Abstract
As an essential technology of cloud computing, the cloud storage can exactly satisfy the demand of users with the service of scalability, ubiquitous access and low maintenance cost. However, moving data to the cloud servers will bring some significant security challenges due to the loss of the physical data possession. In order to verify the data integrity, many verifiable data possession schemes have been proposed in last several years. Very recently, Tang and Zhang proposed a new publicly verifiable data possession (PVDP) scheme for remote storage. They claimed that their scheme was suitable for checking the storage correctness and secure against various types of attacks. In this paper, we analyze the security of Tang and Zhang’s PVDP scheme and prove that it is vulnerable to the data recovery attack. We also demonstrate that PVDP scheme works incorrectly with a concrete instance. Our analysis shows that their scheme is not suitable for practical applications. Our work can help cryptographers and engineers design and implement more secure and efficient public auditing schemes for the cloud storage data.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Zhang W, Lu G, He H, Zhang Q, Yu C (2016) Exploring large-scale small file storage for search engines. J Supercomput 72(8):2911–2923
Xia Z, Wang X, Sun X, Wang Q (2016) A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans Parallel Distrib Syst 27(2):340–352
Fu Z, Wu X, Guan C, Sun X, Ren K (2016) Toward efficient multi-keyword fuzzy search over encrypted outsourced data with accuracy improvement. IEEE Trans Inf Forens Secur 11(12):2706–2716
Fu Z, Huang F, Sun X, Vasilakos A, Yang C-N (2016) Enabling semantic search based on conceptual graphs over encrypted outsourced data. IEEE Trans Serv Comput. doi:10.1109/TSC.2016.2622697
Fu Z, Sun X, Liu Q, Zhou L, Shu. J (2015) Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans Commun 98(1):190–200
Xia Z, Wang X, Zhang L, Qin Z, Sun X, Ren K (2016) A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Trans Inf Forens Secur 11(11):2594–2608
Liu Q, Cai W, Shen J, Fu Z, Liu X, Linge N (2016) A speculative approach to spatial-temporal efficiency with multi-objective optimization in a heterogeneous cloud environment. Secur Commun Netw 9(17):4002–4012
Ateniese G, Burns R, Curtmola R, Herring J, Kissner L, Peterson Z, Song D (2007) Provable data possession at untrusted stores. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp 598–609. ACM
Juels A, Kaliski Jr BS (2007) PORS: proofs of retrievability for large files. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp 584–597. ACM
Wang C, Wang Q, Ren K, Lou W (2010) Privacy-preserving public auditing for data storage security in cloud computing. In: 2010 proceedings IEEE on Infocom, pp 1–9. IEEE
Ateniese G, Burns R, Curtmola R, Herring J, Khan O, Kissner L, Peterson Z, Song D (2011) Remote data checking using provable data possession. ACM Transactions on Information and System Security (TISSEC) 14(1):12
Tate SR, Vishwanathan R, Everhart L (2013) Multi-user dynamic proofs of data possession using trusted hardware. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, pp 353–364. ACM
Yang K, Jia X (2013) An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE Tran Parallel Distrib Syst 24(9):1717–1726
Worku SG, Xu C, Zhao J, He X (2014) Secure and efficient privacy-preserving public auditing scheme for cloud storage. Comput Electr Eng 40(5):1703–1713
Zhang W, Xie H, Hsu R (2015) Automatic memory control of multiple virtual machines on a consolidated server. IEEE Trans Cloud Comput 5(1):2–14
Tang CM, Zhang XJ (2015) A new publicly verifiable data possession on remote storage. J Supercomput 1–15. doi:10.1007/s11227-015-1556-z
Acknowledgements
The work was supported by the National Natural Science Foundation of China (Nos. 61472287, 61501333, 61572379, U1536204), the National High-tech R&D Program of China (863 Program) (No. 2015AA016004) and the Natural Science Foundation of Hubei Province of China (No.2015CFA068, 2015CFB257). The authors extend their appreciation to the Deanship of Scientific Research at King Saud University for funding this work through Research Group (No. RGP-VPP-288).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Xu, Z., Wu, L., He, D. et al. Security analysis of a publicly verifiable data possession scheme for remote storage. J Supercomput 73, 4923–4930 (2017). https://doi.org/10.1007/s11227-017-2061-3
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-017-2061-3