Dynamic Provable Data Possession Protocols with Public Verifiability and Data Privacy
This work improves data integrity and privacy for cloud storage users by fixing security flaws in an existing auditing protocol, though it is incremental as it builds directly on a previous scheme.
The paper addresses vulnerabilities in a prior Dynamic Provable Data Possession scheme for cloud storage auditing by identifying security threats and proposing two new constructions using Index Hash Tables and Merkle Hash Trees, which are proven secure and privacy-preserving in the random oracle model.
Cloud storage services have become accessible and used by everyone. Nevertheless, stored data are dependable on the behavior of the cloud servers, and losses and damages often occur. One solution is to regularly audit the cloud servers in order to check the integrity of the stored data. The Dynamic Provable Data Possession scheme with Public Verifiability and Data Privacy presented in ACISP'15 is a straightforward design of such solution. However, this scheme is threatened by several attacks. In this paper, we carefully recall the definition of this scheme as well as explain how its security is dramatically menaced. Moreover, we proposed two new constructions for Dynamic Provable Data Possession scheme with Public Verifiability and Data Privacy based on the scheme presented in ACISP'15, one using Index Hash Tables and one based on Merkle Hash Trees. We show that the two schemes are secure and privacy-preserving in the random oracle model.