Cryptology ePrint Archive: Report 2017/1065

On the Security of a Lightweight Cloud Data Auditing Scheme

Reyhaneh Rabaninejad and Maryam Rajabzadeh Asaar and Mahmoud Ahmadian Attari and Mohammad Reza Aref

Abstract: In cloud storage service, public auditing mechanisms allow a third party to verify integrity of the outsourced data on behalf of data users without the need to retrieve data from the cloud server. Recently, Shen et al. proposed a new lightweight and privacy preserving cloud data auditing scheme which employs a third party medium to perform time-consuming operations on behalf of users. The authors have claimed that the scheme meets the security requirements of public auditing mechanisms. In this paper, we propose two attacks against Shen et al.'s scheme. In the first attack, an active adversary who is involved in the protocol, can forge a valid authenticator on an arbitrarily modified data block. In the second attack, the dishonest cloud server arbitrarily manipulates the received data blocks, and in both attacks data manipulation is not detected by the auditor in the verification phase. Accordingly, the scheme is insecure for cloud storage auditing.

Category / Keywords: cryptographic protocols / Cloud storage, public auditing, privacy preserving, security analysis.

Date: received 2 Nov 2017

Contact author: rabaninejad at ee kntu ac ir

Available format(s): PDF | BibTeX Citation

Version: 20171109:164544 (All versions of this report)

Short URL: ia.cr/2017/1065

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]