud
user
can
employ it to
che
c
k the correctn
ess of his or
he
r data
in the cloud. Additionally,
we propo
se
an
efficient and
se
cure po
sse
ssi
on and d
a
t
a integr
ity schem
e ba
se
d on feature
extraction from
clou
d user’
s
iris an
d digital
signatu
r
e to increa
se
the l
e
vel of securi
ty. So, we ca
n summ
ari
z
e
our
contri
bution
s
as
follo
ws:
Our work inv
o
lves th
e iri
s
. Iris
re
cog
n
iti
on h
a
s be
en
co
nsi
dered
an effe
ctive
approa
ch i
n
carrying o
u
t individual ide
n
t
ification duri
ng the last de
cad
e
.
The key fact
or employe
d
in our sche
m
e
is
based o
n
use
r
’ iris f
eature
s
, whi
c
h has be
en
sho
w
n to be
more
se
curity
again
s
t kno
w
n attacks.
We
present
a meth
od fo
r en
su
ring
th
e po
sse
ssi
on
and
inte
grity of d
a
ta a
s
well
as d
a
ta
dynamics.
The digital si
gnature is introdu
ced to su
pport ou
r sch
e
me in verification pha
se.
The
rest of t
h
is
paper i
s
or
ganized
as follows: Section 2
illust
rat
e
s design
issues and
cryptog
r
a
phi
c primitives.
The d
e
tails
of our
pr
o
p
o
s
ed
sche
me
are
pre
s
e
n
ted in Se
ctio
n 3.
Section
4 ad
dre
s
ses supp
ort data
dyna
mics. Se
cu
ri
t
y
analysi
s
an
d pe
rform
ance of ou
r work are
sho
w
n in Se
ction 5. The co
nclu
sio
n
in Section 6.
2. Design Iss
u
es
2.1. Problem Definition
s
We con
s
ide
r
a clou
d sto
r
a
ge syste
m
as con
s
isti
n
g
from three
part
s
as foll
ows: (1) cli
ent,
who
ha
s th
e
data file
s a
n
d
he
or she
wants to
b
e
stored
in
the
cl
oud. T
he
clie
nt sto
r
e
s
d
a
ta o
n
the
serve
r
without kee
p
ing
a
lo
cal co
py.
Hen
c
e,
it
i
s
o
f
criti
c
al im
po
rtance th
at th
e cli
ent
sho
u
l
d
be able to verify the integrity of the data stor
ed in
the remote
non-t
r
u
s
ted server. (2) Cl
oud
serve
r
, which
is a man
age
d data sto
r
a
g
e
se
rvice. If
the server
mo
difies any p
a
rt of the client’
s
data, the clie
nt shoul
d be
able to dete
c
t it. (3) T
he T
PA, who has
expertise and
capa
bilities t
hat
use
r
s d
on’t h
a
ve an
d i
s
trusted
to e
s
ti
mate the
cl
o
ud
storage
secu
rity on
be
half of the
u
s
er’s
requ
est
s
. In ca
se a third-party audito
r
verifies t
he in
tegrity of the client’
s
data,
the data sho
u
ld
be ke
pt private again
s
t the third-party au
ditor.
Figure (1) ill
ustrate
s
th
ese differe
nt e
n
tities
. Clie
nts rely on the
clou
d serve
r
for data
stora
ge
and
maintena
nce. They may al
so frequ
ently acce
ss an
d
update th
eir
data for va
rio
u
s
appli
c
ation p
u
rpo
s
e
s
. To ensure thei
r data is se
cu
re in cloud st
orag
e the users may re
so
rt to
conta
c
ting th
e TPA, while
the data shou
ld be kept
pri
v
ate. We assume the cl
ou
d se
rver p
r
ovi
der
may be dish
o
nest in two
ways and affe
ct directly
the use
r
’s d
a
ta: (1) delete
rare
ly acce
ssed d
a
ta
to
de
cre
a
se
t
he stora
ge cost,
(2) de
cid
e
to
hi
de
th
e corru
p
ted dat
a
cau
s
ed
by serve
r
ha
cks or
Byzantine fail
ure
s
to keep
reputatio
n. The T
PA sh
ould be
able
to verify the integrity of data
without a local copy of the data. Ho
wever,
any informatio
n lea
k
ed to the T
PA through the
verification p
r
oce
s
s sh
ould
be pro
h
ibited.
Figure
(2)
sh
ows our p
r
o
p
o
se
d schem
e
.
Evaluation Warning : The document was created with Spire.PDF for Python.
IJEECS
ISSN:
2502-4
752
Ensu
ring
Dat
a
Integrity Schem
e Based
on Digital Sig
nature a
nd Iri
s
…
(S
alah H
Refish)
454
Figure 1. The
traditional of auditing
sche
mes
Figure 2. Our sch
eme a
r
ch
itecture
2.2. Iris Rec
ognition
Gene
rally, bi
ometri
cs
em
ploys p
h
ysiol
ogical o
r
be
h
a
vioral
ch
ara
c
teri
stics to
pre
c
isely
identify each
subje
c
t. Co
mmonly used
biometri
c fe
ature
s
in
clud
e the face, fi
ngerpri
n
ts, voice,
iris, retin
a
, ga
it, palm print, hand g
eomet
ry, dental r
adi
ogra
ph, etc. Iris recognitio
n
has b
e
com
e
a
new, eme
r
ge
nt appro
a
ch to individual identificatio
n
in the last decad
e. The iri
s
of the eye
is
made up of a seri
es of h
o
les an
d cra
c
ks which a
r
e con
c
ent
rat
ed aro
und ea
ch iri
s
whi
c
h
vary
from one
person to a
noth
e
r in term
s o
f
t
he numbe
r, shape
and
even the di
stance betwee
n
them. As wel
l
, the pigmen
ts of the iri
s
vary fr
om on
e perso
n to
anothe
r, eve
n
if involving the
degree of col
our, be
cau
s
e
there are la
rge differen
c
e
s
in colo
ur within the sam
e
footprint, i.e.
what
con
s
titu
tes somethin
g distin
ct and
unique to
th
e eye and i
s
the impri
n
t of the iris. T
h
is is
one of the b
e
st metho
d
s
of security that enable
s
o
ne to co
nfirm
the identity of a person.
Iris
recognitio
n
i
s
o
ne
of th
e mo
st a
c
cu
rate id
entity verification
systems. A
c
curate
autom
atic
person
a
l ide
n
tification is
becoming m
o
re an
d mo
re significant to the opera
t
ion of secu
rity
sy
st
em
s.
A
t
y
pical i
r
is
re
cog
n
it
ion
sy
s
t
em is g
r
a
phi
cally sho
w
n i
n
Figu
re
(3
). The
whol
e i
r
is
recognitio
n
proce
s
s is ba
si
cally
divided i
n
to four ste
p
s [12, 13]:
Image
acqui
sition;
Iris imag
e pre
p
ro
ce
ssi
ng;
Iris feature extraction; an
d
Matc
hing.
Figure 3. The
Human Iri
s
Evaluation Warning : The document was created with Spire.PDF for Python.
ISSN: 25
02-4
752
IJEECS
Vol.
2, No. 2, May 2016 : 452 –
460
455
The i
r
is biom
etric deal
s
wi
th identifying
a hum
an
bei
ng by
his/h
e
r iris patte
rn
e
x
tracted
from theim
a
g
e
s
of hi
s/her
eye. As
sho
w
n in Fi
gu
re (3
),
the
h
u
ma
n eye
con
s
ist
s
of
three
maj
o
r
parts:
pupil
(the inn
e
rm
ost
black p
a
rt), i
r
is (th
e
co
lou
r
e
d
part
)
an
d sclera
(the
whit
e part
)
. The i
r
is
and p
upil a
r
e
said to
be n
o
n
-con
cent
ric.
The radiu
s
of
inner
bo
rde
r
of the iri
s
, i.e. its bo
rde
r
wit
h
the pupil, is a
l
so not con
s
tant sin
c
e the
size
of the pu
pil increa
se
s and de
crea
se
s dep
endin
g
on
the amou
nt of light inciden
t to the pupil. Each individ
ual ha
s a uni
que iri
s
patte
rn. This
patte
rn
can b
e
extra
c
ted from the
image of the ey
e and encoded. The
co
de ca
n be co
mpared to the
cod
e
s o
b
tain
ed from the i
m
age
s of oth
e
r eye
s
or
th
e sam
e
eye. The re
sult of
comp
ari
s
o
n
can
rep
r
e
s
ent th
e am
ount
of differe
nce b
e
twee
n the
comp
ared
co
des. In
that
way it
can
be
con
c
lu
ded
if the
comp
ared
eye p
a
ttern
s
belon
g to
th
e
same
o
r
diffe
rent
eye. Co
mpared to
ot
her
biometri
cs, such
a
s
voice
and fa
cial fe
a
t
ures,
wh
i
c
h
tend to
ch
ang
e over time, the iri
s
biomet
ric
is stabl
e and
remai
n
s the
same for a pe
rso
n
’s lif
etim
e [14]. The use of co
ntact
lense
s
, gla
s
se
s
and even eye
surg
ery cann
ot affect
the iris ch
ara
c
te
ristics.
The iris imp
r
i
n
t reade
r wo
rks throug
h re
ading an
d sto
r
ing it as an a
rray: the lengt
h of th
e
image i
s
in column
s an
d the width i
s
i
n
ro
ws. Thi
s
is se
nt to a comp
uter to
get a 512 b
y
te
template, a
c
cordin
g to iri
s
cha
r
a
c
teri
stics whic
h will
b
e
matched
wi
th the sto
r
ed
data. Althoug
h,
the iris
re
co
g
n
ition is th
e strong
way in t
he id
e
n
tificati
on sy
stems a
s
mentio
ned
above, ho
we
ver,
it requi
re
s software
and
ha
rdwa
re
co
sts.
In our
wo
rk,
we d
o
not n
e
ed the
softwa
r
e a
nd h
a
rd
ware
overhe
ad.
Ju
st first time t
he u
s
e
r
take
s hi
s iri
s
feat
ure
s
a
nd the
n
sto
r
e
s
it in
the USB d
e
vice.
The figure (4
) distingui
sh
es betwee
n
the
s
e ways a
c
co
rding to the costs.
If we
are
u
s
i
ng the
tra
d
itional
way
(A)
and
su
ppo
se
we
h
a
ve 1
0
00 u
s
e
r
s
wish to l
ogin
the system at
the same tim
e
. It is
very difficult to just imagine that,
how lo
ng time we ne
ed to get
the iris features as
well as
the costs of the hard
w
a
r
e
and softwa
r
e. So, becau
se we a
r
e u
s
ing
the cl
oud
env
ironm
ent, we
sho
u
ld
ben
efit from it
s fa
cil
i
ties. Th
e te
rm “p
ay a
s
yo
u go
” i
s
a
gre
a
t
solutio
n
in
thi
s
field.
We
ca
n rely
on th
e
clou
d
s
e
r
v
ic
es
pr
o
v
id
ers
su
c
h
as
[G
oo
gle
,
Ama
z
o
n
,
a
n
d
Mic
r
osoft] whic
h
areproviding (Iaas
,
P
a
as
, and
Saas
).
We
s
h
ould say here,
us
ing the c
l
oud
servi
c
e
s
do n
o
t force u
s
to involve it eve
r
y time
for fin
anci
a
l rea
s
o
n
s. So, in our work, we expl
oit
clou
d provid
er ju
st to obtain iris fe
atu
r
es to
u
s
e it
in the clou
d
serv
e
r
later.
(B) Sho
w
s t
h
e
mech
ani
sm f
o
r ge
ne
rating
iris featu
r
e
s
based o
n
cl
oud
servi
c
e
provide
r
in p
r
og
re
ss fo
r e
a
ch
use
r
and the
n
he store
s
it in his USB wh
ich is u
s
ed in
login sy
stem and verification pro
c
e
s
s la
ter
that doe
s no
t requi
red
software
and
hard
w
a
r
e fo
r obtainin
g
iri
s
at first, an
d do
softwa
r
e
operation
s
su
ch a
s
pre
p
rocessing, f
eature extraction a
nd cla
s
sificati
on.
Figure 4. The
main differen
c
e bet
wee
n
traditional
way (A) and o
u
r p
r
opo
se
d (B) f
o
r obtaini
ng iris
feature
s
2.3. Schnorr Digital Signa
ture
Gene
rally, Schn
orr Di
gital
Signature p
r
ese
n
ted a
scheme
relying
on ElGam
a
l
digital
sign
ature, b
u
t with mini
mize
s si
gnat
ure
size. It
is very attra
c
tive se
cu
rity, qualified and
gene
rate
s sh
ort sign
atures. We revie
w
Schno
or
sign
ature sch
e
me
as follows [1
5].
Evaluation Warning : The document was created with Spire.PDF for Python.
IJEECS
ISSN:
2502-4
752
Ensu
ring
Dat
a
Integrity Schem
e Based
on Digital Sig
nature a
nd Iri
s
…
(S
alah H
Refish)
456
Key G
e
n
: Let
p, q
are large prim
es. User
sele
cts a
n
element
e
1
of prime orde
r
q
, and
comp
utes e
2
=
. User’
s
pu
blic key is (
e
1
, e
2
, p,
q
) and his privat
e key rep
r
e
s
ents by
d
,
whe
r
e
1
d
q
is uniformly
sel
e
cted.
Sign (e
1
, d,
M)
: He pi
cks a
ran
dom
n
u
mbe
r
r
, wh
en h
e
want
s to si
gn
me
ssag
e, he
need
s to
cha
nge
r
. Th
e va
lue of
r
i
s
bet
wee
n
1
an
d
q
. Clo
ud
user co
mpute
s
th
e first si
gnatu
r
e
S
1
= H(M|
|
mod p)
. The signing me
ssa
ge (
M
) is based on the value of
m
od
p
, where ha
sh
function is a
pplied to the c
oncatenati
on function (||) of
M
and
m
od p
. Th
en, cloud user
comp
utes the
second
sign
ature
S
2
= r +
d S
1
m
od
q
and se
nd
s (
M, S
1
, S
2
) to
the Verifier.
Verify (M
, e
1
, e
2
, S
1
, S
2
)
: Verifier rec
e
ives
M, S
1
and
S
2
, th
en co
mpute
s
V =
H(M||
m
odp)
. Finally, Verifier c
o
mpares
V m
od p
with
S
1
, if the result is t
r
ue, th
e
massag
e is a
c
cepted; othe
rwi
s
e, it is rej
e
cted.
3. Our Propo
sed Scheme
The ge
ne
rate
meta-d
ata which i
s
b
a
sed
on t
he featu
r
es of the iri
s
combi
ned
wi
th the
origin
al data
to pro
d
u
c
e
scra
mble
data
.
In the ve
rifi
cation process,
the client want
s
to
e
n
sure
that his data
in safe o
r
not
. The verifier
(clie
nt
) p
r
ep
a
r
es
a challen
ge for the ta
rget se
rver a
n
d
asks th
e serv
er to respon
d
.
The challen
ge dete
c
ts
th
e numb
e
r
of the origi
nal bl
ock a
s
well a
s
the rel
a
ted
si
gnature that
is p
o
sse
s
sed
to be ve
rifie
d
.
The sp
ecif
ied serve
r
re
plies with
t
w
o
values: the original data bl
ock and t
he signature. Here, this time, the verifier u
s
es hi
s or he
r iris
feature
s
to decrypt the m
e
ta-data a
n
d
ensu
r
e
s
tha
t
the decrypt
ed value ma
tche
s with th
e
origin
al data. If the result is true
the integ
r
ity of data is confirmed.
3.1. Installati
on Proces
s
In this p
r
o
c
e
ss
we
have t
w
o
stage
s a
s
follo
ws:
(Fi
gure
5 Sho
w
s the In
stalla
tion and
v
e
rif
i
cat
i
on p
r
oce
s
se
s).
The
cloud
u
s
er wants to
store hi
s d
a
ta in
the cl
oud se
rver, so
h
e
shoul
d
make
some
operation
s
as follows:
Assu
me that
the input fil
e
F
is
divide
d into
m
data blo
c
ks by
usin
g the d
a
t
a fragme
n
t
techni
que
wh
ere ea
ch of th
e blocks invol
v
es \emph{
n}
se
ctors.
The
cl
oud user
ge
ne
rates rand
om key
k
, and then u
s
es a
n
y symm
etric al
go
rithm to encrypt
the data blo
c
ks.
=(
k,
F).
The metad
a
ta are ge
ne
rat
ed from the e
quation (1) a
s
:
(
T
i
)=
(
H(m
i
||F
id
)||fi
)
(1), wh
ere
F
id
is the i
dentifier of the file..
The clo
ud u
s
er then
send
s (
,
T
i
) to the CSP.
3.2. Verification Process
The cl
oud u
s
er (o
r third p
a
rty auditor) i
s
re
quired to
generate a
chall
enge m
e
ssage. Thi
s
messag
e con
s
ist
s
of c data blocks ran
domly as a
chall
enge me
ssage (
chal =
) by
usin
g p
s
eu
do
-ra
ndom
pe
rmutation [16]
keyed
wi
th a
fresh ra
ndo
mly-ch
osen
key to preve
n
t
the serve
r
fro
m
anticipat
in
g the block in
dice
s.
Clou
d serve
r
set
s
up
pu
blic
key of Sch
norr’s
digital
sign
ature
PK
Schnorr
= (e
1
, e
2
, p, q)
an
d
private key:
SK
Schnorr
= d
∈
∗
.
Whe
n
the
ch
alleng
e me
ssage i
s
re
ceiv
ed by th
e
cl
o
ud
serve
r
, th
e proof me
ssage, in
cludi
ng
aggregatio
n authenticator tags
T
i
and a linear combin
ation of the blocks
σ
=
∑
, where
i
is the ind
e
x
of the block. Thi
s
pr
oof i
s
gene
rated
b
a
se
d on th
e ch
alleng
e
message
=.
∑
||
The cloud server will Apply digital si
gnature schnorr to
produce two
values
S
1
, S
2
:
S
1
=h(
||
m
od p), S
2
=
+
m
od q.
Then send
(
S
1
, S
2
) to
the cloud u
s
er.
The clo
ud u
s
er will do
som
e
operation
s
as follo
ws:
Comp
ute
V=h(T||
m
od p.
Verify whethe
r
V=
S
1
. If
true, the clou
d use
r
kno
w
s that the
data is sto
r
ed
corre
c
tly.
Evaluation Warning : The document was created with Spire.PDF for Python.
ISSN: 25
02-4
752
IJEECS
Vol.
2, No. 2, May 2016 : 452 –
460
457
Figure 5. The
Verification p
r
ocess in ou
r
prop
osed sch
e
me
4. Pro
v
iding
Data D
y
nami
cs
We supp
ose
d
that
F
rep
r
ese
n
ts stati
c
or archive
d
d
a
ta. This ap
p
r
oa
ch
can b
e
adapted
to
s
o
me
ap
p
l
ic
a
t
io
n sc
en
ar
io
s
,
s
u
c
h
as lib
r
a
r
i
es
an
d sc
ie
n
t
ific d
a
t
a
b
a
s
e
s
.
Ho
we
ve
r
,
in
c
l
oud
data storage,
there are ma
ny possi
ble scen
ario
s
whe
r
e the data st
ored in the cl
oud is dynam
ic,
as for in
stan
ce e-do
cum
e
nts, phot
o
s
, log files, etc.
Therefo
r
e, it is cru
c
ial to con
s
id
er the
dynamic
ca
se, whe
r
e a
use
r
may wi
sh to pe
rform multiple functio
n
s
(blo
ck level u
p
d
a
te,
deletion
s
and
additio
n
s th
at modify the
data
)
, while
ke
epin
g
co
rrection
s, e
n
su
ring
security
of
stora
ge.
Data modifi
cation
:
We
set out fro
m
data modifi
cation,
whi
c
h
is on
e of the mo
st
repe
atedly u
s
ed
op
eratio
ns i
n
cloud
d
a
ta sto
r
ag
e.
A fundam
ent
al data
modif
i
cation
op
era
t
ion
indicates the
repla
c
em
ent
of particula
r bloc
ks
with new one
s. Imagine that
the cloud u
s
er
deman
ds th
e
modificatio
n
of the data bl
ock
m
i
. Firstly, this depen
d on the n
e
w data blo
c
k
Nm
i
,
the clo
ud u
s
er produ
ce
s corre
s
po
n
d
ing meta
da
ta (
T
i
)=
(
H(
Nm
i
||F
id
)||fi
). T
hen, he
or sh
e
gene
rate
s an
update ch
alle
nge
=(M,i,
, Nm
i
)
and send
s it to the
clo
ud serve
r
, wh
ere
M
den
ote
s
the modifi
cati
on op
eration.
Upo
n
receiving
the req
u
e
s
t,
the
cl
oud serve
r
(1)
re
p
l
ace
s
m
i
with
Nm
i
;
(2) repla
c
e
s
T
i
with
.
Data inser
tion
: Compa
r
ed
to the modification p
r
o
c
e
s
s, whi
c
h do
e
s
not manip
u
l
a
te the
logic
stru
cture of the clou
d use
r
’
s
data
file, there is
one form
of
data ope
ration
s, data in
serti
on,
whi
c
h in
dicates
by insertin
g othe
r bl
ocks follo
wing
so
me spe
c
ified
positio
ns in t
he o
r
igin
al d
a
ta
file. For in
sta
n
ce, the
clo
u
d
user
req
u
e
s
ts to a
dd bl
o
ck
Nm
i
after
i
th block
m
i
. T
h
is
pr
oc
e
d
u
r
e i
s
simila
r to the
modificatio
n
pro
c
e
ss. First
l
y, depending
on
Nm
i
the cloud user p
r
o
duces an
up
da
te
chall
enge
= (I
, i,
, Nm
i
)
and send
s it to the cloud serve
r
, whe
r
e
I
refers to the insertion
operation. Up
on re
ceiving t
he req
u
e
s
t, the clou
d se
rve
r
(1
) add
s
Nm
i
after
m
i
; (2) adds
after
T
i
.
Dat
a
deletio
n
: This is the
oppo
site ope
ration to data inse
rtion. It indicate
s re
mo
ving the
particula
r bl
o
c
k an
d m
o
vin
g
all th
e follo
wing
blo
c
ks
one
blo
c
k forward. Fo
r i
n
stance, th
e
clo
ud
serve
r
re
ceiv
es the
upd
ate challe
nge
=(D,i)
for d
e
let
i
ng of
m
i
, where
D
den
otes the deleti
on
operation. Th
e clou
d se
rve
r
delete
s
ea
ch of
m
i
, T
i
from its stora
ge
spa
c
e.
Evaluation Warning : The document was created with Spire.PDF for Python.
IJEECS
ISSN:
2502-4
752
Ensu
ring
Dat
a
Integrity Schem
e Based
on Digital Sig
nature a
nd Iri
s
…
(S
alah H
Refish)
458
Table 1. Co
m
pari
s
on of different integ
r
it
y verification schem
es
with our sch
e
me
Proposed
scheme
Privacy
-
preserving
D
y
namic
operations
Unlimited
number of
queries
Public
ver
i
fiability
Recover
ability
Non-
trusted
ser
v
er
Ou
r s
c
h
e
m
e
Ye
s
Ye
s
Ye
s
Ye
s
Ye
s
Ye
s
[6] No
No
No
Yes
No
Yes
[7] No
No
No
No
No
Yes
[8] No
No
No
No
No
Yes
[11] No
Yes
No
No
No
Yes
[17] No
Yes(pa
rtiall
y
)
No
No
No
Yes
[
1
8
]
No
Ye
s
Ye
s
Ye
s
No
Ye
s
[
1
9
]
Ye
s
Ye
s
Ye
s
Ye
s
No
Ye
s
5. Securit
y
A
n
aly
s
is of O
u
r Proposal
In this
s
e
c
t
ion, we review a
formal analysi
s of the se
cu
rity features o
f
our schem
e.
Theorem 1.
Our p
r
op
osed
sch
eme p
r
ov
ides p
r
ivacy p
r
otectio
n
.
Proof
. The i
nput file
F
i
s
divide
d int
o
m
data bl
ocks
by u
s
in
g the dat
a fragm
ent
techni
que wh
ere ea
ch of the blocks involves
n
se
ct
ors. After tha
t, the cloud use
r
gen
erat
es
rand
om key
k
, and then uses any symm
etric alg
o
ri
th
m to encrypt the data blo
c
ks.
=(
k,
F).
The
metadata
are
gene
rated, t
he cl
oud
use
r
then
se
nd
s
(
,
T
i
) to the CSP. So, there
is no
way to
learn the
cont
ent of the data file. Therefo
r
e, our
schem
e provide
s
p
r
i
v
acy prote
c
tion.
Theorem 2.
If the CSP can ge
ne
rate
a valid p
r
oof
that pa
sses
the
Verif
y
Proof
pha
se
of the
verifier, then
it must in
d
eed p
o
sse
ss the sp
e
c
ifie
d intact
data
.
So, our
propo
sed
sche
me
provide
s
data
storag
e co
rrectne
s
s.
Proof
. The m
e
tadata a
r
e g
enerated fro
m
T
i
=(
H(
m
i
||F
id
)||fi
), where
F
id
is the ide
n
tifier of
the file. Any
adversary or attack
er will
have difficulty forging (
T
i
). Thus, a mali
cious CSP ca
nnot
tamper with
a valid resp
onse
=
∑
T
||
σ
to pass the verification ph
ase by the ve
rifier
becau
se the
cloud serve
r
will apply d
i
gital signatu
r
e schno
rr to
produ
ce two values
S
1
, S
2
,
S
1
=h(
||
m
od p
)
, S
2
=
+
m
od q
. Then send
(
S
1
, S
2
) to the c
l
oud us
er (verifier). After that,
the cloud u
s
e
r
comp
utes
V=
h(T||
m
od p)
, and verify w
hether
V=
S
1
. If
true, the cloud user
kno
w
s that the data is sto
r
ed co
rrectly. So,
our sche
me provid
es
data sto
r
age
corre
c
tne
s
s.
Theorem 3.
Our p
r
op
osed
sch
eme
can
withsta
nd the
off-line gue
ssing a
nd forg
ery attacks.
Proof
. In ou
r
prop
osed
sch
e
me, the a
c
ti
ve attacker
d
e
mean
ors
su
ch a
s
im
pe
rsonation
do n
o
t g
a
in
h
i
m/her
any
profit byapplyin
g
off-lin
e
g
u
e
ssi
ng attack, becau
se
th
e clou
d
u
s
e
r
wi
ll
not re
play u
n
l
ess he
che
c
ks the h
one
st
of
the
CSP. Anattacker is not abl
e to
compute
V
sin
c
e
he doe
s not
have the abili
ty to get
the values of (
f
i
, e
1
, e
2
, p, q
),
becau
se ou
r prop
osed sch
e
me
prevent
s di
sclosin
g
any in
formation th
rough th
e co
mmuni
cation
proto
c
ol b
e
tween
clou
d u
s
er
and CSP. Th
erefo
r
e, our p
r
opo
se
d sche
me re
sist
s the off-line and
forge
r
y attacks.
Theorem 4
.
Our
work can
supply re
cov
e
rability.
Proof
. Ge
nerally, when
th
e verifie
r
can
dete
c
t the
corrupted
data
,
he o
r
she
e
x
ecute
s
the data reco
very pro
c
e
s
s
for salva
g
ing
and h
and
lin
g
of the data. In our
propo
sed sch
e
me t
h
e
clou
d use
r
calcul
ates
V=h(T||
m
od p)
, then Verify whether
V=
S
1
.
If false, the
clou
d use
r
knows that t
he data i
s
not stored correctly;
and the data was tampered wit
h
illegally. At that
time, the clo
u
d
user
sho
u
ld
return the
m
i
,
T
i
to the cl
ou
d se
rver to
re
cover the o
r
ig
inal data
whi
c
h
is modified. S
o
, this schem
e can
supply recoverability.
Evaluation Warning : The document was created with Spire.PDF for Python.
ISSN: 25
02-4
752
IJEECS
Vol.
2, No. 2, May 2016 : 452 –
460
459
Figure 6. The
performan
ce
of our auditin
g
scheme
The clo
ud u
s
er gen
erates
and en
crypt
s
the dat
a files before sto
r
i
ng them in the clou
d
serve
r
. Th
e i
r
is fe
ature e
x
traction
en
sure
s effi
ci
en
cy, high
pe
rforma
nce, an
d security. T
he
efficien
cy of
our work h
a
s
been
teste
d
b
y
mea
s
ur
i
ng t
he
re
spon
se
t
i
me of th
e
clo
ud
se
rver.
Ou
r
work h
a
s
be
en exe
c
uted
and te
sted
on a d
a
taba
se
contai
ning
iris featu
r
e
s
of many users.
These iri
s
feature
s
we
re
acq
u
ire
d
ra
n
domly fr
om the clo
ud u
s
e
r
. We sho
w
the perfo
rma
n
c
e of
our sch
e
me i
n
Figure 6 wh
ich is mo
re ef
ficient and
sui
t
able in clo
u
d
environm
ent.
6. Conclusio
n
In this paper, we produ
ced an app
ro
ach for data
integrity in
clou
d com
p
u
t
ing and
involved the iris featu
r
e
s
a
s
well a
s
the
digital
signat
ure to achiev
e the corre
c
t
ness of data.
In
su
ch a way, the cloud u
s
er i
s
a
ssi
st
ed in co
nfirming that the data is no
t acce
ssed f
r
om
unauth
o
ri
sed
entities th
at u
t
ilise the
clo
u
d
serve
r
. Add
i
tionally, the cloud
use
r
ca
n
trust
uplo
ade
d
data in any situation. Th
e noti
on of our p
r
op
osal
involves obt
aining integ
r
i
t
y in cloud d
a
ta
stora
ge with powerful relia
bility
in
ord
e
r for
t
he u
s
e
r
s
to not have t
o
wo
rry
abou
t uploadi
ng th
eir
data. In thi
s
prop
osed
scheme
we h
a
v
e impo
rtant
features co
mpared to
p
r
ior, related
work
(Tabl
e I). Ad
ditionally, this wo
rk enjoy
s
many secu
rit
y
feature
s
su
ch
as: fo
rward secre
c
y, d
a
ta
stora
ge
correctne
ss, bio
m
etric a
g
re
e
m
ent, and
p
r
ivacy protection. The pe
rforma
nce a
n
d
se
curity a
naly
s
is show that
our
schem
e i
s
effi
ci
ent an
d secure
agai
nst u
nautho
ri
sed
servers
a
nd
use
r
s. So, it is extremely conveni
e
n
t for clou
d storage
system
s.
Referen
ces
[1]
M
y
kl
etun E, N
a
rasimh
a M, T
s
udik G. Auth
ent
icati
on a
nd
integr
it
y
i
n
o
u
tsource
d data
b
ases.
T
r
ans.
Storage
. 2
006;
2(2): 107-1
38.
[2]
Ashish
Kumar
.
W
o
rld of Cl
ou
d
Comp
uting
an
d secur
i
t
y
.
Inte
rnatio
nal J
our
n
a
l of Cl
ou
d Co
mp
utin
g an
d
Services science (IJ-CLOSER)
. 2012; 1(2):
53-5
8
.
[3]
Sean
Carl
in, K
e
vin C
u
rra
n.
Cl
oud Comp
utin
g
T
e
chnolog
ies.
Internatio
na
l J
ourn
a
l of C
l
o
u
d
Co
mp
uting
and Serv
ices s
c
ienc
e (IJ-CLOSER)
. 2012; 1(
2): 59-65.
[4]
W
ang C, W
a
n
g
Q, Ren K, Cao N, L
ou W
.
T
o
w
a
r
d
s Sec
u
re an
d D
epe
nda
ble Stor
ag
e Services
i
n
Clou
d
Com
puti
n
g
. IEEE Transactions on Ser
v
ices Computing
. 201
2; 5(2): 220-2
32.
[5]
Es
w
a
ra
nS.Abb
uru S. I
dentif
yi
ng
Da
ta
Integri
t
y
i
n
th
e
Clo
ud
Storag.
Inter
n
a
t
iona
l Jo
urn
a
l
of Co
mput
e
r
Scienc
e Issues
. 2012; 9(2): 40
3-40
8.
[6]
Atenies
e G, Burns R, Curtmola R, He
rri
ng J, Kissner
L, Peterson Z
,
Song D.
Provab
le Da
t
a
Possessi
on at
Untrusted S
t
ores
. Procee
din
g
s of the
14th c
onfer
ence o
n
Co
mputer an
d
Commun
i
cati
o
n
Securit
y
(CC
S
’07). Al
e
x
a
n
d
r
ia, USA, ACM. 2007; 5
98-6
0
9
.
[7]
Juels
A, Kalis
ki BS Jr.
P
o
r
s
: Proofs of
Retriev
abi
lity f
o
r L
a
rge
F
i
l
e
s
.
Procee
di
ngs
of the
1
4
th
confere
n
ce
on
Comp
uter
a
n
d
Commun
i
cati
o Securit
y
(C
CS
’07), A
l
e
x
a
ndri
a
, USA, ACM.
200
7: 5
84-
597.
Evaluation Warning : The document was created with Spire.PDF for Python.
IJEECS
ISSN:
2502-4
752
Ensu
ring
Dat
a
Integrity Schem
e Based
on Digital Sig
nature a
nd Iri
s
…
(S
alah H
Refish)
460
[8]
Bo
w
e
rs KD, Juels A, Oprea A.
HAlL: A High-Av
ai
lab
ilit
y and Inte
grity
Layer for C
l
o
ud Stora
g
e
.
Procee
din
g
s of
the 16th co
nfe
r
ence
o
n
C
o
mputer a
nd C
o
m
m
unic
a
tions S
e
curit
y
(CCS '
0
9), Chica
g
o
,
IL, USA, ACM.
200
9: 187-
198.
[9]
Lin H
Y
, T
z
eng W
G. A secure erasur
e cod
e
-b
ased c
1ou
d sto
r
age s
y
stem
w
i
th secure
data
for
w
a
r
di
ng
.
IEEE Transaction onP
arallel
and Distributed
System
s
. 20
12
; 23(6): 995-1
0
03.
[10]
W
W
ang Q, W
ang
C, Li
J, R
e
n
K, Lo
u W
.
En
abli
n
g
Pu
blic
V
e
rifia
b
il
ity an
d
Data
Dyna
mics
for Stora
g
e
Security i
n
Clo
ud C
o
mp
utin
g.
Proce
e
d
i
ngs
of
the 14th Eur
ope
anc
onfere
n
c
e. Res
earch
i
n
Com
pute
r
Securit
y
(E
SORICS'
09), Sain
t Malo, F
r
ance. 2009: 3
55-3
7
0
.
[11]
E Er
w
a
y
C,
Kupcu
A, Pa
pama
n
tho
u
C,
T
a
massia R.
Dyn
a
m
ic
Pr
ovab
le Data
Possessi
on
.
Procee
din
g
s of
the 16th co
nfe
r
ence
o
n
C
o
mputer a
nd C
o
m
m
unic
a
tions S
e
curit
y
(CCS '
0
9), Chica
g
o
,
IL, USA, ACM.
200
9: 213-
222.
[12]
P Pravin S. Patil,
Kolh
e SR, P
a
til RV. T
he C
o
mparis
on
of Ir
is Rec
o
g
n
itio
n
usin
g Pri
n
cip
a
l
Comp
one
n
t
Anal
ys
is, Log
Gabor a
nd Ga
bor W
a
vel
e
ts.
Internatio
na
l Journ
a
l of
Co
mputer Ap
plic
ati
ons
. 20
12
;
43(1): 29-
33.
[13]
Kalka ND, Ji
n
y
u Z
,
Natalia A
S
, Bojan CL. Image q
ual
it
y
a
ssessment for iris.
Defens
e a
nd Secur
i
ty
Sym
p
osium
. 2006: 1-1
1
.
[14]
J Dau
g
ma
n
J. Recog
n
izi
n
g pers
ons
b
y
their ir
is p
a
tterns.
Ad
va
nce
s
i
n
Bi
ometi
r
c Pe
rso
n
Authentic
atio
n
, Spring
er. 200
5: 5-25.
[15]
BF
orouza
n
B.
A. Cr
yptogr
a
p
h
y
and
Net
w
ork Se
c
u
rit
y
.
1st Editi
on. M
c
Gra
w
-
Hil
l co
mpan
ies. Inc
.
200
8.40
2-40
3.
[16]
R Impa
gli
a
zz
o R,
Levi
n
LA, Lu
b
y
M.
Pseu
do-ra
nd
om g
ener
atio
n fro
m
one-
w
a
y functions
.
Procee
din
g
s
of the T
w
e
n
ty-F
irst Ann
u
a
l
AC
M S
y
m
p
o
s
ium On T
heor
y
of Com
p
uting, ACM
,
Seattle,W
a
shi
n
gton, Unit
e
d
States. 198
9: 12
–24.
[17]
A Ateniese G, Pietro RD, Ma
ncini
LV, T
s
udik G.
Scalable
and Efficie
n
t Provab
le Data
Possessi
on.
Procee
din
g
s
of the
4th Inter
n
a
t
iona
l C
onfer
en
ce o
n
S
e
curit
y
and
Privac
y i
n
Commun
i
cati
o
n
N
e
t
w
ork
s
(Secure C
o
mm
’08), Istanbu
l, T
u
rkey
. 2
008:
1-10.
[18]
C W
ang
C, W
a
ng Q, Re
n K,L
ou W
.
Ensur
i
n
g
dat
a stora
ge
security i
n
cl
ou
d co
mp
utin
g.
P
r
ocee
din
g
s
of the17th Inte
rnatio
nal W
o
rk
shop o
n
Qual
ity of Servic
e (IW
Q
oS '
09), Charl
e
ston, Sou
t
h Carol
e
n
a
,
IEEE. 2009: 1-
9.
[19]
Z
Hao Z
,
Z
hong S, Yu N.
A Privac
y
-
Pr
e
s
ervi
n
g
Remot
e
Data Integri
t
y
Check
i
ng P
r
otocol
w
i
t
h
DataD
y
n
a
mics
an
d Pu
blic
V
e
rifia
b
il
it
y
.
IEE
E
T
r
ansacti
on
s on K
now
le
d
ge
and
Data
Engi
neer
in
g.
201
1; 23( 9): 1432-
143
7.
Evaluation Warning : The document was created with Spire.PDF for Python.