论文信息 - Cryptanalysis of Wang's Auditing Protocol for Data Storage Security in Cloud Computing

Cryptanalysis of Wang's Auditing Protocol for Data Storage Security in Cloud Computing

Cloud Computing as the on-demand and remote provision of computational resources has been eagerly waited for a long time as a computing utility. It helps users to store their data in the cloud and enjoy the high quality service. However, users do not have physical possession on their own data, hence it is indispensable to create mechanisms on how to protect the security of the data stored. Thus, some auditing protocols are introduced to ensure authenticity and integrity of the outsourced data. Wang et al. proposed a public auditing protocol in 2010 and argued that it can resist against various known attacks. However, serious security flaws are found by analyzing their protocol. The above analysis shows that the public auditing protocol proposed by Wang et al. can not resist against existential forgery using a known message attack. Moreover, the protocol is vulnerable to attacks by a malicious cloud server and an outside attacker through four specific attacking schemes. The results show that the protocol can not provide secure data storage for users.

[1] Mary Baker,et al. Privacy-Preserving Audit and Extraction of Digital Contents , 2008, IACR Cryptol. ePrint Arch..

[2] Cong Wang,et al. Ensuring data storage security in Cloud Computing , 2009, 2009 17th International Workshop on Quality of Service.

[3] Reza Curtmola,et al. Provable data possession at untrusted stores , 2007, CCS '07.

[4] Cong Wang,et al. Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[5] Ari Juels,et al. Pors: proofs of retrievability for large files , 2007, CCS '07.

[6] Randy H. Katz,et al. Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[7] Mary Baker,et al. Auditing to Keep Online Storage Services Honest , 2007, HotOS.