Certificateless Reliable and Privacy-Preserving Auditing of Group Shared Data for FOG-CPSs

Abstract: FOG-enabled cyber-physical systems (FOG-CPSs) open new security challenges as the local edge devices are easier to compromise than a traditional cloud server. Remote data integrity checking (RDIC) plays an important role in safeguarding against data corruption from a storage server. Certificateless cryptography (CLPKC)-based RDIC schemes do not suffer from the drawbacks of the public key infrastructure (PKI)-based RDIC protocols. Most of the CLPKC-based RDIC schemes proposed in the literature deal with persona… Show more

“…A robust data auditing protocol should be capable of preventing collusion between the edge device and the data auditor on the challenge information. The work presented in [42] is the first to tackle various adversarial scenarios specific to shared group data auditing in FOG-CPS networks under a certificateless security model. It was revealed that the CLC-based group data auditing protocols [28], [30] were vulnerable to metadata forgery and public key replacement attacks, as demonstrated in [42].…”

“…The work presented in [42] is the first to tackle various adversarial scenarios specific to shared group data auditing in FOG-CPS networks under a certificateless security model. It was revealed that the CLC-based group data auditing protocols [28], [30] were vulnerable to metadata forgery and public key replacement attacks, as demonstrated in [42]. The schemes proposed in [40] and [41] also adopt a similar metadata generation mechanism as [28], and are therefore vulnerable to these attacks.…”

“…The issue of KGC metadata forgery was addressed in [42] by restricting the KGC's access to information about the data blocks and their corresponding metadata. However, this assumption fails when the KGC is a group manager or a member, who would have easy access to the data blocks and their metadata.…”

“…While the user trusts and assumes the confidentiality of data files at the cloud server, there is still concern about remote data file integrity. Numerous schemes in the literature [2], [3], [4], [5], [7], [9], [10], [11], [12], [14], [15], [16], [17], [18], [19], [23], [24], [25], [26], [28], [29], [30], [31], [32], [40], [41], [42] provide remote data integrity checking (RDIC) mechanisms that allow the user to verify the integrity of the remote data file. An RDIC scheme contains two main components: The first is called the preprocessing component, and the second is called the auditing component.…”

“…Existing CLC-based RDIC schemes for shared group data auditing in fog computing environments consider the key generation center (KGC) as a curious but passive entity that sets up the network. However, it was observed in [42] that the KGC could perform metadata forgery. This potential issue can be addressed by restricting the KGC from learning information about the data blocks and their corresponding metadata.…”

A Distributed and Decentralized Certificateless Framework for Reliable Shared Data Auditing for FOG-CPS Networks

“…A robust data auditing protocol should be capable of preventing collusion between the edge device and the data auditor on the challenge information. The work presented in [42] is the first to tackle various adversarial scenarios specific to shared group data auditing in FOG-CPS networks under a certificateless security model. It was revealed that the CLC-based group data auditing protocols [28], [30] were vulnerable to metadata forgery and public key replacement attacks, as demonstrated in [42].…”

“…The work presented in [42] is the first to tackle various adversarial scenarios specific to shared group data auditing in FOG-CPS networks under a certificateless security model. It was revealed that the CLC-based group data auditing protocols [28], [30] were vulnerable to metadata forgery and public key replacement attacks, as demonstrated in [42]. The schemes proposed in [40] and [41] also adopt a similar metadata generation mechanism as [28], and are therefore vulnerable to these attacks.…”

“…The issue of KGC metadata forgery was addressed in [42] by restricting the KGC's access to information about the data blocks and their corresponding metadata. However, this assumption fails when the KGC is a group manager or a member, who would have easy access to the data blocks and their metadata.…”

“…While the user trusts and assumes the confidentiality of data files at the cloud server, there is still concern about remote data file integrity. Numerous schemes in the literature [2], [3], [4], [5], [7], [9], [10], [11], [12], [14], [15], [16], [17], [18], [19], [23], [24], [25], [26], [28], [29], [30], [31], [32], [40], [41], [42] provide remote data integrity checking (RDIC) mechanisms that allow the user to verify the integrity of the remote data file. An RDIC scheme contains two main components: The first is called the preprocessing component, and the second is called the auditing component.…”

“…Existing CLC-based RDIC schemes for shared group data auditing in fog computing environments consider the key generation center (KGC) as a curious but passive entity that sets up the network. However, it was observed in [42] that the KGC could perform metadata forgery. This potential issue can be addressed by restricting the KGC from learning information about the data blocks and their corresponding metadata.…”

A Distributed and Decentralized Certificateless Framework for Reliable Shared Data Auditing for FOG-CPS Networks

Certificateless public auditing scheme with designated verifier and privacy-preserving property in cloud storage

Secure personal-health-records searching in edge-based Internet of Medical Things through plaintext checkable encryption