Abstract
Using cloud storage, users can remotely store their data without the burden on complicated local storage management and maintenance. However, users will no longer physically possess the storage of their data after they upload the data to the cloud. It is very natural for users to suspect whether their data stored in the cloud is intact. To help users efficiently check the integrity of the outsourced data, many public auditing schemes have been proposed. Recently, Huang et al. have proposed a privacy-preserving public auditing scheme for non-manager group shared data. In this paper, we find a security flaw in their auditing scheme. Even if the cloud has deleted or polluted the whole outsourced data, it still can pass the verification of the verifier. And then, we overcome this shortcoming by improving their scheme, which prevents the cloud forging a valid proof to pass the integrity auditing. Last, we perform the concrete implementation of our improved scheme and Huang et al. ’s scheme.
Similar content being viewed by others
References
Gantz J, Reinsel D (2012) The digital universe in 2020: Big data, bigger digital shadows, and biggest growth in the far east. IDC iView IDC Anal Future 2007(2012):1–16
Yang HS, Yoo SJ (2015) A study on smartwork security technology based on cloud computing environment. Wirel Pers Commun 94(3):1–10
Wang C, Chow SSM, Wang Q, Ren K, Lou W (2013) Privacy-preserving public auditing for secure cloud storage. IEEE Trans Comput 62(2):362–375
Wang H, He D, Tang S (2016) Identity-based proxy-oriented data uploading and remote data integrity checking in public cloud. IEEE Trans Inf Forensics Secur 11(6):1165–1176
Yu J, Ren K, Wang C (2016) Enabling cloud storage auditing with verifiable outsourcing of key updates. IEEE Trans Inf Forensics Secur 11(6):1362–1375
Zhao P, Yu J, Zhang H, Qin Z, Wang C (2019) How to securely outsource finding the min-cut of undirected edge-weighted graphs. IEEE Trans Inf Forensics Secur 15:315–328
Ge X, Yu J, Zhang H, Hu C, Li Z, Qin Z, Hao R (2019) Towards achieving keyword search over dynamic encrypted cloud data with symmetric-key based verification. IEEE Trans Dependable Sec Comput. https://doi.org/10.1109/TDSC.2019.2896258
Zhang Y, Yu J, Hao R, Wang C, Ren K (2018) Enabling efficient user revocation in identity-based cloud storage auditing for shared big data. IEEE Trans Dependable Sec Comput PP (99) 1–1
Ren K, Wang C, Wang Q (2012) Security challenges for the public cloud. IEEE Internet Comput 16(1):69–73
Song D, Shi E, Fischer I, Shankar U (2012) Cloud data protection for the masses. Computer 45(1):39–45
Wang Q, Wang C, Ren K, Lou W, Li J (2011) Enabling public auditability and data dynamics for storage security in cloud computing. IEEE Trans Parall Distrib Syst 22(5):847–859
Ateniese G, Burns R, Curtmola R, Herring J, Kissner L, Peterson Z, Song D (2007) Provable data possession at untrusted stores. In: ACM Conference on Computer and Communications Security, pp 598–609
Shacham H, Waters B (2008) Compact proofs of retrievability. In: International Conference on the Theory and Application of Cryptology and Information Security, pp 90–107
Zhang Y, Blanton M (2013) Efficient dynamic provable possession of remote data via balanced update trees. In: ACM Sigsac Symposium on Information, Computer and Communications Security, pp 183–194
Wang H (2013) Proxy provable data possession in public clouds. IEEE Trans Serv Comput 6(4):551–559
Wang B, Li B, Li H (2013) Panda: public auditing for shared data with efficient user revocation in the cloud. IEEE Trans Serv Comput 8(1):92–106
Jiang T, Chen X, Ma J (2015) Public integrity auditing for shared dynamic cloud data with group user revocation. IEEE Trans Comput 65(8):2363–2373
Yuan J, Yu S (2015) Public integrity auditing for dynamic data sharing with multiuser modification. IEEE Trans Inf Forensics Secur 10(8):1717–1726
Huang L, Zhang G, Fu A (2018) Privacy-preserving public auditing for non-manager group shared data. Wirel Pers Commun (3):1–18
Tian H, Nan F, Jiang H, Chang C-C, Ning J, Huang Y (2019) Public auditing for shared cloud data with efficient and secure group management. Inf Sci 472:107–125
Shen J, Shen J, Chen X, Huang X, Susilo W (2017) An efficient public auditing protocol with novel dynamic structure for cloud data. IEEE Trans Inf Forensics Secur 12(10):2402–2415
Yang G, Yu J, Shen W, Su Q, Fu Z, Hao R (2016) Enabling public auditing for shared data in cloud storage supporting identity privacy and traceability. J Syst Softw 113(C):130–139
He K, Huang C, Yang K, Shi J (2015) Identity-preserving public auditing for shared cloud data. In: IEEE International Symposium on Quality of Service, pp 159–164
Yu J, Hao R (2019) Comments on “SEPDP: secure and efficient privacy preserving provable data possession in cloud storage”. IEEE Trans Serv Comput. https://doi.org/10.1109/TSC.2019.2912379
Yu J, Ren K, Wang C, Varadharajan V (2017) Enabling cloud storage auditing with key-exposure resistance. IEEE Trans Inf Forensics Secur 10(6):1167–1179
Yu J, Wang H (2017) Strong key-exposure resilient auditing for secure cloud storage. IEEE Trans Inf Forensics Secur 12(8):1931–1940
Zhang X, Wang H, Xu C (2019) Identity-based key-exposure resilient cloud storage public auditing scheme from lattices. Inf Sci 472:223–234
Xu Y, Sun S, Cui J, Zhong H (2019) Intrusion-resilient public cloud auditing scheme with authenticator update. Inf Sci. https://doi.org/10.1016/j.ins.2019.09.080
Yu Y, Man HA, Mu Y, Tang S, Ren J, Susilo W, Dong L (2015) Enhanced privacy of a remote data integrity-checking protocol for secure cloud storage. Int J Inf Secur 14(4):307–318
Shen W, Qin J, Yu J, Hao R, Hu J, Ma J (2019) Data integrity auditing without private key storage for secure cloud storage. IEEE Trans Cloud Comput. https://doi.org/10.1109/TCC.2019.2921553
Nan F, Tian H, Wang T, Cai Y, Chen Y et al (2019) A collusion-resistant public auditing scheme for shared cloud data. Int J Inf Technol Manag 18(2/3):195–212
Acknowledgements
This research is supported by National Natural Science Foundation of China (61572267, 61572412), National Development Foundation of Cryptography (MMJJ20170118, MMJJ20170126), the Key Research and Development Project of Shandong Province(2019GGX101051), the Open Project of the State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences (2019-MS-03).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Bai, J., Hao, R. Comment on “Privacy-preserving public auditing for non-manager group shared data”. J Supercomput 76, 5563–5577 (2020). https://doi.org/10.1007/s11227-019-03094-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-019-03094-z