On Security of an Identity-Based Dynamic Data Auditing Protocol for Big Data Storage

被引：4

作者：

Li, Xiong ^{[1
,2
]}

Liu, Shanpeng ^{[3
]}

Lu, Rongxing ^{[2
]}

Zhang, Xiaosong ^{[1
,4
]}

机构：

[1] Univ Elect Sci & Technol China, Inst Cyber Secur, Sch Comp Sci & Engn, Chengdu 611731, Peoples R China

[2] Univ New Brunswick, Fac Comp Sci, Fredericton, NB E3B 5A3, Canada

[3] Hunan Univ Sci & Technol, Sch Comp Sci & Engn, Xiangtan 411201, Peoples R China

[4] Peng Cheng Lab, Cyberspace Secur Res Ctr, Shenzhen 518040, Guangdong, Peoples R China

来源：

IEEE TRANSACTIONS ON BIG DATA | 2021年 / 7卷 / 06期

基金：

中国国家自然科学基金;

关键词：

Protocols; Big Data; Cloud computing; Data integrity; Heuristic algorithms; Computer science; Cloud storage; auditing protocol; dynamic audit; private key reveal attack;

D O I：

10.1109/TBDATA.2020.3026318

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

In this article, we point out the security weakness of Shang et al.'s identity-based dynamic data auditing protocol for big data storage. Specifically, we identify that their protocol is vulnerable to a secret key reveal attack, i.e., the service provider (SP) can reveal the secret key of the data owner (DO) from the stored data. Further, SP can also generate a proof to pass the challenge of TPA (third party auditor) even if all block and tag pairs have been deleted. We hope that by identifying these design flaws, similar weaknesses can be avoided in future designs.

引用

页码：975 / 977

页数：3

共 50 条

[1] Identity-Based Dynamic Data Auditing for Big Data Storage
Shang, Tao
Zhang, Feng
Chen, Xingyue
Liu, Jianwei
Lu, Xinxi
IEEE TRANSACTIONS ON BIG DATA, 2021, 7 (06) : 913 - 921
[2] Fuzzy Identity-Based Dynamic Auditing of Big Data on Cloud Storage
Zhao, Chenbin
Xu, Li
Li, Jiguo
Wang, Feng
Fang, He
IEEE ACCESS, 2019, 7 : 160459 - 160471
[3] Insecurity of an identity-based public auditing protocol for the outsourced data in cloud storage
He, Debiao
Wang, Huaqun
Zhang, Jianhong
Wang, Lina
INFORMATION SCIENCES, 2017, 375 : 48 - 53
[4] Enabling Efficient User Revocation in Identity-Based Cloud Storage Auditing for Shared Big Data
Zhang, Yue
Yu, Jia
Hao, Rong
Wang, Cong
Ren, Kui
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2020, 17 (03) : 608 - 619
[5] Identity-Based Data Auditing Scheme With Provable Security in the Standard Model Suitable for Cloud Storage
Deng, Lunzhi
Feng, Shuai
Wang, Tao
Hu, Zhenyu
Li, Siwei
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2024, 21 (04) : 3644 - 3655
[6] A Security-Enhanced Identity-Based Batch Provable Data Possession Scheme for Big Data Storage
Zhao, Jining
Xu, Chunxiang
Chen, Kefei
KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS, 2018, 12 (09): : 4576 - 4598
[7] A Lightweight Identity-Based Remote Data Auditing Scheme for Cloud Storage
Deng, Lunzhi
Yang, Benjuan
Wang, Xiangbin
IEEE ACCESS, 2020, 8 : 206396 - 206405
[8] Dynamic data auditing scheme for big data storage
Xingyue Chen
Tao Shang
Feng Zhang
Jianwei Liu
Zhenyu Guan
Frontiers of Computer Science, 2020, 14 : 219 - 229
[9] Dynamic data auditing scheme for big data storage
Chen, Xingyue
Shang, Tao
Zhang, Feng
Liu, Jianwei
Guan, Zhenyu
FRONTIERS OF COMPUTER SCIENCE, 2020, 14 (01) : 219 - 229
[10] Cryptanalysis of an identity-based public auditing protocol for cloud storage
Wu, Li-bing
Wang, Jing
He, De-biao
Khan, Muhammad-Khurram
FRONTIERS OF INFORMATION TECHNOLOGY & ELECTRONIC ENGINEERING, 2017, 18 (12) : 1972 - 1977

← 1 2 3 4 5 →