Abstract
Cloud storage has emerged as a promising solution to the scalability problem of massive data management for both individuals and organizations, but it still faces some serious limitations in reliability and security. Recently, Tian et al. proposed a novel public auditing scheme for cloud storage (DHT-PA) based on dynamic hash table (DHT), with which their scheme achieves higher efficiency in dynamic auditing than the state-of-the-art schemes. They claimed that their scheme is provably secure against forging data signatures under the CDH assumption. Unfortunately, by presenting a concrete attack, we demonstrate that their scheme is vulnerable to the signature forgery attack, i.e., the cloud service provider (CSP) can forge a valid signature of an arbitrary data block. Thus, a malicious cloud service provider can pass the audit without correct data storage. The cryptanalysis shows that DHT-PA is not secure for public data verification. The purposed of our work is to help cryptographers and engineers design/implement more secure and efficient identity-based public auditing schemes for cloud storage by avoiding such kind of attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Wang, C., Wang, Q., Ren, K., Cao, N., Lou, W.: Toward secure and dependable storage services in cloud computing. IEEE Trans. Serv. Comput. 5(2), 220–232 (2012)
Buyya, R., Yeo, C.S., Venugopal, S., Broberg, J., Brandic, I.: Cloud computing and emerging IT platforms: vision, hype, and reality for delivering computing as the 5th utility. Future Gener. Comput. Syst. 25(6), 599–616 (2009)
Liu, J.K., Au, M.H., Huang, X., Lu, R., Li, J.: Fine-grained two-factor access control for web-based cloud computing services. IEEE Trans. Inf. Forensics Secur. 11(3), 484–497 (2016)
Li, Y., Yu, Y., Yang, B., Min, G., Wu, H.: Privacy preserving cloud data auditing with efficient key update. Future Gener. Comput. Syst. 78, 789–798 (2016)
Libing, W., Wang, J., Zeadally, S., He, D.: Privacy-preserving auditing scheme for shared data in public clouds. J. Supercomput. 74(11), 6156–6183 (2018)
Ateniese, G., et al.: Provable data possession at untrusted stores. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 598–609. ACM (2007)
Shacham, H., Waters, B.: Compact proofs of retrievability. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 90–107. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89255-7_7
Cui, H., Mu, Y., Au, M.H.: Proof of retrievability with public verifiability resilient against related-key attacks. IET Inf. Secur. 9(1), 43–49 (2015)
Yu, Y., Zhang, Y., Ni, J., Au, M.H., Chen, L., Liu, H.: Remote data possession checking with enhanced security for cloud storage. Future Gener. Comput. Syst. 52, 77–85 (2015)
Barsoum, A.F., Hasan, M.A.: Provable multicopy dynamic data possession in cloud computing systems. IEEE Trans. Inf. Forensics Secur. 10(3), 485–497 (2015)
Zhang, Y., Ni, J., Tao, X., Wang, Y., Yong, Yu.: Provable multiple replication data possession with full dynamics for secure cloud storage. Concurr. Comput.: Pract. Exp. 28(4), 1161–1173 (2016)
Wang, C., Chow, S.S.M., Wang, Q., Ren, K., Lou, W.: Privacy-preserving public auditing for secure cloud storage. IEEE Trans. Comput. 62(2), 362–375 (2013)
Zhao, H., Yao, X., Zheng, X.: Privacy-preserving TPA auditing scheme based on skip list for cloud storage. IJ Netw. Secur. 21(3), 451–461 (2019)
Yang, Z., Wang, W., Huang, Y., Li, X.: Privacy-preserving public auditing scheme for data confidentiality and accountability in cloud storage. Chin. J. Electron. 28(1), 179–187 (2019)
Zhang, X., Zhao, J., Xu, C., Li, H., Wang, H., Zhang, Y.: CIPPPA: conditional identity privacy-preserving public auditing for cloud-based WBANs against malicious auditors. IEEE Trans. Cloud Comput. (2019)
Tian, H., Nan, F., Chang, C.-C., Huang, Y., Jing, L., Yongqian, D.: Privacy-preserving public auditing for secure data storage in fog-to-cloud computing. J. Netw. Comput. Appl. 127, 59–69 (2019)
Erway, C., Küpçü, A., Papamanthou, C., Tamassia, R.: Dynamic provable data possession. In: Proceedings of the 16th ACM Conference on Computer and Communications Security-CCS 2009, p. 213. ACM Press (2009)
Wang, Q., Wang, C., Ren, K., Lou, W., Li, J.: Enabling public auditability and data dynamics for storage security in cloud computing. IEEE Trans. Parallel Distrib. Syst. 22(5), 847–859 (2011)
Zhu, Y., Ahn, G.-J., Hu, H., Yau, S.S., An, H.G., Hu, C.-J.: Dynamic audit services for outsourced storages in clouds. IEEE Trans. Serv. Comput. 6(2), 227–238 (2013)
Tian, H., et al.: Dynamic-hash-table based public auditing for secure cloud storage. IEEE Trans. Serv. Comput. 10(5), 701–714 (2015)
Libing, W., Wang, J., Kumar, N., He, D.: Secure public data auditing scheme for cloud storage in smart city. Pers. Ubiquitous Comput. 21(5), 949–962 (2017)
Xu, Z., Wu, L., Khan, M.K., Choo, K.-K.R., He, D.: A secure and efficient public auditing scheme using RSA algorithm for cloud storage. J. Supercomput. 73(12), 5285–5309 (2017)
Acknowledgment
The work was supported by the National Key Research and Development Program of China (No. 2018YFC1604000) and the National Natural Science Foundation of China (Nos. 61972294, 61932016).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Ma, Q., Guan, T., Geng, Y., Wang, J., Luo, M. (2021). Security Analysis and Improvement of a Dynamic-Hash-Table Based Auditing Scheme for Cloud Storage. In: Wang, D., Meng, W., Han, J. (eds) Security and Privacy in New Computing Environments. SPNCE 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 344. Springer, Cham. https://doi.org/10.1007/978-3-030-66922-5_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-66922-5_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-66921-8
Online ISBN: 978-3-030-66922-5
eBook Packages: Computer ScienceComputer Science (R0)