Abstract
Nowadays, more and more people prefer to outsource their storage to the cloud; however, due to some accidents, cloud storage service providers may lose some data outsourced by the data owners. Thus a mechanism to ensure the outsourced cloud data remaining intact is needed for smoothly running the cloud storage service. Fuzzy cloud auditing protocol is such a mechanism running between data owners and cloud storage service providers. In these protocols, the data owner fuzzy challenges the cloud storage servers on the randomly chosen data blocks with random values, the servers need to response with corrected aggregated tag proof to pass through the auditing process. Until now, there are many fuzzy cloud auditing protocols with various interesting properties. In 2015, Yuan et al. proposed an auditing scheme supporting publicly integrity checking and dynamic data sharing with multi-user modification, which aims at allowing multiple cloud users to modify data while ensuring the cloud data’s integrity. Also recently Yuan et al. proposed a public proofs of retrievability (POR) in cloud with constant cost, they showed their scheme is the first POR scheme which can simultaneously achieve public verifiability, constant communication and computational costs on users, and prove the security of their scheme. However, in this paper, we show their schemes are not secure, concretely, the tags in their schemes can be easily forged. We also give an improved fuzzy cloud auditing scheme for the data owners.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Ateniese G, Burns RC, Curtmola R, Herring J, Kissner L, Peterson ZNJ, Song D (2007) Provable data possession at untrusted stores. In: Ning P, di Vimercati SDC, Syverson PF (eds) ACM CCS 07. ACM Press, New York, pp 598–609
Cash D, Küpçü A, Wichs D (2013) Dynamic proofs of retrievability via oblivious RAM. In: Johansson T, Nguyen PQ (eds) EUROCRYPT 2013, vol 7881. Springer, Heidelberg, LNCS, pp 279–295. https://doi.org/10.1007/978-3-642-38348-9_17
Cristina D, Elena A, Catalin L, Valentin C (2014) A solution for the management of multimedia sessions in hybrid clouds. Int J Space-Based Situat Comput 4(2):77–87
Guo S, Xu H (2015) A secure delegation scheme of large polynomial computation in multi-party cloud. Int J Grid Util Comput 6(2):1–7
Halevi S, Harnik D, Pinkas B, Shulman-Peleg A (2011) Proofs of ownership in remote storage systems. In: Chen Y, Danezis G, Shmatikov V (eds) ACM CCS 11, ACM Press, pp 491–500
Juels A, Kaliski BS Jr (2007) PORs: proofs of retrievability for large files. In: Ning P, di Vimercati SDC, Syverson PF (eds) ACM CCS 07. ACM Press, New York, pp 584–597
Li Q, Ma J, Li R, Liu X, Xiong J (2016) Secure, efficient and revocable multi-authority access control system in cloud storage. Comput Secur 59(C):45–59
Ma R, Xiong J, Lin M, Ye A (2017) Privacy protection-oriented mobile crowdsensing analysis based on game theory. IEEE TrustCom 2017
Meriem T, Mahmoud B, Fabrice K (2014) An approach for developing an interoperability mechanism between cloud providers. Int J Space-Based Situat Comput 4(2):88–99
Ning P, di Vimercati SDC, Syverson PF (eds) (2007) ACM CCS 07. ACM Press, New York
Shacham H, Waters B (2008) Compact proofs of retrievability. In: Pieprzyk J (ed) ASIACRYPT 2008, vol 5350. Springer, Heidelberg, LNCS, pp 90–107
Shi E, Stefanov E, Papamanthou C (2013) Practical dynamic proofs of retrievability. In: Sadeghi AR, Gligor VD, Yung M (eds) ACM CCS 13, ACM Press, pp 325–336
Wang H (2013) Proxy provable data possession in public clouds. IEEE Trans Serv Comput 6(4):551–559
Wang H (2015) Identity-based distributed provable data possession in multicloud storage. IEEE Trans Serv Comput 8(2):328–340
Wang Q, Wang C, Ren K, Lou W, Li J (2012) Enabling public auditability and data dynamics for storage security in cloud computing. IEEE Trans Parallel Distrib Syst 22(5):847–859
Wang B, Baochun L, Hui L (2013a) Public auditing for shared data with efficient user revocation in the cloud. In: Proceedings of the 33th conference on information communications (INFOCOM 13), IEEE, pp 2750–2758
Wang C, Chow S, Wang Q, Ren K, Lou W (2013b) Privacy-preserving public auditing for secure cloud storage. IEEE Trans Comput 62(2):362–375
Wang H, He D, Tang S (2016a) Identity-based proxy-oriented data uploading and remote data integrity checking in public cloud. IEEE Trans Inf Forensics Secur 11(6):1165–1176
Wang H, Li K, Ota K, Shen J (2016b) Remote data integrity checking and sharing in cloud-based health internet of things. IEICE Trans Inf Syst 99(8):1966–1973
Wang Y, Du J, Cheng X, Liu Z, Lin K (2016c) Degradation and encryption for outsourced png images in cloud storage. Int J Grid Util Comput 7(1):22–28
Xiong J, Li F, Ma J, Liu X, Yao Z, Chen P (2015) A full lifecycle privacy protection scheme for sensitive data in cloud computing. Peer-to-peer Netw Appl 8(6):1025–1037
Xiong J, Zhang Y, Li L, Shen J, Li X, Lin M (2017) ms-PoSW: A multi-server aided proof of shared ownership scheme for secure deduplication in cloud. Concurr Comput Pract Exp. https://doi.org/10.1002/cpe.4252
Yang K, Jia X (2013) An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE Trans Parallel Distrib Syst 24(9):1717–1726
Yu Y, Zhang Y, Ni J, Au M, Chen L, Liu H (2014) Remote data possession checking with enhanced security for cloud storage. Future Gener Comput Syst. https://doi.org/10.1016/j.future.2014.10.006
Yu Y, Au MH, Ateniese G, Huang X, Susilo W, Dai Y, Min G (2016a) Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage. IEEE Trans Inf Forensics Secur. https://doi.org/10.1109/TIFS.2016.2615853
Yu Y, Li Y, Ni J, Yang G, Mu Y, Susilo W (2016b) Comments on “public integrity auditing for dynamic data sharing with multi-user modification”. IEEE Trans Inf Forensics Secur 11(3):658–659
Yuan J, Yu S (2013) Proofs of retrievability with public verifiability and constant communication cost in cloud. In: Proceedings of the 2013 international workshop on security in cloud computing, cloud computing, pp 19–26
Yuan J, Yu S (2014) Efficient public integrity checking for cloud data sharing with multi-user modification. In: Proceedings of the 33rd conference on information communications (INFOCOM 14) IEEE Press, pp 2121–2129
Yuan J, Yu S (2015a) Pcpor: Public and constant-cost proofs of retrievability in cloud. J Comput Secur 23:403–425
Yuan J, Yu S (2015b) Public integrity auditing for dynamic data sharing with multi-user modification. IEEE Trans Inf Forensics Secur 10(8):1717–1726
Zheng Q, Xu S (2011) Secure and efficient proof of storage with deduplication. Cryptology ePrint Archive, Report 2011/529. http://eprint.iacr.org/2011/529
Zhu S, Yang X (2015) Protecting data in cloud environment with attribute-based encryption. Int J Grid Util Comput 6(2):91–97
Zhu Y, Hu H, Ahn G, Yu M (2012) Cooperative provable data possession for integrity verification in multi cloud storage. IEEE Trans Parallel Distrib Syst 23(12):2231–2244
Acknowledgements
The authors would like to thanks Yudong Liu for some help on this paper. The second author and fourth author are the corresponding authors. The first and second authors are supported by the National Key R&D Program of China under Grants No. 2017YFB0802000, the National Natural Science Foundation of China under Grant Nos. 61572390, U1736111, the Natural Science Foundation of Ningbo City under Grant No. 201601HJ-B01382, and the Open Foundation of Key Laboratory of Cognitive Radio and Information Processing, Ministry of Education (Guilin University of Electronic Technology) under Grant No. CRKL160202. The fourth author is supported by the National Cryptography Development Fund of China Under Grants No. MMJJ20170112, National Key R&D Program of China under Grants No. 2017YFB0802000, National Nature Science Foundation of China (Grant Nos. 61572521, 61772550, U1636114, 61402531), the Natural Science Basic Research Plan in Shaanxi Province of china (Grant Nos. 2016JQ6037) and Guangxi Key Laboratory of Cryptography and Information Security (No. GCIS201610).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Informed consent
N/A.
Additional information
Communicated by V. Loia.
Rights and permissions
About this article
Cite this article
Zhang, J., Wang, B., He, D. et al. Improved secure fuzzy auditing protocol for cloud data storage. Soft Comput 23, 3411–3422 (2019). https://doi.org/10.1007/s00500-017-3000-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-017-3000-1