Analysis and Enhancement of a Lattice-Based Data Outsourcing Scheme With Public Integrity Verification

Qingxuan Wang; Chi Cheng; Rui Xu; Jintai Ding; Zhe Liu

doi:10.1109/TSC.2020.3041324

Analysis and Enhancement of a Lattice-Based Data Outsourcing Scheme With Public Integrity Verification

Qingxuan Wang, Chi Cheng^*, Rui Xu^*, Jintai Ding, Zhe Liu

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

7 Citations (Scopus)

Abstract

Recently, Zhang et al. proposed a lattice-based data outsourcing scheme with public integrity verification (DOPIV), which enables an original data owner to delegate a proxy to generate the signatures of data and outsource them to the cloud server. They employed a third party auditor (TPA) to check the integrity of the outsourced data and any TPA can verify the data integrity efficiently. DOPIV is claimed to achieve proxy-oriented secure data outsourcing as well as storage correctness guarantee. Unfortunately, we find that there exist vulnerabilities in DOPIV which allow the cloud server to simply delete the received data without being noticed by the TPA. Fortunately, we come up with a simple and efficient solution to thwart the proposed attack. Our improved scheme maintains all the features claimed in DOPIV.

Original language	English
Pages (from-to)	2226-2231
Number of pages	6
Journal	IEEE Transactions on Services Computing
Volume	15
Issue number	4
DOIs	https://doi.org/10.1109/TSC.2020.3041324
Publication status	Published - 2022
Externally published	Yes

Keywords

cloud storage
identity-based data outsourcing
integrity verification
Quantum-safe

Access to Document

10.1109/TSC.2020.3041324

Cite this

@article{db42bc863aa74478bbc94a93ee0d99a2,

title = "Analysis and Enhancement of a Lattice-Based Data Outsourcing Scheme With Public Integrity Verification",

abstract = "Recently, Zhang et al. proposed a lattice-based data outsourcing scheme with public integrity verification (DOPIV), which enables an original data owner to delegate a proxy to generate the signatures of data and outsource them to the cloud server. They employed a third party auditor (TPA) to check the integrity of the outsourced data and any TPA can verify the data integrity efficiently. DOPIV is claimed to achieve proxy-oriented secure data outsourcing as well as storage correctness guarantee. Unfortunately, we find that there exist vulnerabilities in DOPIV which allow the cloud server to simply delete the received data without being noticed by the TPA. Fortunately, we come up with a simple and efficient solution to thwart the proposed attack. Our improved scheme maintains all the features claimed in DOPIV.",

keywords = "cloud storage, identity-based data outsourcing, integrity verification, Quantum-safe",

author = "Qingxuan Wang and Chi Cheng and Rui Xu and Jintai Ding and Zhe Liu",

note = "Publisher Copyright: {\textcopyright} 2022 IEEE.",

year = "2022",

doi = "10.1109/TSC.2020.3041324",

language = "English",

volume = "15",

pages = "2226--2231",

journal = "IEEE Transactions on Services Computing",

issn = "1939-1374",

number = "4",

}

TY - JOUR

T1 - Analysis and Enhancement of a Lattice-Based Data Outsourcing Scheme With Public Integrity Verification

AU - Wang, Qingxuan

AU - Cheng, Chi

AU - Xu, Rui

AU - Ding, Jintai

AU - Liu, Zhe

PY - 2022

Y1 - 2022

N2 - Recently, Zhang et al. proposed a lattice-based data outsourcing scheme with public integrity verification (DOPIV), which enables an original data owner to delegate a proxy to generate the signatures of data and outsource them to the cloud server. They employed a third party auditor (TPA) to check the integrity of the outsourced data and any TPA can verify the data integrity efficiently. DOPIV is claimed to achieve proxy-oriented secure data outsourcing as well as storage correctness guarantee. Unfortunately, we find that there exist vulnerabilities in DOPIV which allow the cloud server to simply delete the received data without being noticed by the TPA. Fortunately, we come up with a simple and efficient solution to thwart the proposed attack. Our improved scheme maintains all the features claimed in DOPIV.

AB - Recently, Zhang et al. proposed a lattice-based data outsourcing scheme with public integrity verification (DOPIV), which enables an original data owner to delegate a proxy to generate the signatures of data and outsource them to the cloud server. They employed a third party auditor (TPA) to check the integrity of the outsourced data and any TPA can verify the data integrity efficiently. DOPIV is claimed to achieve proxy-oriented secure data outsourcing as well as storage correctness guarantee. Unfortunately, we find that there exist vulnerabilities in DOPIV which allow the cloud server to simply delete the received data without being noticed by the TPA. Fortunately, we come up with a simple and efficient solution to thwart the proposed attack. Our improved scheme maintains all the features claimed in DOPIV.

KW - cloud storage

KW - identity-based data outsourcing

KW - integrity verification

KW - Quantum-safe

UR - http://www.scopus.com/inward/record.url?scp=85097437695&partnerID=8YFLogxK

U2 - 10.1109/TSC.2020.3041324

DO - 10.1109/TSC.2020.3041324

M3 - Article

AN - SCOPUS:85097437695

SN - 1939-1374

VL - 15

SP - 2226

EP - 2231

JO - IEEE Transactions on Services Computing

JF - IEEE Transactions on Services Computing

IS - 4

ER -

Analysis and Enhancement of a Lattice-Based Data Outsourcing Scheme With Public Integrity Verification

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this