Showing papers on "Trusted third party published in 2017"

Towards a Novel Privacy-Preserving Access Control Model Based on Blockchain Technology in IoT

Abstract: Access control face big challenges in IoT. Unfortunately, it is hard to implement current access control standards on smart object due to its constrained nature while the introduction of powerful and trusted third party to handle access control logic could harm user privacy. In this work we show how blockchain, the promising technology behind Bitcoin, can be very attractive to face those arising challenges. We therefore propose FairAccess as a new decentralized pseudonymous and privacy preserving authorization management framework that leverages the consistency of blockchain technology to manage access control on behalf of constrained devices.

Consensus in the Age of Blockchains.

Abstract: The blockchain initially gained traction in 2008 as the technology underlying bitcoin, but now has been employed in a diverse range of applications and created a global market worth over $150B as of 2017. What distinguishes blockchains from traditional distributed databases is the ability to operate in a decentralized setting without relying on a trusted third party. As such their core technical component is consensus: how to reach agreement among a group of nodes. This has been extensively studied already in the distributed systems community for closed systems, but its application to open blockchains has revitalized the field and led to a plethora of new designs. The inherent complexity of consensus protocols and their rapid and dramatic evolution makes it hard to contextualize the design landscape. We address this challenge by conducting a systematic and comprehensive study of blockchain consensus protocols. After first discussing key themes in classical consensus protocols, we describe: first protocols based on proof-of-work (PoW), second proof-of-X (PoX) protocols that replace PoW with more energy-efficient alternatives, and third hybrid protocols that are compositions or variations of classical consensus protocols. We develop a framework to evaluate their performance, security and design properties, and use it to systematize key themes in the protocol categories described above. This evaluation leads us to identify research gaps and challenges for the community to consider in future research endeavours.

Blockchain Based Smart Contracts : A Systematic Mapping Study

Abstract: An appealing feature of blockchain technology is smart contracts. A smart contract is executable code that runs on top of the blockchain to facilitate, execute and enforce an agreement between untrusted parties without the involvement of a trusted third party. In this paper, we conduct a systematic mapping study to collect all research that is relevant to smart contracts from a technical perspective. The aim of doing so is to identify current research topics and open challenges for future studies in smart contract research. We extract 24 papers from different scientific databases. The results show that about two thirds of the papers focus on identifying and tackling smart contract issues. Four key issues are identified, namely, codifying, security, privacy and performance issues. The rest of the papers focuses on smart contract applications or other smart contract related topics. Research gaps that need to be addressed in future studies are provided.

Blockchain-based Smart Contracts: A Systematic Mapping Study

Abstract: An appealing feature of blockchain technology is smart contracts. A smart contract is executable code that runs on top of the blockchain to facilitate, execute and enforce an agreement between untrusted parties without the involvement of a trusted third party. In this paper, we conduct a systematic mapping study to collect all research that is relevant to smart contracts from a technical perspective. The aim of doing so is to identify current research topics and open challenges for future studies in smart contract research. We extract 24 papers from different scientific databases. The results show that about two thirds of the papers focus on identifying and tackling smart contract issues. Four key issues are identified, namely, codifying, security, privacy and performance issues. The rest of the papers focuses on smart contract applications or other smart contract related topics. Research gaps that need to be addressed in future studies are provided.

SeDaSC: Secure Data Sharing in Clouds

Abstract: Cloud storage is an application of clouds that liberates organizations from establishing in-house data storage systems. However, cloud storage gives rise to security concerns. In case of group-shared data, the data face both cloud-specific and conventional insider threats. Secure data sharing among a group that counters insider threats of legitimate yet malicious users is an important research issue. In this paper, we propose the Secure Data Sharing in Clouds (SeDaSC) methodology that provides: 1) data confidentiality and integrity; 2) access control; 3) data sharing (forwarding) without using compute-intensive reencryption; 4) insider threat security; and 5) forward and backward access control. The SeDaSC methodology encrypts a file with a single encryption key. Two different key shares for each of the users are generated, with the user only getting one share. The possession of a single share of a key allows the SeDaSC methodology to counter the insider threats. The other key share is stored by a trusted third party, which is called the cryptographic server. The SeDaSC methodology is applicable to conventional and mobile cloud computing environments. We implement a working prototype of the SeDaSC methodology and evaluate its performance based on the time consumed during various operations. We formally verify the working of SeDaSC by using high-level Petri nets, the Satisfiability Modulo Theories Library, and a Z3 solver. The results proved to be encouraging and show that SeDaSC has the potential to be effectively used for secure data sharing in the cloud.

Introducing blockchains for healthcare

Abstract: Blockchains as a technology emerged to facilitate money exchange transactions and eliminate the need for a trusted third party to notarize and verify such transactions as well as protect data security and privacy. New structures of Blockchains have been designed to accommodate the need for this technology in other fields such as e-health, tourism and energy. This paper is concerned with the use of Blockchains in managing and sharing electronic health and medical records to allow patients, hospitals, clinics, and other medical stakeholder to share data amongst themselves, and increase interoperability. The selection of the Blockchains used architecture depends on the entities participating in the constructed chain network. Although the use of Blockchains may reduce redundancy and provide caregivers with consistent records about their patients, it still comes with few challenges which could infringe patients' privacy, or potentially compromise the whole network of stakeholders. In this paper, we investigate different Blockchains structures, look at existing challenges and provide possible solutions. We focus on challenges that may expose patients' privacy and the resiliency of Blockchains to possible attacks.

Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services

Abstract: Zero Knowledge Contingent Payment (ZKCP) protocols allow fair exchange of sold goods and payments over the Bitcoin network. In this paper we point out two main shortcomings of current proposals for ZKCP, and propose ways to address them. First we show an attack that allows a buyer to learn partial information about the digital good being sold, without paying for it. This break in the zero-knowledge condition of ZKCP is due to the fact that in the protocols we attack, the buyer is allowed to choose common parameters that normally should be selected by a trusted third party. We implemented and tested this attack: we present code that learns, without paying, the value of a Sudoku cell in the "Pay-to-Sudoku" ZKCP implementation. We also present ways to fix this attack that do not require a trusted third party. Second, we show that ZKCP are not suited for the purchase of digital services} rather than goods. Current constructions of ZKCP do not allow a seller to receive payments after proving that a certain service has been rendered, but only for the sale of a specific digital good. We define the notion of Zero-Knowledge Contingent Service Payment (ZKCSP) protocols and construct two new protocols, for either public or private verification. We implemented our ZKCSP protocols for Proofs of Retrievability, where a client pays the server for providing a proof that the client's data is correctly stored by the server.We also implement a secure ZKCP protocol for "Pay-to-Sudoku" via our ZKCSP protocol, which does not require a trusted third party. A side product of our implementation effort is a new optimized circuit for SHA256 with less than a quarter than the number of AND gates of the best previously publicly available one. Our new SHA256 circuit may be of independent use for circuit-based MPC and FHE protocols that require SHA256 circuits.

Trajectory Privacy Preservation Based on a Fog Structure for Cloud Location Services

Abstract: The development of mobile cloud computing technology has made location-based service (LBS) increasingly more popular. Given the continuous requests to cloud LBS servers, the amounts of location and trajectory information collected by LBS servers are continuously increasing. Privacy awareness for LBS has been extensively studied in recent years. Among the privacy concerns about LBS, trajectory privacy preservation is particularly important. Based on privacy preservation models, previous work have mainly focused on peer-to-peer and centralized architectures. However, the burden on users is heavy in peer-to-peer architectures, because user devices need to communicate with LBS servers directly. In centralized architectures, a trusted third party (TTP) is introduced, and acts as a bridge between users and the LBS server. Anonymity technologies, such as k-anonymity, mix-zone, and dummy technologies, are usually implemented by the TTP to ensure safety. There are certain drawbacks in TTP architectures: Users have no physical control of the TTP. Moreover, the TTP is more attractive to adversaries, because substantially more sensitive information is stored by the TTP. To solve the above-mentioned problems, in this paper, we propose a fog structure to store partial important data with the dummy anonymity technology to ensure physical control, which can be considered as absolutely trust. Compared with cloud computing, fog computing is a promising technique that extends the cloud computing to the edge of a network. Moreover, fog computing provides local computation and storage abilities, wide geo-distribution, and support for mobility. Therefore, mobile users’ partial important information can be stored on a fog server to ensure better management. We take the principles of similarity, intersection, practicability, and correlation into consideration and design a dummy rotation algorithm with several properties. The effectiveness of the proposed method is validated through extensive simulations, which show that the proposed method can provide enhanced privacy preservation.

Secure Multiparty Computation from SGX

Abstract: In this paper we show how Isolated Execution Environments (IEE) offered by novel commodity hardware such as Intel’s SGX provide a new path to constructing general secure multiparty computation (MPC) protocols. Our protocol is intuitive and elegant: it uses code within an IEE to play the role of a trusted third party (TTP), and the attestation guarantees of SGX to bootstrap secure communications between participants and the TTP. The load of communications and computations on participants only depends on the size of each party’s inputs and outputs and is thus small and independent from the intricacies of the functionality to be computed. The remaining computational load– essentially that of computing the functionality – is moved to an untrusted party running an IEE-enabled machine, an attractive feature for Cloud-based scenarios.

Do you need a Blockchain

Abstract: Blockchain is being praised as a technological innovation which allows to revolutionize how society trades and interacts. This reputation is in particular attributable to its properties of allowing mutually mistrusting entities to exchange financial value and interact without relying on a trusted third party. A blockchain moreover provides an integrity protected data storage and allows to provide process transparency. In this paper we critically analyze whether a blockchain is indeed the appropriate technical solution for a particular application scenario. We differentiate between permissionless (e.g., Bitcoin/Ethereum) and permissioned (e.g. Hyperledger/Corda) blockchains and contrast their properties to those of a centrally managed database. We provide a structured methodology to determine the appropriate technical solution to solve a particular application problem. Given our methodology, we analyze in depth three use cases - Supply Chain Management, Interbank and International Payments, and Decentralized Autonomous Organizations and conclude the article with an outlook for further opportunities.

On blockchain-based anonymized dataset distribution platform

Abstract: In this paper, we design a distributed platform for anonymized dataset trading without any centralized trusted third party. The platform consists of peers and consensus-based blockchain mechanism, and each peer acts as a data broker, data receiver, or verifier for blockchain in a data transfer transaction. A data broker collects data from data owners under their consent for data trading. The Privacy Policy Manager (PPM) manages the consent information and confirms them on behalf of data owners, when data distribution is requested from data broker. We implement a prototype system of the platform using an open-source blockchain mechanism, Hyperledger Fabric, and provide evaluation results of the prototype system.

Decentralized E-Voting Systems Based on the Blockchain Technology

Abstract: This research is aimed to design a decentralized e-voting system. The core idea is to combine the blockchain technology with secret sharing scheme and homomorphic encryption in order to realize the decentralized e-voting application without a trusted third party. It provides a public and transparent voting process while protecting the anonymity of voter’s identity, the privacy of data transmission and verifiability of ballots during the billing phase.

The Oracle Problem - An Analysis of how Blockchain Oracles Undermine the Advantages of Decentralized Ledger Systems

Abstract: Alongside with the publics' increased interest in cryptocurrencies and decentralized ledgers comes a considerable number of anticipated use cases for smart contracts. However, most of these are dependent on "real life" information that has to be transmitted to the blockchain beforehand so that the smart contracts can operate in response to it. This requires am Oracle, a trusted third party, to transmit the data onto the blockchain. This thesis encounters the lack of awareness for this issue with a structured analysis of the Oracle Problem. It will then demonstrate why the solutions for this issue proposed so far do not resolve, but in fact only relocate the necessity for trust onto an external third party and are therefore not sufficient in the context of many blockchain usecases. This thesis was submitted to the Chair of Finance at EBS Business School on the 12th of December in 2017 in order to obtain the academic degree of "Masters of Arts" in Business Sciences. In the past, I have decided not to publish this original version, because I have been trying to update and rewrite it in order to make suitable for publishing in an academic journal. While I am still aiming to do this in the long-term, I had to drop this endeavor for the moment. However, as several people have inquired to read the thesis after giving a public interview about it, I decided to upload the preliminary version on SSRN. Please keep in mind that the thesis has not been updated since the end of 2017 - some information may be outdated and some suggested solutions may not have been considered.

Overcoming Limits of Blockchain for IoT Applications

Abstract: Blockchain technology allows the implementation of a public ledger securely recording transactions among peers without the need of trusted third parties. For both researchers and industry IoT appears a domain in which there would be extraordinary benefits if the features of Blockchain can be exploited. Indeed, the possibility that IoT devices participate in public shared transactions enables a lot of challenging applications. However, there are some aspects that may limit the use of Blockchain in IoT. These are mainly related to the low computational power and storage capabilities of IoT devices. In this paper, we propose an alternative way to implement a public ledger overcoming the above drawbacks, thus appearing more suitable to IoT applications. The proposed protocol leverages the popular social network Twitter and works by building a meshed chain of tweets to ensure transaction security. Importantly, Twitter does not play neither the role of trusted third party nor the role of ledger provider.

Leveraging the Crowd to Detect and Reduce the Spread of Fake News and Misinformation

Abstract: Online social networking sites are experimenting with the following crowd-powered procedure to reduce the spread of fake news and misinformation: whenever a user is exposed to a story through her feed, she can flag the story as misinformation and, if the story receives enough flags, it is sent to a trusted third party for fact checking. If this party identifies the story as misinformation, it is marked as disputed. However, given the uncertain number of exposures, the high cost of fact checking, and the trade-off between flags and exposures, the above mentioned procedure requires careful reasoning and smart algorithms which, to the best of our knowledge, do not exist to date. In this paper, we first introduce a flexible representation of the above procedure using the framework of marked temporal point processes. Then, we develop a scalable online algorithm, Curb, to select which stories to send for fact checking and when to do so to efficiently reduce the spread of misinformation with provable guarantees. In doing so, we need to solve a novel stochastic optimal control problem for stochastic differential equations with jumps, which is of independent interest. Experiments on two real-world datasets gathered from Twitter and Weibo show that our algorithm may be able to effectively reduce the spread of fake news and misinformation.

DaSCE: Data Security for Cloud Environment with Semi-Trusted Third Party

Abstract: Off-site data storage is an application of cloud that relieves the customers from focusing on data storage system. However, outsourcing data to a third-party administrative control entails serious security concerns. Data leakage may occur due to attacks by other users and machines in the cloud. Wholesale of data by cloud service provider is yet another problem that is faced in the cloud environment. Consequently, high-level of security measures is required. In this paper, we propose data security for cloud environment with semi-trusted third party (DaSCE), a data security system that provides (a) key management (b) access control, and (c) file assured deletion. The DaSCE utilizes Shamir's ( k, n ) threshold scheme to manage the keys, where k out of n shares are required to generate the key. We use multiple key managers, each hosting one share of key. Multiple key managers avoid single point of failure for the cryptographic keys. We (a) implement a working prototype of DaSCE and evaluate its performance based on the time consumed during various operations, (b) formally model and analyze the working of DaSCE using high level petri nets (HLPN), and (c) verify the working of DaSCE using satisfiability modulo theories library (SMT-Lib) and Z3 solver. The results reveal that DaSCE can be effectively used for security of outsourced data by employing key management, access control, and file assured deletion.

A Cross Tenant Access Control (CTAC) Model for Cloud Computing: Formal Specification and Verification

Abstract: Sharing of resources on the cloud can be achieved on a large scale, since it is cost effective and location independent. Despite the hype surrounding cloud computing, organizations are still reluctant to deploy their businesses in the cloud computing environment due to concerns in secure resource sharing. In this paper, we propose a cloud resource mediation service offered by cloud service providers, which plays the role of trusted third party among its different tenants. This paper formally specifies the resource sharing mechanism between two different tenants in the presence of our proposed cloud resource mediation service. The correctness of permission activation and delegation mechanism among different tenants using four distinct algorithms (activation, delegation, forward revocation, and backward revocation) is also demonstrated using formal verification. The performance analysis suggests that the sharing of resources can be performed securely and efficiently across different tenants of the cloud.

An incentive mechanism for K-anonymity in LBS privacy protection based on credit mechanism

Abstract: In the location-based service (LBS) privacy protection, the most common and classic solution is K-anonymity, however, existing schemes rarely consider the issue that whether other mobile users are willing to provide assistance to the requesters to form the K-anonymity set, thus leading to their poor practicability. In this paper, an incentive mechanism based on credit is introduced into the distributed K-anonymity, and only providing assistance to the others, a user can gain and accumulate his credit. Based on the fuzzy logic in the soft computing, a probability threshold is introduced to reflect a user’s reputation, and only when a user’s reputation reaches this threshold, can he get the assistance from other neighbors. Security analysis shows that our scheme is secure with respect to various typical attacks. And because of not relying on a trusted third party, our scheme can avoid the security issue resulting from its breach. Extensive experiments indicate that the time to form the anonymity set is short and it increases slowly as the value of K increases. Finally, the additional traffic introduced by this scheme is very limited.

Multi-party quantum summation without a trusted third party based on single particles

Abstract: We propose multi-party quantum summation protocols based on single particles, in which participants are allowed to compute the summation of their inputs without the help of a trusted third party and preserve the privacy of their inputs. Only one participant who generates the source particles needs to perform unitary operations and only single particles are needed in the beginning of the protocols.

Achieving location privacy through CAST in location based services

Abstract: The widespread usage of location based services (LBS); where obtaining any informational service is entirely based upon the user's current location, have raised a significant concern about location privacy of the user. For the queries like ‘where is my closest ATM?’, ‘where is my nearest hospital’, or any route assistance in general, it is essential to submit the user's actual location to avail the demanded services. Similar communication holds true for a location based vehicular transportation system. Cloaking and ob-fuscation are the two generalized approaches to deal with location privacy preservation in LBS. These approaches are mainly based on a trusted third party (TTP) and exploits the well established K-anonymity principle in order to make the query issuer indistinguishable with other K − 1 more users. In such approaches all the data (mainly location coordinates and queries) becomes available at the central server, thus complete knowledge of the query (including user id) exists at central node. This is the major limitation of TTP based architecture and makes such frameworks susceptible to different privacy attacks. This paper is a research attempt to extend the realm of collaborative communication among peers belonging to a mobile user group in a decentralized or trusted third party free architecture. We propose a collaborative P2P communication model; called CAST, that employs the series of trust among peers and peers use their cached mobile data to collaborate with each other in order to get the results locally. The scheme provides results locally with low latency and works efficiently when the peers share common inclinations (or data value). The proposed algorithm preserves user's privacy and performs effectively under pull-based sporadic query scenario.

Privacy-Preserving Location Sharing Services for Social Networks

Abstract: A common functionality of many location-based social networking applications is a location sharing service that allows a group of friends to share their locations. With a potentially untrusted server, such a location sharing service may threaten the privacy of users. Existing solutions for Privacy-Preserving Location Sharing Services (PPLSS) require a trusted third party that has access to the exact location of all users in the system or rely on expensive algorithms or protocols in terms of computational or communication overhead. Other solutions can only provide approximate query answers. To overcome these limitations, we propose a new encryption notion, called Order-Retrievable Encryption (ORE), for PPLSS for social networking applications. The distinguishing characteristics of our PPLSS are that it (1) allows a group of friends to share their exact locations without the need of any third party or leaking any location information to any server or users outside the group, (2) achieves low computational and communication cost by allowing users to receive the exact location of their friends without requiring any direct communication between users or multiple rounds of communication between a user and a server, (3) provides efficient query processing by designing an index structure for our ORE scheme, (4) supports dynamic location updates, and (5) provides personalized privacy protection within a group of friends by specifying a maximum distance where a user is willing to be located by his/her friends. Experimental results show that the computational and communication cost of our PPLSS is much better than the state-of-the-art solution.

Cloud Computing Environment and Security Challenges: A Review

Abstract: Cloud computing exhibits a remarkable potential to offer cost-effective and more flexible services on-demand to the customers over the network. It dynamically increases the capabilities of the organization without training new people, investment in new infrastructure or licensing new software. Cloud computing has grown dramatically in the last few years due to the scalability of resources and appear as a fast-growing segment of the IT industry. The dynamic and scalable nature of cloud computing creates security challenges in their management by examining policy failure or malicious activity. In this paper, we examine the detailed design of cloud computing architecture in which deployment models, service models, cloud components, and cloud security are explored. Furthermore, this study identifies the security challenges in cloud computing during the transfer of data into the cloud and provides a viable solution to address the potential threats. The task of Trusted Third Party (TTP) is introducing that ensure the sufficient security characteristics in the cloud computing. The security solution using the cryptography is specifically as the Public Key Infrastructure (PKI) that operates with Single-Sign-On (SSO) and Lightweight Directory Access Protocol (LDAP) which ensure the integrity, confidentiality, availability, and authenticity involved in communications and data.

Trusted Third Party Based Key Management for Enhancing LoRaWAN Security

Abstract: The Internet of things (IoT) is pervading our lives to allow a comfortable and smarter human living space by connecting surrounding human things to the Internet. But, it reveals sensitive and private data as well as human appliances to intruders. To solve these problems, security solutions based on cryptography might be used. But, these solutions are based on encryption keys that must be managed securely and properly while taking into account the IoT characteristics. In this paper, we investigate the LoRaWAN IoT architecture. We evaluate its security by gathering possible attacks that can be launched on it, using the Scyther tool. Then, we propose an enhanced version of the LoRaWAN architecture that solves those attacks. We evaluate the proposed solution in terms of security and key management requirements and compare it to existing solutions.

Distributed Random Process for a Large-Scale Peer-to-Peer Lottery

Abstract: Most online lotteries today fail to ensure the verifiability of the random process and rely on a trusted third party. This issue has received little attention since the emergence of distributed protocols like Bitcoin that demonstrated the potential of protocols with no trusted third party. We argue that the security requirements of online lotteries are similar to those of online voting, and propose a novel distributed online lottery protocol that applies techniques developed for voting applications to an existing lottery protocol. As a result, the protocol is scalable, provides efficient verification of the random process and does not rely on a trusted third party nor on assumptions of bounded computational resources. An early prototype confirms the feasibility of our approach.

Fair contract signing method based on block chain

Abstract: The invention relates to a fair contract signing method based on a block chain. The fair contract signing method based on a block chain relates to two user entities Alice and Bob, and a block chain system. The fair contract signing method based on a block chain includes the steps: 1) Alice and Bob respectively generate the respective valid contract admitted clauses PAA and PAB; 2) Alice and Bob exchange the respective valid contract admitted clauses PAA and PAB, the respective signature for the valid contract admitted clauses, and the respective block height BHA and BHB read from the block chain system; and 3) Alice and Bob exchange the respective generated randomized number and digital signature, and verifies whether a valid contract is generated according to the block chain system and the valid contract admitted clauses of the opposite party, and if not valid, the steps from the step 2 need to be executed again, or the steps are completed. As the fair contract signing method based on a block chain does not need a trusted third party and does not need perform any expansion on the block chain system, thus being able to fairly complete contract signing for both parties, and solves the problem that the prior art needs a trusted third party for contract signing or cannot satisfy the fairness requirement or needs modifying the block chain system, in the background technology.

An anonymous and accountable authentication scheme for Wi-Fi hotspot access with the Bitcoin blockchain

Abstract: Anonymous authentication can protect users' privacy and security when they access public Wi-Fi hotspots. However, most of the existing privacy-enhanced authentication schemes either do not consider users' accountability or they are inherently dependent on trusted third parties, and therefore are undeployable in practical settings. In this paper, we design and implement an access authentication scheme to simultaneously and efficiently provide anonymity and accountability without relying on any trusted third party. Our scheme is inspired by the recent progress of Bitcoin techniques such as Colored Coins and CoinShuffle protocol. We utilize the unmodified Bitcoin blockchain as the powerful platform to manage and determine ownership of access credentials in a peer-to-peer fashion and introduce a completely decentralized Bitcoin mixing protocol that allows users to anonymously exchange their access credentials offline. The verification path of access credentials is designed to support blacklisting and punishing misbehaving anonymous users. Our proposed scheme is compatible with the current Bitcoin system, and its effectiveness and feasibility in Wi-Fi hotspot access scenario are also demonstrated by security analysis and performance evaluation.

Enabling public auditability for operation behaviors in cloud storage

Abstract: In this paper, we focus on auditing for users' operation behaviors, which is significant for the avoidance of potential crimes in the cloud and equitable accountability determination in the forensic. We first present a public model for operation behaviors in cloud storage, in which a trusted third party is introduced to verify the integrity of operation behavior logs to enhance the credibility of forensic results as well as alleviate the burden of the forensic investigator. Further, we design a block-based logging approach to support selective verification and a hash-chain-based structure for each log block to ensure the forward security and append-only properties for log entries. Moreover, to achieve the tamper resistance of log blocks and non-repudiation of auditing proofs, we employ Merkle hash tree (MHT) to record the hash values of the aggregation authentication block tags sequentially and publish the root of MHT to the public once a block has been appended. Meanwhile, using the authentication property of MHT, our scheme can provide log-less verification with privacy preservation. We formally prove the security of the proposed scheme and evaluate its performance on entry appending and verification by concrete experiments and comparisons with the state-of-the-art schemes. The results demonstrate that the proposed scheme can effectively achieve secure auditing for log files of operation behaviors in cloud storage and outperforms the previous ones in computation complexity and communication overhead.