Author_Institution :
Sch. of Inf. Sci. & Eng., Southeast Univ., Nanjing, China
Abstract :
Cloud computing offers a kind of on-demand computing method that lets users use IT resources such as network, operating system, hardware, software, application and so on when needing them. However, cloud computing faces many security issues including data integrity, data confidentiality and access control. Recently, Barsoum et al. presents a cloud-based data access scheme that allows the data owner to benefit from the facilities offered by the CSP and enables indirect mutual trust between them. They declare that their scheme can assure data integrity, newness and CSP´s defense. However, through our security analysis, their scheme still has some security vulnerabilities. It will easily suffer from the integrity attack, newness attack and CSP´s defense attack. In other words, Although CSP have corrupted the outsourced data or ignore the data-updated request issued by the owner, the CSP is able to cheat authorized user into passing through the integrity checking, On the contrary, the owner also accuses CSP of having corrupted the outsourced data, whereas in reality the CSP not.
Keywords :
authorisation; cloud computing; data integrity; operating system kernels; CSP defense attack; DDIMT; IT resources; access control; cloud computing; cloud-based data access scheme; data confidentiality; data integrity; data-updated request; dynamic data; hardware; indirect mutual trust; integrity attack; integrity checking; newness attack; on-demand computing method; operating system; outsourced data; security analysis; security vulnerabilities; software; Access control; Cloud computing; Encryption; Servers; Tin; Access control; Cloud Computing; Defense Attack; Integrity Attack; Newness attack;
Conference_Titel :
Instrumentation and Measurement, Sensor Network and Automation (IMSNA), 2013 2nd International Symposium on
