An Enhanced Cloud Network Integrity and Fair Compensation Scheme Through Data Structures and Blockchain Enforcement
Round 1
Reviewer 1 Report
Comments and Suggestions for Authors- The main question the study aims to address.
The object of the study is a system for verifying the integrity of data stored in cloud storage.
The subjects of the study are mathematical apparatus of number theory, blockchain theory, cryptographic methods of information security, methods of data integrity verification in the cloud.
The goal of the study is to reduce the time and computational cost of verifying the integrity of data stored in the cloud.
- Evaluation of originality and relevance of the topic of the article.
The research topic is relevant. Nowadays, as the amount of data being transferred and stored increases, the demand for the use of cloud storage is increasing. Users can easily retrieve files from the cloud anytime and anywhere, making access convenient and cost-effective. However, this raises the challenge of maintaining data integrity (DI) and the trust required to securely outsource data without compromising privacy or security. Therefore, the development of a new method of external third party auditor (TPA) to perform integrity verification of the data stored in the cloud while verifying the integrity of the participants is an urgent task.
The novelty of the solution presented in this paper is based on the use of Merkle hash tree (MHT), blockchain technology (BCT) and the developed non-interactive dynamic DI proof (NDDIP). By minimizing redundant operations and limiting the auditor's interaction with the cloud, the computational cost was reduced by 24.02% and communication flows by 86.22% compared to existing solutions.
- Contribution to the subject area compared to other published material.
The paper analyzes in sufficient depth the works devoted to solving the problem of maintaining data integrity (DI) in cloud storage. Based on the analysis of these sources, the authors chose the method of external auditor (TPA), pointing out its main drawbacks. The contribution to the subject area is that the authors have proposed a new approach to maintain data integrity (DI). It allows by reducing the data exchange between the data owner (PDO), cloud storage servers (CSS) and TPA to provide a reduction in computational and communication cost. This is achieved through the joint application of blockchain technology, with an optimized ranked Merkle hash tree (RBMHT), and the developed non-interactive dynamic DI proof. Using rank-based MHT (RBMHT) for data validation improves data localization, supports dynamic updates, and simplifies the probity process. The combined use of NDDIP and blockchain technology increases the privacy of the system. To evaluate the trust in the parties involved in the DI process, the authors propose the use of smart contracts. To perform risk assessment in the developed DI system the authors developed a game model of system security and proved three theorems to perform security and privacy analysis. The application of the developed privacy-preserving and fairness-preserving authentication model reduced the computational and communication costs by an average of 24.02% and 86.22%, respectively, compared to the prototype.
- Evaluation of the consistency of the conclusions with the evidence and presented arguments.
The validity of the conclusions and recommendations is conditioned by the correct application of mathematical transformations, the absence of contradictions with the known facts of theory and practice of maintaining the integrity of data stored in cloud servers.
- Evaluation of the sources of information presented in the article.
References to sources of information presented in the paper are appropriate. Sources are available for study.
Remarks
- It is not clear from the text of the paper how the expressions presented in Tables 4 and 6 were obtained. If these expressions were taken from the source [38], it is necessary to indicate this. If they were developed by the authors, it is necessary to describe the algorithm of their derivation.
- The paper lacks information about the values of variables n, s, c. The absence of these values does not allow us to evaluate the effectiveness of the developed method in terms of computational cost estimation. At certain values of variables s, c the computational costs of the developed method exceed those of the prototype. This follows from the expressions in Table 4.
- The authors need to explain such a large gain in traffic reduction of more than 10 times when using the developed method compared to [38]. What is the reason for such an increase in the gain with increasing the block length?
- I believe that it is not correct to make an average value of computational and communication costs. For example, at block length of 64 MB the cost reduction compared to the prototype is 1.83 times, and at 1024 MB the cost reduction is 1.05 times (Table 5).
- There are two fourth sections in the article.
- In formula (34), the authors did not describe the variable s.
- On line 413, delete Bl before 4.2. Security Analysis.
English in the article is fine. Minor edits are welcome
Author Response
Thank you very much for your time in reviewing my paper. Attached are my response to your constructive comments and suggestions for the improvement of the paper. Once again, thank you very much.
Author Response File: Author Response.docx
Reviewer 2 Report
Comments and Suggestions for AuthorsThe paper proposes a new method for cloud-stored data integrity verification. The problem of the research is valid. However, the presentation of the research results must be improved:
- The introduction section contains many references and combines the introduction and related work. The author should split the section in two and clearly distinguish the introduction as a problem definition section and the related work section, which describes other research efforts.
- The difference between the proposed approach and the previous research should be emphasized more.
- The authors should more clearly describe under which threat model this system is meant to operate. Paragraphs in rows 103-115 should probably separated in another section which describes the threat model - Which are trusted parties? How is data stored in the CSS (encrypted or not)? Is the data in transit secured?
- The author should more clearly describe the use of blockchain in the proposal. The paper lacks any reference to the blockchain system used for the PoC and experimental verification, yet the blockchain is mentioned even in the paper title.
- Please verify indices in the hash values in rows 232-237
- The cryptographic algorithms used in the proposed system were not described properly. Some examples: A homomorphic hash is mentioned in row 289. However, the sentence that mentions it is not finished, so it is not clear how it is used, which scheme was used, and so on. Row 335 mentions "cryptographic hashing or homomorphic signatures". Is it hashing or signature? Which homomorphic scheme was used? Also, none of the used cryptographic algorithms are mentioned in the text. Which algorithms were used for the encryption, decryption, hashing and so on?
- In row 375, the author mentions, "The entire transaction is immutably logged into a
ledger" - what is the size of the transaction that is logged? Is this the appropriate way of using blockchain? WHat is the cost of storing this data? - In section 4, tables and respective figures are redundant (e.g. Tab 1 and Fig 5.). Tables might be omitted.
- Table 4 shows that the computational cost of the existing method is lower than that of the proposed method (e.g. nM+2nE is lower than n(s+1)M+2nE when s is positive). How does this correlate with the results in Table 5? How is this possible? Please dicuss.
The language must be improved. There are unfinished sentences and wrong words. Some examples:
Row 91: The structure avoids the risks of single-point failures common in centralized architectures by storing a full copy of the databased on each network node.
Row 289: Next, a homomorphic hash with a tree-based structure that generates a root representing the entire dataset.
Row 584: where 𝑐 is the challenged blocks in a given audit
Author Response
Thank you very much for your time in reviewing my paper. Attached are my response to your constructive comments and suggestions for the improvement of the paper. Once again, thank you very much.
Author Response File: Author Response.docx
Round 2
Reviewer 1 Report
Comments and Suggestions for AuthorsThe comments are completely eliminated
Comments on the Quality of English LanguageEnglish in the article is fine. Minor edits are welcome
Reviewer 2 Report
Comments and Suggestions for AuthorsThe author responded to the comments I made.