Comments on a Public Auditing Mechanism for Shared Cloud Data Service

Yong Yu, Jianbing Ni, Man Ho Allen Au, Yi Mu, Boyang Wang, Hui Li

Research output: Journal article publicationReview articleAcademic researchpeer-review

33 Citations (Scopus)

Abstract

Recently, a public auditing protocol for shared data called Panda (IEEE Transactions on Services Computing, doi: 10.1109/TSC.2013.2295611) was proposed to ensure the correctness of the outsourced data. A distinctive feature of Panda is the support of data sharing and user revocation. Unfortunately, in this letter, we show that Panda is insecure in the sense that a cloud server can hide data loss without being detected. Specifically, we show that even some stored file blocks have been lost, the server is able to generate a valid proof by replacing a pair of lost data block and its signature with another block and signature pair. We also provide a solution to the problem while preserving all the desirable features of the original protocol.
Original languageEnglish
Article number6894178
Pages (from-to)998-999
Number of pages2
JournalIEEE Transactions on Services Computing
Volume8
Issue number6
DOIs
Publication statusPublished - 1 Nov 2015

Keywords

  • Cloud storage
  • data integrity
  • security analysis

ASJC Scopus subject areas

  • Hardware and Architecture
  • Computer Science Applications
  • Computer Networks and Communications
  • Information Systems and Management

Cite this