Full Text:   <637>

Summary:  <220>

CLC number: TP309

On-line Access: 2018-02-06

Received: 2016-09-06

Revision Accepted: 2017-01-23

Crosschecked: 2017-12-20

Cited: 0

Clicked: 2254

Citations:  Bibtex RefMan EndNote GB/T7714


De-biao He


-   Go to

Article info.
Open peer comments

Frontiers of Information Technology & Electronic Engineering  2017 Vol.18 No.12 P.1972-1977


Cryptanalysis of an identity-based public auditing protocol for cloud storage

Author(s):  Li-bing Wu, Jing Wang, De-biao He, Muhammad-Khurram Khan

Affiliation(s):  School of Computer Science, Wuhan University, Wuhan 430072, China; more

Corresponding email(s):   whuwlb@126.com, cswjing@whu.edu.cn, hedebiao@163.com, mkhurram@ksu.edu.sa

Key Words:  Cloud data, Public auditing, Data integrity, Data privacy

Li-bing Wu, Jing Wang, De-biao He, Muhammad-Khurram Khan. Cryptanalysis of an identity-based public auditing protocol for cloud storage[J]. Frontiers of Information Technology & Electronic Engineering, 2017, 18(12): 1972-1977.

@article{title="Cryptanalysis of an identity-based public auditing protocol for cloud storage",
author="Li-bing Wu, Jing Wang, De-biao He, Muhammad-Khurram Khan",
journal="Frontiers of Information Technology & Electronic Engineering",
publisher="Zhejiang University Press & Springer",

%0 Journal Article
%T Cryptanalysis of an identity-based public auditing protocol for cloud storage
%A Li-bing Wu
%A Jing Wang
%A De-biao He
%A Muhammad-Khurram Khan
%J Frontiers of Information Technology & Electronic Engineering
%V 18
%N 12
%P 1972-1977
%@ 2095-9184
%D 2017
%I Zhejiang University Press & Springer
%DOI 10.1631/FITEE.1601530

T1 - Cryptanalysis of an identity-based public auditing protocol for cloud storage
A1 - Li-bing Wu
A1 - Jing Wang
A1 - De-biao He
A1 - Muhammad-Khurram Khan
J0 - Frontiers of Information Technology & Electronic Engineering
VL - 18
IS - 12
SP - 1972
EP - 1977
%@ 2095-9184
Y1 - 2017
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/FITEE.1601530

Public verification of data integrity is crucial for promoting the serviceability of cloud storage systems. Recently, Tan and Jia (2014) proposed an identity-based public verification (NaEPASC) protocol for cloud data to simplify key management and alleviate the burden of check tasks. They claimed that NaEPASC enables a third-party auditor (TPA) to verify the integrity of outsourced data with high efficiency and security in a cloud computing environment. However, in this paper, we pinpoint that NaEPASC is vulnerable to the signature forgery attack in the setup phase; i.e., a malicious cloud server can forge a valid signature for an arbitrary data block by using two correct signatures. Moreover, we demonstrate that NaEPASC is subject to data privacy threats in the challenge phase; i.e., an external attacker acting as a TPA can reveal the content of outsourced data. The analysis shows that NaEPASC is not secure in the data verification process. Therefore, our work is helpful for cryptographers and engineers to design and implement more secure and efficient identity-based public auditing schemes for cloud storage.


概要:数据完整性公开验证对提高云存储系统的适用性、可服务性至关重要。最近,Tan和Jia(2014)提出了一种基于身份的云数据完整性公开验证(NaEPASC)协议,以简化用户密钥管理和减轻完整性验证负担。NaEPASC可以使第三方审计人员(third-party auditor, TPA)能够在云计算环境中高效和安全地验证外包数据的完整性。然而,本文指出NaEPASC在数据签名阶段容易遭受签名伪造攻击,即恶意云服务器可以通过使用两个正确的签名来伪造任意数据块的有效签名。此外,证明了NaEPASC在挑战阶段受到数据隐私威胁,即TPA或冒充TPA的外部攻击者可以分析出外包数据的内容。本文分析表明NaEPASC在数据验证过程中不安全。本文的工作有助于密码学家和工程师设计、实施更安全高效的基于身份的云存储数据完整性公开审计方案。


Darkslateblue:Affiliate; Royal Blue:Author; Turquoise:Article


[1]Ateniese, G., Burns, R., Curtmola, R., et al., 2007. Provable data possession at untrusted stores. Proc. 14th ACM Conf. on Computer and Communications Security, p.598-609.

[2]Chen, B., Curtmola, R., 2012. Robust dynamic provable data possession. 32nd Int. Conf. on Distributed Computing Systems Workshops, p.515-525.

[3]Fu, Z.J., Sun, X.M., Liu, Q., et al., 2015. Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans. Commun., E98.B(1):190-200.

[4]Fu, Z.J., Ren, K., Shu, J.G., et al., 2016. Enabling personalized search over encrypted outsourced data with efficiency improvement. IEEE Trans. Parall. Distrib. Syst., 27(9):2546-2559.

[5]Guo, P., Wang, J., Geng, X.H., et al., 2014. A variable threshold-value authentication architecture for wireless mesh networks. J. Intern. Technol., 15(6):929-935.

[6]He, D.B., Zeadally, S., Wu, L.B., 2015. Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Syst. J., in press.

[7]Li, J.T., Zhang, L., Liu, J.K., et al., 2016. Privacy-preserving public auditing protocol for low performance end devices in cloud. IEEE Trans. Inform. Forens. Secur., 11(11): 2572-2583.

[8]Liu, J.K., Au, M.H., Huang, X., et al., 2016. Fine-grained two-factor access control for web-based cloud computing services. IEEE Trans. Inform. Forens. Secur., 11(3): 484-497.

[9]Ren, Y.J., Shen, J., Wang, J., et al., 2015. Mutual verifiable provable data auditing in public cloud storage. J. Intern. Technol., 16(2):317-323.

[10]Shacham, H., Waters, B., 2008. Compact proofs of retrievability. LNCS, 5350:90-107.

[11]Shacham, H., Waters, B., 2013. Compact proofs of retrievability. J. Cryptol., 26(3):442-483.

[12]Tan, S., Jia, Y., 2014. NaEPASC: a novel and efficient public auditing scheme for cloud data. J. Zhejiang Univ.-Sci. C (Comput. & Electron.), 15(9):794-804.

[13]Wang, C., Chow, S.S.M., Wang, Q., et al., 2013. Privacy-preserving public auditing for secure cloud storage. IEEE Trans. Comput., 62(2):362-375.

[14]Xia, Z., Wang, X., Sun, X., et al., 2016. A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans. Parall. Distrib. Syst., 27(2):340-352.

Open peer comments: Debate/Discuss/Question/Opinion


Please provide your name, email address and a comment

Journal of Zhejiang University-SCIENCE, 38 Zheda Road, Hangzhou 310027, China
Tel: +86-571-87952783; E-mail: cjzhang@zju.edu.cn
Copyright © 2000 - Journal of Zhejiang University-SCIENCE