Title: Security vulnerabilities in cloud audit schemes: exploiting forgery or data deletion attacks and their effects

Authors: Hao Liu; Yuanhang Zhang; Haibo Lei; Xiaoxuan Xu; Jindan Zhang

Addresses: Key Laboratory of Network and Information Security, Engineering University of People's Armed Police, China ' Key Laboratory of Network and Information Security, Engineering University of People's Armed Police, China ' 95183 Troops of China People's Liberation Army, China ' Staff Department of Shanxi Provincial Corps of People's Armed Police, China ' School of Information Engineering, Xianyang Polytechnic Institute, China

Abstract: With the rapid development of computing and networking, individual users are increasingly relying on cloud storage and computing services. To ensure the integrity of data in the cloud, many audit schemes have been proposed. Yang's scheme combines fuzzy identity-based signatures to achieve dynamic revocation and public audit, while Wang's scheme utilises chaotic systems and smart contracts to achieve non-interactive audit and fair payment. However, these schemes enhance functionality but ignore security. This paper conducts a systematic cryptographic analysis of the cloud audit schemes proposed by Wang and Yang. Firstly, Yang's scheme contains errors in algebraic usage, making it vulnerable to forgery attacks. We verify this through a specific attack scheme. Secondly, Wang's scheme is susceptible to data deletion attacks. We first conduct a detailed analysis of Wang's scheme, identify its security issues, and verify our conjecture by proposing a method of data deletion attack.

Keywords: cloud storage; cloud audit; fuzzy attribute base; smart contracts; forgery attack; cryptanalysis.

DOI: 10.1504/IJWGS.2025.150179

International Journal of Web and Grid Services, 2025 Vol.21 No.3/4, pp.440 - 459

Received: 27 Feb 2025
Accepted: 02 Sep 2025
Published online: 02 Dec 2025 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article