Insecurity of an Efficient Privacy-preserving Public Auditing Scheme for Cloud Data Storage
Hongyu Liu (University of Electronic Science and Technology of China, China)
Leiting Chen (University of Electronic Science and Technology of China, China)
Zahra Davar (University of Wollongong, Australia)
Mohammad Ramezanian Pour (University of Wollongong, Australia)
Abstract: Cloud storage has a long string of merits but at the same time, poses many challenges on data integrity and privacy. A cloud data auditing protocol, which enables a cloud server to prove the integrity of stored files to a verifier, is a powerful tool for secure cloud storage. Wang et al. proposed a privacy-preserving public auditing protocol, however, Worku et al. found the protocol is seriously insecure and proposed an improvement to remedy the weakness. In this paper, unfortunately, we demonstrate that the new protocol due to Worku et al. fails to achieve soundness and obtains merely limited privacy. Specifically, we show even deleting all the files of a data owner, a malicious cloud server is able to generate a response to a challenge without being caught by TPA in their enhanced but unrealistic security model. Worse still, the protocol is insecure even in a correct security model. For privacy, a dishonest verifier can tell which file is stored on the cloud. Solutions to efficient public auditing mechanisms with perfect privacy protection are still worth exploring.
Keywords: cloud storage, data integrity, privacy-preserving,, security analysis
Categories: H.2, H.3.7, H.5.4