On the security of auditing mechanisms for secure cloud storage |
| |
| Affiliation: | 1. School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, China;2. Wuhan Digital Engineering Institute, Wuhan, China;3. Department of Computer Science, South-Central University for Nationalities, Wuhan, China;1. School of Electronics Engineering and Computer Science, Peking University, China;2. School of Software and Microelectronics, Peking University, China |
| |
| Abstract: | Cloud computing is a novel computing model that enables convenient and on-demand access to a shared pool of configurable computing resources. Auditing services are highly essential to make sure that the data is correctly hosted in the cloud. In this paper, we investigate the active adversary attacks in three auditing mechanisms for shared data in the cloud, including two identity privacy-preserving auditing mechanisms called Oruta and Knox, and a distributed storage integrity auditing mechanism. We show that these schemes become insecure when active adversaries are involved in the cloud storage. Specifically, an active adversary can arbitrarily alter the cloud data without being detected by the auditor in the verification phase. We also propose a solution to remedy the weakness without sacrificing any desirable features of these mechanisms. |
| |
| Keywords: | Cloud storage Privacy-preserving Auditing Cryptanalysis |
| 本文献已被 ScienceDirect 等数据库收录! |
|
