Loading…

Improved security of a dynamic remote data possession checking protocol for cloud storage

•Identify security flaws of a RDPC protocol and show two attacks.•Describe an improved protocol which preserves all the desirable properties.•Prove the security of the improvement under a well-known security model. Cloud storage offers the users with high quality and on-demand data storage services...

Full description

Saved in:
Bibliographic Details
Published in:Expert systems with applications 2014-12, Vol.41 (17), p.7789-7796
Main Authors: Yu, Yong, Ni, Jianbing, Au, Man Ho, Liu, Hongyu, Wang, Hua, Xu, Chunxiang
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:•Identify security flaws of a RDPC protocol and show two attacks.•Describe an improved protocol which preserves all the desirable properties.•Prove the security of the improvement under a well-known security model. Cloud storage offers the users with high quality and on-demand data storage services and frees them from the burden of maintenance. However, the cloud servers are not fully trusted. Whether the data stored on cloud are intact or not becomes a major concern of the users. Recently, Chen et al. proposed a remote data possession checking protocol to address this issue. One distinctive feature of their protocol support data dynamics, meaning that users are allowed to modify, insert and delete their outsourced data without the need to re-run the whole protocol. Unfortunately, in this paper, we find that this protocol fails to achieve its purpose since it is vulnerable to forgery attack and replace attack launched by a malicious server. Specifically, we show how a malicious cloud server can deceive the user to believe that the entire file is well-maintained by using the meta-data related to the file alone, or with only part of the file and its meta-data. Then, we propose an improved protocol to fix the security flaws and formally proved that our proposal is secure under a well-known security model. In addition, our improvement keeps all the desirable features of the original protocol.
ISSN:0957-4174
1873-6793
DOI:10.1016/j.eswa.2014.06.027