Abstract
Recently, a public auditing protocol for shared data called Panda (IEEE Transactions on Services Computing, doi: 10.1109/TSC.2013.2295611) was proposed to ensure the correctness of the outsourced data. A distinctive feature of Panda is the support of data sharing and user revocation. Unfortunately, in this letter, we show that Panda is insecure in the sense that a cloud server can hide data loss without being detected. Specifically, we show that even some stored file blocks have been lost, the server is able to generate a valid proof by replacing a pair of lost data block and its signature with another block and signature pair. We also provide a solution to the problem while preserving all the desirable features of the original protocol.
Original language | English |
---|---|
Article number | 6894178 |
Pages (from-to) | 998-999 |
Number of pages | 2 |
Journal | IEEE Transactions on Services Computing |
Volume | 8 |
Issue number | 6 |
DOIs | |
Publication status | Published - 1 Nov 2015 |
Keywords
- Cloud storage
- data integrity
- security analysis
ASJC Scopus subject areas
- Hardware and Architecture
- Computer Science Applications
- Computer Networks and Communications
- Information Systems and Management