{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T12:59:44Z","timestamp":1740142784381,"version":"3.37.3"},"reference-count":54,"publisher":"Oxford University Press (OUP)","issue":"10","license":[{"start":{"date-parts":[[2024,6,30]],"date-time":"2024-06-30T00:00:00Z","timestamp":1719705600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/pages\/standard-publication-reuse-rights"}],"funder":[{"DOI":"10.13039\/501100012166","name":"National Key R&D Program of China","doi-asserted-by":"publisher","award":["2022YFB2703301"],"award-info":[{"award-number":["2022YFB2703301"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61672062","61232005"],"award-info":[{"award-number":["61672062","61232005"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,10,12]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>To alleviate the burden of data storage and management, there is a growing trend of outsourcing data to the cloud that enables users to remotely manage their data flexibly. However, this shift also raises concerns regarding outsourced data deletion, as users lose physical control over their outsourced data and are unable to verify its proper eradication. To address this issue, cloud service providers are required to provide a scheme that guarantees the effective deletion of outsourced data. Existing schemes, including key management-based and overwriting-based schemes, fail to ensure both the irrecoverability of deleted data and the verifiability of the deletion process. In this paper, we propose IPOD2, an irrecoverable and verifiable deletion scheme for outsourced data. Specifically, IPOD2 utilizes the overwriting-based deletion method to implement outsourced data deletion and extends the Integrity Measurement Architecture to measure the operations in the deletion process. The measurement results are protected by the Trusted Platform Module and verifiable for users. To demonstrate the viability of IPOD2, we implement a prototype of IPOD2 on the Linux kernel 5.4.120. Experimental results show that, compared with the three existing schemes, IPOD2 has the minimum overhead in both deletion and verification processes.<\/jats:p>","DOI":"10.1093\/comjnl\/bxae053","type":"journal-article","created":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T08:59:13Z","timestamp":1719824353000},"page":"2877-2889","source":"Crossref","is-referenced-by-count":0,"title":["IPOD2: an irrecoverable and verifiable deletion scheme for outsourced data"],"prefix":"10.1093","volume":"67","author":[{"given":"Xiaolei","family":"Zhang","sequence":"first","affiliation":[{"name":"School of Computer Science, Peking University , Beijing 100871 ,","place":["China"]},{"name":"National Engineering Research Center for Software Engineering, Peking University , Beijing 100871 ,","place":["China"]},{"name":"PKU-OCTA Laboratory for Blockchain and Privacy Computing, Peking University , Beijing 100871 ,","place":["China"]}]},{"given":"Zhaoyu","family":"Chen","sequence":"additional","affiliation":[{"name":"National Engineering Research Center for Software Engineering, Peking University , Beijing 100871 ,","place":["China"]},{"name":"PKU-OCTA Laboratory for Blockchain and Privacy Computing, Peking University , Beijing 100871 ,","place":["China"]},{"name":"School of Software and Microelectronics, Peking University , Beijing 102600 ,","place":["China"]}]},{"given":"Xin","family":"Zhang","sequence":"additional","affiliation":[{"name":"National Engineering Research Center for Software Engineering, Peking University , Beijing 100871 ,","place":["China"]},{"name":"PKU-OCTA Laboratory for Blockchain and Privacy Computing, Peking University , Beijing 100871 ,","place":["China"]},{"name":"School of Software and Microelectronics, Peking University , Beijing 102600 ,","place":["China"]}]},{"given":"Qingni","family":"Shen","sequence":"additional","affiliation":[{"name":"National Engineering Research Center for Software Engineering, Peking University , Beijing 100871 ,","place":["China"]},{"name":"PKU-OCTA Laboratory for Blockchain and Privacy Computing, Peking University , Beijing 100871 ,","place":["China"]},{"name":"School of Software and Microelectronics, Peking University , Beijing 102600 ,","place":["China"]}]},{"given":"Zhonghai","family":"Wu","sequence":"additional","affiliation":[{"name":"School of Computer Science, Peking University , Beijing 100871 ,","place":["China"]},{"name":"National Engineering Research Center for Software Engineering, Peking University , Beijing 100871 ,","place":["China"]},{"name":"PKU-OCTA Laboratory for Blockchain and Privacy Computing, Peking University , Beijing 100871 ,","place":["China"]},{"name":"School of Software and Microelectronics, Peking University , Beijing 102600 ,","place":["China"]}]}],"member":"286","published-online":{"date-parts":[[2024,6,30]]},"reference":[{"key":"2024101809311029100_ref1","doi-asserted-by":"crossref","first-page":"110040","DOI":"10.1016\/j.comnet.2023.110040","article-title":"Blockchain-based integrity auditing for shared data in cloud storage with file prediction","volume":"236","author":"Liu","year":"2023","journal-title":"Comput Netw"},{"key":"2024101809311029100_ref2","doi-asserted-by":"crossref","first-page":"1507","DOI":"10.1093\/comjnl\/bxac024","article-title":"Flexible and controllable access policy update for encrypted data sharing in the cloud","volume":"66","author":"Wang","year":"2023","journal-title":"Comput. J."},{"key":"2024101809311029100_ref3","doi-asserted-by":"crossref","first-page":"1226","DOI":"10.1093\/comjnl\/bxaa144","article-title":"Lightweight public key encryption with equality test supporting partial authorization in cloud storage","volume":"64","author":"Lin","year":"2021","journal-title":"Comput. J."},{"key":"2024101809311029100_ref4","doi-asserted-by":"crossref","first-page":"102580","DOI":"10.1016\/j.cose.2021.102580","article-title":"Cloud computing security: a survey of service-based models","volume":"114","author":"Parast","year":"2022","journal-title":"Comput. Secur."},{"key":"2024101809311029100_ref5","doi-asserted-by":"crossref","first-page":"3223","DOI":"10.1093\/comjnl\/bxab190","article-title":"Provable data possession schemes from standard lattices for cloud computing","volume":"65","author":"Luo","year":"2022","journal-title":"Comput. J."},{"key":"2024101809311029100_ref6","doi-asserted-by":"crossref","first-page":"387","DOI":"10.1109\/TCC.2015.2511719","article-title":"Assurance of security and privacy requirements for cloud deployment models","volume":"6","author":"Islam","year":"2018","journal-title":"IEEE Trans. Cloud Comput."},{"key":"2024101809311029100_ref7","doi-asserted-by":"crossref","first-page":"1140","DOI":"10.1109\/JIOT.2019.2953082","article-title":"Secure and fine-grained self-controlled outsourced data deletion in cloud-based iot","volume":"7","author":"Hao","year":"2020","journal-title":"IEEE Internet Things J."},{"key":"2024101809311029100_ref8","doi-asserted-by":"crossref","first-page":"169","DOI":"10.1038\/d41586-021-01812-3","article-title":"Everyone should decide how their digital data are used\u2014not just tech companies","volume":"595","author":"Sadowski","year":"2021","journal-title":"Nature"},{"key":"2024101809311029100_ref9","first-page":"299","article-title":"Vanish: Increasing data privacy with self-destructing data","volume-title":"Proceedings of the 18th USENIX Security Symposium (USENIX Security 2009)","author":"Geambasu","year":"2009"},{"key":"2024101809311029100_ref10","doi-asserted-by":"crossref","first-page":"903","DOI":"10.1109\/TDSC.2012.49","article-title":"Secure overlay cloud storage with access control and assured deletion","volume":"9","author":"Tang","year":"2012","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"volume-title":"Regulation (EU) 2016\/679 of the european parliament and of the council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data","year":"2016","author":"European Parliament and Council of the European Union","key":"2024101809311029100_ref11"},{"volume-title":"PIPL: A game changer for companies in china","year":"2021","author":"Gamvros","key":"2024101809311029100_ref12"},{"key":"2024101809311029100_ref13","first-page":"165","article-title":"Ephpub: toward robust ephemeral publishing","volume-title":"Proceedings of the 19th Annual IEEE International Conference on Network Protocols (ICNP 2011)","author":"Castelluccia","year":"2011"},{"key":"2024101809311029100_ref14","doi-asserted-by":"crossref","first-page":"344","DOI":"10.1109\/CLOUD.2014.54","article-title":"On deletion of outsourced data in cloud computing","volume-title":"Proceedings of 7th IEEE International Conference on Cloud Computing (IEEE CLOUD 2014)","author":"Mo","year":"2014"},{"key":"2024101809311029100_ref15","doi-asserted-by":"crossref","first-page":"640","DOI":"10.1016\/j.ins.2018.02.015","article-title":"Efficient attribute-based encryption with attribute revocation for assured data deletion","volume":"479","author":"Xue","year":"2019","journal-title":"Inform. Sci."},{"key":"2024101809311029100_ref16","first-page":"1","article-title":"PTAD: provable and traceable assured deletion in cloud storage","volume-title":"Proceedings of IEEE Symposium on Computers and Communications (ISCC 2019)","author":"Zhang","year":"2019"},{"key":"2024101809311029100_ref17","first-page":"83","article-title":"File system design with assured delete","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS 2007)","author":"Perlman","year":"2007"},{"key":"2024101809311029100_ref18","doi-asserted-by":"crossref","first-page":"1003","DOI":"10.1093\/comjnl\/bxu030","article-title":"From ephemerizer to timed-ephemerizer: achieve assured lifecycle enforcement for sensitive data","volume":"58","author":"Tang","year":"2015","journal-title":"Comput. J."},{"key":"2024101809311029100_ref19","first-page":"308","article-title":"Two-party fine-grained assured deletion of outsourced data in cloud systems","volume-title":"Proceedings of the 34th IEEE International Conference on Distributed Computing Systems (ICDCS 2014)","author":"Mo","year":"2014"},{"key":"2024101809311029100_ref20","doi-asserted-by":"crossref","first-page":"643","DOI":"10.1007\/978-3-642-15497-3_39","article-title":"Secure code update for embedded devices via proofs of secure erasure","volume-title":"Proceedings of the 15th European Symposium on Research in Computer Security (ESORICS 2010)","author":"Perito","year":"2010"},{"volume-title":"NIST Special Publication 800\u201388 Revision 1: Guidelines for media sanitization","author":"Kissel","key":"2024101809311029100_ref21"},{"volume-title":"shred\u2014linux man page","author":"Plumb","key":"2024101809311029100_ref22"},{"volume-title":"wipe - linux man page","author":"Durak","key":"2024101809311029100_ref23"},{"volume-title":"srm - linux man page","author":"Jagdmann","key":"2024101809311029100_ref24"},{"key":"2024101809311029100_ref25","first-page":"279","article-title":"lmbench: Portable tools for performance analysis","volume-title":"Proceedings of the USENIX Annual Technical Conference (USENIX ATC 1996)","author":"McVoy","year":"1996"},{"key":"2024101809311029100_ref26","doi-asserted-by":"crossref","first-page":"612","DOI":"10.1145\/359168.359176","article-title":"How to share a secret","volume":"22","author":"Shamir","year":"1979","journal-title":"Commun. ACM"},{"key":"2024101809311029100_ref27","first-page":"89","article-title":"Attribute-based encryption for fine-grained access control of encrypted data","volume-title":"Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS 2006)","author":"Goyal","year":"2006"},{"key":"2024101809311029100_ref28","first-page":"598","article-title":"Provable data possession at untrusted stores","volume-title":"Proceedings of ACM Conference on Computer and Communications Security (CCS 2007)","author":"Ateniese","year":"2007"},{"key":"2024101809311029100_ref29","doi-asserted-by":"crossref","first-page":"301","DOI":"10.1109\/SP.2013.28","article-title":"SoK: Secure data deletion","volume-title":"2013 IEEE Symposium on Security and Privacy (S&P 2013)","author":"Reardon","year":"2013"},{"key":"2024101809311029100_ref30","first-page":"77","article-title":"Secure deletion of data from magnetic and solid-state memory","volume-title":"Proceedings of the 6th USENIX Security Symposium (USENIX Security 1996)","author":"Gutmann","year":"1996"},{"volume-title":"Pfitzner deletion method","author":"Pfitzner","key":"2024101809311029100_ref31"},{"volume-title":"Applied cryptography: protocols, algorithms, and source code in C","year":"2007","author":"Schneier","key":"2024101809311029100_ref32"},{"key":"2024101809311029100_ref33","first-page":"1","article-title":"Architecture overview","volume":"1","author":"TCG Specification","year":"2007","journal-title":"Specification Revision"},{"key":"2024101809311029100_ref34","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4302-6584-9","volume-title":"A Practical Guide to TPM 2.0: Using the New Trusted Platform Module in the New Age of Security","author":"Arthur","year":"2015"},{"volume-title":"Information systems security (INFOSEC) program guidelines","author":"Naval Information Systems Management Center","key":"2024101809311029100_ref35"},{"volume-title":"National industrial security program operating manual (NISPOM)","author":"U.S. Department of Defense","key":"2024101809311029100_ref36"},{"volume-title":"It security guidance 06: Clearing and declassifying electronic data storage devices","author":"Communication Security Establishment of Canada","key":"2024101809311029100_ref37"},{"volume-title":"Air force system security instruction 5020","author":"The United States Air Force","key":"2024101809311029100_ref38"},{"volume-title":"HMG IA\/IS 5 Secure Sanitisation of Protectively Marked Information or Sensitive Information document","author":"Communications Electronics Security Group","key":"2024101809311029100_ref39"},{"volume-title":"The new zealand information security manual","author":"New Zealand Information Technology Security Authority","key":"2024101809311029100_ref40"},{"volume-title":"Remote Attestation","author":"Intel","key":"2024101809311029100_ref41"},{"key":"2024101809311029100_ref42","first-page":"223","article-title":"Design and implementation of a TCG-based integrity measurement architecture","volume-title":"Proceedings of the 13th USENIX Security Symposium (USENIX Security 2004)","author":"Sailer","year":"2004"},{"key":"2024101809311029100_ref43","doi-asserted-by":"crossref","first-page":"1528","DOI":"10.1145\/3019612.3019738","article-title":"Quantitative analysis of measurement overhead for integrity verification","volume-title":"Proceedings of the Symposium on Applied Computing (SAC 2017)","author":"Son","year":"2017"},{"key":"2024101809311029100_ref44","first-page":"19","article-title":"PRIMA: policy-reduced integrity measurement architecture","volume-title":"Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT 2006)","author":"Jaeger","year":"2006"},{"key":"2024101809311029100_ref45","first-page":"152","article-title":"Partial attestation: Towards cost-effective and privacy-preserving remote attestations","volume-title":"Proceedings of IEEE Trustcom\/BigDataSE\/ISPA","author":"Luo","year":"2016"},{"key":"2024101809311029100_ref46","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1145\/2732209.2732211","article-title":"Privilege-based remote attestation: Towards integrity assurance for lightweight clients","volume-title":"Proceedings of the 1st ACM Workshop on IoT Privacy, Trust, and Security (IoTPTS@AsiaCCS 2015)","author":"Rauter","year":"2015"},{"key":"2024101809311029100_ref47","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1456455.1456457","article-title":"Improving the scalability of platform attestation","volume-title":"Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing (STC 2008)","author":"Stumpf","year":"2008"},{"key":"2024101809311029100_ref48","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1145\/1655108.1655117","article-title":"Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks","volume-title":"Proceedings of the 4th ACM Workshop on Scalable Trusted Computing (STC 2009)","author":"Davi","year":"2009"},{"key":"2024101809311029100_ref49","first-page":"487","article-title":"Container-ima: A privacy-preserving integrity measurement architecture for containers","volume-title":"Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019)","author":"Luo","year":"2019"},{"key":"2024101809311029100_ref50","doi-asserted-by":"crossref","first-page":"236","DOI":"10.1016\/j.future.2019.02.026","article-title":"Integrity verification of docker containers for a lightweight cloud environment","volume":"97","author":"Benedictis","year":"2019","journal-title":"Future Gener Comput Syst"},{"key":"2024101809311029100_ref51","doi-asserted-by":"crossref","first-page":"370","DOI":"10.1109\/JSAC.2020.3020658","article-title":"xTSeH: a trusted platform module sharing scheme towards smart iot-ehealth devices","volume":"39","author":"Lu","year":"2021","journal-title":"IEEE J Sel Areas Commun"},{"key":"2024101809311029100_ref52","first-page":"236","article-title":"Hardware-based dlas: Achieving geo-location guarantees for cloud data using tpm and provable data possession","volume-title":"Proceedings of International Conference on Computer and Information Technology (ICCIT 2014)","author":"Noman","year":"2014"},{"volume-title":"Trusted boot (tboot)","author":"Richard","key":"2024101809311029100_ref53"},{"key":"2024101809311029100_ref54","first-page":"598","article-title":"Provable data possession at untrusted stores","volume-title":"Proceedings of the 2007 ACM Conference on Computer and Communications Security (CCS 2007)","author":"Ateniese","year":"2007"}],"container-title":["The Computer Journal"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/67\/10\/2877\/59729520\/bxae053.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/67\/10\/2877\/59729520\/bxae053.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,18]],"date-time":"2024-10-18T09:31:40Z","timestamp":1729243900000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/comjnl\/article\/67\/10\/2877\/7701810"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,30]]},"references-count":54,"journal-issue":{"issue":"10","published-online":{"date-parts":[[2024,6,30]]},"published-print":{"date-parts":[[2024,10,12]]}},"URL":"https:\/\/doi.org\/10.1093\/comjnl\/bxae053","relation":{},"ISSN":["0010-4620","1460-2067"],"issn-type":[{"type":"print","value":"0010-4620"},{"type":"electronic","value":"1460-2067"}],"subject":[],"published-other":{"date-parts":[[2024,10]]},"published":{"date-parts":[[2024,6,30]]}}}