Advertisement

Improvement of a Remote Data Possession Checking Protocol from Algebraic Signatures

  • Yong Yu
  • Jianbing Ni
  • Jian Ren
  • Wei Wu
  • Lanxiang Chen
  • Qi Xia
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8434)

Abstract

Cloud storage allows cloud users to enjoy the on-demand and high quality data storage services without the burden of local data storage and maintenance. However, the cloud servers are not necessarily fully trusted. As a consequence, whether the data stored on the cloud are intact becomes a major concern. To solve this challenging problem, recently, Chen proposed a remote data possession checking (RDPC) protocol using algebraic signatures. It achieves many desirable features such as high efficiency, small challenges and responses, non-block verification. In this paper, we find that the protocol is vulnerable to replay attack and deletion attack launched by a dishonest server. Specifically, the server can either fool the user to believe that the data is well maintained but actually only a proof of the challenge is stored, or can generate a valid response in the integrity checking process after deleting the entire file of the user. We then propose an improved scheme to fix the security flaws of the original protocol without losing the desirable features of the original protocol.

Keywords

Cloud Computing Cloud Server Cloud Storage Data Possession Replay Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Buyyaa, R., Yeoa, C., Broberga, J., Brandicc, I.: Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation Computer Systems 25(6), 599–616 (2009)CrossRefGoogle Scholar
  2. 2.
    Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Generation Computer Systems 28(3), 583–592 (2012)CrossRefGoogle Scholar
  3. 3.
    Ateniese, G., Burns, R.C., Curtmola, R., Herring, J., Kissner, L., Peterson, Z.N.J., Song, D.: Provable data possession at untrusted stores. In: Proceeding of ACM CCS 2007, Alexandria, Virginia, USA, pp. 598–609. ACM (2007)Google Scholar
  4. 4.
    Ateniese, G., Burns, R.C., Curtmola, R., Herring, J., Kissner, L., Peterson, Z.N.J., Song, D.: Remote data checking using provable data possession. ACM Trans. Inf. Syst. Security 14(1), 12 (2011)CrossRefGoogle Scholar
  5. 5.
    Juels, A., Kaliski, B.S.: PORs: proofs of retrievability for large files. In: Proceeding of ACM CCS 2007, Alexandria, Virginia, USA, pp. 584–597. ACM (2007)Google Scholar
  6. 6.
    Shacham, H., Waters, B.: Compact proofs of retrievability. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 90–107. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Shacham, H., Waters, B.: Compact proofs of retrievability. Journal of Cryptology 26(3), 442–483 (2013)CrossRefzbMATHMathSciNetGoogle Scholar
  8. 8.
    Ateniese, G., Kamara, S., Katz, J.: Proofs of storage from homomorphic identification protocols. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 319–333. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. 9.
    Wang, Q., Wang, C., Li, J., Ren, K., Lou, W.: Enabling public verifiability and data dynamics for storage security in cloud computing. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 355–370. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Wang, Q., Wang, C., Ren, K., Lou, W., Li, J.: Enabling public auditability and data dynamics for storage security in cloud computing. IEEE Trans. Parallel Distrib. Syst. 22(5), 847–859 (2012)CrossRefGoogle Scholar
  11. 11.
    Wang, C., Ren, K., Lou, W., Li, J.: Toward public auditable secure cloud data storage services. IEEE Network 24(4), 19–24 (2010)CrossRefGoogle Scholar
  12. 12.
    Zhu, Y., Hu, H., Ahn, G.J., Stephen, S.: Yau: efficient audit service outsourcing for data integrity in clouds. Journal of Systems and Software 85(5), 1083–1095 (2012)CrossRefGoogle Scholar
  13. 13.
    Zhu, Y., Hu, H., Ahn, G.J., Yu, M.: Cooperative provable data possession for integrity verification in multicloud storage. IEEE Trans. Parallel Distrib. Syst. 23(12), 2231–2244 (2012)CrossRefGoogle Scholar
  14. 14.
    Yang, K., Jia, X.: An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE Trans. Parallel Distrib. Syst. 24(9), 1717–1726 (2013)CrossRefGoogle Scholar
  15. 15.
    Zhu, Y., Wang, S.B., Hu, H., Ahn, G.J., Ma, D.: Secure collaborative integrity verification for hybrid cloud environments. Int. J. Cooperative Inf. Syst. 21(3), 165–198 (2012)CrossRefGoogle Scholar
  16. 16.
    Wang, C., Chow, S.S.M., Wang, Q., Ren, K., Lou, W.: Privacy-preserving public auditing for secure cloud storage. IEEE Trans. Computers 62(2), 362–375 (2013)CrossRefMathSciNetGoogle Scholar
  17. 17.
    Curtmola, R., Khan, O., Burns, R.: Robust remote data checking. In: Proceeding of Storage SS 2008, Fairfax, Virginia, USA, pp. 63–68. ACM (2008)Google Scholar
  18. 18.
    Bowers, K.D., Juels, A., Oprea, A.: Proofs of retrievability: theory and implementation. In: Proceeding of CCSW 2009, Chicago, Illinois, USA, pp. 43–54. ACM (2009)Google Scholar
  19. 19.
    Dodis, Y., Vadhan, S., Wichs, D.: Proofs of retrievability via hardness amplification. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 109–127. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  20. 20.
    Chen, L.: Using algebraic signatures to check data possession in cloud storage. Future Generation Computer Systems 29(7), 1709–1715 (2013)CrossRefGoogle Scholar
  21. 21.
    Schwarz, T., Miller, E.: Store, forget, and check: using algebraic signatures to check remotely administered storage. In: Proceeding of ICDCS 2006, Lisbon, Portugal, p. 12. IEEE Computer Society (2006)Google Scholar
  22. 22.
    Ni, J., Yu, Y., Mu, Y., Xia, Q.: On the security of an efficient dynamic auditing protocol in cloud storage. IEEE Transactions on Parallel and Distributed Systems (2013), doi:10.1109/TPDS.2013.199Google Scholar
  23. 23.
    Erway, C., Kupcu, A., Papamanthou, C., Tamassia, R.: Dynamic provable data possession. In: Proceeding of ACM CC 2009, Hyatt Regency Chicago, Chicago, IL, USA, pp. 213–222. ACM (2009)Google Scholar
  24. 24.
    Ateniese, G., Pietro, R.D., Mancini, L.V., Tsudik, G.: Scalable and efficient provable data possession. In: Proceeding of SecureComm 2008, Stanbul, Turkey, pp. 1–10. IEEE Computer Society (2008)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Yong Yu
    • 1
    • 2
  • Jianbing Ni
    • 1
  • Jian Ren
    • 3
  • Wei Wu
    • 4
  • Lanxiang Chen
    • 4
  • Qi Xia
    • 1
  1. 1.School of Computer Science and EngineeringUniversity of Electronic Science and Technology of ChinaChengduChina
  2. 2.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  3. 3.Department of Electrical and Computer EngineeringMichigan State UniversityUSA
  4. 4.School of Mathematics and Computer ScienceFujian Normal UniversityFuzhouChina

Personalised recommendations