Abstract
With cloud storage systems, users can access and update outsourced data remotely. Owing to the accompanying growth of the importance of data integrity, a great deal of attention has been focused on public auditing schemes. Identity-based public auditing (IBPA) scheme allows a third-party auditor (TPA) to verify the integrity of the outsourced data on behalf of users. However, malicious TPAs might collude with cloud servers and forge audit data to deceive users. In this paper, we first review the architecture of a traditional IBPA scheme and a novel IBPA scheme which try to solve the above problem via blockchain. Then, we analyze two main limitations in this newly proposed public auditing scheme against malicious auditors and illustrate our collusion attack on this IBPA scheme. Finally, we offer some suggestions to overcome the disadvantages and help to create a more trustworthy blockchain-based public auditing scheme.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Wu, T.Y., Chen, C.M., Sun, X., Lin, C.W.: A countermeasure to SQL injection attack for cloud environment. Wireless Pers. Commun. 96(4), 406–418 (2017)
He, B.Z., Chen, C.M., Wu, T.Y., Sun, H.M.: An efficient solution for hierarchical access control problem in cloud environment. Math. Probl. Eng. (2014)
Xiong, H., Wang, Y., Li, W., Chen, C.M.: Flexible, efficient, and secure access delegation in cloud computing. ACM Trans. Manag. Inf. Syst. 10(1) (2019)
Chen, X., Li, J., Weng, J., Ma, J., Lou, W.: Verifiable computation over large database with incremental updates. IEEE Trans. Comput. 65, 3184–3195 (2016)
Liu, C., Yang, C., Zhang, X., Chen, J.: External integrity verification for outsourced big data in cloud and IoT: a big picture. Futur. Gener. Comput. Syst. 49, 58–67 (2015)
Ni, J., Yu, Y., Mu, Y., Xia, Q.: On the security of an efficient dynamic auditing protocol in cloud storage. IEEE Trans. Parallel Distrib. Syst. 25, 2760–2761 (2014)
Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., Song, D.: Provable data possession at untrusted stores. In: Proceedings of the 14th ACM conference on Computer and communications security–CCS’07 (2007)
Chen, X., Li, J., Huang, X., Ma, J., Lou, W.: New publicly verifiable databases with efficient updates. IEEE Trans. Dependable Secure Comput. 12, 546–556 (2015)
Kolhar, M., Abu-Alhaj, M., Abd El-atty, S.: Cloud data auditing techniques with a focus on privacy and security. IEEE Secur. Priv. 15, 42–51 (2017)
Wu, T.Y., Lin, Y., Wang K.H., Chen, C.M., Pan, J.S.: Comments on a privacy preserving public auditing mechanism for shared cloud data. In: Proceedings of the Multidisciplinary International Social Networks Conference (2017)
Erway, C., Küpçü, A., Papamanthou, C., Tamassia, R.: Dynamic provable data possession. In: Proceedings of the 16th ACM Conference on Computer and Communications Security–CCS’09 (2009)
Sebe, F., Domingo-Ferrer, J., Martinez-Balleste, A., Deswarte, Y., Quisquater, J.: Efficient remote data possession checking in critical information infrastructures. IEEE Trans. Knowl. Data Eng. 20, 1034–1038 (2008)
Tian, H., Chen, Z., Chang, C., Huang, Y., Wang, T., Huang, Z., Cai, Y., Chen, Y.: Public audit for operation behavior logs with error locating in cloud storage. Soft Comput. (2018)
Tian, H., Chen, Y., Chang, C., Jiang, H., Huang, Y., Chen, Y., Liu, J.: Dynamic-Hash-Table based public auditing for secure cloud storage. IEEE Trans. Serv. Comput. 10, 701–714 (2017)
Tian, H., Chen, Z., Chang, C., Kuribayashi, M., Huang, Y., Cai, Y., Chen, Y., Wang, T.: Enabling public auditability for operation behaviors in cloud storage. Soft. Comput. 21, 2175–2187 (2017)
Kolhar, M., Abu-Alhaj, M., Abd El-atty, S.: Cloud data auditing techniques with a focus on privacy and security. IEEE Secur. Priv. 15, 42–51 (2017)
Shen, J., Shen, J., Chen, X., Huang, X., Susilo, W.: An efficient public auditing protocol with novel dynamic structure for cloud data. IEEE Trans. Inf. Forensics Secur. 12, 2402–2415 (2017)
Zhang, Y., Xu, C., Liang, X., Li, H., Mu, Y., Zhang, X.: Efficient public verification of data integrity for cloud storage systems from indistinguishability obfuscation. IEEE Trans. Inf. Forensics Secur. 12, 676–688 (2017)
Chen, C.M., Xiang, B., Liu, Y., Wang, K.H.: A secure authentication protocol for internet of vehicles. IEEE Access 7(1), 12047–12057 (2019)
Wang, K.H., Chen, C.M., Fang, W., Wu, T.Y.: On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J. Supercomput. 74(1), 65–70 (2018)
Chen, C.M., Xiang, B., Wang, K.H., Yeh, K.H., Wu, T.Y.: A robust mutual authentication with a key agreement scheme for session initiation protocol. Appl. Sci. 8(10) (2018)
Chen, C.M., Huang, Y., Wang, E.K., Wu, T.Y.: Improvement of a mutual authentication protocol with anonymity for roaming service in wireless communications. Data Sci. Pattern Recognit. 2(1), 15–24 (2018)
Wang, Y., Wu, Q., Qin, B., Shi, W., Deng, R., Hu, J.: Identity-Based Data Outsourcing With Comprehensive Auditing in Clouds. IEEE Trans. Inf. Forensics Secur. 12, 940–952 (2017)
Wang, H., He, D., Tang, S.: Identity-based proxy-oriented data uploading and remote data integrity checking in public cloud. IEEE Trans. Inf. Forensics Secur. 11, 1165–1176 (2016)
Zheng, Z., Xie, S., Dai, H., Chen, X., Wang, H.: An overview of blockchain technology: architecture, consensus, and future trends. In: 2017 IEEE International Congress on Big Data (BigData Congress) (2017)
Hsiao, J.H., Tso, R., Chen, C.M., Wu, M.E.: Decentralized E-voting systems based on the blockchain technology. In: Advances in Computer Science and Ubiquitous Computing, CSA (2017)
Yeh, K.H., Su, C., Hou, J.L., Chiu, W., Chen, C.M.: A robust mobile payment scheme with smart contract-based transaction repository. IEEE Access 59394–59404 (2018)
Xue, J., Xu, C., Zhao, J., Ma, J.: Identity-based public auditing for cloud storage systems against malicious auditors via blockchain. Sci. China Inf. Sci. 62 (2019)
Catchlove, P.: Smart contracts: a new era of contract use. SSRN Electron. J. (2017)
Chen, C.M., Xu, L., Wu, T.Y., Li, C.R.: On the security of a chaotic maps-based three-party authenticated key agreement protocol. J. Netw. Intell. 1(2) (2016)
Li, C.T., Wu, T.Y. Chen, C.L., Lee, C.C., Chen, C.M.: An efficient user authentication and user anonymity scheme with provably security for iot-based medical care system. Sensors 17 (2017)
Wu, T.Y., Chen, C.M., Wang, K.H., Meng, C., Wang, E.K.: A provably secure certificateless public key encryption with keyword search. J. Chin. Inst. Eng. (2019)
Chen, C.M., Wang, K.H., Wu, T.Y., Wang, E.K.: On the security of a three-party authenticated key agreement protocol based on chaotic maps. Data Sci. Pattern Recognit. 1(2), 1–10 (2017)
Chen, C.M., Xiang, B., Wu, T.Y., Wang, K.H.: An anonymous mutual authenticated key agreement scheme for wearable sensors in wireless body area networks. Appl. Sci. (2018)
Acknowledgements
The work of Chien-Ming Chen was supported in part by Shenzhen Technical Project under Grant number JCYJ20170307151750788 and in part by Shenzhen Technical Project under Grant number KQJSCX20170327161755.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Zou, X., Deng, X., Wu, TY., Chen, CM. (2020). A Collusion Attack on Identity-Based Public Auditing Scheme via Blockchain. In: Pan, JS., Li, J., Tsai, PW., Jain, L. (eds) Advances in Intelligent Information Hiding and Multimedia Signal Processing. Smart Innovation, Systems and Technologies, vol 156. Springer, Singapore. https://doi.org/10.1007/978-981-13-9714-1_11
Download citation
DOI: https://doi.org/10.1007/978-981-13-9714-1_11
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-9713-4
Online ISBN: 978-981-13-9714-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)