Data outsourcing to a cloud storage brings forth one of new challenges for the
efficient resource utilization as well as keeping security for the outsourced data
simultaneously. Recently, Zheng and Xu proposed a Proof of Storage with Deduplication
(POSD) scheme for a secure and efficient cloud storage service [1]. Exploiting
the public verifiability [2], the POSD scheme couples two notions of
Proof of Data Possession (PDP) [2][3] and Proof of Data Ownership (POW) [4]
and provides a solution to achieve both of security and efficiency. Using the
POSD scheme, a client can be assured the integrity of its outsourced data. In
addition, a storage server can take advantage of deduplication techniques in a
secure manner. That is, the storage server can efficiently utilize resources such
as storage space and network bandwidth while preventing information leakage
[5][6].
In the POSD scheme, the verification of auditing and deduplication protocol
entirely depends on public keys, which are created and provided by clients [1].
Hence, the validity of the scheme is implicitly based on an assumption, which we
call random key assumption, that all clients are honest in terms of generating
their keys. In the cross-multiple users and the cross-domain environment of the
cloud computing, however, such an assumption is unrealistic. Eliminating random
key assumption may cause storage systems that utilize the POSD scheme
to face a new security threat not considered before. Unfortunately, the scheme
2
has a serious security breach under new attack model allowing malicious clients
to make dishonestly manipulated keys.
In this paper, we present the security weakness of the POSD scheme. More
specifically, we show that the scheme fails to satisfy two security requirements,
server unforgeability and (κ, θ)-uncheatability, under new attack model that is
very reasonable and effective. A countermeasure against this attack is provided
by modifying the scheme such that the clients-created keys are blended with
the random values contributed by the storage server. The proposed solution
actually weakens the client’s capability to control their keys. The modification
is minimized so that our scheme preserves the efficiency while providing more
robust security.
This paper is organized as follows: In Section 2, we briefly review the POSD
scheme. New attack model and some attack scenarios are presented in Section
3, and countermeasure against the attack is described in Section 4. Finally, we
conclude this paper in Section 5.
Reference Link:
No comments:
Post a Comment