Comments on a public auditing mechanism for shared cloud data service
RIS ID
106436
Abstract
Recently, a public auditing protocol for shared data called Panda (IEEE Transactions on Services Computing, doi: 10.1109/TSC.2013.2295611) was proposed to ensure the correctness of the outsourced data. A distinctive feature of Panda is the support of data sharing and user revocation. Unfortunately, in this letter, we show that Panda is insecure in the sense that a cloud server can hide data loss without being detected. Specifically, we show that even some stored file blocks have been lost, the server is able to generate a valid proof by replacing a pair of lost data block and its signature with another block and signature pair. We also provide a solution to the problem while preserving all the desirable features of the original protocol.
Publication Details
Yu, Y., Ni, J., Au, M. Ho., Mu, Y., Wang, B. & Li, H. (2015). Comments on a public auditing mechanism for shared cloud data service. IEEE Transactions on Services Computing, 8 (6), 998-999.