Abstract
As the promising next generation power system, smart grid can collect and analyze the grid information in real time, which greatly improves the reliability and efficiency of the grid. However, as smart grid coverage expands, more and more data is being collected. To store and manage the massive amount of smart grid data, the data owners choose to upload the grid data to the cloud for storage and regularly check the integrity of their data. However, traditional public auditing schemes are mostly based on Public Key Infrastructure (PKI) or Identity Based Cryptography (IBC) system, which will lead to complicated certificate management and inherent key escrow problems. We propose a certificateless public auditing scheme for cloud-based smart grid data, which can avoid the above two problems. In order to prevent the disclosure of the private data collected by the smart grid during the phase of auditing, we use the random masking technology to protect data privacy. The security analysis and the performance evaluation show that the proposed scheme is secure and efficient.
1 Introduction
With the development of information technology, the smart grid becomes a new promising power system, which is allowed to collect and analyze smart grid data and provides more reliable, cost-effetive and efficient power management compared to traditional power grids (Chen et al., 2014; He et al., 2018a; Zhang et al., 2021c; Peng et al., 2021). A large amount of data are colleted with the expansion of smart grid coverage. Nevertheless, the traditional smart grid data management system without large storage space is unable to meet the data owners’ storage requirements. Thus, more and more data owners choose to store smart grid data on the cloud.
Although the cloud provides a large amount of storage and computing resources for the data owners, there are some security issues that cannot be ignored (Zhang et al., 2021a; Yang et al., 2020; Lu et al., 2022; Shao et al., 2022). For example, the smart grid data stored in the cloud might be corrupted by hacker attacks, administrator’s error operation, and damaged devices. Once the data is uploaded to the cloud, the data owner will lose the physical control of the smart grid data stored in the cloud and cannot directly determine whether the data is intact or not. In order to ensure the integrity of cloud data, plenty of public auditing schemes are proposed (Ji et al., 2022; Li et al., 2021; Zhou et al., 2021; Liu et al., 2022). In public auditing, the data owner can delegate the data integrity auditing tasks to a Third Party Auditor (TPA) with abundant computation resources. In practice, the data collected by the smart grid might contain sensitive data, such as regional electricity consumption habits, residential electricity consumption patterns, etc (McDaniel and McLaughlin, 2009; Liu et al., 2021; Zhang et al., 2021b). Once the TPA is delegated to audit the data integrity, the data owner’s data will inevitably be exposed to the TPA. The TPA is able to obtain sensitive information during the auditing phase. Therefore, it is critical to protect data privacy from the TPA in public auditing.
Nevertheless, most of the existing public auditing schemes are based on the traditional Public Key Infrastructure (PKI), which can lead to complex certificate management issue. In order to solve this problem, Identity Based Cryptography (IBC) had been proposed. In IBC system, there is a key generation center (KGC) which uses the data owner’s identity to generate a private key for the data owner. The data owner can use his own identity as his public key. IBC eliminates the certificate management problem of PKI. However, the KGC holds the user’s private key, the security of the user’s private key will completely depend on the KGC, which leads to the inherent key escrow problem (Al-Riyami and Paterson, 2003; Wang et al., 2013). Therefore, in order to obtain better efficiency and higher security, the certificateless public key cryptography is proposed (Zhou et al., 2022; Zhang J et al., 2020; Xu et al., 2021). In certificateless public key cryptography systems, the data owner’s private key is jointly generated by the KGC and the data owner. Therefore, the KGC does not know the data owner’s complete private key. Certificateless public key cryptography can solve the inherent key escrow problem of IBC.
The contribution of our scheme can be summarized as follows:
1) Based on the certificateless public key cryptography, we proposed a certificateless public auditing scheme. Different from the existing public auditing schemes based on PKI or IBC, our scheme can avoid complex certificate management problem and key escrow problem.
2) To achieve data privacy preserving, we utilize the novel random masking technology in the phase of auditing. The TPA cannot obtain the sensitive data from the proof generated by the cloud.
3) We give the security proof of the proposed scheme. Furthermore, the theoretical analysis and experimental results show that the proposed scheme is efficient.
1.1 Related work
Ateniese et al. (2007) proposed the first “Provable Data Possession” (PDP) scheme, in which the integrity of the remote data can be checked by the client. In this scheme, the homomorphic authenticators and the random sampling technique are employed to achieve the data integrity checking. Juels and Kaliski (2007) constructed a “Proofs of Retrievability” (PoR) scheme, which guarantees the data integrity and data retrievability on the cloud. However, in this scheme, the verifier can only perform a finite number of data integrity verification. In 2008, Shacham and Waters (2008) designed an improved PoR scheme, which is provably secure.
To support data dynamic, Ateniese et al. (2008) constructed a PDP scheme supporting data dynamic operations. Guo et al. (2020) designed a dynamic proof of data possession and replication scheme. In this scheme, the multiple replicas share a single authenticated tree. Erway et al. (2015) designed a rank-based skip list and constructed the PDP scheme supporting full data dynamic operations. Wang et al. (2019) proposed a blockchain-based private data integrity verification scheme by using RSA signature. Wang et al. (2017b) designed a cloud storage auditing scheme based on the online/offline signature, in which the data owner can reduce the burden of authenticator generation in the online phase. To improve the auditing efficiency, Gao et al. (2021) designed a data integrity checking scheme based on the keyword. This scheme allows the TPA to verify the integrity of files containing the specified keyword. To preserve the data privacy, Li et al. (2018) designed a privacy-preserving data integrity verification scheme with zero-knowledge proof. In addition, there are many researches devoted to the key exposure problem (Yu et al., 2016; Yu and Wang, 2017; Xu et al., 2020).
To solve complex certificate management, in 1984, Identity Based Cryptography (IBC) is proposed by Shamir (1985). In IBC system, the data owner’s private key is calculated by a trusted Key Generation Center (KGC) with the data owner’s identity. The data owner uses his identity as the public key, which eliminates the complex certificate management. Wang et al. (2014) proposed the first identity-based data integrity checking scheme by using the Schnorr signature. To support efficient user revocation, Zhang Y et al. (2020) designed an identity-based data integrity verification scheme for shared data. Shen et al. (2019) proposed a data integrity checking scheme supporting data sharing and sensitive data hiding. In their scheme, the data owner’s sensitive data can be protected under the assistance of the sanitizer. Wang et al. (2017a) designed an identity-based comprehensive data integrity checking scheme, in which the authenticators can be generated with the help of the proxy. To protect the data owner’s identity privacy, Zhang et al. (2019) utilized the anonymous identity to replace the data owner’s real identity, and constructed a conditinal identity privacy-preserving data integrity checking scheme.
Unfortunately, although the IBC system can avoid the certificate management problem caused by PKI, it still has the inherent key escrow issue. Zhang et al. (2015) designed a secure certificateless public data integrity verification scheme, which can resist the malicious TPA. He et al. (2018b) proposed a certificateless data integrity auditing scheme which can resist the attacks of two types of adversaries in certificateless crytography (The adversary is able to replace the public keys of the users and the adversary is able to access the master key of the KGC). To eliminate the problem of key escrow in IBC, Wu et al. (2019) proposed a certificateless public auditing scheme which supports identity privacy protection. Zhou et al. (2022) applied the certificateless technology to the multi-replica environment. This scheme can realize the efficient data dynamic in the multi-replica environment by using the new Merkle Hash Tree structure.
1.2 Organization
The remainder of this paper is organized as follows: In Section 2, we introduce the system model and design goals of our scheme; In Section 3, we describe the preliminaries and definition; We give a detailed algorithm of our scheme in Section 4; In Section 5, we analyzed the security of our scheme; We show the performance analysis of our scheme in Section 6; We make a conclusion in Section 7.
2 System model and design goals
We give the system model and the design goals in this section.
2.1 System model
As shown in Figure 1, the system model of our scheme contains four entities: the cloud, the data owner, the Key Generation Center (KGC) and the Third Party Auditor (TPA).
FIGURE 1
1) The cloud: The cloud is an entity which has enormous storage and computation resources. It is responsible for storing and managing the smart grid data for the data owner. After receiving the TPA’s challenge, the cloud needs to send the corresponding auditing proof to the TPA.
2) The data owner: The data owner is an entity with limited storage space and computation resources. He outsources his smart grid data to the cloud for storage and delegates the TPA to verify the integrity of cloud data.
3) KGC: The KGC is an entity which takes charge of producing the system parameters and calculating the partial private key for the data owner based on the data owner’s identity.
4) TPA: The TPA is an entity with powerful computing capabilities, which needs to generate and deliver the auditing challenge to the cloud and audit the integrity of the cloud data.
2.2 Design goals
In order to achieve privacy preserving in certificateless public auditing for cloud-based smart grid data, our scheme needs to meet the following design goals:
1) Correctness: If the KGC generates the partial private key for the data owner honestly, the partial private key can pass the data owner’s checking. If the cloud generates the auditing proof honestly, the auditing proof can pass the TPA’s checking.
2) Soundness: The cloud cannot pass the TPA’s verification if the data has been corrupted.
3) Privacy protection: In the phase of data integrity auditing, the TPA cannot obtain the smart grid data from the cloud’s auditing proof.
3 Preliminaries and definition
In this section, we present the preliminaries applied in our scheme. Then, we give the definitions of our scheme.
3.1 Preliminaries
3.1.1 Bilinear pairing
Suppose that there are two different multiplicative cyclic groups
G1and
GTwith the same prime order
p. The generator of the group
G1is
g. If
e:
G1×
G1→
GTis a bilinear pairing, it satisfies (
Boneh et al., 2001):
i) Bilinearity: For ∀u, v ∈ G1 and , we have e (uα, vβ) = e (u,v)αβ.
ii) Non-degeneracy: ∃u, v ∈ G1 and .
iii) Computability: For ∀u, v ∈ G1, e (u, v) is able to be computed efficiently.
3.1.2 Computational diffie-hellman problem
Given g, gα, gβ ∈ G1, where g is the generator of G1 and , compute gαβ ∈ G1. The CDH assumption in G1 holds if it is hard to solve the CDH problem in G1 (Bao et al., 2003).
3.1.3 Discrete logarithm problem
Given g, gα ∈ G1, where g is the generator of G1 and , compute α. The DL assumption in G1 holds if it is hard to solve the DL problem in G1 (McCurley, 1990).
3.2 Definition
Definition 1: Our scheme includes seven algorithms: Setup, PartialKeyGen, PrivateKeyGen, AuthenticatorGen, ChallengeGen, ProofGen and ProofVerify.
1) Setup (1λ)→(skK,params): This algorithm is run by the KGC. Taking λ as input, it outputs the KGC’s master secret key skK and the system parameters params.
2) PartialKeyGen (IDO, skK, params) → (σO): This algorithm is run by the KGC and the data owner. Inputting the data owner’s identify IDO, the KGC’s master secret key skK and the system parameters params, it outputs the data owner’s partial private key σO. The data owner can check whether the partial private key σO is valid or not.
3) PrivateKeyGen (σO, params) → (skO, pkO): This algorithm is run by the data owner. Taking the partial private key σO and the system parameters params as input, it outputs the data owner’s private key skO and the corresponding public key pkO.
4) AuthenticatorGen (skO, F, IDF)→ (T, tag): This algorithm is run by the data owner. Inputting the data owner’s private key skO, the file F and the file’s identifier IDF, it generates the authenticator set T and the file tag tag.
5) ChallengeGen (s, K1, K2) → (chal): This algorithm is run by the TPA. Taking three random values s, K1 and K2 as input, it produces the auditing challenge chal.
6) ProofGen (chal, F, T) → (proof): This algorithm is run by the cloud. Taking the challenge chal, the file F and the authenticator set T as input, it outputs the auditing proof proof.
7) ProofVerify (tag, proof, pkK, pkO) → {0,1}: This algorithm is run by the TPA. Inputting the file tag tag, the auditing proof proof, the KGC’s public key pkK and the data owner’s public key pkO, it outputs the auditing result. If the proof is valid, the result is “1”; otherwise, the result is “0.”
4 The proposed scheme
In this section, we give the detailed algorithms of our scheme.
1) Setup (1λ) → (skK, params)
a) Let e be a bilinear pairing e: G1 × G1 → GT, where G1 and GT are two different cyclic multiplicative groups with the same prime order p. The KGC selects two independent generators g and u of the group G1 and sets two different hash functions: H: {0.1}* → G1 and H1: {0.1}* → G1.
b) The KGC randomly picks an element as its master secret key, generates as its system public key, and publishes the system parameter params = (G1, GT, e, g, u, pkK, H, H1).
2) PartialKeyGen (IDO, skK, params) → (σO)
a) The data owner transmits his identify IDO ∈ {0,1}* to the KGC.
b) The KGC computes , and transmits σO to the data owner as his partial private key.
c) After receiving σO, the data owner checks whether the partial private key is correct or not according to the following equation
If
Equation 1holds, the data owner accepts the partial private key
σO.
3) PrivateKeyGen (σO, params) → (skO, pkO)
The data owner picks a random value
and sets
skO= {
x,
σO} as his private key. The data owner calculates
pkO=
gxas his public key.
4) AuthenticatorGen (skO, F, IDF) → (T, tag)
a) The data owner divides the file F into n data blocks di (i ∈ [1, n]). The data owner generates the corresponding authenticator for each data block di (i ∈ [1, n]), where IDF is the identifier of the file F. The file F’s authenticator set is denoted as .
b) The data owner produces a file tag tag = IDF‖n‖SSigssk (IDF‖n) using the signature SSig, where ssk is the private key of the signature SSig.
c) The data owner uploads the file F, the authenticator set T and the file tag tag to the cloud.
5) ChallengeGen (s, K1, K2) → (chal)
a) For each challenge, the TPA randomly picks three values s (s ∈ [1, n]) and , where K1 is the key of pseudo-random permutation and K2 is the key of pseudo-random function .
b) The TPA sends the challenge chal = {s, K1, K2} to the cloud.
6) ProofGen (chal, F, T) → (proof)
a) According to the challenge chal, the cloud generates the challenged block’s index for each 1 ≤ j ≤ s, where lj ∈ [1, n].
b) The cloud calculates a random value for each 1 ≤ j ≤ s, in which .
c) The cloud computes , .
d) In order to protect the data privacy, the cloud chooses a random element and computes μ = μ′ − r to blind μ′. The cloud calculates R = ur.
e) The cloud transmits the proof proof = (μ, Γ, R) and the file tag tag to the TPA.
7) ProofVerify (tag, proof, pkK, pkO) → {0.1}
a) The TPA verifies the validity of the file tag tag. If tag is valid, the TPA parses the file’s identifier IDF and the number of data blocks n.
b) For each 1 ≤ j ≤ s, the TPA calculates and .
c) The TPA verifies whether the auditing proofproof is valid or not according to the following equation
If the above equation holds, the TPA returns “1”, which means that the remote data is intact; otherwise, it returns “0”, which means that the remote data is broken.
5 Security analysis
In this section, we give the security proof of our scheme from the aspects of correctness, soundness and data privacy protection.
5.1 Theorem 1 (Correctness)
In our scheme, if the KGC, the TPA, and the cloud honestly perform the specified procedures, the partial private key and the auditing proof are able to pass the verification.
5.1.1 Proof
The derivation process for the data owner to verify whether the partial key is correct is as follows:
The derivation process for the TPA to verify whether the auditing proof is valid is as follows:
5.2 Theorem 2 (Soundness)
Suppose the CDH assumption holds in G1 and the signature scheme used for generating tag is existentially unforgeable. In our scheme, for an adversary, it is computationally infeasible to generate a bogus proof that is able to pass the TPA’s checking if the cloud data has been damaged.
Proof. We will prove this theorem with the method of knowledge proof. The malicious cloud is viewed as adversary and the user plays the role on the challenger.
Game 0. If the adversary submits one tag, the challenger will abort if the tag is a valid SSig signature but not signed by the challenger.
Analysis. If the challenger aborts in Game 0 with non-negligible probability, the adversary is able to forge a valid SSig signature. This contradicts the assumption that SSig is an unforgeable signature. Therefore, the file identifier and the number of data blocks in the interactions with the adversary are all valid and generated by the challenger.
Game 1. Game 1 is the same as Game 0, with only one difference. The challenger keeps a list of his responses to the queries from the adversary. If the adversary wins the game 1 but the aggregated authenticator Γ* in the proof is different from , then the challenger will abort.
Analysis. Assume proof = (μ, Γ, R) is a valid proof. We have:
Suppose proof * = (μ*, Γ*, R) is a forged auditing proof, where Γ* is different from Γ. Because the forgery is successful, proof* can pass the verification of the following equation:
It is obviously that μ ≠ μ*; otherwise Γ = Γ*, which contradicts the above assumption. Let Δμ = μ* − μ. The adversary can win the game 1 with a non-negligible probability only if there is a simulator can solve the CDH problem.
Given g, gɛ, h ∈ G1, the simulator needs to generate hɛ. The simulator picks two random values and sets u = gβhθ and pkO = gɛ. For each lj, the simulator selects a random value vj and programs a random oracle at lj as . So, we can obtain .
Dividing Eq. 4 by Eq. 3, we have
According to the above equation, we can obtain . So, we have .
The probability of θΔμ ≠ 0 is , which is non-negligible. So, we can solve the CDH problem with the probability , which is contradiction with the assumption that the CDH problem in G1 is computationally infeasible.
Game 2. Game 2 is similar to Game 1, with one difference. The challenger records all interactions with the adversary.
If the adversary wins the game 2 but the aggregated data block μ* in the proof is different from the expected one μ, then the challenger will abort.
Analysis. Suppose proof = (μ, Γ, R) is a valid proof. We get:
Assume proof* = (μ*, Γ*, R) is a forged auditing proof. Because the forgery is successful, we get:
Based on Game 1, we have Γ = Γ*. Set Δμ = μ* − μ, we can design a simulator to solve the DL problem.
Inputting g, h ∈ G1, the simulator needs to output ɛ satisfying h = gɛ. The simulator selects two random values and sets u = gβhθ. Based on Γ = Γ*, we obtain
Further, we obtain that and . Hence, we can solve the DL problem as follow:
The probability of θ ≠ 0 is , and it is non-negligible. So, we can solve the DL problem with the non-negligible probability , which is contradiction with the assumption that the DL problem in G1 is computationally infeasible.
Therefore, if the cloud can pass the TPA’s verification with non-negligible probability, it means that the cloud correctly stores the smart grid data.
5.3 Theorem 3 (data privacy protection)
In our scheme, the TPA cannot extract the real data from the cloud’s auditing proof.
Proof. On the one hand, in the auditing proof = (μ, Γ, R), the original aggregated data block is blinded as μ by the random value r, where μ = μ′ − r. Because the DL problem in G1 is hard, the TPA cannot extract the value r from R, where R = ur. Thus, the TPA cannot obtain the original aggregated data block μ′ from μ. On the other hand, we get thatFrom the above equation, we know that is blinded by . It is computational infeasible to compute from and gx because the CDH problem in G1 is hard. So, the TPA cannot get from Γ. Consequently, the TPA cannot obtain the real smart grid data during the auditing phase.
6 Performance analysis
In this section, we systematically analyze the performance of our scheme from both theoretical analysis and experimental results.
6.1 Theoretical analysis
We respectively use P, H, M, E, and A to denote one pairing operation, one hash operation, one multiplication operation, one exponentiation operation and one addition operation. Suppose that the file is divide into n data blocks, and the TPA challenges s data blocks. In Table 1, we describe the computation overhead of our scheme in different phases. In the phase of partial key generation, the computation overhead is (2P + 2H + E). In the phase of authenticator generation, the user requires n (H + 2M + 2E) computation overhead to generate the authenticators. In the phase of proof generation, the computation overhead on the cloud side is (2s − 1)M + sE + (s − 1)A. In the phase of proof verification, the TPA needs to cost 3P + (s + 1) (H + M) + (s + 2)E + (s − 1) to verify the auditing proof.
TABLE 1
| Phase | Computation overhead |
|---|---|
| Partial key generation | (2P + 2H + E) |
| Authenticator generation | n (H + 2M + 2E) |
| Proof generation | (2s − 1)M + sE + (s − 1)A |
| Proof verification | 3P + (s + 1) (H + M) + (s + 2)E + (s − 1)A |
Computation overhead in different phases.
Let |q|, |p| and |n| be the size of an element in G1, and set [1, n] respectively. We present the communication overhead of our scheme in Table 2. The communication overhead of partial key generation is |q| + |p|. The communication overhead of data outsourcing is n|q| + (n + 1)|p|. In the data integrity auditing phase, the communication overhead is |n| + 2|q| + 3|p|.
TABLE 2
| Phase | Communication overhead |
|---|---|
| Partial key generation | |q| + |p| |
| Data outsourcing | n|q| + (n + 1)|p| |
| Data integrity auditing | |n| + 2|q| + 3|p| |
Communication overhead.
6.2 Experimental results
In order to show the performance of our scheme, we design a series of experiments to simulate our scheme. We utilize C programming language with the GNU Multiple Precision Arithmetic (GMP) Library (GMP-6.2.1) (GMP, 1991) and the Pairing Based Cryptography (PBC) Library (PBC-0.5.14) (Lynn, 2015) to implement the experiments. The experiments are conducted on the Ubuntu 20.04 (4 GB memory) VMware 16.1 pro in a desktop running Windows 10 with Intel(R) Core (TM) i7-9700T @ 2.0 GHZ and 16 GB RAM. In the following experiments, we set the base field size to be 512 bits, the size of an element in to be |p| = 160 bits.
6.2.1 Authenticator generation
In the proposed scheme, we test the time of authenticator generation for different numbers of data blocks, ranging from 100 to 1,000. The experimental result is represented in Figure 2. When the data owner outsources 100 data blocks and calculates the authenticators for these data blocks, the time to generate the authenticators is 0.390975s. When the number of data blocks is 1,000, the time of authenticator generation is 3.951747s. We can find that the time of authenticator generation is related to the number of data blocks.
FIGURE 2
6.2.2 Challenge generation
In the following experiment, we set the number of data blocks to 1,000, and the number of queried data blocks ranges from 100 to 1,000. As shown in Figure 3. When the number of challenged data blocks is 100, the time of challenge generation is 0.000064s. And if the number of challenged data blocks is 1,000, the challenge generation time is 0.000063s. Obviously, the overhead of challenge generation is independent of the number of challenged data blocks.
FIGURE 3
6.2.3 Proof generation
In Figure 4, we can obtain that the computation overhead of proof generation increases linearly with the number of challenged data blocks. When the number of queried data blocks is 100, the proof generation time is 0.081322s. When the number of challenged data blocks is 1,000, the time cost is 0.525229s.
FIGURE 4
6.2.4 Proof verification
Figure 5 shows that there is a proportional relationship between the computation cost of proof verification and the number of challenged data blocks. As the number of challenged data blocks increases from 100 to 100, the time of proof verification increases from 0.261052s to 1.691584s.
FIGURE 5
7 Conclusion
In this paper, we proposed a certificateless public auditing scheme for cloud-based smart grid data, which supports data privacy preserving. Compare with the traditional public auditing schemes based on PKI or IBC, our scheme can avoid the complex certificate management issue and key escrow isssue. In addition, the TPA cannot obtain the original smart grid data during the data integrity auditing phase. We give the security proof of the scheme, and the results show that our scheme is secure. We also evaluate the efficiency of our scheme through a series of experiments.
Statements
Data availability statement
The original contributions presented in the study are included in the article/supplementary material, further inquiries can be directed to the corresponding author.
Author contributions
CG organized the manuscript and wrote the first draft of the manuscript, WS provided revisions to this paper, MY and YS designed experimental scenarios.
Funding
This research is supported by National Natural Science Foundation of China (62102211), Shandong Provincial Natural Science Foundation, China (ZR2021QF018), the Open Research Fund from Shandong Key Laboratory of Computer Network (SDKLCN-2020-02).
Conflict of interest
The authors declare that the research was conducted in the absence of any commercial or financial relationships that could be construed as a potential conflict of interest.
Correction note
This article has been corrected with minor changes. These changes do not impact the scientific content of the article.
Publisher’s note
All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors and the reviewers. Any product that may be evaluated in this article, or claim that may be made by its manufacturer, is not guaranteed or endorsed by the publisher.
References
1
Al-RiyamiS. S.PatersonK. G. (2003). “Certificateless public key cryptography,” in Advances in cryptology - asiacrypt 2003. Editor LaihC.-S. (Berlin, Heidelberg: Springer Berlin Heidelberg), 452–473.
2
AtenieseG.BurnsR.CurtmolaR.HerringJ.KissnerL.PetersonZ.et al (2007). “Provable data possession at untrusted stores,” in Proceedings of the 14th ACM Conference on Computer and Communications Security, Alexandria, Virginia, USA, 28-31 Oct. 2007, 598–609. 10.1145/1315245.1315318
3
AtenieseG.Di PietroR.ManciniL. V.TsudikG. (2008). “Scalable and efficient provable data possession,” in Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks, New York, NY, USA, September 22, 2008, 1–10.
4
BaoF.DengR. H.ZhuH. (2003). “Variations of diffie-hellman problem,” in Proceedings of the International conference on information and communications security (Springer), Berlin, Heidelberg, October 10, 2003, 301–312.
5
BonehD.LynnB.ShachamH. (2001). “Short signatures from the weil pairing,” in Proceedings of the International conference on the theory and application of cryptology and information security (Springer), Berlin, Heidelberg, November 20, 2001, 514–532.
6
ChenX.LiJ.MaJ.TangQ.LouW. (2014). New algorithms for secure outsourcing of modular exponentiations. IEEE Trans. Parallel Distrib. Syst.25, 2386–2396. 10.1109/tpds.2013.180
7
ErwayC. C.KüpçüA.PapamanthouC.TamassiaR. (2015). Dynamic provable data possession. ACM Trans. Inf. Syst. Secur.17, 1–29. 10.1145/2699909
8
GaoX.YuJ.ChangY.WangH.FanJ. (2021). Checking only when it is necessary: Enabling integrity auditing based on the keyword with sensitive information privacy for encrypted cloud data. IEEE Trans. Dependable Secure Comput., 1–1. 10.1109/TDSC.2021.3106780
9
GMP (1991). The gnu multiple precision arithmetic library (gmp). Available at: http://gmplib.org. (Accessed September 1, 2022).
10
GuoW.QinS.GaoF.ZhangH.LiW.JinZ.et al (2020). Dynamic proof of data possession and replication with tree sharing and batch verification in the cloud. IEEE Trans. Serv. Comput.15, 1813–1824. 10.1109/TSC.2020.3022812
11
HeD.KumarN.ZeadallyS.WangH. (2018a). Certificateless provable data possession scheme for cloud-based smart grid data management systems. IEEE Trans. Ind. Inf.14, 1232–1241. 10.1109/TII.2017.2761806
12
HeD.ZeadallyS.WuL. (2018b). Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Syst. J.12, 64–73. 10.1109/JSYST.2015.2428620
13
JiY.ShaoB.ChangJ.XuM.XueR. (2022). Identity-based remote data checking with a designated verifier. J. Cloud Comput. (Heidelb).11, 7–14. 10.1186/s13677-022-00279-5
14
JuelsA.KaliskiB. S. (2007). “Pors: Proofs of retrievability for large files,” in Proceedings of the 14th ACM Conference on Computer and Communications Security, New York, NY, USA, October 28, 2007, 584–597. 10.1145/1315245.1315317
15
LiB.HeQ.ChenF.DaiH.JinH.XiangY.et al (2021). Cooperative assurance of cache data integrity for mobile edge computing. IEEE Trans. Inf. Forensic. Secur.16, 4648–4662. 10.1109/tifs.2021.3111747
16
LiY.YuY.YangB.MinG.WuH. (2018). Privacy preserving cloud data auditing with efficient key update. Future Gener. Comput. Syst.78, 789–798. 10.1016/j.future.2016.09.003
17
LiuY.YuJ.FanJ.VijayakumarP.ChangV. (2021). Achieving privacy-preserving dsse for intelligent iot healthcare system. IEEE Trans. Ind. Inf.18, 2010–2020. 10.1109/tii.2021.3100873
18
LiuZ.RenL.LiR.LiuQ.ZhaoY. (2022). Id-based sanitizable signature data integrity auditing scheme with privacy-preserving. Comput. Secur.121, 102858. 10.1016/j.cose.2022.102858
19
LuQ.LiS.ZhangJ.JiangR. (2022). Pedr: Exploiting phase error drift range to detect full-model rogue access point attacks. Comput. Secur.114, 102581. 10.1016/j.cose.2021.102581
20
LynnB. (2015). The pairing-based cryptographic library. Available at: https://crypto.stanford.edu/pbc/. (Accessed September 1, 2022).
21
McCurleyK. S. (1990). The discrete logarithm problem. Proc. Symp. Appl. Math (USA)42, 49–74.
22
McDanielP.McLaughlinS. (2009). Security and privacy challenges in the smart grid. IEEE Secur. Priv. Mag.7, 75–77. 10.1109/MSP.2009.76
23
PengX.XianH.LuQ.LuX. (2021). Semantics aware adversarial malware examples generation for black-box attacks. Appl. Soft Comput.109, 107506. 10.1016/j.asoc.2021.107506
24
ShachamH.WatersB. (2008). “Compact proofs of retrievability,” in Advances in cryptology - asiacrypt 2008. Editor PieprzykJ. (Berlin, Heidelberg: Springer Berlin Heidelberg), 90–107.
25
ShamirA. (1985). “Identity-based cryptosystems and signature schemes,” in Advances in cryptology. Editors BlakleyG. R.ChaumD. (Berlin, Heidelberg: Springer Berlin Heidelberg), 47–53.
26
ShaoY.TianC.HanL.XianH.YuJ. (2022). Privacy-preserving and verifiable cloud-aided disease diagnosis and prediction with hyperplane decision-based classifier. IEEE Internet Things J., 9, 21648–21661. 10.1109/JIOT.2022.3181734
27
ShenW.QinJ.YuJ.HaoR.HuJ. (2019). Enabling identity-based integrity auditing and data sharing with sensitive information hiding for secure cloud storage. IEEE Trans. Inf. Forensic. Secur.14, 331–346. 10.1109/tifs.2018.2850312
28
WangB.LiB.LiH.LiF. (2013). “Certificateless public auditing for data integrity in the cloud,” in Proceedings of the 2013 IEEE Conference on Communications and Network Security (CNS)., National Harbor, MD, USA, October 14–16, 201318, 136–144. 10.1109/CNS.2013.6682701
29
WangH.WangQ.HeD. (2019). Blockchain-based private provable data possession. IEEE Trans. Dependable Secure Comput., 1–10. 10.1109/TDSC.2019.2949809
30
WangH.WuQ.QinB.Domingo FerrerJ. (2014). Identity-based remote data possession checking in public clouds. IET Inf. Secur.8, 114–121. 10.1049/iet-ifs.2012.0271
31
WangY.WuQ.QinB.ShiW.DengR. H.HuJ. (2017a). Identity-based data outsourcing with comprehensive auditing in clouds. IEEE Trans. Inf. Forensic. Secur.12, 940–952. 10.1109/tifs.2016.2646913
32
WangY.WuQ.QinB.TangS.SusiloW. (2017b). Online/offline provable data possession. IEEE Trans. Inf. Forensic. Secur.12, 1182–1194. 10.1109/TIFS.2017.2656461
33
WuG.MuY.SusiloW.GuoF.ZhangF. (2019). Privacy-preserving certificateless cloud auditing with multiple users. Wirel. Pers. Commun.106, 1161–1182. 10.1007/s11277-019-06208-1
34
XuY.SunS.CuiJ.ZhongH. (2020). Intrusion-resilient public cloud auditing scheme with authenticator update. Inf. Sci.512, 616–628. 10.1016/j.ins.2019.09.080
35
XuZ.HeD.VijayakumarP.GuptaB.ShenJ. (2021). Certificateless public auditing scheme with data privacy and dynamics in group user model of cloud-assisted medical wsns. IEEE J. Biomed. Health Inf., 1–1. 10.1109/jbhi.2021.3128775
36
YangH.SuY.QinJ.WangH. (2020). Privacy-preserving outsourced inner product computation on encrypted database. IEEE Trans. Dependable Secure Comput.19, 1. 10.1109/tdsc.2020.3001345
37
YuJ.RenK.WangC. (2016). Enabling cloud storage auditing with verifiable outsourcing of key updates. IEEE Trans. Inf. Forensic. Secur.11, 1362–1375. 10.1109/tifs.2016.2528500
38
YuJ.WangH. (2017). Strong key-exposure resilient auditing for secure cloud storage. IEEE Trans. Inf. Forensic. Secur.12, 1931–1940. 10.1109/tifs.2017.2695449
39
ZhangH.GaoP.YuJ.LinJ.XiongN. N. (2021a). Machine learning on cloud with blockchain: A secure, verifiable and fair approach to outsource the linear regression. arXiv preprint arXiv:2101.02334.
40
ZhangH.TongL.YuJ.LinJ. (2021b). Blockchain-aided privacy-preserving outsourcing algorithms of bilinear pairings for internet of things devices. IEEE Internet Things J.8, 15596–15607. 10.1109/jiot.2021.3073500
41
Zhang JJ.LiZ.WangB.WangX. A.OgielaU. (2020). Enhanced certificateless auditing protocols for cloud data management and transformative computation. Inf. Process. Manag.57, 102287. 10.1016/j.ipm.2020.102287
42
ZhangX.HuangC.ZhangY.CaoS. (2021c). Enabling verifiable privacy-preserving multi-type data aggregation in smart grids. IEEE Trans. Dependable Secure Comput., 1–1. 10.1109/TDSC.2021.3124546
43
ZhangX.ZhaoJ.XuC.LiH.WangH.ZhangY. (2019). Cipppa: Conditional identity privacy-preserving public auditing for cloud-based wbans against malicious auditors. IEEE Trans. Cloud Comput.9, 1362–1375. 10.1109/TCC.2019.2927219
44
ZhangY.YuJ.HaoR.WangC.RenK. (2020). Enabling efficient user revocation in identity based cloud storage auditing for shared big data. IEEE Trans. Dependable Secur. Comput.17, 608–619.
45
ZhangY.XuC.YuS.LiH.ZhangX. (2015). Sclpv: Secure certificateless public verification for cloud-based cyber-physical-social systems against malicious auditors. IEEE Trans. Comput. Soc. Syst.2, 159–170. 10.1109/TCSS.2016.2517205
46
ZhouL.FuA.MuY.WangH.YuS.SunY. (2021). Multicopy provable data possession scheme supporting data dynamics for cloud-based electronic medical record system. Inf. Sci.545, 254–276. 10.1016/j.ins.2020.08.031
47
ZhouL.FuA.YangG.WangH.ZhangY. (2022). Efficient certificateless multi-copy integrity auditing scheme supporting data dynamics. IEEE Trans. Dependable Secure Comput.19, 1–1132. 10.1109/TDSC.2020.3013927
Summary
Keywords
smart grid, certificateless public auditing, cloud computing, cloud storage, privacy—preserving
Citation
Gai C, Shen W, Yang M and Su Y (2023) Certificateless public auditing with data privacy preserving for cloud-based smart grid data. Front. Energy Res. 10:1058125. doi: 10.3389/fenrg.2022.1058125
Received
30 September 2022
Accepted
31 October 2022
Published
16 January 2023
Corrected
22 January 2026
Volume
10 - 2022
Edited by
Dou An, MOE Key Laboratory for Intelligent Networks and Network Security, China
Reviewed by
Chengyu Hu, Shandong University, China
Yalong Wu, University of Houston—Clear Lake, United States
Updates
Copyright
© 2023 Gai, Shen, Yang and Su.
This is an open-access article distributed under the terms of the Creative Commons Attribution License (CC BY). The use, distribution or reproduction in other forums is permitted, provided the original author(s) and the copyright owner(s) are credited and that the original publication in this journal is cited, in accordance with accepted academic practice. No use, distribution or reproduction is permitted which does not comply with these terms.
*Correspondence: Wenting Shen, shenwentingmath@163.com
This article was submitted to Smart Grids, a section of the journal Frontiers in Energy Research
Disclaimer
All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors and the reviewers. Any product that may be evaluated in this article or claim that may be made by its manufacturer is not guaranteed or endorsed by the publisher.