Outsourcing Proofs of Retrievability

Proofs of Retrievability (POR) are cryptographic proofs that enable a cloud provider to prove that a user can retrieve his file in its entirety. POR need to be frequently executed by the user to ensure that their files stored in the cloud can be fully retrieved at any point in time. To conduct and verify POR, users need to be equipped with devices that have network access, and that can tolerate the (non-negligible) computational overhead incurred by the verification process. This clearly hinders the large-scale adoption of POR by cloud users, since many users increasingly rely on portable devices that have limited computational capacity, or might not always have network access. In this paper, we introduce the notion of outsourced proofs of retrievability (OPOR), in which users can task an external auditor to perform and verify POR with the cloud provider. We argue that the OPOR setting is subject to security risks that have not been covered by existing POR security models. To remedy that, we propose a formal framework and a security model for OPOR. We then propose a generic procedure for transforming a public POR into an OPOR and we show the security of the resulting OPOR in our proposed security model. We demonstrate the transformation on two different instantiations of public POR schemes due to Shacham and Waters (Asiacrypt'08)-one based on BLS signatures and one using RSA signatures. A shortcoming of this transformation is that the generated OPOR inherits the high computational overhead from the underlying public key cryptography. Consequently, we propose afterwards an OPOR that is build from a private POR by Shacham and Waters. We implement a prototype based on our solutions, and evaluate their performance in a realistic cloud setting. Our evaluation results show that our proposals minimize user effort, and incur negligible overhead on the auditor.