Skip to main content
SpringerLink
Log in

Cryptanalysis and improvement of Panda - public auditing for shared data in cloud and internet of things

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Cloud computing and internet of things have gained remarkable popularity by a wide spectrum of users recently. Despite of the convenience of cloud storage, security challenges have risen upon the fact that users do not physically possess their data any more. Thus, some auditing schemes are introduced to ensure integrity of the outsourced data. And among them Panda is a public auditing scheme for shared data with efficient and secure user revocation proposed by Wang et al. It argued that it could verify the integrity of shared data with storage correctness and public auditing. In this paper, we analyze this scheme and find some security drawbacks. Firstly, Panda cannot preserve shared data privacy in cloud storage. Furthermore, our analysis shows that Panda is vulnerable to integrity forgery attack, which can be performed by malicious cloud servers to forge a valid auditing proof against any auditing challenge even without correct data storage. Then we pinpoint that the primary cause of the insecurity is the linear combinations of sampled data blocks without random masking properly. Finally, we propose an improvement of Panda together with data privacy preserving and sound public auditing while incurring optimal communication and computation overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Armbrust M, Fox A, Griffith R, Joseph A, Katz R, Konwinski A et al (2010) A view of cloud computing. Commun ACM 53(4):50–8

    Article  Google Scholar 

  2. Ateniese G, Burns R, Curtmola R, Herring J, Kissner L, Peterson Z, Song D (2007) Provable data possession at untrusted stores. In Proc CCS’07, Alexandria, VA 598–609

  3. Blaze M, Bleumer G, Strauss M (1998) Divertible protocols and atomic proxy cryptography. Proc EUROCRYPT’98, Springer-Verlag 127–44

  4. Boneh D, Lynn B, Shacham H (2004) Short signatures from the Weil pairing. J Cryptol 17(4):297–319

    Article  MathSciNet  MATH  Google Scholar 

  5. Che L, Shahidehpour M, Alabdulwahab A, Al-Turki Y (2015) Hierarchical coordination of a community microgrid with AC and DC microgrids. IEEE Trans Smart Grid

  6. Che L, Zhang X, Shahidehpour M, Alabdulwahab A, Abusorrah A (2015) Optimal interconnection planning of community microgrids with renewable energy sources. IEEE Trans Smart Grid

  7. Chen Z, Huang W, Lv Z (2016) Towards a face recognition method based on uncorrelated discriminant sparse preserving projection. Multimed Tools Appl

  8. Dang S, Kakimzhanov R, Zhang M et al (2014) Smart grid-oriented graphical user interface design and data processing algorithm proposal based on LabVIEW. Environ Electr Eng (EEEIC) 14th Int Conf IEEE 323–327

  9. Gu W, Lv Z, Hao M (2016) Change detection method for remote sensing images based on an improved Markov random field. Multimed Tools Appl

  10. Jiang D, Xu Z, Chen Z et al (2011) Joint time–frequency sparse estimation of large-scale network traffic. Comput Netw 55(15):3533–3547

    Article  Google Scholar 

  11. Jiang D, Xu Z, Li W, Yao C, Lv Z, Li T (2015) An energy-efficient multicast algorithm with maximum network throughput in multi-hop wireless networks. J Commun Netw

  12. Jiang D, Xu Z, Xu H et al (2011) An approximation method of origin–destination flow traffic from link load counts. Comput Electr Eng 37(6):1106–1121

    Article  Google Scholar 

  13. Jiang D, Xu Z, Zhang P, Zhu T (2014) A transform domain-based anomaly detection approach to network-wide traffic. J Netw Comput Appl 40:292–306

    Article  Google Scholar 

  14. Jiang D, Ying X, Han Y et al (2015) Collaborative multi-hop routing in cognitive wireless networks. Wirel Pers Commun 1–23

  15. Juels A and Kaliski BS (2007) Pors: proofs of retrievability for large files. In Proc CCS’07, Alexandria, VA 584–97

  16. Li X, Lv Z, Hu J, et al (2015) Traffic management and forecasting system based on 3D GIS. 2015 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid). IEEE

  17. Lin Y, Yang J, Lv Z et al (2015) A self-assessment stereo capture model applicable to the internet of things. Sensors 15(8):20925–20944

    Article  Google Scholar 

  18. S Liu, W Fu, L He et al (2015) Distribution of primary additional errors in fractal encoding method [J]. Multimed Tools Appl

  19. S Liu, Z Zhang, L Qi et al (2015) A fractal image encoding method based on statistical loss used in agricultural image compression [J]. Multimed Tools Appl

  20. Lv Z, Halawani A, Fen S et al (2015) Touch-less interactive augmented reality game on vision based wearable device. Pers Ubiquit Comput

  21. Lv Z, Halawani A, Feng S et al (2014) Multimodal hand and foot gesture interaction for handheld devices. ACM Trans Multimed Comput Commun Appl (TOMM) 11(1s):10

    Google Scholar 

  22. Lv Z, Tek A, Da Silva F et al (2013) Game on, science-how video game technology may help biologists tackle visualization challenges. PLoS One 8(3):57990

    Article  Google Scholar 

  23. Lv Z, Yin T, Han Y, Chen Y et al (2011) WebVR—web virtual reality engine based on P2P network. J Netw 6(7):990–998

    Google Scholar 

  24. Ou W, Lv Z, Xie Z (2015) Spatially regularized latent topic model for simultaneous object discovery and segmentation. The 2015 I.E. International Conference on Systems, Man, and Cybernetics (SMC2015). IEEE

  25. Shacham H, Waters B (2008) Compact proofs of retrievability. Proc ASIACRYPT’08 Springer-Verlag 90–107

  26. Su T, Wang W, Lv Z et al (2016) Rapid Delaunay triangulation for randomly distributed point cloud data using adaptive Hilbert curve. Comput Graph 54:65–74

    Article  Google Scholar 

  27. Tate SR, Vishwanathan R, Everhart L (2013) Multi-user dynamic proofs of data possession using trusted hardware. Proc ACM CODASPY 13:353–64

    Google Scholar 

  28. Wang B, Chow SS, Li M, Li H (2013) Storing shared data on the cloud via security-mediator. Proc IEEE ICDCS 13:124–33

    Google Scholar 

  29. Wang B, Li B, Li H (2012) Oruta: privacy-preserving public auditing for shared data in the cloud. Proc IEEE Cloud 12:295–302

    Google Scholar 

  30. Wang B, Li H, Li M (2013) Privacy-preserving public auditing for shared cloud data supporting group dynamics. Proc IEEE ICC’13, Budapest, Hungary 1946–50

  31. Wang B, Li B, Li H (2013) Public auditing for shared data with efficient user revocation in the cloud. Proc IEEE INFOCOM 13:2904–12

    Google Scholar 

  32. Wang B, Li B, Li H (2015) Panda: public auditing for shared data with efficient user revocation in the cloud. IEEE Trans Serv Comput 8(1):92–106

    Article  Google Scholar 

  33. Wang Y, Su Y, Agrawal G (2015) A novel approach for approximate aggregations over arrays. Proceedings of the 27th International Conference on Scientific and Statistical Database Management. ACM 4

  34. Wang Q, Wang C, Ren K, Lou W, Li J (2011) Enabling public auditability and data dynamics for storage security in cloud computing. IEEE Trans Parallel Distrib Syst 22(5):847–59

    Article  Google Scholar 

  35. Wang C, Wang Q, Ren K, Lou W (2010) Privacy-preserving public auditing for data storage security in cloud computing. Proc IEEE INFOCOM 10:525–33

    Google Scholar 

  36. Wang K et al (2015) Load‐balanced and locality‐aware scheduling for data‐intensive workloads at extreme scales. Concurrency and Computation: Practice and Experience

  37. Wang K et al (2015) Overcoming Hadoop scaling limitations through distributed task execution. Proc IEEE Int Conf Clust Comput

  38. Worku SG, Xu C, Zhao J, He X (2013) Secure and efficient privacy-preserving public auditing scheme for cloud storage. Comput Electr Eng. doi:10.1016/j.compeleceng.2013.10.004

    Google Scholar 

  39. Xu C, He X, Abraha-Weldemariam D (2012) Cryptanalysis of wang’s auditing protocol for data storage security in cloud computing. Proc. ICICA’12, Springer-Verlag 422–28

  40. Yang J, Chen B, Zhou J et al (2015) A low-power and portable biomedical device for respiratory monitoring with a stable power source. Sensors 15(8):19618–19632

    Article  Google Scholar 

  41. Yang J, He S, Lin Y, Lv Z (2016) Multimedia cloud transmission and storage system based on internet of things. Multimed Tools Appl

  42. Yang K, Jia X (2013) An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE Trans Parallel Distrib Syst 24(9):1717–26

    Article  Google Scholar 

  43. Zhang S, Jing H (2014) Fast log-Gabor-based nonlocal means image denoising methods. IEEE Int Conf Image Proc (ICIP) 2014:2724–2728

    Google Scholar 

  44. Zhang X, Xu Z, Henriquez C et al (2013) Spike-based indirect training of a spiking neural network-controlled virtual insect. IEEE 52nd Annu Conf Decis Control (CDC) 2013:6798–6805

    Article  Google Scholar 

  45. Zhang S, Zhang X, Ou X (2014) After we knew it: empirical study and modeling of cost-effectiveness of exploiting prevalent known vulnerabilities across iaas cloud. Proc 9th ACM Symp Inf Comput Commun Sec. ACM 317–328

Download references

Acknowledgments

This work was supported by the school innovation foundation and the doctorial foundation under grant 2014JY170. We thank the anonymous reviewers for useful comments and suggestions.

Author information

Authors and Affiliations

  1. Zhengzhou Institute of Information Science and Technology, Zhengzhou, China

    Tonghao Yang, Bin Yu, Hengjun Wang & Junquan Li

  2. Shenzhen Institutes of Advanced Technology, Chinese Academy of Science, Shenzhen, China

    Zhihan Lv

Authors
  1. Tonghao Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bin Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hengjun Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Junquan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zhihan Lv
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Tonghao Yang or Zhihan Lv.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Yang, T., Yu, B., Wang, H. et al. Cryptanalysis and improvement of Panda - public auditing for shared data in cloud and internet of things. Multimed Tools Appl 76, 19411–19428 (2017). https://doi.org/10.1007/s11042-015-3139-7

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-015-3139-7

Keywords

Search

Navigation