The Community for Technology Leaders
RSS Icon
Issue No.01 - Jan. (2014 vol.25)
pp: 264-267
Huaqun Wang , Dalian Ocean University, Dalian and Xidian University, Xian
Yuqing Zhang , National Computer Network Intrusion Protection Center, Beijing
Provable data possession (PDP) is a probabilistic proof technique for cloud service providers (CSPs) to prove the clients' data integrity without downloading the whole data. In 2012, Zhu et al. proposed the construction of an efficient PDP scheme for multicloud storage. They studied the existence of multiple CSPs to cooperatively store and maintain the clients' data. Then, based on homomorphic verifiable response and hash index hierarchy, they presented a cooperative PDP (CPDP) scheme from the bilinear pairings. They claimed that their scheme satisfied the security property of knowledge soundness. It is regretful that this comment shows that any malicious CSP or the malicious organizer (O) can generate the valid response which can pass the verification even if they have deleted all the stored data, i.e., Zhu et al.'s CPDP scheme cannot satisfy the property of knowledge soundness. Then, we discuss the origin and severity of the security flaws. It implies that the attacker can get the pay without storing the clients' data. It is important to clarify the scientific fact to design more secure and practical CPDP scheme in Zhu et al.'s system architecture and security model.
Security, Cloud computing, Indexes, Distributed databases, Computer architecture, Computational modeling, Educational institutions,multiprover zero-knowledge proofs, Multicloud, integrity verification, knowledge soundness, cooperative PDP
Huaqun Wang, Yuqing Zhang, "On the Knowledge Soundness of a Cooperative Provable Data Possession Scheme in Multicloud Storage", IEEE Transactions on Parallel & Distributed Systems, vol.25, no. 1, pp. 264-267, Jan. 2014, doi:10.1109/TPDS.2013.16
[1] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, "Provable Data Possession at Untrusted Stores," Proc. 14th ACM Conf. Computer and Comm. Security (CCS '07), pp. 598-609, 2007.
[2] G. Ateniese, R. Dipietro, L.V. Mancini, and G. Tsudik, "Scalable and Efficient Provable Data Possession," Proc. Fourth Int'l Conf. Security and Privacy in Comm. Networks (SecureComm '08), 2008.
[3] C.C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia, "Dynamic Provable Data Possession," Proc. 16th ACM Conf. Computer and Comm. Security (CCS '09), pp. 213-222, 2009.
[4] F. Sebe, J. Domingo-Ferrer, A. Martinez-balleste, Y. Deswarte, and J. Quisquater, "Efficient Remote Data Possession Checking in Critical Information Infrastructures," IEEE Trans. Knowledge and Data Eng., vol. 20, no. 8, pp. 1034-1038, Aug. 2008.
[5] Y. Zhu, H. Wang, Z. Hu, G.J. Ahn, H. Hu, and S.S. Yau, "Efficient Provable Data Possession for Hybrid Clouds," Proc. 17th ACM Conf. Computer and Comm. Security (CCS '10), pp. 756-758, 2010.
[6] H. Wang, "Proxy Provable Data Possession in Public Clouds," IEEE Trans. Services Computing, DOI: 10.1109/TSC.2012.35.
[7] Y. Zhu, H. Hu, G.J. Ahn, and M. Yu, "Cooperative Provable Data Possession for Integrity Verification in MultiCloud Storage," IEEE Trans. Parallel and Distributed Systems, vol. 23, no. 12, pp. 2231-2244, Dec. 2012.
[8] L. Fortnow, J. Rompel, and M. Sipser, "On the Power of Multi-Prover Interactive Protocols," Theoretical Computer Science, pp. 156-161, 1988.
[9] D. Boneh and M. Franklin, "Identity-Based Encryption from the Weil Pairing," Proc. 21st Ann. Int'l Cryptology Conf. Advances in Cryptology (CRYPTO '01), pp. 213-229, 2001.
[10] A. Miyaji, M. Nakabayashi, and S. Takano, "New Explicit Conditions of Elliptic Curve Traces for FR-Reduction," IEICE Trans. Fundamentals, vol. 5, pp. 1234-1243, 2001.
[11] D. Boneh, H. Shacham, and B. Lynn, "Short Signatures from the Weil Pairing," J. Cryptology, vol. 17, no. 4, pp. 297-319, 2004.
4 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool