Title

Comments on a public auditing mechanism for shared cloud data service

RIS ID

106436

Publication Details

Yu, Y., Ni, J., Au, M. Ho., Mu, Y., Wang, B. & Li, H. (2015). Comments on a public auditing mechanism for shared cloud data service. IEEE Transactions on Services Computing, 8 (6), 998-999.

Abstract

Recently, a public auditing protocol for shared data called Panda (IEEE Transactions on Services Computing, doi: 10.1109/TSC.2013.2295611) was proposed to ensure the correctness of the outsourced data. A distinctive feature of Panda is the support of data sharing and user revocation. Unfortunately, in this letter, we show that Panda is insecure in the sense that a cloud server can hide data loss without being detected. Specifically, we show that even some stored file blocks have been lost, the server is able to generate a valid proof by replacing a pair of lost data block and its signature with another block and signature pair. We also provide a solution to the problem while preserving all the desirable features of the original protocol.

Please refer to publisher version or contact your library.

Share

COinS
 

Link to publisher version (DOI)

http://dx.doi.org/10.1109/TSC.2014.2355201