Litcius/Paper detail

Toward Usable Cloud Storage Auditing, Revisited

Huiqun Wang, Luqiang Feng, Yanyan Ji, Bilin Shao, Rui Xue

2021IEEE Systems Journal18 citationsDOI

Abstract

In recent years, how to design secure and efficient cloud storage auditing (CSA) protocols, which enable users to verify whether the cloud server still keeps their stored data undamaged, is a research hotspot, and many candidates were proposed. Recently, Chen <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> (2020) just suggested a usable CSA (UCSA) protocol by combining error correcting codes with homomorphic authentication technique, and claimed that their protocol is secure. However, in this article, we analyze the security of Chen <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> ’s construction and find that this protocol is completely insecure. In particular, after receiving data owner’s authenticated data, the cloud server only needs to compute and store the much shorter parity codes (derived from all the data blocks) instead of the blocks themselves. Then, it can correctly forge and return a proof, which is able to pass the checking of the verifier, even if it does not truly store original data blocks. In addition, we provide an improved UCSA (iUCSA) protocol on the remedy of the weaknesses of Chen <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> ’s scheme. A detailed security analysis is also performed within the framework of Chen <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> Finally, the performance analysis shows that the protocol iUCSA is practical.

Topics & Concepts

Computer scienceHomomorphic encryptionCloud computingProtocol (science)ChenUSableEncryptionTheoretical computer scienceInformation retrievalComputer securityWorld Wide WebOperating systemPaleontologyMedicineAlternative medicinePathologyBiologyCloud Data Security SolutionsCryptography and Data Security