Paper 2012/115

Cryptanalysis of auditing protocol proposed by Wang et al. for data storage security in Cloud Computing

XU Chun-xiang, HE Xiao-hu, and Daniel Abraha

Abstract

Cloud Computing as the on-demand and remote provision of computational resources has been eagerly waited for a long time as a computing utility. It helps users to store their data in the cloud and enjoy the high quality service. However, users do not have physical possession on their own data, hence it is indispensable to create mechanisms on how to protect the security of the data stored. Thus, some auditing protocols are introduced to ensure authenticity and integrity of the outsourced data. Wang et al. proposed a public auditing protocol in 2010 and argued that it can resist against various known attacks. In this paper, we analyze the protocol and find serious security flaws in their protocol. Our analysis shows that the public auditing scheme proposed by Wang et al. can not resist against existential forgery using a known message attack. Moreover, we show that the protocol is vulnerable to attacks by a malicious cloud server and an outside attacker through four specific attacking schemes. The results show that the protocol can not provide secure data storage for users.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
Cloud Computingpublic auditingsecure data storage
Contact author(s)
hh2870714 @ 163 com
History
2012-03-04: received
Short URL
https://ia.cr/2012/115
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/115,
      author = {XU Chun-xiang and HE Xiao-hu and Daniel Abraha},
      title = {Cryptanalysis of auditing protocol proposed by Wang et al. for data storage security in Cloud Computing},
      howpublished = {Cryptology {ePrint} Archive, Paper 2012/115},
      year = {2012},
      url = {https://eprint.iacr.org/2012/115}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.