Enabling public auditing for shared data in cloud storage supporting identity privacy and traceability

•Identity privacy and traceability are very important for shared cloud data auditing.•Design the framework for this problem.•Construct the first scheme satisfying the designed framework.•Prove the proposed scheme to be secure and justify its performance.

Nowadays, cloud storage service has been widely adopted by diverse organizations, through which users can conveniently share data with others. For security consideration, previous public auditing schemes for shared cloud data concealed the identities of group members. However, the unconstrained identity anonymity will lead to a new problem, that is, a group member can maliciously modify shared data without being identified. Since uncontrolled malicious modifications may wreck the usability of the shared data, the identity traceability should also be retained in data sharing. In this paper, we propose an efficient public auditing solution that can preserve the identity privacy and the identity traceability for group members simultaneously. Specifically, we first design a new framework for data sharing in cloud, and formalize the definition of the public auditing scheme for shared cloud data supporting identity privacy and traceability. And then we construct such a scheme, in which a group manager is introduced to help members generate authenticators to protect the identity privacy and two lists are employed to record the members who perform the latest modification on each block to achieve the identity traceability. Besides, the scheme also achieves data privacy during authenticator generation by utilizing blind signature technique. Based on the proposed scheme, we further design an auditing system for practical scenarios. Finally, we prove the proposed scheme is secure based on several security requirements, and justify its performance by concrete implementations.