Wang Haoming, Zhang Yuanhang, Wang Xu An, Yang Xiaoyuan
School of Electronic & Information Engineering, Xi'an Jiaotong University, Shaanxi, China.
Engineering University of People's Armed Police, Shaanxi, China.
Heliyon. 2024 Aug 20;10(16):e36273. doi: 10.1016/j.heliyon.2024.e36273. eCollection 2024 Aug 30.
With the rapid development of informatization, a vast amount of data is continuously generated and accumulated, leading to the emergence of cloud storage services. However, data stored in the cloud is beyond the control of users, posing various security risks. Cloud data auditing technology enables the inspection of data integrity in the cloud without the necessity of data downloading. Among these, public auditing schemes have experienced rapid development due to their ability to avoid additional user auditing expenses. However, malicious third-party auditors can compromise data privacy. This paper proposes an improved identity-based cloud auditing scheme that can resist malicious auditors. This scheme is also constructed on an identity-based public auditing scheme using blockchain to prevent malicious auditing. We found the scheme is not secure because a malicious cloud server can forge authentication tags for outsourced data blocks, while our scheme has not these security flaws. Through security proofs and performance analysis, we further demonstrate that our scheme is secure and efficient. Additionally, our scheme has typical application scenarios.
随着信息化的快速发展,大量数据不断产生和积累,导致云存储服务的出现。然而,存储在云端的数据超出了用户的控制范围,带来了各种安全风险。云数据审计技术能够在不下载数据的情况下检查云端数据的完整性。其中,公共审计方案因其能够避免额外的用户审计费用而得到了快速发展。然而,恶意第三方审计员可能会危及数据隐私。本文提出了一种改进的基于身份的云审计方案,该方案能够抵御恶意审计员。该方案也是基于一种使用区块链的基于身份的公共审计方案构建的,以防止恶意审计。我们发现该方案不安全,因为恶意云服务器可以为外包数据块伪造认证标签,而我们的方案没有这些安全缺陷。通过安全证明和性能分析,我们进一步证明了我们的方案是安全且高效的。此外,我们的方案具有典型的应用场景。
