這篇論文中我們研究如何開發一個有效率的即時稽核技術以及雲端儲存系統使用的違反證明技術 (Proof of Violation；簡稱 POV)。POV 技術可以讓使用者或是服務提供者做出密碼學的證據，可以用來證明服務提供者違反特性 (Properties)，或讓服務提供者證明自己的清白。POV 技術是讓雲端的使用者和服務提供者擁有互相不可否認性的技術。即時的稽核會在每一次的檔案操作之後執行，以確保可以即時發現服務提供者的違反行為。在目前所知的解決方法中，他必須要在客戶端的裝置中保留檔案的雜湊值，客戶端儲存及同步這些檔案的雜湊值會照成極大的負擔，而且當一個客戶端一段時間未做檔案操作，下一次檔案操作前的同步動作會花上非常長的時間。
我們提出一個投票的方法讓客戶端的設備不需要保留任何的檔案的雜湊值。利用多個獨立的服務提供者，客戶端不僅能即時的稽核、支援 POV 技術，又能同時擁有多份的備份。實驗結果顯示，本論文提出的方法相較於之前的雲端儲存即時稽核技術，平均來看能夠節省8倍的時間，遇到最糟的情況能夠節省超過20倍的時間。雲端儲存的服務提供者可以利用我們所提出的方法，將互相不可否認性的保證加入他們的服務層級協議。

In this paper we study how to develop an efficient real-time auditing and proof of violation on cloud storage. Proof of violation can let user and service provider generate cryptographic proofs that used to proof service provider’s properties violate, or let service provider proof it’s innocence. Proof of violation are solutions for obtain mutual nonrepudiation between user and service provider. Real-time auditing perform on the end of every file operation so that the violation of the service provider can be found instantly. Existing solutions need to cache file’s hash value on client device. Storing and synchronize these file’s hash value are really huge overhead for client device. If a client device being offline in ages, synchronize to latest file’s hash value will speed a really long time.
We propose a real-time proof of violation for cloud storage by replication and voting that let client device don’t need to cache any file’s hash value. Using multiple Independent service provider so that client device can real-time audit, support proof of violation, and having multiple file replication. Experimental results are presented that our scheme outperforms previous work 8 times by average, and in the worst case our scheme outperforms previous work by 20 times. Service providers of cloud storage can use the propose scheme to provide a mutual nonrepudiation guarantee in their service-level agreements.

[1] "Google Drive," [Online]. Available: https://www.google.com/intl/en/drive/.
[2] "Dropbox," [Online]. Available: https://www.dropbox.com/.
[3] "OneDrive," [Online]. Available: https://onedrive.live.com/about/en/.
[4] "iCloud," [Online]. Available: https://www.icloud.com/.
[5] "SugarSync," [Online]. Available: https://www.sugarsync.com/.
[6] "Box," [Online]. Available: https://www.box.com/.
[7] S. Kamara and K. Lauter, "Cryptographic cloud storage," in Financial Cryptography and Data Security, Springer, 2010, pp. 136-149.
[8] J. Feng, Y. Chen, D. Summerville, W.-S. Ku and Z. Su, "Enhancing cloud storage security against roll-back attacks with a new fair multi-party non-repudiation protocol," in Consumer Communications and Networking Conference (CCNC), 2011 IEEE, IEEE, 2011, pp. 521-522.
[9] E.-J. Goh, H. Shacham, N. Modadugu and D. Boneh, "SiRiUS: Securing Remote Untrusted Storage.," in NDSS, vol. 3, 2003, pp. 131-145.
[10] J. Li, M. N. Krohn, D. Mazieres and D. Shasha, "Secure untrusted data repository (SUNDR)," in OSDI, vol. 4, 2004, pp. 9-9.
[11] E. Stefanov, M. van Dijk, A. Juels and A. Oprea, "Iris: A scalable cloud file system with efficient integrity checks," in Proceedings of the 28th Annual Computer Security Applications Conference, ACM, 2012, pp. 229-238.
[12] "Amazon S3 Service Level Agreement," [Online]. Available: https://aws.amazon.com/s3/sla/.
[13] "The SLA for individual Azure services," [Online]. Available: https://azure.microsoft.com/en-us/support/legal/sla/.
[14] G.-H. Hwang, W.-S. Huang and J.-Z. Peng, "Real-time proof of violation for cloud storage," in Cloud Computing Technology and Science (CloudCom), 2014 IEEE 6th International Conference on, IEEE, 2014, pp. 394-399.
[15] A. R. Yumerefendi and J. S. Chase, "Strong accountability for network storage," in ACM Transactions on Storage (TOS), vol. 3, ACM, 2007, p. 11.
[16] G.-H. Hwang, J.-Z. Peng and W.-S. Huang, "A mutual nonrepudiation protocol for cloud storage with interchangeable accesses of a single account from multiple devices," in Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on, IEEE, 2013, pp. 439-446.
[17] R. C. Merkle, "A digital signature based on a conventional encryption function," in Advances in Cryptology—CRYPTO’87, Springer, 1987, pp. 369-378.
[18] D. K. Gifford, "Weighted voting for replicated data," in Proceedings of the seventh ACM symposium on Operating systems principles, ACM, 1979, pp. 150-162.
[19] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang and K. Fu, "Plutus: Scalable Secure File Sharing on Untrusted Storage.," in Fast, vol. 3, 2003, pp. 29-42.
[20] A. Adya, W. J. Bolosky, M. Castro, G. Cermak, R. Chaiken, J. R. Douceur, J. Howell, J. R. Lorch, M. Theimer and R. P. Wattenhofer, "FARSITE: Federated, available, and reliable storage for an incompletely trusted environment," ACM SIGOPS Operating Systems Review, vol. 36, no. SI, pp. 1-14, 2002.
[21] G. R. Ganger, P. K. Khosla, M. Bakkaloglu, M. W. Bigrigg, G. R. Goodson, S. Oguz, V. Pandurangan, C. A. Soules, J. D. Strunk and J. J. Wylie, "Survivable storage systems," in DARPA Information Survivability Conference & Exposition II, 2001. DISCEX'01. Proceedings, vol. 2, IEEE, 2001, pp. 184-195.
[22] A. Rowstron and P. Druschel, "Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility," in ACM SIGOPS Operating Systems Review, vol. 35, ACM, 2001, pp. 188-201.
[23] J. D. Strunk, G. R. Goodson, M. L. Scheinholtz, C. A. Soules and G. R. Ganger, "Self-securing storage: protecting data in compromised system," in Proceedings of the 4th conference on Symposium on Operating System Design & Implementation-Volume 4, USENIX Association, 2000, pp. 12-12.
[24] A. Bessani, M. Correia, B. Quaresma, F. André and P. Sousa, "DepSky: dependable and secure storage in a cloud-of-clouds," ACM Transactions on Storage (TOS), vol. 9, no. 4, p. 12, 2013.
[25] Y. Deswarte, J.-J. Quisquater and A. Saïdane, "Remote integrity checking," Proceedings of IICIS, vol. 140, pp. 1-11, 2003.
[26] A. Juels and B. S. Kaliski Jr, "PORs: Proofs of retrievability for large files," in Proceedings of the 14th ACM conference on Computer and communications security, Acm, 2007, pp. 584-597.
[27] Y. Zhu, H. Wang, Z. Hu, G.-J. Ahn, H. Hu and S. S. Yau, "Dynamic audit services for integrity verification of outsourced storages in clouds," in Proceedings of the 2011 ACM Symposium on Applied Computing, ACM, 2011, pp. 1550-1557.
[28] K. Yang and X. Jia, "An efficient and secure dynamic auditing protocol for data storage in cloud computing," Parallel and Distributed Systems, IEEE Transactions on, vol. 24, no. 9, pp. 1717-1726, 2013.
[29] C. Cachin, A. Shelat and A. Shraer, "Efficient fork-linearizable access to untrusted shared memory," in Proceedings of the twenty-sixth annual ACM symposium on Principles of distributed computing, ACM, 2007, pp. 129-138.
[30] M. Majuntke, D. Dobre, M. Serafini and N. Suri, "Abortable fork-linearizable storage," in Principles of Distributed Systems, Springer, 2009, pp. 255-269.
[31] C. Cachin and M. Geisler, "Integrity protection for revision control," in Applied Cryptography and Network Security, Springer, 2009, pp. 382-399.
[32] A. Shraer, C. Cachin, A. Cidon, I. Keidar, Y. Michalevsky and D. Shaket, "Venus: Verification for untrusted cloud storage," in Proceedings of the 2010 ACM workshop on Cloud computing security workshop, ACM, 2010, pp. 19-30.
[33] R. A. Popa, J. R. Lorch, D. Molnar, H. J. Wang and L. Zhuang, "Enabling Security in Cloud Storage SLAs with CloudProof.," in USENIX Annual Technical Conference, vol. 242, 2011.
[34] G.-H. Hwang and H.-F. Chen, "Efficient Real-time Auditing and Proof of Violation for Cloud Storage Systems," in 9th IEEE International Conference on Cloud Computing, San Francisco, USA, 2016.