Remote data possession checking with enhanced security for cloud storage

Yong Yu, Yafang Zhang, Jianbing Ni, Man Ho Allen Au, Lanxiang Chen, Hongyu Liu

Research output: Journal article publicationJournal articleAcademic researchpeer-review

44 Citations (Scopus)

Abstract

Abstract Cloud storage allows users to enjoy the on-demand and high quality data storage services without the load of local data maintenance. However, the cloud server providers are not fully trusted. Whether the data over cloud servers are intact becomes a major concern of data owners. To offer cloud users with the capacity of data integrity verification, recently, Chen proposed a remote data possession checking (RDPC) protocol from algebraic signatures which achieves many desirable features such as high efficiency, short length of challenges and responses, non-block verification. Unfortunately, in this paper, we find that the protocol is vulnerable to replay attack and deletion attack launched by a dishonest server. Specifically, the server can deceive the users to believe that their data are well hold by replaying a previous evidence or re-constructing the deleted data blocks from the corresponding tags in the integrity checking process, while their data have been partially discarded in fact. Then, we present an improved scheme to fix the security flaws of the original protocol. Both the theoretical analysis and the implementation results show that the improvement is secure and practical.
Original languageEnglish
Article number2629
Pages (from-to)77-84
Number of pages8
JournalFuture Generation Computer Systems
Volume52
DOIs
Publication statusPublished - 29 Jul 2015

Keywords

  • Algebraic signature
  • Cloud storage
  • Data integrity
  • Provable security

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this