Abstract
Cloud Computing as the on-demand and remote provision of computational resources has been eagerly waited for a long time as a computing utility. It helps users to store their data in the cloud and enjoy the high quality service. However, users do not have physical possession on their own data, hence it is indispensable to create mechanisms on how to protect the security of the data stored. Thus, some auditing protocols are introduced to ensure authenticity and integrity of the outsourced data. Wang et al. proposed a public auditing protocol in 2010 and argued that it can resist against various known attacks. However, serious security flaws are found by analyzing their protocol. The above analysis shows that the public auditing protocol proposed by Wang et al. can not resist against existential forgery using a known message attack. Moreover, the protocol is vulnerable to attacks by a malicious cloud server and an outside attacker through four specific attacking schemes. The results show that the protocol can not provide secure data storage for users.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Mell, P., Grance, T.: Draft NIST working definition of cloud computing (2009), http://csrc.nist.gov/groups/SNS/cloud-computing/index.html
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: Above the clouds: A berkeley view of cloud computing. Technical report, UCB-EECS-2009-28 (2009)
Amazon s3 availability event: July 20, 2008 (2008), http://status.aws.amazon.com/s3-20080720.html
Wilson, S.: Appengine outage (2008), http://www.cio-weblog.com/50226711/appengine_outage.php
Krebs, B.: Payment processor breach may be largest ever (2009), http://voices.washingtonpost.com/securityfix/2009/01/payment_processor_breach_may_b.html
Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., Song, D.: Provable data possession at untrusted stores. In: 14th ACM Conference on Computer and Communications Security, pp. 598–609. ACM Press, New York (2007)
Shah, M., Swaminathan, R., Baker, M.: Privacy-preserving audit and extraction of digital contents. Technical report 2008/196, Cryptology ePrint Archive (2008)
Juels, A., Kaliski, B.: PORs: Proofs of retrievability for large files. In: 14th ACM Conference on Computer and Communications Security, pp. 584–597. ACM Press, New York (2007)
Wang, C., Wang, Q., Ren, K., Lou, W.: Ensuring Data Storage Security in Cloud Computing. In: IWQoS 2009, USA (2009)
Shah, M., Baker, M., Mogul, J., Swaminathan, R.: Auditing to keep online storage services honest. In: 11th USENIX Workshop on Hot Topics in Operating Systems, USA (2007)
Wang, C., Wang, Q., Ren, K., Lou, W.: Privacy-preserving public auditing for data Storage Security in cloud computing. In: InfoCom 2010, USA (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Xu, C., He, X., Abraha-Weldemariam, D. (2012). Cryptanalysis of Wang’s Auditing Protocol for Data Storage Security in Cloud Computing. In: Liu, C., Wang, L., Yang, A. (eds) Information Computing and Applications. ICICA 2012. Communications in Computer and Information Science, vol 308. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34041-3_59
Download citation
DOI: https://doi.org/10.1007/978-3-642-34041-3_59
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34040-6
Online ISBN: 978-3-642-34041-3
eBook Packages: Computer ScienceComputer Science (R0)