Smart contract-based public integrity auditing for cloud storage against malicious auditors

Cloud storage, a vital component of cloud computing, faces significant challenges in ensuring data integrity, which hinders its widespread adoption. Public auditing models, which rely on third-party auditors (TPAs), have been developed to address these issues by offloading computation from users. Ho...

Full description

Saved in:
Bibliographic Details
Published in:Future generation computer systems 2025-05, Vol.166, p.107709, Article 107709
Main Authors: Tian, Hui, Gan, Nan, Peng, Fang, Quan, Hanyu, Chang, Chin-Chen, Vasilakos, Athanasios V.
Format: Article
Language:English
Subjects:
Cloud storage
Data integrity
Public auditing
Smart contract
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cloud storage, a vital component of cloud computing, faces significant challenges in ensuring data integrity, which hinders its widespread adoption. Public auditing models, which rely on third-party auditors (TPAs), have been developed to address these issues by offloading computation from users. However, maintaining the consistent trustworthiness of TPAs remains a major challenge, especially in preventing dishonest behaviors, such as collusion, procrastination, and forgery. In this paper, we propose a novel smart contract-based public integrity auditing scheme for cloud storage, introducing a transparent, non-black-box auditing process. This scheme adopts certificateless authentication, significantly reducing the overhead associated with traditional key management and certificate handling. To mitigate TPA dishonesty, we introduce a blockchain-based challenge generation algorithm and an auditing process preservation mechanism. The challenge algorithm ensures fair random sampling by leveraging blockchain’s immutability, reducing the risk of collusion between TPAs and cloud service providers (CSPs). The auditing process preservation mechanism prevents procrastination by recording task completion times and preserving metadata, ensuring full traceability and accountability. We also present a post-auditing validation mechanism that enhances the verifiability of auditing results, comprising two components: auditing computation proof, which verifies the correctness of computationally intensive steps, and auditing process replay, which replays the entire auditing using preserved metadata. Finally, we formally prove the security of our scheme and conduct a comprehensive performance comparison with existing solutions. The results demonstrate that our approach offers strong security, reduces computational overhead, and maintains comparable communication overhead to other schemes. •A certificateless smart contract-based auditing scheme ensuring transparency and verifiability.•Smart contracts mitigate TPA dishonesty through fair challenge generation and metadata preservation.•A post-auditing validation mechanism ensures the verifiability and accountability of results.•Security proofs and performance comparisons demonstrate the scheme’s feasibility and efficiency.
ISSN:0167-739X
DOI:10.1016/j.future.2025.107709