Soft Computing

, Volume 23, Issue 10, pp 3411–3422 | Cite as

Improved secure fuzzy auditing protocol for cloud data storage

  • Jindan Zhang
  • Baocang WangEmail author
  • Debiao He
  • Xu An Wang
Methodologies and Application


Nowadays, more and more people prefer to outsource their storage to the cloud; however, due to some accidents, cloud storage service providers may lose some data outsourced by the data owners. Thus a mechanism to ensure the outsourced cloud data remaining intact is needed for smoothly running the cloud storage service. Fuzzy cloud auditing protocol is such a mechanism running between data owners and cloud storage service providers. In these protocols, the data owner fuzzy challenges the cloud storage servers on the randomly chosen data blocks with random values, the servers need to response with corrected aggregated tag proof to pass through the auditing process. Until now, there are many fuzzy cloud auditing protocols with various interesting properties. In 2015, Yuan et al. proposed an auditing scheme supporting publicly integrity checking and dynamic data sharing with multi-user modification, which aims at allowing multiple cloud users to modify data while ensuring the cloud data’s integrity. Also recently Yuan et al. proposed a public proofs of retrievability (POR) in cloud with constant cost, they showed their scheme is the first POR scheme which can simultaneously achieve public verifiability, constant communication and computational costs on users, and prove the security of their scheme. However, in this paper, we show their schemes are not secure, concretely, the tags in their schemes can be easily forged. We also give an improved fuzzy cloud auditing scheme for the data owners.


Cloud auditing protocol Security analysis Attack 



The authors would like to thanks Yudong Liu for some help on this paper. The second author and fourth author are the corresponding authors. The first and second authors are supported by the National Key R&D Program of China under Grants No. 2017YFB0802000, the National Natural Science Foundation of China under Grant Nos. 61572390, U1736111, the Natural Science Foundation of Ningbo City under Grant No. 201601HJ-B01382, and the Open Foundation of Key Laboratory of Cognitive Radio and Information Processing, Ministry of Education (Guilin University of Electronic Technology) under Grant No. CRKL160202. The fourth author is supported by the National Cryptography Development Fund of China Under Grants No. MMJJ20170112, National Key R&D Program of China under Grants No. 2017YFB0802000, National Nature Science Foundation of China (Grant Nos. 61572521, 61772550, U1636114, 61402531), the Natural Science Basic Research Plan in Shaanxi Province of china (Grant Nos. 2016JQ6037) and Guangxi Key Laboratory of Cryptography and Information Security (No. GCIS201610).

Compliance with ethical standards

Conflict of interest

The authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Informed consent



  1. Ateniese G, Burns RC, Curtmola R, Herring J, Kissner L, Peterson ZNJ, Song D (2007) Provable data possession at untrusted stores. In: Ning P, di Vimercati SDC, Syverson PF (eds) ACM CCS 07. ACM Press, New York, pp 598–609CrossRefGoogle Scholar
  2. Cash D, Küpçü A, Wichs D (2013) Dynamic proofs of retrievability via oblivious RAM. In: Johansson T, Nguyen PQ (eds) EUROCRYPT 2013, vol 7881. Springer, Heidelberg, LNCS, pp 279–295.
  3. Cristina D, Elena A, Catalin L, Valentin C (2014) A solution for the management of multimedia sessions in hybrid clouds. Int J Space-Based Situat Comput 4(2):77–87CrossRefGoogle Scholar
  4. Guo S, Xu H (2015) A secure delegation scheme of large polynomial computation in multi-party cloud. Int J Grid Util Comput 6(2):1–7Google Scholar
  5. Halevi S, Harnik D, Pinkas B, Shulman-Peleg A (2011) Proofs of ownership in remote storage systems. In: Chen Y, Danezis G, Shmatikov V (eds) ACM CCS 11, ACM Press, pp 491–500Google Scholar
  6. Juels A, Kaliski BS Jr (2007) PORs: proofs of retrievability for large files. In: Ning P, di Vimercati SDC, Syverson PF (eds) ACM CCS 07. ACM Press, New York, pp 584–597CrossRefGoogle Scholar
  7. Li Q, Ma J, Li R, Liu X, Xiong J (2016) Secure, efficient and revocable multi-authority access control system in cloud storage. Comput Secur 59(C):45–59CrossRefGoogle Scholar
  8. Ma R, Xiong J, Lin M, Ye A (2017) Privacy protection-oriented mobile crowdsensing analysis based on game theory. IEEE TrustCom 2017Google Scholar
  9. Meriem T, Mahmoud B, Fabrice K (2014) An approach for developing an interoperability mechanism between cloud providers. Int J Space-Based Situat Comput 4(2):88–99CrossRefGoogle Scholar
  10. Ning P, di Vimercati SDC, Syverson PF (eds) (2007) ACM CCS 07. ACM Press, New YorkGoogle Scholar
  11. Shacham H, Waters B (2008) Compact proofs of retrievability. In: Pieprzyk J (ed) ASIACRYPT 2008, vol 5350. Springer, Heidelberg, LNCS, pp 90–107Google Scholar
  12. Shi E, Stefanov E, Papamanthou C (2013) Practical dynamic proofs of retrievability. In: Sadeghi AR, Gligor VD, Yung M (eds) ACM CCS 13, ACM Press, pp 325–336Google Scholar
  13. Wang H (2013) Proxy provable data possession in public clouds. IEEE Trans Serv Comput 6(4):551–559CrossRefGoogle Scholar
  14. Wang H (2015) Identity-based distributed provable data possession in multicloud storage. IEEE Trans Serv Comput 8(2):328–340CrossRefGoogle Scholar
  15. Wang Q, Wang C, Ren K, Lou W, Li J (2012) Enabling public auditability and data dynamics for storage security in cloud computing. IEEE Trans Parallel Distrib Syst 22(5):847–859CrossRefGoogle Scholar
  16. Wang B, Baochun L, Hui L (2013a) Public auditing for shared data with efficient user revocation in the cloud. In: Proceedings of the 33th conference on information communications (INFOCOM 13), IEEE, pp 2750–2758Google Scholar
  17. Wang C, Chow S, Wang Q, Ren K, Lou W (2013b) Privacy-preserving public auditing for secure cloud storage. IEEE Trans Comput 62(2):362–375MathSciNetCrossRefzbMATHGoogle Scholar
  18. Wang H, He D, Tang S (2016a) Identity-based proxy-oriented data uploading and remote data integrity checking in public cloud. IEEE Trans Inf Forensics Secur 11(6):1165–1176CrossRefGoogle Scholar
  19. Wang H, Li K, Ota K, Shen J (2016b) Remote data integrity checking and sharing in cloud-based health internet of things. IEICE Trans Inf Syst 99(8):1966–1973CrossRefGoogle Scholar
  20. Wang Y, Du J, Cheng X, Liu Z, Lin K (2016c) Degradation and encryption for outsourced png images in cloud storage. Int J Grid Util Comput 7(1):22–28CrossRefGoogle Scholar
  21. Xiong J, Li F, Ma J, Liu X, Yao Z, Chen P (2015) A full lifecycle privacy protection scheme for sensitive data in cloud computing. Peer-to-peer Netw Appl 8(6):1025–1037CrossRefGoogle Scholar
  22. Xiong J, Zhang Y, Li L, Shen J, Li X, Lin M (2017) ms-PoSW: A multi-server aided proof of shared ownership scheme for secure deduplication in cloud. Concurr Comput Pract Exp. Google Scholar
  23. Yang K, Jia X (2013) An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE Trans Parallel Distrib Syst 24(9):1717–1726CrossRefGoogle Scholar
  24. Yu Y, Zhang Y, Ni J, Au M, Chen L, Liu H (2014) Remote data possession checking with enhanced security for cloud storage. Future Gener Comput Syst. Google Scholar
  25. Yu Y, Au MH, Ateniese G, Huang X, Susilo W, Dai Y, Min G (2016a) Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage. IEEE Trans Inf Forensics Secur. Google Scholar
  26. Yu Y, Li Y, Ni J, Yang G, Mu Y, Susilo W (2016b) Comments on “public integrity auditing for dynamic data sharing with multi-user modification”. IEEE Trans Inf Forensics Secur 11(3):658–659CrossRefGoogle Scholar
  27. Yuan J, Yu S (2013) Proofs of retrievability with public verifiability and constant communication cost in cloud. In: Proceedings of the 2013 international workshop on security in cloud computing, cloud computing, pp 19–26Google Scholar
  28. Yuan J, Yu S (2014) Efficient public integrity checking for cloud data sharing with multi-user modification. In: Proceedings of the 33rd conference on information communications (INFOCOM 14) IEEE Press, pp 2121–2129Google Scholar
  29. Yuan J, Yu S (2015a) Pcpor: Public and constant-cost proofs of retrievability in cloud. J Comput Secur 23:403–425CrossRefGoogle Scholar
  30. Yuan J, Yu S (2015b) Public integrity auditing for dynamic data sharing with multi-user modification. IEEE Trans Inf Forensics Secur 10(8):1717–1726CrossRefGoogle Scholar
  31. Zheng Q, Xu S (2011) Secure and efficient proof of storage with deduplication. Cryptology ePrint Archive, Report 2011/529.
  32. Zhu S, Yang X (2015) Protecting data in cloud environment with attribute-based encryption. Int J Grid Util Comput 6(2):91–97CrossRefGoogle Scholar
  33. Zhu Y, Hu H, Ahn G, Yu M (2012) Cooperative provable data possession for integrity verification in multi cloud storage. IEEE Trans Parallel Distrib Syst 23(12):2231–2244CrossRefGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2018

Authors and Affiliations

  • Jindan Zhang
    • 1
    • 2
    • 5
  • Baocang Wang
    • 1
    Email author
  • Debiao He
    • 4
  • Xu An Wang
    • 3
    • 5
  1. 1.State Key Laboratory of Integrated Service Networks, School of Telecommunications EngineeringXidian UniversityXi’anPeople’s Republic of China
  2. 2.Xianyang Vocational Technique CollegeXi’anPeople’s Republic of China
  3. 3.Key Laboratory of Information and Network SecurityEngineering University of CAPFXi’anPeople’s Republic of China
  4. 4.School of Computer ScienceWuhan UniversityWuhanPeople’s Republic of China
  5. 5.Guangxi Key Laboratory of Cryptography and Information SecurityGuilin University of Electronic TechnologyGuilinPeople’s Republic of China

Personalised recommendations