Research Article
Security Analysis and Improvement of a Dynamic-Hash-Table Based Auditing Scheme for Cloud Storage
@INPROCEEDINGS{10.1007/978-3-030-66922-5_19, author={Qiang Ma and Ti Guan and Yujie Geng and Jing Wang and Min Luo}, title={Security Analysis and Improvement of a Dynamic-Hash-Table Based Auditing Scheme for Cloud Storage}, proceedings={Security and Privacy in New Computing Environments. Third EAI International Conference, SPNCE 2020, Lyngby, Denmark, August 6-7, 2020, Proceedings}, proceedings_a={SPNCE}, year={2021}, month={1}, keywords={Cloud storage Public auditing Dynamic hash table Auditing security}, doi={10.1007/978-3-030-66922-5_19} }- Qiang Ma
Ti Guan
Yujie Geng
Jing Wang
Min Luo
Year: 2021
Security Analysis and Improvement of a Dynamic-Hash-Table Based Auditing Scheme for Cloud Storage
SPNCE
Springer
DOI: 10.1007/978-3-030-66922-5_19
Abstract
Cloud storage has emerged as a promising solution to the scalability problem of massive data management for both individuals and organizations, but it still faces some serious limitations in reliability and security. Recently, Tian et al. proposed a novel public auditing scheme for cloud storage (DHT-PA) based on dynamic hash table (DHT), with which their scheme achieves higher efficiency in dynamic auditing than the state-of-the-art schemes. They claimed that their scheme is provably secure against forging data signatures under the CDH assumption. Unfortunately, by presenting a concrete attack, we demonstrate that their scheme is vulnerable to the signature forgery attack, i.e., the cloud service provider (CSP) can forge a valid signature of an arbitrary data block. Thus, a malicious cloud service provider can pass the audit without correct data storage. The cryptanalysis shows that DHT-PA is not secure for public data verification. The purposed of our work is to help cryptographers and engineers design/implement more secure and efficient identity-based public auditing schemes for cloud storage by avoiding such kind of attacks.
