Data integrity is one of the biggest concerns with cloud data storage for cloud user. Besides, the cloud user’s constrained computing capabilities make the task of data integrity auditing expensive and even formidable. Recently, a proof-of-retrievability scheme proposed by Yuan et al. has addressed the issue, and security proof of the scheme was provided. Unfortunately, in this work we show that the scheme is insecure. Namely, the cloud server who maliciously modifies the data file can pass the verification, and the client who executes the cloud storage auditing can recover the whole data file through the interactive process. Furthermore, we also show that the protocol is vulnerable to an efficient active attack, which means that the active attacker is able to arbitrarily modify the cloud data without being detected by the auditor in the auditing process. After giving the corresponding attacks to Yuan et al.’s scheme, we suggest a solution to fix the problems.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.