Loading...
| Friend's email | |
| Your name | |
| Your email | |
| enter code | |
This page was sent successfuly
Comments on a lightweight cloud auditing scheme: Security analysis and improvement
Rabaninejad, R ; Sharif University of Technology | 2019
361
Viewed
- Type of Document: Article
- DOI: 10.1016/j.jnca.2019.04.012
- Publisher: Academic Press , 2019
- Abstract:
- In a cloud storage service, public auditing mechanisms allow a third party to verify integrity of the outsourced data on behalf of data users without the need to retrieve data from the cloud server. Recently, Shen et al. proposed a new lightweight and privacy preserving cloud data auditing scheme which employs a third party medium to perform time-consuming operations on behalf of users. The authors have claimed that the scheme meets the security requirements of public auditing mechanisms. In this paper, we show that Shen et al.'s scheme is insecure by proposing two attacks on the scheme. In the first attack, an outside adversary can modify some messages in transmission to the cloud server and forge a valid authenticator on the modified data block. In the second attack, the dishonest cloud server arbitrarily manipulates the received data blocks, and in both attacks data manipulation is not detected by the auditor in the verification phase. Accordingly, the scheme is insecure for cloud storage auditing. We next enhance the security of Shen et al.'s scheme to overcome the proposed attacks, evaluate the performance and perform experiments to demonstrate the practicality of the improved scheme. © 2019 Elsevier Ltd
- Keywords:
- Cloud storage ; Cloud computing ; Data privacy ; Security systems ; Cloud storages ; Lightweight ; Privacy preserving ; Public auditing ; Security analysis ; Digital storage
- Source: Journal of Network and Computer Applications ; Volume 139 , 2019 , Pages 49-56 ; 10848045 (ISSN)
- URL: https://www.sciencedirect.com/science/article/abs/pii/S1084804519301365