Cryptanalysis of an identity-based public auditing protocol for cloud storage

被引:0
作者
Li-bing Wu
Jing Wang
De-biao He
Muhammad-Khurram Khan
机构
[1] Wuhan University,School of Computer Science
[2] Wuhan University,School of Cyber Science and Engineering
[3] King Saud University,Center of Excellence in Information Assurance (CoEIA)
来源
Frontiers of Information Technology & Electronic Engineering | 2017年 / 18卷
关键词
Cloud data; Public auditing; Data integrity; Data privacy; TP309;
D O I
暂无
中图分类号
学科分类号
摘要
Public verification of data integrity is crucial for promoting the serviceability of cloud storage systems. Recently, Tan and Jia (2014) proposed an identity-based public verification (NaEPASC) protocol for cloud data to simplify key management and alleviate the burden of check tasks. They claimed that NaEPASC enables a third-party auditor (TPA) to verify the integrity of outsourced data with high efficiency and security in a cloud computing environment. However, in this paper, we pinpoint that NaEPASC is vulnerable to the signature forgery attack in the setup phase; i.e., a malicious cloud server can forge a valid signature for an arbitrary data block by using two correct signatures. Moreover, we demonstrate that NaEPASC is subject to data privacy threats in the challenge phase; i.e., an external attacker acting as a TPA can reveal the content of outsourced data. The analysis shows that NaEPASC is not secure in the data verification process. Therefore, our work is helpful for cryptographers and engineers to design and implement more secure and efficient identity-based public auditing schemes for cloud storage.
引用
收藏
页码:1972 / 1977
页数:5
相关论文
共 30 条
[1]  
Fu Z.J.(2015)Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing IEICE Trans. Commun. E98.B 190-200
[2]  
Sun X.M.(2016)Enabling personalized search over encrypted outsourced data with efficiency improvement IEEE Trans. Parall. Distrib. Syst. 27 2546-2559
[3]  
Liu Q.(2014)A variable threshold-value authentication architecture for wireless mesh networks J. Intern. Technol. 15 929-935
[4]  
Fu Z.J.(2016)Privacy-preserving public auditing protocol for low performance end devices in cloud IEEE Trans. Inform. Forens. Secur. 11 2572-2583
[5]  
Ren K.(2016)Fine-grained two-factor access control for web-based cloud computing services IEEE Trans. Inform. Forens. Secur. 11 484-497
[6]  
Shu J.G.(2015)Mutual verifiable provable data auditing in public cloud storage J. Intern. Technol. 16 317-323
[7]  
Guo P.(2008)Compact proofs of retrievability LNCS 5350 90-107
[8]  
Wang J.(2013)Compact proofs of retrievability J. Cryptol. 26 442-483
[9]  
Geng X.H.(2014)NaEPASC: a novel and efficient public auditing scheme for cloud data J. Zhejiang Univ.-Sci. C (Comput. & Electron.) 15 794-804
[10]  
Li J.T.(2013)Privacypreserving public auditing for secure cloud storage IEEE Trans. Comput. 62 362-375
123