A Collusion Attack on Identity-Based Public Auditing Scheme via Blockchain

  • Xing Zou
  • Xiaoting Deng
  • Tsu-Yang Wu
  • Chien-Ming ChenEmail author
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 156)


With cloud storage systems, users can access and update outsourced data remotely. Owing to the accompanying growth of the importance of data integrity, a great deal of attention has been focused on public auditing schemes. Identity-based public auditing (IBPA) scheme allows a third-party auditor (TPA) to verify the integrity of the outsourced data on behalf of users. However, malicious TPAs might collude with cloud servers and forge audit data to deceive users. In this paper, we first review the architecture of a traditional IBPA scheme and a novel IBPA scheme which try to solve the above problem via blockchain. Then, we analyze two main limitations in this newly proposed public auditing scheme against malicious auditors and illustrate our collusion attack on this IBPA scheme. Finally, we offer some suggestions to overcome the disadvantages and help to create a more trustworthy blockchain-based public auditing scheme.


Cloud storage Identity-based public auditing Collusion attack 



The work of Chien-Ming Chen was supported in part by Shenzhen Technical Project under Grant number JCYJ20170307151750788 and in part by Shenzhen Technical Project under Grant number KQJSCX20170327161755.


  1. 1.
    Wu, T.Y., Chen, C.M., Sun, X., Lin, C.W.: A countermeasure to SQL injection attack for cloud environment. Wireless Pers. Commun. 96(4), 406–418 (2017)CrossRefGoogle Scholar
  2. 2.
    He, B.Z., Chen, C.M., Wu, T.Y., Sun, H.M.: An efficient solution for hierarchical access control problem in cloud environment. Math. Probl. Eng. (2014)Google Scholar
  3. 3.
    Xiong, H., Wang, Y., Li, W., Chen, C.M.: Flexible, efficient, and secure access delegation in cloud computing. ACM Trans. Manag. Inf. Syst. 10(1) (2019)Google Scholar
  4. 4.
    Chen, X., Li, J., Weng, J., Ma, J., Lou, W.: Verifiable computation over large database with incremental updates. IEEE Trans. Comput. 65, 3184–3195 (2016)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Liu, C., Yang, C., Zhang, X., Chen, J.: External integrity verification for outsourced big data in cloud and IoT: a big picture. Futur. Gener. Comput. Syst. 49, 58–67 (2015)CrossRefGoogle Scholar
  6. 6.
    Ni, J., Yu, Y., Mu, Y., Xia, Q.: On the security of an efficient dynamic auditing protocol in cloud storage. IEEE Trans. Parallel Distrib. Syst. 25, 2760–2761 (2014)CrossRefGoogle Scholar
  7. 7.
    Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., Song, D.: Provable data possession at untrusted stores. In: Proceedings of the 14th ACM conference on Computer and communications security–CCS’07 (2007)Google Scholar
  8. 8.
    Chen, X., Li, J., Huang, X., Ma, J., Lou, W.: New publicly verifiable databases with efficient updates. IEEE Trans. Dependable Secure Comput. 12, 546–556 (2015)CrossRefGoogle Scholar
  9. 9.
    Kolhar, M., Abu-Alhaj, M., Abd El-atty, S.: Cloud data auditing techniques with a focus on privacy and security. IEEE Secur. Priv. 15, 42–51 (2017)CrossRefGoogle Scholar
  10. 10.
    Wu, T.Y., Lin, Y., Wang K.H., Chen, C.M., Pan, J.S.: Comments on a privacy preserving public auditing mechanism for shared cloud data. In: Proceedings of the Multidisciplinary International Social Networks Conference (2017)Google Scholar
  11. 11.
    Erway, C., Küpçü, A., Papamanthou, C., Tamassia, R.: Dynamic provable data possession. In: Proceedings of the 16th ACM Conference on Computer and Communications Security–CCS’09 (2009)Google Scholar
  12. 12.
    Sebe, F., Domingo-Ferrer, J., Martinez-Balleste, A., Deswarte, Y., Quisquater, J.: Efficient remote data possession checking in critical information infrastructures. IEEE Trans. Knowl. Data Eng. 20, 1034–1038 (2008)CrossRefGoogle Scholar
  13. 13.
    Tian, H., Chen, Z., Chang, C., Huang, Y., Wang, T., Huang, Z., Cai, Y., Chen, Y.: Public audit for operation behavior logs with error locating in cloud storage. Soft Comput. (2018)Google Scholar
  14. 14.
    Tian, H., Chen, Y., Chang, C., Jiang, H., Huang, Y., Chen, Y., Liu, J.: Dynamic-Hash-Table based public auditing for secure cloud storage. IEEE Trans. Serv. Comput. 10, 701–714 (2017)CrossRefGoogle Scholar
  15. 15.
    Tian, H., Chen, Z., Chang, C., Kuribayashi, M., Huang, Y., Cai, Y., Chen, Y., Wang, T.: Enabling public auditability for operation behaviors in cloud storage. Soft. Comput. 21, 2175–2187 (2017)CrossRefGoogle Scholar
  16. 16.
    Kolhar, M., Abu-Alhaj, M., Abd El-atty, S.: Cloud data auditing techniques with a focus on privacy and security. IEEE Secur. Priv. 15, 42–51 (2017)CrossRefGoogle Scholar
  17. 17.
    Shen, J., Shen, J., Chen, X., Huang, X., Susilo, W.: An efficient public auditing protocol with novel dynamic structure for cloud data. IEEE Trans. Inf. Forensics Secur. 12, 2402–2415 (2017)CrossRefGoogle Scholar
  18. 18.
    Zhang, Y., Xu, C., Liang, X., Li, H., Mu, Y., Zhang, X.: Efficient public verification of data integrity for cloud storage systems from indistinguishability obfuscation. IEEE Trans. Inf. Forensics Secur. 12, 676–688 (2017)CrossRefGoogle Scholar
  19. 19.
    Chen, C.M., Xiang, B., Liu, Y., Wang, K.H.: A secure authentication protocol for internet of vehicles. IEEE Access 7(1), 12047–12057 (2019)CrossRefGoogle Scholar
  20. 20.
    Wang, K.H., Chen, C.M., Fang, W., Wu, T.Y.: On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J. Supercomput. 74(1), 65–70 (2018)CrossRefGoogle Scholar
  21. 21.
    Chen, C.M., Xiang, B., Wang, K.H., Yeh, K.H., Wu, T.Y.: A robust mutual authentication with a key agreement scheme for session initiation protocol. Appl. Sci. 8(10) (2018)CrossRefGoogle Scholar
  22. 22.
    Chen, C.M., Huang, Y., Wang, E.K., Wu, T.Y.: Improvement of a mutual authentication protocol with anonymity for roaming service in wireless communications. Data Sci. Pattern Recognit. 2(1), 15–24 (2018)Google Scholar
  23. 23.
    Wang, Y., Wu, Q., Qin, B., Shi, W., Deng, R., Hu, J.: Identity-Based Data Outsourcing With Comprehensive Auditing in Clouds. IEEE Trans. Inf. Forensics Secur. 12, 940–952 (2017)CrossRefGoogle Scholar
  24. 24.
    Wang, H., He, D., Tang, S.: Identity-based proxy-oriented data uploading and remote data integrity checking in public cloud. IEEE Trans. Inf. Forensics Secur. 11, 1165–1176 (2016)CrossRefGoogle Scholar
  25. 25.
    Zheng, Z., Xie, S., Dai, H., Chen, X., Wang, H.: An overview of blockchain technology: architecture, consensus, and future trends. In: 2017 IEEE International Congress on Big Data (BigData Congress) (2017)Google Scholar
  26. 26.
    Hsiao, J.H., Tso, R., Chen, C.M., Wu, M.E.: Decentralized E-voting systems based on the blockchain technology. In: Advances in Computer Science and Ubiquitous Computing, CSA (2017)Google Scholar
  27. 27.
    Yeh, K.H., Su, C., Hou, J.L., Chiu, W., Chen, C.M.: A robust mobile payment scheme with smart contract-based transaction repository. IEEE Access 59394–59404 (2018)CrossRefGoogle Scholar
  28. 28.
    Xue, J., Xu, C., Zhao, J., Ma, J.: Identity-based public auditing for cloud storage systems against malicious auditors via blockchain. Sci. China Inf. Sci. 62 (2019)Google Scholar
  29. 29.
    Catchlove, P.: Smart contracts: a new era of contract use. SSRN Electron. J. (2017)Google Scholar
  30. 30.
    Chen, C.M., Xu, L., Wu, T.Y., Li, C.R.: On the security of a chaotic maps-based three-party authenticated key agreement protocol. J. Netw. Intell. 1(2) (2016)Google Scholar
  31. 31.
    Li, C.T., Wu, T.Y. Chen, C.L., Lee, C.C., Chen, C.M.: An efficient user authentication and user anonymity scheme with provably security for iot-based medical care system. Sensors 17 (2017)CrossRefGoogle Scholar
  32. 32.
    Wu, T.Y., Chen, C.M., Wang, K.H., Meng, C., Wang, E.K.: A provably secure certificateless public key encryption with keyword search. J. Chin. Inst. Eng. (2019)Google Scholar
  33. 33.
    Chen, C.M., Wang, K.H., Wu, T.Y., Wang, E.K.: On the security of a three-party authenticated key agreement protocol based on chaotic maps. Data Sci. Pattern Recognit. 1(2), 1–10 (2017)Google Scholar
  34. 34.
    Chen, C.M., Xiang, B., Wu, T.Y., Wang, K.H.: An anonymous mutual authenticated key agreement scheme for wearable sensors in wireless body area networks. Appl. Sci. (2018)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  • Xing Zou
    • 1
  • Xiaoting Deng
    • 1
  • Tsu-Yang Wu
    • 2
    • 3
  • Chien-Ming Chen
    • 1
    Email author
  1. 1.Harbin Institute of Technology (Shenzhen)ShenzhenChina
  2. 2.Fujian Provincial Key Laboratory of Big Data Mining and ApplicationsFujian University of TechnologyFuzhouChina
  3. 3.China and National Demonstration Center for Experimental Electronic Information and Electrical Technology EducationFujian University of TechnologyFuzhouChina

Personalised recommendations