Assuming I am using a cloud storage provider like Google Drive, how do I know that data hasn’t been lost, deleted, modified or created by the service provider? I think the answer is that it is not possible unless you know exactly what the most recent content of the files were, otherwise you have to trust the server.
I would like to add another layer to such a cloud service, adding data integrity and being able to check how recent the data is without trusting the service provider on giving the correct date.
I know this is a big assumtion, but I’d like to assume that each user has an integrity key, otherwise the service provider could do whatever he wants without the user being able to know. Each file (with all its metadata) is then authenticated using an hmac with that integrity key. For each directory I would then, recursively, calculate an hmac using the directory metadata and the hmacs of all its children. For the root folder I would include the last-modified date when calculating the hmac. On each CUD operation, the hmacs on the path from the change to the root folder are recalculated and also sent to the server to be updated. The last-modified date is sent to the client on each request, so that he can check whether this looks ok or not and the client application could check for data integrity.
(I have not yet thought about if it is necessary to send all hmacs to the client or if a lazy integrity check would be acceptable, but I think this is outside the scope of this question)
Does this look like a reasonable approach? Are more details necessary to answer that question? Would this be a feasible alternative to completely trusting the server?