Research Area:  Cloud Computing
Recently, a public auditing protocol for shared data called Panda (IEEE Transactions on Services Computing, doi: 10.1109/TSC.2013.2295611) was proposed to ensure the correctness of the outsourced data. A distinctive feature of Panda is the support of data sharing and user revocation. Unfortunately, in this letter, we show that Panda is insecure in the sense that a cloud server can hide data loss without being detected. Specifically, we show that even some stored file blocks have been lost, the server is able to generate a valid proof by replacing a pair of lost data block and its signature with another block and signature pair. We also provide a solution to the problem while preserving all the desirable features of the original protocol.
Author(s) Name:  Yong Yu; Jianbing Ni; Man Ho Au; Yi Mu; Boyang Wang and Hui Li
Journal name:  IEEE Transactions on Services Computing
Publisher name:  IEEE
Volume Information:  Volume: 8, Issue: 6, Nov.-Dec. 1 2015,Page(s): 998 - 999
Paper Link:   https://ieeexplore.ieee.org/document/6894178