Insecurity of an Efficient Privacy-preserving Public Auditing Scheme for Cloud Data Storage

Cloud storage has a long string of merits but at the same time, poses many challenges on data integrity and privacy. A cloud data auditing protocol, which enables a cloud server to prove the integrity of stored files to a verifier, is a powerful tool for secure cloud storage. Wang et al. proposed a privacy-preserving public auditing protocol, however, Worku et al. found the protocol is seriously insecure and proposed an improvement to remedy the weakness. In this paper, unfortunately, we demonstrate that the new protocol due to Worku et al. fails to achieve soundness and obtains merely limited privacy. Specifically, we show even deleting all the files of a data owner, a malicious cloud server is able to generate a response to a challenge without being caught by TPA in their enhanced but unrealistic security model. Worse still, the protocol is insecure even in a correct security model. For privacy, a dishonest verifier can tell which file is stored on the cloud. Solutions to efficient public auditing mechanisms with perfect privacy protection are still worth exploring.

[1]  Reza Curtmola,et al.  Remote data checking using provable data possession , 2011, TSEC.

[2]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[3]  Sangita S. Chaudhari,et al.  Secure and efficient public auditing scheme for cloud storage , 2016, 2016 International Conference on Computing, Analytics and Security Trends (CAST).

[4]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[5]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[6]  M. Phil,et al.  PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTING , 2015 .

[7]  Cong Wang,et al.  Dynamic Data Operations with Deduplication in Privacy-Preserving Public Auditing for Secure Cloud Storage , 2017, 22017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC).

[8]  M. Mrinalni Vaknishadh,et al.  Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing , 2012 .

[9]  Hua Wang,et al.  Improved security of a dynamic remote data possession checking protocol for cloud storage , 2014, Expert Syst. Appl..

[10]  Yi Mu,et al.  On Indistinguishability in Remote Data Integrity Checking , 2015, Comput. J..

[11]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[12]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[13]  Xiaolei Dong,et al.  Security and privacy for storage and computation in cloud computing , 2014, Inf. Sci..

[14]  Yi Mu,et al.  On the security of auditing mechanisms for secure cloud storage , 2014, Future Gener. Comput. Syst..

[15]  Cong Wang,et al.  Toward publicly auditable secure cloud data storage services , 2010, IEEE Network.