DPVGeo: Delay-based Public Verification of Cloud Data Geolocation

Knowing the geolocation of cloud data becomes an urgent problem, which relates to cloud user equity (e.g., service compliance), service performance (e.g., disaster tolerance) and government regulations (e.g., GDPR). Unfortunately, data owners lose physical control after outsourcing data to the cloud service providers, while cloud service providers have the motivation (reducing economic costs and maximizing profits) and ability to move the data to other data centers in different geolocations. As a consequence, verifying whether the cloud data are in a specific geolocation is worthy of concern.In this paper, we propose a novel cloud data public verification scheme, DPVGeo, which allows any entity to verify the actual geolocation of cloud data remotely. In DPVGeo, we first design an atomic proof method, which divides the proof into several minimum computation units (i.e., atomic proof), and subtly only considers the normal operations (i.e., addition and multiplication), ignoring the time-consuming exponentiation operations, to obtain accurate response delay. Second, we utilize a thresholdbased closest-shortest approach to verify the geolocation of cloud data based on the response delay with high accuracy. Besides, we select both blocks and sectors randomly during each challenge to defend against the potential attacks (e.g., outsourcing attack, generation attack and replay attack). Finally, we perform a series of prototype implementations in real network environment to validate the performance of our design. The experimental results and security analysis show that our scheme is efficient and secure against semi-honest cloud service providers.