Mobile Information Systems

Volume 2017, Article ID 2925465, 5 pages

https://doi.org/10.1155/2017/2925465

## Certificateless Public Auditing with Privacy Preserving for Cloud-Assisted Wireless Body Area Networks

School of Computer Science and Software, Tianjin Polytechnic University, Tianjin 300387, China

Correspondence should be addressed to Baoyuan Kang; moc.nuyila@gnaknauyoab

Received 9 January 2017; Accepted 11 April 2017; Published 6 July 2017

Academic Editor: Stefania Sardellitti

Copyright © 2017 Baoyuan Kang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

#### Abstract

With cloud computing being integrated with wireless body area networks, the digital ecosystem called cloud-assisted WBAN was proposed. In cloud-assisted medical systems, the integrity of the stored data is important. Recently, based on certificateless public key cryptography, He et al. proposed a certificateless public auditing scheme for cloud-assisted WBANs. But He et al.’s scheme is not a scheme with privacy preserving. After many checks on some of the same data blocks, the auditor can derive these data blocks. In this paper, we propose a certificateless public auditing scheme with privacy preserving for cloud-assisted WBANs. In the proof phase of the proposed scheme, the proof information is protected from being directly exposed to the auditor. So, the curious auditor could not derive the data blocks. We also prove that the proposed scheme is secure in the random oracle model under the assumption that the Diffie-Hellman problem is hard, and we give a comparison of the proposed scheme with He et al.’s scheme in terms of security and computation cost.

#### 1. Introduction

Advances in wireless communication technologies, microcontroller systems, and sensor technologies have enabled the design and development of wireless body area networks (WBANs) that are playing an increasingly important role in healthcare systems because of their ability to provide continuous measurements and to monitor a patient’s health status by using medical sensors implanted inside the patient’s body [1].

To make a fast diagnosis and store and process sensing data in real time, cloud computing is being integrated with traditional WBANs to propose the digital ecosystem called cloud-assisted WBAN. In cloud-assisted medical systems, the data stored in the cloud-based store resource are the basis of all diagnoses. So, the integrity of the stored data is important. As a cryptographic technique, public auditing scheme [2] could provide effective data integrity check service in cloud-assisted WBANs. In a typical public auditing scheme in cloud service, there are three entities: a data user, a cloud server, and a third-party auditor. Data file from the data user is outsourced to the cloud server, and the auditor provides the data integrity check service for the data user. The data user is a resource-constrained entity, but the auditor has certain computation ability and expertise for integrity checking. After Ateniese et al.’s pioneering work [2], many auditing schemes were proposed [3–18]. But these schemes were constructed on a public key cryptographic system; data users and the auditor need more storage space or computation cost in key management and verification.

In ID-based cryptography [19], the public key of any user is his/her identity. So, it is clear that the auditing schemes on the ID-based cryptography system will reduce the costs of the data users and the auditor. Many ID-based public auditing schemes are proposed [20–23]. But, in ID-based public auditing schemes, the PKG (private key generator) knows any user’s private key. It is clear that, for patient privacy information process in cloud-assisted medical systems, ID-based public auditing schemes are not secure. Recently, based on certificateless public key cryptography [24], He et al. proposed a certificateless public auditing scheme for cloud-assisted WBANs [1]. In certificateless public key cryptography, the private key of a user consists of two parts. One is the partial private key generated by the PKG, and the other is a secret key generated by the user. So, certificateless public key cryptography simultaneously overcomes the drawback of public key cryptography and ID-based cryptography. Certificateless public auditing scheme is very applicable for cloud-assisted WBANs with energy-limited sensors and a large amount of personal sensitive information. In [1], the proposed certificateless public auditing scheme is proved to be secure and very suitable for use in cloud-assisted WBANs. But He et al.’s scheme is not a scheme with privacy preserving. After many checks on some of the same data blocks, the auditor can derive these data blocks from the proof information that the cloud server submitted.

In this paper, we propose a certificateless public auditing scheme with privacy preserving. In the proof phase of the proposed scheme, the proof information is protected from being directly exposed to the auditor. So, the curious auditor could not derive the data blocks. We also prove that the proposed scheme is secure in the random oracle model under the assumption that the Diffie-Hellman problem is hard.

The rest of the paper is organized as follows. In Section 2, we propose the system and security model. In Section 3, we review bilinear pairing and computational Diffie-Hellman problem relevant to the security of the proposed scheme. A certificateless public auditing scheme with privacy preserving is proposed in Section 4. In Section 5, we provide security proofs of the proposed scheme. In Section 6, we compare the proposed scheme with He et al.’s scheme in terms of security and computation cost. Conclusion is given in Section 7.

#### 2. The System and Security Model

##### 2.1. The System Model

There are four entities included in a certificateless public auditing scheme:(1)A data user (DU) who possesses a data file needed to be stored on the cloud.(2)A cloud server (CS) that provides data storage service to the data user.(3)A third-party auditor (AU) who has capacities to check data integrity on behalf of the data user.(4)A private key generator (PKG) that is responsible for setting up the system parameter and generating the partial private key for any entity by using the entity’s identity information.

To reduce the burden of data file storage, the data user (DU) uploads his/her data file to the cloud server (CS) for storage, and the DU no longer possesses his/her data file locally. To ensure the data file is correctly stored in the cloud server, DU entrusts the trusted third-party AU who has expertise and computation capabilities to periodically check his/her data file integrity.

##### 2.2. The Security Model

In a certificateless public auditing scheme, PKG is a trusted authority, DU is honest, and AU is honest but curious. CS is a semitrusted party; he/she might change or delete the data user’s file for his/her benefit and forge the proof information for passing data integrity checking. We will also investigate whether AU can get any information about the data file content during the auditing process.

Our design goals are three aspects:(1)Public auditability: AU can verify the correctness of the cloud data file blocks on demand without retrieving a copy of the whole data file or introducing additional online burden to the cloud users.(2)Storage correctness: no cheating cloud server can pass AU’s audit.(3)Privacy preserving: AU cannot derive data user’s file content from the information collected during the auditing process.

#### 3. Preliminary

##### 3.1. The Bilinear Pairing

Let be a cyclic additive group generated by , whose order is a prime , and let be a cyclic multiplicative group of the same order. Let be a pairing map which satisfies the following conditions.

*(1) Bilinearity*. For any , thenIn particular, for any , .

*(2) Nondegeneracy*. There exists , such that .

*(3) Computability*. There is an efficient algorithm to compute for all .

##### 3.2. Computational Diffie-Hellman (CDH) Problem

There is a generator of an additive cyclic group with order , and there is for unknown to compute .

#### 4. The Proposed Scheme

The proposed certificateless public auditing scheme consists of seven algorithms:* setup, partial-private-key extraction, set-public key, tag generation, challenge phase, prove phase, and verify phase*.

*Setup*. Given a security parameter , the algorithm works as follows:(1)Run the parameter generator on input to generate a prime , an additive cyclic group and a multiplicative cyclic group of the same order , a generator of , and a bilinear map .(2)Pick a random as master key of PKG and set system public key .(3)Choose four cryptographic hash functions

The system parameters are .

*Partial-Private-Key Extraction*. When any one wants to register his/her identity to PKG, the algorithm works as follows:(1)Compute .(2)Set the partial private key , where is the master key of PKG.

*Set-Public Key*. Given a user’s identity , this algorithm picks a random as the user’s secret value and computes his/her public key as .

*Tag Generation*. For a data file , this algorithm works as follows:(1)For each data block , choose and compute (2)Compute Let .(3)DU sends to CS.(4)DU sends to AU.

*Challenge Phase*. To check the integrity of the outsourced data file , AU randomly chooses a set and a number to generate the challenging information and sends it to the CS.

*Prove Phase*. Upon receiving , CS produces set .

Here, . Then, using and , CS picks a random number , computes and sends proof information to the AU. Here, .

*Verify Phase*. Upon receiving the proof information , based on stored information , AU computes Then, it checks the equationIf the equation holds, AU accepts the proof.

The correctness of the above verification equation can be demonstrated as follows:

#### 5. Security

In this section, we discuss the security of the proposed scheme in unforgeability and privacy preserving.

##### 5.1. Unforgeability

Theorem 1. *If the CDH assumption is hard, then the proposed scheme is secure against proof information existential forgery attack from the CS.*

*Proof of Theorem 1. *We will show that if CS can forge valid proof information, the challenger will use the forged proof information to solve the CDH problem.

Because CS has the signature of any one file block, CS needs not do tag oracle. So, we only look at hash functions as random oracles. For given CDH problem instance , the challenger lets the system public key , and in partial-private-key-extract phase, for two times oracles, let , . , selected by the challenger, is a random number. In the proof process, for the same Chall information and same random number , let and be two pieces of valid proof information under two times different oracles, , . Then, the following two equations hold:Then, So,The challenger derives

##### 5.2. Privacy Preserving

Theorem 2. *In the proposed scheme, AU cannot derive any information about DU’s data blocks during the whole auditing procedure.*

*Proof of Theorem 2. *In the whole auditing procedure, AU can get information But are irrelevant to the file content, and AU cannot derive any information about the data blocks from since the hash functions are secure.

AU cannot derive any information about the data blocks from equation , since there is an unknown random number .

Finally, AU cannot derive file content information from .

#### 6. Comparisons

In this section, we compare the proposed scheme with He et al.’s scheme [1] in terms of security and computation cost. In the comparison of computation cost, we use , , and as scalar multiplication computation, hash computation, and bilinear pairings computation, respectively. We show the comparison results in Tables 1 and 2. According to Table 1, our scheme demonstrates better security, and according to Table 2 there is notable low hash computation cost in the proposed scheme. Of course, in some phases, there are high computation costs in multiplication and bilinear pairings computation.