Computers & Security 95 (2020) 101847 Contents lists available at ScienceDirect Computers & Security journal homepage: www.elsevier.com/locate/cose Cloud data integrity verification scheme for associated tags Junfeng Tian a,b , Xuan Jing a,b,∗ a School of Cyber Security and Computer, Hebei University, Baoding 071000, China b Key Lab on High Trusted Information System in Hebei Province, Baoding 071000, China a r t i c l e i n f o Article history: Received 18 September 2019 Revised 14 March 2020 Accepted 19 April 2020 Available online 27 April 2020 Keywords: Electronic health records Operation logs Verification tags Integrity verification a b s t r a c t In typical cloud storage systems such as storage systems for electronic health records (EHRs), users must regularly update sensitive files that are stored in the cloud. Leakage of the operation logs (OLs) will cause severe damage to users. Therefore, it is critical to develop secure auditing techniques for verifying users OLs. Under this scenario, we propose a novel auditing scheme that realizes secure detection for users OLs. In this design, the OLs are grouped according to the types of operations, the verification tags (VTs) of the OLs are calculated by associating an operation relationship, and the cloud data integrity verifica- tion is realized by randomly detecting the correctness of VTs. We introduce a homomorphic hash function into the integrity verification of the OLs, and the verification result for the sensitive information is de- rived from the verification result for the public information, thereby realizing stronger privacy protection. Furthermore, our scheme also achieves efficient handling of data dynamics. The security analysis and experimental verification indicate that our scheme is secure and efficient. © 2020 Elsevier Ltd. All rights reserved. 1. Introduction With the development of networks and the continual progress of science and technology, the scale of data in real life continues to increase. As a result, increasingly many users choose to store large amounts of data in the cloud computing platform, and the cloud storage technology is a concept that is derived from cloud comput- ing services Ren et al. (2012). Through cloud storage systems, users can outsource their data to cloud servers, thereby reducing their storage burden on the local hardware. Currently, many cloud ser- vice providers (e.g., AWS, Azure, and Google Cloud) provide cloud storage as one of their main services. However, in contrast to traditional local storage technologies, users lose physical control of their data when using cloud storage. The data that are stored in the cloud might be corrupted or lost due to unavoidable software errors, hardware failures, external ma- licious attacks and damage from cloud service providers. According to a survey that was conducted by Gartner in 2009, 70% of the CEOs of the surveyed companies refused to adopt cloud comput- ing models on a large scale due to concerns about the privacy of cloud data 2 (2018). Furthermore, in recent years, the security stor- age problem that has been exposed by cloud operators has aroused people’s concerns. For example, Amazon EC2 permanently deleted ∗ Corresponding author at: School of Cyber Security and Computer, Hebei Univer- sity, Baoding 071000, China E-mail address: abidble@gmail.com (X. Jing). data Ristenpart et al. (2009) and Gmail suffered from data loss 4 (2018). Therefore, the realization of the secure storage of cloud data is an urgent problem to be solved. To this end, researchers proposed the provable data possession (PDP) Ateniese et al. (2007) and the proofs of retrievability (POR) Juels and Kaliski (2007). However, in practice, for some common cloud storage systems, such as electronic health record (EHR) sys- tems, users must update sensitive data on a regular basis, and leaking of the operation logs (OLs) would cause serious damage to users. Therefore, it is necessary to implement integrity verifica- tion of user OLs while ensuring the privacy and security of sensi- tive data Sun and Fang (2010). We divide the verification tags (VTs) into two parts, namely, authentication tags (ATs) and sensitive tags (STs), and we verify the integrity of the OLs by detecting the cor- rectness of the tags. The authentication tag (AT) refers to the op- eration log (OL) tag of public information such as the user num- ber and the doctor number. The sensitive tag (ST) refers to the OL tag of sensitive information such as the user’s name and condition. Since disease data change frequently, as the frequency of updat- ing these sensitive data increases, the cost of calculating STs also increases. To reduce the verification overhead of such a system, the num- ber of verifications of the STs can be increased, or the number of verifications of the ATs can be reduced and balanced according to the application requirements Tian et al. (2015). However, due to the recalculation of tags after the insertion or deletion of data, N copies of VTs will be calculated after N updates, and when the https://doi.org/10.1016/j.cose.2020.101847 0167-4048/© 2020 Elsevier Ltd. All rights reserved.