On Security of an Identity-Based Dynamic Data Auditing Protocol for Big Data Storage

被引：5

作者：

Li, Xiong ^{[1
,2
]}

Liu, Shanpeng ^{[3
]}

Lu, Rongxing ^{[2
]}

Zhang, Xiaosong ^{[1
,4
]}

机构：

[1] Univ Elect Sci & Technol China, Inst Cyber Secur, Sch Comp Sci & Engn, Chengdu 611731, Peoples R China

[2] Univ New Brunswick, Fac Comp Sci, Fredericton, NB E3B 5A3, Canada

[3] Hunan Univ Sci & Technol, Sch Comp Sci & Engn, Xiangtan 411201, Peoples R China

[4] Peng Cheng Lab, Cyberspace Secur Res Ctr, Shenzhen 518040, Guangdong, Peoples R China

来源：

IEEE TRANSACTIONS ON BIG DATA | 2021年 / 7卷 / 06期

基金：

中国国家自然科学基金;

关键词：

Protocols; Big Data; Cloud computing; Data integrity; Heuristic algorithms; Computer science; Cloud storage; auditing protocol; dynamic audit; private key reveal attack;

D O I：

10.1109/TBDATA.2020.3026318

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

In this article, we point out the security weakness of Shang et al.'s identity-based dynamic data auditing protocol for big data storage. Specifically, we identify that their protocol is vulnerable to a secret key reveal attack, i.e., the service provider (SP) can reveal the secret key of the data owner (DO) from the stored data. Further, SP can also generate a proof to pass the challenge of TPA (third party auditor) even if all block and tag pairs have been deleted. We hope that by identifying these design flaws, similar weaknesses can be avoided in future designs.

引用

页码：975 / 977

页数：3

共 50 条

[21] An Efficient Identity-Based Provable Data Possession Protocol With Compressed Cloud Storage
Yang, Yang
Chen, Yanjiao
Chen, Fei
Chen, Jing
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2022, 17 : 1359 - 1371
[22] Efficient Identity-Based Data Integrity Auditing With Key-Exposure Resistance for Cloud Storage
Shen, Wenting
Yu, Jia
Yang, Ming
Hu, Jiankun
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2023, 20 (06) : 4593 - 4606
[23] Identity-based data storage in cloud computing
Han, Jinguang
Susilo, Willy
Mu, Yi
FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE, 2013, 29 (03): : 673 - 681
[24] Analysis and Improvement of an Efficient and Secure Identity-Based Public Auditing for Dynamic Outsourced Data with Proxy
Zhao, Jining
Xu, Chunxiang
Chen, Kefei
FRONTIERS IN CYBER SECURITY, 2018, 879 : 121 - 137
[25] Identity-based controlled delegated outsourcing data integrity auditing scheme
Du, Jianming
Dong, Guofang
Ning, Juangui
Xu, Zhengnan
Yang, Ruicheng
SCIENTIFIC REPORTS, 2024, 14 (01)
[26] An Identity-Based Data Aggregation Protocol for the Smart Grid
Wang, Zhiwei
IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, 2017, 13 (05) : 2428 - 2435
[27] Efficient Identity-Based Public Integrity Auditing of Shared Data in Cloud Storage With User Privacy Preserving
Yan, Hao
Gui, Wenming
IEEE ACCESS, 2021, 9 (09): : 45822 - 45831
[28] Enabling Identity-Based Integrity Auditing and Data Sharing With Sensitive Information Hiding for Secure Cloud Storage
Shen, Wenting
Qin, Jing
Yu, Jia
Hao, Rong
Hu, Jiankun
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2019, 14 (02) : 331 - 346
[29] Comments on "An Efficient Identity-Based Provable Data Possession Protocol with Compressed Cloud Storage"
Han, Lidong
Xu, Guangwu
Xie, Qi
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2023, 18 : 3934 - 3935
[30] Identity-Based Secure Distributed Data Storage Schemes
Han, Jinguang
Susilo, Willy
Mu, Yi
IEEE TRANSACTIONS ON COMPUTERS, 2014, 63 (04) : 941 - 953

← 1 2 3 4 5 →