Improved secure fuzzy auditing protocol for cloud data storage
- 235 Downloads
Nowadays, more and more people prefer to outsource their storage to the cloud; however, due to some accidents, cloud storage service providers may lose some data outsourced by the data owners. Thus a mechanism to ensure the outsourced cloud data remaining intact is needed for smoothly running the cloud storage service. Fuzzy cloud auditing protocol is such a mechanism running between data owners and cloud storage service providers. In these protocols, the data owner fuzzy challenges the cloud storage servers on the randomly chosen data blocks with random values, the servers need to response with corrected aggregated tag proof to pass through the auditing process. Until now, there are many fuzzy cloud auditing protocols with various interesting properties. In 2015, Yuan et al. proposed an auditing scheme supporting publicly integrity checking and dynamic data sharing with multi-user modification, which aims at allowing multiple cloud users to modify data while ensuring the cloud data’s integrity. Also recently Yuan et al. proposed a public proofs of retrievability (POR) in cloud with constant cost, they showed their scheme is the first POR scheme which can simultaneously achieve public verifiability, constant communication and computational costs on users, and prove the security of their scheme. However, in this paper, we show their schemes are not secure, concretely, the tags in their schemes can be easily forged. We also give an improved fuzzy cloud auditing scheme for the data owners.
KeywordsCloud auditing protocol Security analysis Attack
The authors would like to thanks Yudong Liu for some help on this paper. The second author and fourth author are the corresponding authors. The first and second authors are supported by the National Key R&D Program of China under Grants No. 2017YFB0802000, the National Natural Science Foundation of China under Grant Nos. 61572390, U1736111, the Natural Science Foundation of Ningbo City under Grant No. 201601HJ-B01382, and the Open Foundation of Key Laboratory of Cognitive Radio and Information Processing, Ministry of Education (Guilin University of Electronic Technology) under Grant No. CRKL160202. The fourth author is supported by the National Cryptography Development Fund of China Under Grants No. MMJJ20170112, National Key R&D Program of China under Grants No. 2017YFB0802000, National Nature Science Foundation of China (Grant Nos. 61572521, 61772550, U1636114, 61402531), the Natural Science Basic Research Plan in Shaanxi Province of china (Grant Nos. 2016JQ6037) and Guangxi Key Laboratory of Cryptography and Information Security (No. GCIS201610).
Compliance with ethical standards
Conflict of interest
The authors declare that they have no conflict of interest.
This article does not contain any studies with human participants or animals performed by any of the authors.
- Cash D, Küpçü A, Wichs D (2013) Dynamic proofs of retrievability via oblivious RAM. In: Johansson T, Nguyen PQ (eds) EUROCRYPT 2013, vol 7881. Springer, Heidelberg, LNCS, pp 279–295. https://doi.org/10.1007/978-3-642-38348-9_17
- Guo S, Xu H (2015) A secure delegation scheme of large polynomial computation in multi-party cloud. Int J Grid Util Comput 6(2):1–7Google Scholar
- Halevi S, Harnik D, Pinkas B, Shulman-Peleg A (2011) Proofs of ownership in remote storage systems. In: Chen Y, Danezis G, Shmatikov V (eds) ACM CCS 11, ACM Press, pp 491–500Google Scholar
- Ma R, Xiong J, Lin M, Ye A (2017) Privacy protection-oriented mobile crowdsensing analysis based on game theory. IEEE TrustCom 2017Google Scholar
- Ning P, di Vimercati SDC, Syverson PF (eds) (2007) ACM CCS 07. ACM Press, New YorkGoogle Scholar
- Shacham H, Waters B (2008) Compact proofs of retrievability. In: Pieprzyk J (ed) ASIACRYPT 2008, vol 5350. Springer, Heidelberg, LNCS, pp 90–107Google Scholar
- Shi E, Stefanov E, Papamanthou C (2013) Practical dynamic proofs of retrievability. In: Sadeghi AR, Gligor VD, Yung M (eds) ACM CCS 13, ACM Press, pp 325–336Google Scholar
- Wang B, Baochun L, Hui L (2013a) Public auditing for shared data with efficient user revocation in the cloud. In: Proceedings of the 33th conference on information communications (INFOCOM 13), IEEE, pp 2750–2758Google Scholar
- Yuan J, Yu S (2013) Proofs of retrievability with public verifiability and constant communication cost in cloud. In: Proceedings of the 2013 international workshop on security in cloud computing, cloud computing, pp 19–26Google Scholar
- Yuan J, Yu S (2014) Efficient public integrity checking for cloud data sharing with multi-user modification. In: Proceedings of the 33rd conference on information communications (INFOCOM 14) IEEE Press, pp 2121–2129Google Scholar
- Zheng Q, Xu S (2011) Secure and efficient proof of storage with deduplication. Cryptology ePrint Archive, Report 2011/529. http://eprint.iacr.org/2011/529