Title :
Comments on a Public Auditing Mechanism for Shared Cloud Data Service
Author :
Yong Yu ; Jianbing Ni ; Man Ho Au ; Yi Mu ; Boyang Wang ; Hui Li
Author_Institution :
Sch. of Comput. Sci. & Eng., Univ. of Electron. Sci. & Technol. of China, Chengdu, China
Abstract :
Recently, a public auditing protocol for shared data called Panda (IEEE Transactions on Services Computing, doi: 10.1109/TSC.2013.2295611) was proposed to ensure the correctness of the outsourced data. A distinctive feature of Panda is the support of data sharing and user revocation. Unfortunately, in this letter, we show that Panda is insecure in the sense that a cloud server can hide data loss without being detected. Specifically, we show that even some stored file blocks have been lost, the server is able to generate a valid proof by replacing a pair of lost data block and its signature with another block and signature pair. We also provide a solution to the problem while preserving all the desirable features of the original protocol.
Keywords :
cloud computing; data handling; outsourcing; user interfaces; Panda; data sharing; outsourced data; public auditing mechanism; public auditing protocol; shared cloud data service; user revocation; Auditing; Cloud computing; Computer security; Servers; Cloud storage; data integrity; security analysis;
Journal_Title :
Services Computing, IEEE Transactions on
DOI :
10.1109/TSC.2014.2355201
