Identity-based provable data possession revisited: Security analysis and generic construction

Abstract

Provable Data Possession (PDP), which enables cloud users to verify the data integrity without retrieving the entire file, is highly essential for cloud storage. Observing all the existing PDP schemes rely on the Public Key Infrastructure (PKI), Wang proposed an identity-based distributed provable data possession (ID-DPDP) scheme that can (1) eliminate the complex certificate management and (2) be applied to the multi-cloud scenario. The scheme is efficient, flexible and supports private verification, delegated verification and public verification. In this paper, we find that ID-DPDP is flawed since it fails to achieve soundness. We then fix the flaw by presenting a generic construction for identity-based PDP (ID-PDP) protocol, derived from secure digital signature schemes and traditional PDP protocols. We prove that the soundness of the generic ID-PDP construction depends on the security of the underlying PDP protocols and the signature schemes. An instance of the generic construction by utilizing a state-of-the-art PDP protocol due to Shacham and Waters and BLS short signature scheme is given. Moreover, a new ID-DPDP protocol is obtained by extending the basic ID-PDP to multiple clouds environment. The implementation shows that the proposed ID-PDP protocol is efficient.