Outsourced Proofs Of Retrievability

Proofs of Retrievability (POR) are cryptographic proofs that enable a cloud provider to prove that a user can retrieve his file in its entirety. POR need to be frequently executed by the user to ensure that their files stored on the cloud can be fully retrieved at any point in time. To conduct and verify POR, users need to be equipped with devices that have network access, and that can tolerate the (non-negligible) computational overhead incurred by the verification process. This clearly hinders the large-scale adoption of POR by cloud users, since many users increasingly rely on portable devices that have limited computational capacity, or might not always have network access.In this paper, we introduce the notion of outsourced proofs of retrievability (OPOR), in which users can task an external auditor to perform and verify POR with the cloud provider. We argue that the OPOR setting is subject to security risks that have not been covered by existing POR security models. To remedy that, we propose a formal framework and a security model for OPOR. We then propose an instantiation of OPOR which builds upon the provably-secure private POR scheme due to Shoehorn and Waters (Asiacrypt'08) and we show its security in our proposed security model. We implement a prototype based on our solution, and evaluate its performance in a realistic cloud setting. Our evaluation results show that our proposal minimizes user effort, incurs negligible overhead on the auditor (compared to the SW scheme), and considerably improves over existing publicly verifiable POR.