Privacy-preserving certificateless provable data possession scheme for big data storage on cloud, revisited

Certificateless provable data possession (CL-PDP) protocol is an important tool to check the integrity of data outsourced to cloud service provider (CSP) since it is not necessary to consider the certificate management and key escrow problems. In 2017, He et al. proposed an efficient CL-PDP protocol (HKWWC-protocol, for short) with an additional good property: Privacy protection from the verifier [AppL Math. Comput., vol. 314, pp. 31-43]. However, recently, Liao et al. illustrates that the HKWWC-protocol is completely insecure under their suggested attack (LLON-attack) since CSP can return a forged proof that is able to pass the verification of the verifier, which shows that the HKWWC-protocol will become completely useless. In this paper, we revisit the original HKWWC-protocol and try to rescue it. After our modification, the twisted new protocol can be immune to the LLON-attack. More importantly, we find that the original He et al.'s security model cannot depict the practical scene at all because they viewed CSP and KGC (key generation center) as one entity in their system. Hence, we redefine a new security model and prove the twisted HKWWC-protocol is secure under our new security model. Performance analysis shows that our proposed protocol is still efficient and practical. (C) 2020 Elsevier Inc. All rights reserved.