On the security of auditing mechanisms for secure cloud storage

Author

Yong YU
Lei NIU
Guomin YANG, Singapore Management UniversityFollow
Yi MU
Willy SUSILO

Publication Type

Journal Article

Version

publishedVersion

Publication Date

1-2014

Abstract

Cloud computing is a novel computing model that enables convenient and on-demand access to a shared pool of configurable computing resources. Auditing services are highly essential to make sure that the data is correctly hosted in the cloud. In this paper, we investigate the active adversary attacks in three auditing mechanisms for shared data in the cloud, including two identity privacy-preserving auditing mechanisms called Oruta and Knox, and a distributed storage integrity auditing mechanism.We show that these schemes become insecure when active adversaries are involved in the cloud storage. Specifically, an active adversary can arbitrarily alter the cloud data without being detected by the auditor in the verification phase. We also propose a solution to remedy the weakness without sacrificing any desirable features of these mechanisms.

Keywords

Auditing, Cloud storage, Cryptanalysis, Privacy-preserving

Discipline

Data Storage Systems | Information Security

Research Areas

Information Systems and Management

Publication

Future Generation Computer Systems

Volume

30

Issue

1

First Page

127

Last Page

132

ISSN

0167-739X

Identifier

10.1016/j.future.2013.05.005

Publisher

Elsevier

Citation

YU, Yong; NIU, Lei; YANG, Guomin; MU, Yi; and SUSILO, Willy. On the security of auditing mechanisms for secure cloud storage. (2014). Future Generation Computer Systems. 30, (1), 127-132.
Available at: https://ink.library.smu.edu.sg/sis_research/7348

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1016/j.future.2013.05.005