Go home now Header Background Image
Submission Procedure
share: |
Follow us
Volume 21 / Issue 3

available in:   PDF (120 kB) PS (336 kB)
Similar Docs BibTeX   Write a comment
Links into Future
DOI:   10.3217/jucs-021-03-0473


Insecurity of an Efficient Privacy-preserving Public Auditing Scheme for Cloud Data Storage

Hongyu Liu (University of Electronic Science and Technology of China, China)

Leiting Chen (University of Electronic Science and Technology of China, China)

Zahra Davar (University of Wollongong, Australia)

Mohammad Ramezanian Pour (University of Wollongong, Australia)

Abstract: Cloud storage has a long string of merits but at the same time, poses many challenges on data integrity and privacy. A cloud data auditing protocol, which enables a cloud server to prove the integrity of stored files to a verifier, is a powerful tool for secure cloud storage. Wang et al. proposed a privacy-preserving public auditing protocol, however, Worku et al. found the protocol is seriously insecure and proposed an improvement to remedy the weakness. In this paper, unfortunately, we demonstrate that the new protocol due to Worku et al. fails to achieve soundness and obtains merely limited privacy. Specifically, we show even deleting all the files of a data owner, a malicious cloud server is able to generate a response to a challenge without being caught by TPA in their enhanced but unrealistic security model. Worse still, the protocol is insecure even in a correct security model. For privacy, a dishonest verifier can tell which file is stored on the cloud. Solutions to efficient public auditing mechanisms with perfect privacy protection are still worth exploring.

Keywords: cloud storage, data integrity, privacy-preserving,, security analysis

Categories: H.2, H.3.7, H.5.4