Third-Party Auditor (TPA): A Potential Solution for Securing a Cloud Environment

Abstract

The confidentiality and verification of customer's data at the cloud service provider (CSP) side becomes a critical issue in terms of both reliability (i.e., the trust aspect) and efficiency (i.e., the ease of performing such verifications). As data owners no longer physically possess their data storage, traditional cryptographic primitives for the purpose of data security protection cannot be directly adopted. In such a scenario, the use of a third-party auditor (TPA) provides both efficiency, transparency, and the fairness in performing the required auditing tasks as well as it serves as a bridge between the cloud service users (CSUs) and the CSPs. Thus, for practical use, it seems more rational to equip the verification capabilities with public auditability, which is expected to play a more important role in achieving economies of scale for cloud computing. Although the use of TPA provides several advantages, the fact that TPA is an untrusted entity and it can turn into a malicious user or promote insider threats cannot be ignored. Thus, for a complete realistic security solution where CSUs achieve maximum cloud benefits at minimum computational cost, the auditing of TPA is required. In this paper, we develop an auditing method for CSUs/CSPs to ensure the integrity of the TPA and minimize the possibility of insider threats or malicious activities. The integrity of TPA will be verified using the time-released session keys and the service level agreement (SLA).