Abstract
In recent years, how to design secure and efficient cloud storage auditing (CSA) protocols, which enable users to verify whether the cloud server still keeps their stored data undamaged, is a research hotspot, and many candidates were proposed. Recently, Chen <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> (2020) just suggested a usable CSA (UCSA) protocol by combining error correcting codes with homomorphic authentication technique, and claimed that their protocol is secure. However, in this article, we analyze the security of Chen <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> ’s construction and find that this protocol is completely insecure. In particular, after receiving data owner’s authenticated data, the cloud server only needs to compute and store the much shorter parity codes (derived from all the data blocks) instead of the blocks themselves. Then, it can correctly forge and return a proof, which is able to pass the checking of the verifier, even if it does not truly store original data blocks. In addition, we provide an improved UCSA (iUCSA) protocol on the remedy of the weaknesses of Chen <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> ’s scheme. A detailed security analysis is also performed within the framework of Chen <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> Finally, the performance analysis shows that the protocol iUCSA is practical.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
