On the Security of a Certificateless Public Verification Scheme for Cloud-Based Cyber-Physical-Social Systems

Abstract

With the popularity of the cyber-physical-social system, increasing individuals would like to share their data from both cyberspace and physical space with others. This results in more and more data needed to be stored locally. Due to the high price of storing and maintaining those data, the user would like to resort to the cloud storage. Thus, the concept of cloud-based cyber-physical-social (CBCPS) systems are putted forward. In CBCPS systems, the user loses his/her physical control on the data after they are uploaded to the cloud. How to guarantee the data integrity becomes a challenging issue. Recently, Zhang et al. proposed a certificateless public verification (CLPV) scheme to ensure the data integrity in CBCPS systems. Zhang et al. claimed that their CLPV scheme is secure against various attacks and is provably secure in the random oracle model. However, in this paper, we propose a universal attack against Zhang et al.’s CLPV scheme to demonstrate that a malicious cloud server can modify even delete the user’s data without being found by the auditor or the user. The security analysis shows that Zhang et al.’s CLPV scheme is not secure enough for the cloud-based cyber-physical-social systems.