IEEE Access (Jan 2019)

Security Analysis of a Certificateless Provable Data Possession Scheme in Cloud

  • Yongjian Liao,
  • Yikuan Liang,
  • Adeniyi Wisdom Oyewole,
  • Xuyun Nie

DOI
https://doi.org/10.1109/ACCESS.2019.2928032
Journal volume & issue
Vol. 7
pp. 93259 – 93263

Abstract

Read online

He et al. proposed a certificateless provable data possession protocol for big data storage on cloud. They claimed that the scheme is not only secure, but also can achieve data integrity checking without downloading the stored data from the cloud server. However, in this paper, we show that He et al.'s protocol has some security flaw and cannot get the property of data integrity checking at all. Specifically, by observing certificateless signature used in their provable data possession protocol, we find that the cloud server (or any user who gets signature-message pairs) can generate a valid signature of any message. Then, the cloud server can tamper data stored by the data owner and successfully passes the data integrity checking via two different conditions according to the verifier knows or does not know the identity of blocks of data.

Keywords