Article Preview
TopIntroduction
In recent years, the importance of cloud accounting has become increasingly significant, with many small- and medium-sized enterprises and organizations using cloud accounting. The cloud accounting model has become one of the main directions of accounting information development (Moll & Yigitbasioglu, 2019; Huttunen et al., 2019). Unlike traditional accounting models, users only need to store their accounting data in the cloud to obtain low-cost, efficient, and flexible online accounting services. At the same time, users can be freed from the high costs of updating accounting software, regularly maintaining financial information systems, and building data storage infrastructure.
Despite the significant advantages of cloud accounting, there are also security issues that users need to be aware of when enjoying the convenience of cloud storage services, including: a) the cloud storage model separates the ownership and control of user data, and the cloud service provider (CSP) may intentionally delete data that users do not frequently access for economic purposes; b) CSP (Content Security Policy) may experience software failures and hardware damage, leading to the loss or damage of user data; and c) data stored in the cloud may be maliciously damaged by other users (Parast et al., 2022). Ensuring and verifying the security and integrity of cloud accounting data and establishing an effective protection mechanism for cloud accounting data have become urgent tasks in promoting the development of cloud accounting.
To address the issue of cloud data integrity verification, audit schemes have emerged. Early cloud audit (CA) schemes generate absolute evidence, and auditors need to access all original data, resulting in significant computational and communication overhead (Gudeme et al., 2019). Provable data possession (PDP) schemes only select partial data for integrity auditing and can ultimately confirm the integrity of all data with a high probability, reducing the computational and communication overhead of auditors. PDP schemes use homomorphic tags, which can aggregate all tags and have high flexibility. Based on whether the auditor of the integrity scheme is the user or a TPA (Third Party Auditor), they can be divided into private CA schemes and public CA schemes (Rabaninejad et al., 2019).
In private CA schemes, the private key of users will not be leaked, but it requires significant computational and communication overhead, which is a burden for users with limited device resources. Public CA schemes delegate the data possession verification to TPA, and TPA can audit on behalf of users with only a small amount of public information, reducing the burden on users and being able to monitor the behaviors of users and the cloud (Wang et al., 2019). However, TPA schemes have the following disadvantages: a) single point of failure, as all users' cloud data are audited by a unique TPA, the entire audit system will collapse once the TPA fails; b) performance bottleneck, as the number of cloud users and the scale of cloud data increase, the audit time and network overhead of TPA schemes will increase significantly, making TPA the bottleneck of the entire audit system; and c) data privacy, in TPA schemes, TPA may combine user metadata and audit data to infringe user privacy (Razaque et al., 2021).
To reduce computational overhead and improve audit efficiency, many CA schemes based on elliptic curve cryptography (ECC) have been proposed. Xue et al. (2019) proposed an identity-based CA scheme based on ECC, which uses the user identity information as a public key to solve the complex certificate management problem. In addition, malicious deceptive behaviors from TPA can be detected by checking the audit results in batches. Huang et al. (2020) proposed a certificateless CA scheme to solve the complex certificate management issues and the key escrow problem, and batch auditing was also supported. Ming and Shi (2019) proposed a privacy-preserving certificateless CA scheme that has higher audit efficiency compared to the CA scheme based on Bohen-Lynn-Shacham (BLS) signatures.