Cryptanalysis and improvement of Panda - public auditing for shared data in cloud and internet of things

Cloud computing and internet of things have gained remarkable popularity by a wide spectrum of users recently. Despite of the convenience of cloud storage, security challenges have risen upon the fact that users do not physically possess their data any more. Thus, some auditing schemes are introduced to ensure integrity of the outsourced data. And among them Panda is a public auditing scheme for shared data with efficient and secure user revocation proposed by Wang et al. It argued that it could verify the integrity of shared data with storage correctness and public auditing. In this paper, we analyze this scheme and find some security drawbacks. Firstly, Panda cannot preserve shared data privacy in cloud storage. Furthermore, our analysis shows that Panda is vulnerable to integrity forgery attack, which can be performed by malicious cloud servers to forge a valid auditing proof against any auditing challenge even without correct data storage. Then we pinpoint that the primary cause of the insecurity is the linear combinations of sampled data blocks without random masking properly. Finally, we propose an improvement of Panda together with data privacy preserving and sound public auditing while incurring optimal communication and computation overhead.