Cryptanalysis and Countermeasures on Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage

As an on-demand of computational resource, cloud computing appears to be part of a larger upward trend. Data owners can store outsourced data in the cloud and enjoy the high quality service. However, it brings new challenges, including the potential risks of the integrity of data, confidentiality of data, and mutual authentication. Recently, Liu et al. proposed a privacy-preserving public auditing for regenerating-code-based cloud storage and claimed that their scheme was secure and highly efficient. Unfortunately, we find out that there are risks of two attacks and a shortage in the scheme. In this paper, we first point out that Liu et al.' s scheme suffers from two attacks. The first attack is that it cannot resist against forgery attack, which makes cloud servers store the wrong data without being detected. The second attack is that the efficiency of data recovery is easily reduced by attackers since cloud servers may store many useless redundant data. In addition, there is a drawback in Liu et al.' s scheme. The drawback is that the data in the cloud cannot be shared if the data owner uses a private key to encrypt it.