Improving the Security of a Public Auditing Scheme for Multiple-Replica Dynamic Data
Cloud auditing is a significant technique for determining the security of data owners’ data in cloud. However, multiple-replica places greater demands on cloud auditing, where not only the integrity of each data replica but also the number of replicas should be checked. Moreover, it is also significant to support dynamical updating for multiple-replica data. Therefore, how to achieve secure and effective multiple-replica dynamic data auditing is a cutting-edge issue for cloud auditing. Recently, an efficient multi-replica dynamic data auditing scheme (IEEE Transactions on Information Forensics & Security, DOI: 10.1109/TIFS.2014.2384391) was presented to address this issue. Unfortunately, there is a security defect in this protocol, as we demonstrate in this paper. Specifically, a dishonest cloud storage provider can store an aggregation of all data copies instead of each replica itself without being detected by an auditor. Accordingly, we suggest a solution to resolve the problem while preserving all the properties of the original protocol.
KeywordsCloud storage Multi-replica Public auditing
This work was supported in part by National Natural Science Foundation of China under Grant Nos. U1405254 and U1536115, Natural Science Foundation of Fujian Province of China under Grant No. 2018J01093, Research Project for Young Teachers in Fujian Province (Program for High-Education Informationization) under Grant No. JAT170055, and Program for Science and Technology Innovation Teams and Leading Talents of Huaqiao University under Grant No. 2014KJTD13.
- 8.Hao, Z., Yu, N.: A multiple-replica remote data possession checking protocol with public verifiability. In: Proceedings of the 2nd International Symposium on Data, Privacy and E-Commerce (ISDPE), pp. 84–89 (2010)Google Scholar