Comments on a Public Auditing Mechanism for Shared Cloud Data Service

Yong Yu; Jianbing Ni; Man Ho Allen Au; Yi Mu; Boyang Wang; Hui Li

doi:10.1109/TSC.2014.2355201

Comments on a Public Auditing Mechanism for Shared Cloud Data Service

Yong Yu
, Jianbing Ni
, Man Ho Allen Au
, Yi Mu
, Boyang Wang
, Hui Li

Research output: Journal article publication › Review article › Academic research › peer-review

46 Citations (Scopus)

Abstract

Recently, a public auditing protocol for shared data called Panda (IEEE Transactions on Services Computing, doi: 10.1109/TSC.2013.2295611) was proposed to ensure the correctness of the outsourced data. A distinctive feature of Panda is the support of data sharing and user revocation. Unfortunately, in this letter, we show that Panda is insecure in the sense that a cloud server can hide data loss without being detected. Specifically, we show that even some stored file blocks have been lost, the server is able to generate a valid proof by replacing a pair of lost data block and its signature with another block and signature pair. We also provide a solution to the problem while preserving all the desirable features of the original protocol.

Original language	English
Article number	6894178
Pages (from-to)	998-999
Number of pages	2
Journal	IEEE Transactions on Services Computing
Volume	8
Issue number	6
DOIs	https://doi.org/10.1109/TSC.2014.2355201
Publication status	Published - 1 Nov 2015

Keywords

Cloud storage
data integrity
security analysis

ASJC Scopus subject areas

Hardware and Architecture
Computer Science Applications
Computer Networks and Communications
Information Systems and Management

More information

10.1109/TSC.2014.2355201

Cite this

@article{71635214b95a4e49a6b387811e2cd5b9,

title = "Comments on a Public Auditing Mechanism for Shared Cloud Data Service",

abstract = "Recently, a public auditing protocol for shared data called Panda (IEEE Transactions on Services Computing, doi: 10.1109/TSC.2013.2295611) was proposed to ensure the correctness of the outsourced data. A distinctive feature of Panda is the support of data sharing and user revocation. Unfortunately, in this letter, we show that Panda is insecure in the sense that a cloud server can hide data loss without being detected. Specifically, we show that even some stored file blocks have been lost, the server is able to generate a valid proof by replacing a pair of lost data block and its signature with another block and signature pair. We also provide a solution to the problem while preserving all the desirable features of the original protocol.",

keywords = "Cloud storage, data integrity, security analysis",

author = "Yong Yu and Jianbing Ni and Au, \{Man Ho Allen\} and Yi Mu and Boyang Wang and Hui Li",

year = "2015",

month = nov,

day = "1",

doi = "10.1109/TSC.2014.2355201",

language = "English",

volume = "8",

pages = "998--999",

journal = "IEEE Transactions on Services Computing",

issn = "1939-1374",

publisher = "IEEE",

number = "6",

}

TY - JOUR

T1 - Comments on a Public Auditing Mechanism for Shared Cloud Data Service

AU - Yu, Yong

AU - Ni, Jianbing

AU - Au, Man Ho Allen

AU - Mu, Yi

AU - Wang, Boyang

AU - Li, Hui

PY - 2015/11/1

Y1 - 2015/11/1

N2 - Recently, a public auditing protocol for shared data called Panda (IEEE Transactions on Services Computing, doi: 10.1109/TSC.2013.2295611) was proposed to ensure the correctness of the outsourced data. A distinctive feature of Panda is the support of data sharing and user revocation. Unfortunately, in this letter, we show that Panda is insecure in the sense that a cloud server can hide data loss without being detected. Specifically, we show that even some stored file blocks have been lost, the server is able to generate a valid proof by replacing a pair of lost data block and its signature with another block and signature pair. We also provide a solution to the problem while preserving all the desirable features of the original protocol.

AB - Recently, a public auditing protocol for shared data called Panda (IEEE Transactions on Services Computing, doi: 10.1109/TSC.2013.2295611) was proposed to ensure the correctness of the outsourced data. A distinctive feature of Panda is the support of data sharing and user revocation. Unfortunately, in this letter, we show that Panda is insecure in the sense that a cloud server can hide data loss without being detected. Specifically, we show that even some stored file blocks have been lost, the server is able to generate a valid proof by replacing a pair of lost data block and its signature with another block and signature pair. We also provide a solution to the problem while preserving all the desirable features of the original protocol.

KW - Cloud storage

KW - data integrity

KW - security analysis

UR - https://www.scopus.com/pages/publications/84961773105

U2 - 10.1109/TSC.2014.2355201

DO - 10.1109/TSC.2014.2355201

M3 - Review article

SN - 1939-1374

VL - 8

SP - 998

EP - 999

JO - IEEE Transactions on Services Computing

JF - IEEE Transactions on Services Computing

IS - 6

M1 - 6894178

ER -

Comments on a Public Auditing Mechanism for Shared Cloud Data Service

Abstract

Keywords

ASJC Scopus subject areas

More information

Other files and links

Fingerprint

Cite this