Title: Security enhancement of an auditing scheme for shared cloud data
Authors: Reyhaneh Rabaninejad; Mahmoud Ahmadian Attari; Maryam Rajabzadeh Asaar; Mohammad Reza Aref
Addresses: Department of Electrical Engineering, K.N. Toosi University of Technology, Tehran, Iran ' Department of Electrical Engineering, K.N. Toosi University of Technology, Tehran, Iran ' Department of Electrical and Computer Engineering, Science and Research Branch, Islamic Azad University, Tehran, Iran ' Department of Electrical Engineering, Sharif University of Technology, Tehran, Iran
Abstract: In cloud storage services, public auditing mechanisms allow a third party to verify integrity of the outsourced data on behalf of data owners without the need to retrieve data from the cloud server. In some applications, the identity of data users should be kept private from the third party auditor. Oruta is a privacy preserving public auditing scheme for shared data in the cloud which exploits ring signatures to protect the identity privacy. In this paper, we propose two attacks and demonstrate that the scheme is insecure and a dishonest server can arbitrarily tamper the outsourced data without being detected by the auditor. We also propose a solution to remedy this weakness with the minimum overhead and without losing any desirable features of the scheme. Performance evaluation demonstrates acceptable efficiency of improved scheme in comparison to the original protocol.
Keywords: cloud storage; shared data; public auditing; security analysis.
DOI: 10.1504/IJIPT.2022.122033
International Journal of Internet Protocol Technology, 2022 Vol.15 No.1, pp.60 - 68
Received: 02 Oct 2019
Accepted: 11 May 2020
Published online: 08 Apr 2022 *