There are many security threats in cloud computing. But the major security threats in the security of the data is third party auditor of data or user data. The various security model varies from application to application. After studying the model of proof of retrievability. The new model will proposed for E-learning, while putting the data on the cloud because security is important factor

1. 1
Security threats in cloud computing
1. Introduction
Cloud computing is a term used to describe both a platform and type of application. A
cloud computing platform dynamically provisions, configures, reconfigures, and
deprovisions servers as needed. Servers in the cloud can be physical machines or virtual
machines. Advanced clouds typically include other computing resources such as storage
area networks (SANs), network equipment, firewall and other security devices. One of the
biggest promoters of the cloud computing is Google that already owns a massive computer
infrastructure (the cloud) where millions of people are connecting .Today, the Google cloud can
be accessed by Google Apps intended to be software as a service suite dedicated to information
sharing and security. Google Apps covers the following three main areas: messaging (Gmail,
Calendar and Google Talk),collaboration (Google Docs, Video and Sites) and security (email
security, encryption ).
By moving data and application software from traditional local hosts to network servers,
cloud computing provides more flexible and convenient access to data and services, with

2. 2
cheaper software obtainment and hardware maintenance costs. Cloud computing also may
provide some value-added services, such as automatic data backup and group collaboration
support. Cloud applications are applications that are extended to be accessible through the
Internet. These cloud applications use large data centers and powerful servers that host
Web applications and Web services .
Cloud computing is the vision of computing as a utility, where users can remotely store
their data into the cloud so as to enjoy the on-demand high quality applications and
services from a shared pool of configurable computing resources. By data outsourcing,
users can be relieved from the burden of local data storage and maintenance. Thus,
enabling public auditability for cloud data storage security is of critical importance so
that users can resort to an external audit party to check the integrity of outsourced data
when needed. To securely introduce an effective third party auditor (TPA), the following
two fundamental requirements have to be met: 1) TPA should be able to efficiently audit
the cloud data storage without demanding the local copy of data, and introduce no
additional on-line burden to the cloud user. Specifically, our contribution in this work can
be summarized as the following three aspects:
1) We motivate the public auditing system of data storage security in Cloud Computing
and provide a privacy-preserving auditing protocol, i.e., our scheme supports an external
auditor to audit user’s outsourced data in the cloud without learning knowledge on the
data content.
2) To the best of our knowledge, our scheme is the first to support scalable and efficient
public auditing in the Cloud Computing. In particular, our scheme achieves batch
auditing where multiple delegated auditing tasks from different users can be performed
simultaneously by the TPA.
3) We prove the security and justify the performance of our proposed schemes through
concrete experiments and comparisons with the state-of-the-art.

3. 3
1.1. Architecture of Cloud Computing
Cloud data storage architecture
Three different network entities can be identified as follows:
• User: users, who have data to be stored in the cloud and rely on the cloud for data computation,
consist of both individual consumers and organizations.
• Cloud Service Provider (CSP): a CSP, who has significant resources and expertise in building
and managing distributed cloud storage servers, owns and operates live Cloud Computing
systems.
• Third Party Auditor (TPA): an optional TPA, who has expertise and capabilities that users may
not have, is trusted to assess and expose risk of cloud storage services on behalf of the users upon
request
To enable privacy-preserving public auditing for cloud data storage under the aforementioned
model, our protocol design should achieve the following security and performance guarantee:
1) Public auditability: to allow TPA to verify the correctness of the cloud data on demand without
retrieving a copy of the whole data or introducing additional on-line burden to the cloud users.
2) Storage correctness: to ensure that there exists no cheating cloud server that can pass the audit
from TPA without indeed storing users’ data intact.

4. 4
3) Privacy-preserving: to ensure that there exists no way for TPA to derive users’ data content
from the information collected during the auditing process.
4) Batch auditing: to enable TPA with secure and efficient auditing capability to cope with
multiple auditing delegations from possibly large number of different users simultaneously.
5) Lightweight: to allow TPA to perform auditing with minimum communication and
computation overhead.
1.2. Cloud Service Models: Cloud service delivery is divided among three models The
three fundamental classifications are often referred to as the “SPI Model,” where ‘SPI’
refers to Software, Platform or Infrastructure (as a Service), respectively defined thus:
Cloud Software as a Service (SaaS). (Clouds) Software as a Service (SaaS), also
sometimes referred to as Service or Application Clouds are offering implementations of
specific business functions and business processes that are provided with specific cloud
capabilities, i.e. they provide applications / services using a cloud infrastructure or
platform, rather than providing cloud features themselves. Examples: Google Docs, The
capability provided to the consumer is to use the provider’s applications running on a
cloud infrastructure. The applications are accessible from various client devices through a
thin client interface such as a web browser (e.g., web-based email). The consumer does
not manage or control the underlying cloud infrastructure including network, servers,
operating systems, storage, or even individual application capabilities, with the possible
exception of limited userspecific application configuration settings.
Cloud Platform as a Service (PaaS). Cloud) Platform as a Service (PaaS), provide
computational resources via a platform upon which applications and services can be
developed and hosted. PaaS typically makes use of dedicated APIs to control the
behaviour of a server hosting engine which executes and replicates the execution
according to user requests (e.g. access rate). As each provider exposes his / her own API
according to the respective key capabilities, applications developed for one specific cloud
provider cannot be moved to another cloud host – there are however attempts to extend
generic programming models with cloud capabilities. Examples: Force.com, Google App
Engine. The capability provided to the consumer is to deploy onto the cloud

5. 5
infrastructure consumer-created or acquired applications created using programming
languages and tools supported by the provider. The consumer does not manage or control
the underlying cloud infrastructure including network, servers, operating systems, or
storage, but has control over the deployed applications and possibly application hosting
environment configurations.
Cloud Infrastructure as a Service (IaaS). (Cloud) Infrastructure as a Service (IaaS)
also referred to as Resource Clouds, provide (managed and scalable) resources as
services to the user – in other words, they basically provide enhanced virtualisation
capabilities. Accordingly, different resources may be provided via a service interface:
Data & Storage Clouds deal with reliable access to data of potentially dynamic size,
weighing resource usage with access requirements and / or quality definition.The
capability provided to the consumer is to provision processing, storage, networks, and
other fundamental computing resources where the consumer is able to deploy and run
arbitrary software, which can include operating systems and applications. The consumer
does not manage or control the underlying cloud infrastructure but has control over
operating systems, storage, deployed applications, and possibly limited control of select
networking components (e.g., host firewalls).

6. 6
1.3. Security Threat
A threat is any situation, event or personnel that can adversely affect the data security and
the smooth and efficient functioning of the organisation. A threat may be caused by a
situation or event involving a person, action or situation that is likely to bring some harm
to the organisation. The harm may be tangible such as loss of data, damage to hardware,
loss of software or intangible such as loss of customer goodwill or credibility
Threat 1: Abuse and Nefarious Use of Cloud
IaaS providers offer their customers the illusion of unlimited compute, network, and
storage capacity — often coupled with a ‘frictionless’ registration process where anyone
with a valid credit card can register and immediately begin using cloud services. Some
providers even offer free limited trial periods. By abusing the relative anonymity behind
these registration and usage models, spammers, malicious code authors, and other
criminals have been able to conduct their activities with relative impunity. PaaS providers
have traditionally suffered most from this kind of attacks; however, recent evidence
shows that hackers have begun to target IaaS vendors as well. Future areas of concern
include password and key cracking.
Remediation
1. Stricter initial registration and validation processes.
2. Enhanced credit card fraud monitoring and coordination.
3. Comprehensive introspection of customer network traffic.
4. Monitoring public blacklists for one’s own network blocks
Threat 2: Insecure Interfaces and APIs
Cloud computing providers expose a set of software interfaces or APIs that customers use
to manage and interact with cloud services. Provisioning, management and monitoring
are all performed using these interfaces. The security and availability of general cloud
services is dependent upon the security of these basic APIs. From authentication and
access control to encryption and activity monitoring, these interfaces must be designed to

7. 7
protect against both accidental and malicious attempts to circumvent policy. Furthermore,
organizations and third parties often build upon these interfaces to offer value-added
services to their customers. This introduces the complexity of the new layered API; it
also increases risk, as organizations may be required to relinquish their credentials to
thirdparties in order to enable their agency.Anonymous access and/or reusable tokens or
passwords, clear-text authentication or transmission of content, inflexible access controls
or improper authorizations, limited monitoring and logging capabilities, unknown service
or API dependencies.
Remediation
1. Analyze the security model of cloud provider interfaces.
2. Ensure strong authentication and access controls are implemented in concert with
encrypted transmission.
3. Understand the dependency chain associated with the API.
Threat 3: Malicious Insiders
Description
The threat of a malicious insider is well-known to most organizations.This threat is
amplified for consumers of cloud services by the convergence of IT services and
customers under a single management domain, combined with a general lack of
transparency into provider process and procedure. For example, a provider may not
reveal how it grants employees access to physical and virtual assets, how it monitors
these employees, or how it analyzes and reports on policy compliance. To complicate
matters, there is often little or no visibility into the hiring standards and practices for
cloud employees. This kind of situation clearly creates an attractive opportunity for an
adversary — ranging from the hobbyist hacker, to organized crime, or even nation-state
sponsored intrusion. The level of access granted could enable such an adversary to
harvest confidential data or gain complete control over the cloud services with little or no
risk of detection.

8. 8
Remediation
1. Enforce strict supply chain management and conduct a comprehensive supplier
assessment.
2. Specify human resource requirements as part of legal contracts.
3. Require transparency into overall information security and management practices, as
well as compliance reporting.
4. Determine security breach notification processes.
Threat 4: Shared Technology Issues
IaaS vendors deliver their services in a scalable way by sharing infrastructure. Often, the
underlying components that make up this infrastructure (e.g., CPU caches, .) were not
designed to offer strong isolation properties for a multi-tenant architecture. To address
this gap, a virtualization hypervisor mediates access between guest operating systems and
the physical compute resources. Still, even hypervisors have exhibited flaws that have
enabled guest operating systems to gain inappropriate levels of control or influence on
the underlying platform. A defense in depth strategy is recommended, and should include
compute, storage, and network security enforcement and monitoring. Strong
compartmentalization should be employed to ensure that individual customers do not
impact the operations of other tenants running on the same cloud provider. Customers
should not have access to any other tenant’s actual or residual data, network traffic, etc.
Remediation
1. Implement security best practices for installation/configuration.
2. Monitor environment for unauthorized changes/activity.
3. Promote strong authentication and access control for administrative access and
operations.
4. Enforce service level agreements for patching and vulnerability remediation.
5. Conduct vulnerability scanning and configuration audits.

9. 9
Threat 5: Data Loss or Leakage
There are many ways to compromise data. Deletion or alteration of records without a
backup of the original content is an obvious example. Unlinking a record from a larger
context may render it unrecoverable, as can storage on unreliable media. Loss of an
encoding key may result in effective destruction. Finally, unauthorized parties must be
prevented from gaining access to sensitive data. The threat of data compromise increases
in the cloud, due to the number of and interactions between risks and challenges which
are either unique to cloud, or more dangerous because of the architectural or operational
characteristics of the cloud environment.
Insufficient authentication, authorization, inconsistent use of encryption and software
keys; operational failures; persistence and remanence challenges: disposal challenges;
risk of association; jurisdiction and political issues; data center reliability.
Remediation
1. Implement strong API access control.
2. Encrypt and protect integrity of data in transit.
3. Analyzes data protection at both design and run time.
4. Implement strong key generation, storage and management, and destruction practices.
5. Contractually demand providers wipe persistent media before it is released into the
pool.
6 Contractually specify provider backup and retention strategies
Threat 6: Account or Service Hijacking
Account or service hijacking is not new. Attack methods such as fraud, and exploitation
of software vulnerabilities still achieve results. Credentials and passwords are often
reused, which amplifies the impact of such attacks. Cloud solutions add a new threat to
the landscape. If an attacker gains access to your credentials, they can eavesdrop on your
activities and transactions, manipulate data, return falsified information, and redirect your
clients to illegitimate sites. Your account or service instances may become a new base for

10. 10
the attacker. From here, they may leverage the power of your reputation to launch
subsequent attacks.
Remediation
1. Prohibit the sharing of account credentials between users and services.
2. Leverage strong two-factor authentication techniques where possible.
3. Employ proactive monitoring to detect unauthorized activity.
4. Understand cloud provider security policies and SLAs.
Threat 7: Unknown Risk Profile
One of the tenets of Cloud Computing is the reduction of hardware and software
ownership and maintenance to allow companies to focus on their core business strengths.
This has clear financial and operational benefits, which must be weighed carefully
against the contradictory security concerns — complicated by the fact that cloud
deployments are driven by anticipated benefits, by groups who may lose track of the
security ramifications. Versions of software, code updates, security practices,
vulnerability profiles, intrusion attempts, and security design, are all important factors for
estimating your company’s security posture. Information about who is sharing your
infrastructure may be pertinent, in addition to network intrusion logs, redirection attempts
and/or successes, and other logs. Security by obscurity may be low effort, but it can result
in unknown exposures. It may also impair the in-depth analysis required highly
controlled or regulated operational areas.
Remediation
1. Disclosure of applicable logs and data.
2. Partial/full disclosure of infrastructure details (e.g., patch levels, firewalls, etc.).
3. Monitoring and alerting on necessary information.

11. 11
1.4. Benefits
Cloud computing infrastructure allows enterprises to achieve more efficient use of their
IT hardware and software investments. Cloud computing allows an organization to
further reduce costs through
 Improved utilization.
 Administration costs
 Infrastructure costs.
 Faster deployment cycles
A cloud infrastructure can be a cost efficient model for delivering information services,
reducing IT management complexity, promoting innovation, and increasing
responsiveness through realtime workload balancing.. In short
• Minimized Capital expenditure
• Location and Device independence
• Utilization and efficiency improvement
• Very high Scalability
• High Computing power
1.5. Security Issue and Policy in Cloud Computing Environment
Cloud computing is a new computing model, regardless of the system’s architecture or
service’s deployment is different from the traditional computing model. Therefore
traditional security policies are not able to respond to the emergence of new cloud
computing security issues in cloud computing environment.
a) Cloud computing can not be clearly defined boundaries to protect the device user, the
traditional computing model can protected device user by dividing physical and logical
security zones.
b) Service security issues. The data, communications networks, services and other
important resource are controlled by the cloud service provider. So when provider’s

12. 12
security is something wrong, how to ensure that the service continue to be used, as well
as the confidentiality of user data is particularly important.
c) Protection for user data. This issue includes location of user data stored, the way of
data storage, data recovery, data encryption and data integrity protection.
d) The number of users changes dynamically, as well as user use the different services,
leading the user can not be classified.
e) In cloud computing model, the cloud service provider has too large right. However, the
user’s rights may be difficult to ensure. Therefore, how to balance the rights between the
service providers and users becomes a problem.
f) Due to the complexity of cloud computing, and the user’s dynamic changes in cloud
computing environment, how to ensure communications among the various subjects are
security and integrity is an important issue to be considered.
B. Security policy in cloud computing environment
In order to solve these problems, the security policy should include the following points:
a) Divided into multiple security domains in the cloud computing environment, different
security domain operation must be mutual authentication, each security domain internal
should have main map between global and local.
b) Ensure that the user’s connection and communications security with the SSL, VPN,
PPTP, etc. Using license and allowing there are multiple authorizations among user,
service owner and agents, to ensure user access to data securely.
c) User data security assurance: according to the different user’s requirements, different
data storage protection should be provided. At the same time, the efficiency of data
storage should be improving.
d) Using a series of measure to solve the user dynamic requirements, including a
complete single sign-on authentication, proxy, collaborative certification, and
certification between security domains.

13. 13
e) Establishment of third-party monitoring mechanism to ensure that operation of cloud
computing environment is safe and stable.
f) The computing requested by service requestor, should carry out the safety tests, it can
check whether they contain malicious requests to undermine the security rules.
Other dangerous issues are
 Distrupts Services.
 Theft of Information.
 Loss of Privacy.
 Damage information.
We need Security at following levels:
 Server access security
 Internet access security
 Database access security
 Data privacy security
 Program access Security
1.6. Cloud Data Storage
CDS is composed of thousands of cloud storage devices clustered by network, distributed
file systems and other storage middleware to provide cloud storage service for users. The
typical structure of CDS includes storage resource pool, distributed file system, service
level agreements (SLAs), and service interfaces, etc. Globally, they can be divided by
physical and logical functions boundaries and relationships to provide more
compatibilities and interactions. CDS is tending to combined with CDSS, which will
provide more robust security.
CDS can provide cloud storage resources for all kinds of clients, and the fee can be based
on CDS capacity or CDS bandwidth periodically. The data life cycle management in
CDS can be based on servers’ configurations, or based on the contracts between servers

14. 14
and clients when CDS services are initiated. CDS is also enables Web services APIs and
unified service interface via virtualization over a network at low cost, and can provide
anytime and anywhere access, massive data storing, sharing and collaboration via a single
namespace, and policy management of storage, etc.
1.7. Cloud Data Storage Security: CDSS involves storage media physical security
and data security. As general network storage, the security of CDS includes certification,
authority, audit and encryption, etc. Through automatic redundant replications the data
will be easy recovery once failover. The CDSS can also expand to the whole procedure of
storage service, including hardware, software, data, information, network security and
clients’ privacy security, etc.
2. Review of Literature:
We believe that CDSS(cloud data storage security)in Cloud Computing, an area full of
challenges and many research problems are yet to be identified. The most promising one
we believe is a model in which public verifiability is enforced. Public verifiability,
supported by Shacham. H., & Waters., B, 2008.Ateniese , 2007,Shah., 2007 allows TPA
to audit the CDS without demanding cloud users’ time, feasibility or resources. If we can
construct a scheme to achieve both public verifiability and storage correctness assurance
of dynamic data, security research for CDS is still in its early stage. we attempted to
provide a complete security service solution to secure the CDS.
In data integrity work Filho 2006 proposed to verify data integrity using RSA-based
hash to demonstrate uncheatable data possession in peer-to peer file sharing networks.
However, their proposal requires exponentiation over the entire data file, which is clearly
impractical for the server whenever the file is large. In the same work Schwarz. T. S. J,
& Miller. E. L, 2006 proposed to ensure file integrity across multiple distributed servers
using erasure-coding and block-level file integrity checks. However, their scheme only
considers static data files and does not explicitly studies the problem of data error
localization. Shah , 2006 proposed allowing a TPA to keep online storage honest by first
encrypting the data then sending a number of precomputed symmetric-keyed hashes over

15. 15
the encrypted data to the auditor. However, their scheme only works for encrypted files
and auditors must maintain long-term state.
Ensuring Data Storage Security in Cloud ComputingJuels,2008 described a formal
“proof of retrievability”(POR) model for ensuring the remote data integrity. Their scheme
combines spot-checking and error-correcting code to ensure both possession and
retrievability of files on archive service systems. Shacham built on this model and
constructed a random linear function based homomorphic authenticator which enables
unlimited number of queries and requires less communication overhead. Bowers
proposed an improved framework for POR protocols that generalizes both Juels and
Shacham’s work. Later in their subsequent work, Bowers extended POR model to
distributed systems. However, all these schemes are focusing on static data. The
effectiveness of their schemes rests primarily on the preprocessing steps that the user
conducts before outsourcing the data file F. Any change to the contents of F, even few
bits, must propagate through the error-correcting code, thus introducing significant
computation and communication complexity.
Ateniese defined the “provable data possession” (PDP) model for ensuring possession of
file on untrusted storages. Their scheme utilized public key based homomorphic tags for
auditing the data file, thus providing public verifiability.However, their scheme requires
sufficient computation overhead that can be expensive for an entire file. In their
subsequent work, Ateniese described a PDP scheme that uses only symmetric key
cryptography. This method has lower-overhead than their previous scheme and allows for
block updates, deletions and appends to the stored file, which has also been supported in
our work. However, their scheme focuses on single server scenario and does not address
small data corruptions, leaving both the distributed scenario and data error recovery issue
unexplored. Curtmola aimed to ensure data possession of multiple replicas across the
distributed storage system. They extended the PDP scheme to cover multiple replicas
without encoding each replica separately, providing guarantee that multiple copies of data
are actually maintained.In other related work, Filho proposed to verify data integrity
using RSA-based hash to demonstrate uncheatable data possession in peer-topeer file
sharing networks. However, their proposal requires exponentiation over the entire data

16. 16
file, which is clearly impractical for the server whenever the file is large. Shah proposed
allowing a TPA to keep online storage honest by first encrypting the data then sending a
number of precomputed symmetric-keyed hashes over the encrypted data to the auditor.
However, their scheme only works for encrypted files, and auditors must maintain long-
term state. Schwarze proposed to ensure file integrity across multiple distributed servers,
using erasure-coding and block-level file integrity checks. However, their scheme only
considers static data files and do not explicitly study the problem of data error
localization.
Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud
Computing Wang, 2009 studies the problem of ensuring the integrity of data storage in
Cloud Computing. In particular, we consider the task of allowing a third party auditor
(TPA), on behalf of the cloud client, to verify the integrity of the dynamic data stored in
the cloud. The introduction of TPA eliminates the involvement of client through the
auditing of whether his data stored in the cloud is indeed intact, which can be important
in achieving economies of scale for Cloud Computing. The support for data dynamics via
the most general forms of data operation, such as block modification, insertion and
deletion, is also a significant step toward practicality, since services in Cloud Computing
are not limited to archive or backup data only. While prior works on ensuring remote
data integrity often lacks the support of either public verifiability or dynamic data
operations, this paper achieves both. We first identify the difficulties and potential
security problems of direct extensions with fully dynamic data updates from prior works
and then show how to construct an elegant verification scheme for seamless integration
of these two salient features in our protocol design. To achieve efficient data dynamics,
we improve the Proof of Retrievability model by manipulating the classic Merkle Hash
Tree (MHT) construction for block tag authentication. Extensive security and
performance analysis show that the proposed scheme is highly efficient and provably
secure.

17. 17
3. Problem Definition
There are many security threats in cloud computing. But the major security threats in the
security of the data is third party auditor of data or user data. The various security model
varies from application to application. After studying the model of proof of retrievability.
The new model will proposed for E-learning, while putting the data on the cloud because
security is important factor
4. Cloud Computing Benefits for E-learning Solutions
E-learning is a process in which people are using education resources on the Internet such
as e-books. E-learning is widely used today on different educational levels: continuous
education, company trainings, academic courses, etc. There are various e-learning
solutions from open source to commercial. There are at least two entities involved in an
e-learning system: the students and the Trainers.
 The students:
 Take online course
 Take exams
 Send feedback
 Send homework, projects
The trainers:
 Deal with content management
 Prepare tests
 Assess tests, homework, projects taken by
Students
 Send feedback
 Communicate with students (forums)
Usually, e-learning systems are developed as distributed applications, but this is not
necessary so. The architecture of a distributed e-learning system includes software
components, like the client application, an application server and a database server (see

18. 18
figure 3) and the necessary hardware components (client computer, communication
infrastructure and servers).
The e-learning server will use cloud computing, so all the required resources will be
adjusted as needed. E-learning systems can use benefit from cloud computing using:
 Infrastructure: use an e-learning solution on the provider's infrastructure
 Platform: use and develop an e-learning solution based on the provider's
development interface
 Services: use the e-learning solution given by the provider.
A very big concern is related to the data security because both the software and the data
are located on remote servers that can crash or disappear without any additional
warnings. Even if it seems not very reasonable, the cloud computing provides some
major security benefits for individuals and companies that are using/developing e-
learning solutions, like the following: improved improbability – it is almost impossible
for any interested person (thief) to determine where is located the machine that stores
some wanted data (tests, exam questions, results) or to find out which is the physical
component he needs to steal in order to get a digital asset;
 Virtualization – makes possible the rapid replacement of a compromised cloud
located server without major costs or damages. It is very easy to create a clone
of a virtual machine so the cloud downtime is expected to be reduced
substantially;
 Centralized data storage – losing a cloud client is no longer a major incident
while the main part of the applications and data is stored into the c:loud so a
new client can be connected very fast. Imagine what is happening today if a
laptop that stores the examination questions is stolen;
Monitoring of data access becomes easier in view of the fact that only one place should
be supervised, not thousands of computers belonging to a university, for example.

19. 19
Another important benefit is related to costs. If the e-learning services are used for a
relative short time (several weeks, a quarter, a semester), the savings are very important.
5. Proof-of -Retrievability:
In a proof-of-retrievability system, a data storage center must prove to a verifier that he is
actually storing all of a client’s data. The central challenge is to build systems that are
both efficient and provably secure—that is, it should be possible to extract the client’s
data from any prover that passes a verification check. Our first scheme, built from BLS
signatures and secure in the random oracle model, has the shortest query and response of
any proof-of-retrievability with public verifiability. Our second scheme, which builds
elegantly on pseudorandom functions (PRFs) and is secure in the standard model, has the
shortest response of any proof-of-retrievability scheme with private verifiability (but a
longer query). Both schemes rely on homomorphic properties to aggregate a proof into
one small authenticator value.

20. 20
6. References:
[1] H. Shacham and B. Waters, “Compact proofs of retrievability,” in Proc. of
ASIACRYPT’08. Springer-Verlag, 2008
[2] A. Juels and B. S. Kaliski, Jr., “Pors: proofs of retrievability for large files,” in
Proc. of CCS’07. New York, NY, USA: ACM, 2007.
[3] D. Bowers, A. Juels, and A. Oprea, “Proofs of retrievability: Theory and
implementation,”Cryptology ePrint Archive, Report 2008/175, 2008.
[4]. E.-C. Chang and J. Xu, “Remote integrity check with dishonest storage server,” in
Proc. of ESORICS’08. Berlin, Heidelberg: Springer-Verlag, 2008
[5] A. Oprea, M. K. Reiter, and K. Yang, “Space-efficient block storage integrity,” in
Proc. of NDSS’05, 2005.
[6] T. Schwarz and E. L. Miller, “Store, forget, and check: Using algebraic signatures
to check remotely administered storage,” in Proc. of ICDCS’06, 2006.
[7] G. Ateniese, R. D. Pietro, L. V. Mancini, and G. Tsudik, “Scalable and efficient
provable data possession,” in Proc. of SecureComm’08, 2008
[8] C. Wang, Q. Wang, K. Ren, and W. Lou, “Ensuring data storage security in cloud
computing,” in Proc. of IWQoS’09, Charleston, South Carolina, USA, 2009.
[9] K. D. Bowers, A. Juels, and A. Oprea, “Hail: A high-availability and integrity
layer for cloud storage,” Cryptology ePrint Archive, Report 2008/489, 2008.
[10] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner,Z. Peterson, and D.
Song. Provable data possession at untrusted stores. In Proc. ACM CCS, 2007.
[11] Puneet Arora , http://www.puneetarora2000.com