Cryptanalysis of an identity-based public auditing protocol for cloud storage

  • Li-bing Wu
  • Jing Wang
  • De-biao He
  • Muhammad-Khurram Khan
Comment
  • 1 Downloads

Abstract

Public verification of data integrity is crucial for promoting the serviceability of cloud storage systems. Recently, Tan and Jia (2014) proposed an identity-based public verification (NaEPASC) protocol for cloud data to simplify key management and alleviate the burden of check tasks. They claimed that NaEPASC enables a third-party auditor (TPA) to verify the integrity of outsourced data with high efficiency and security in a cloud computing environment. However, in this paper, we pinpoint that NaEPASC is vulnerable to the signature forgery attack in the setup phase; i.e., a malicious cloud server can forge a valid signature for an arbitrary data block by using two correct signatures. Moreover, we demonstrate that NaEPASC is subject to data privacy threats in the challenge phase; i.e., an external attacker acting as a TPA can reveal the content of outsourced data. The analysis shows that NaEPASC is not secure in the data verification process. Therefore, our work is helpful for cryptographers and engineers to design and implement more secure and efficient identity-based public auditing schemes for cloud storage.

Key words

Cloud data Public auditing Data integrity Data privacy 

CLC number

TP309 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ateniese, G., Burns, R., Curtmola, R., et al., 2007. Provable data possession at untrusted stores. Proc. 14th ACM Conf. on Computer and Communications Security, p.598–609. https://doi.org/10.1145/1315245.1315318Google Scholar
  2. Chen, B., Curtmola, R., 2012. Robust dynamic provable data possession. 32nd Int. Conf. on Distributed Computing Systems Workshops, p.515–525. https://doi.org/10.1109/ICDCSW.2012.57Google Scholar
  3. Fu, Z.J., Sun, X.M., Liu, Q., et al., 2015. Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans. Commun., E98.B(1):190–200. https://doi.org/10.1587/transcom.E98.B.190CrossRefGoogle Scholar
  4. Fu, Z.J., Ren, K., Shu, J.G., et al., 2016. Enabling personalized search over encrypted outsourced data with efficiency improvement. IEEE Trans. Parall. Distrib. Syst., 27(9):2546–2559. https://doi.org/10.1109/TPDS.2015.2506573CrossRefGoogle Scholar
  5. Guo, P., Wang, J., Geng, X.H., et al., 2014. A variable threshold-value authentication architecture for wireless mesh networks. J. Intern. Technol., 15(6):929–935. https://doi.org/10.6138/JIT.2014.15.6.05Google Scholar
  6. He, D.B., Zeadally, S., Wu, L.B., 2015. Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Syst. J., in press. https://doi.org/10.1109/JSYST.2015.2428620Google Scholar
  7. Li, J.T., Zhang, L., Liu, J.K., et al., 2016. Privacy-preserving public auditing protocol for low performance end devices in cloud. IEEE Trans. Inform. Forens. Secur., 11(11):2572–2583. https://doi.org/10.1109/TIFS.2016.2587242CrossRefGoogle Scholar
  8. Liu, J.K., Au, M.H., Huang, X., et al., 2016. Fine-grained two-factor access control for web-based cloud computing services. IEEE Trans. Inform. Forens. Secur., 11(3):484–497. https://doi.org/10.1109/TIFS.2015.2493983CrossRefGoogle Scholar
  9. Ren, Y.J., Shen, J., Wang, J., et al., 2015. Mutual verifiable provable data auditing in public cloud storage. J. Intern. Technol., 16(2):317–323. https://doi.org/10.6138/JIT.2015.16.2.20140918Google Scholar
  10. Shacham, H., Waters, B., 2008. Compact proofs of retrievability. LNCS, 5350:90–107. https://doi.org/10.1007/978-3-540-89255-7_7MathSciNetMATHGoogle Scholar
  11. Shacham, H., Waters, B., 2013. Compact proofs of retrievability. J. Cryptol., 26(3):442–483. https://doi.org/10.1007/s00145-012-9129-2MathSciNetCrossRefMATHGoogle Scholar
  12. Tan, S., Jia, Y., 2014. NaEPASC: a novel and efficient public auditing scheme for cloud data. J. Zhejiang Univ.-Sci. C (Comput. & Electron.), 15(9):794–804. https://doi.org/10.1631/jzus.C1400045CrossRefGoogle Scholar
  13. Wang, C., Chow, S.S.M., Wang, Q., et al., 2013. Privacypreserving public auditing for secure cloud storage. IEEE Trans. Comput., 62(2):362–375. https://doi.org/10.1109/TC.2011.245MathSciNetCrossRefMATHGoogle Scholar
  14. Xia, Z., Wang, X., Sun, X., et al., 2016. A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans. Parall. Distrib. Syst., 27(2):340–352. https://doi.org/10.1109/TPDS.2015.2401003CrossRefGoogle Scholar

Copyright information

© Zhejiang University and Springer-Verlag GmbH Germany, part of Springer Nature 2017

Authors and Affiliations

  1. 1.School of Computer ScienceWuhan UniversityWuhanChina
  2. 2.School of Cyber Science and EngineeringWuhan UniversityWuhanChina
  3. 3.Center of Excellence in Information Assurance (CoEIA)King Saud UniversityRiyadhSaudi Arabia

Personalised recommendations