On the security of an efficient dynamic auditing protocol in cloud storage
Using cloud storage, data owners can remotely store their data and enjoy the on-demand high quality cloud services without the burden of local data storage and maintenance. However, this new paradigm does trigger many security concerns. A major concern is how to ensure the integrity of the outsourced data. To address this issue, recently, a highly efficient dynamic auditing protocol (IEEE Transactions on Parallel and Distributed Systems, doi:10.1109/TPDS.2013.199) for cloud storage was proposed which enjoys many desirable features. Unfortunately, in this letter, we demonstrate that the protocol is insecure when an active adversary is involved in the cloud environment. We show that the adversary is able to arbitrarily modify the cloud data without being detected by the auditor in the auditing process. We also suggest a solution to fix the problem while preserving all the properties of the original protocol.