Privacy-Preserving Public Auditing Protocol for regenerating-code-based Cloud Storage

Public auditing protocols play a pivotal role in ensuring the integrity of outsourced data on cloud servers, safeguarding against tampering by malicious entities. The significance of these protocols has garnered substantial attention in recent years. In 2015, Liu et al. introduced a privacy-preserving public auditing protocol designed for regenerating-code-based cloud storage. Their protocol, as published in IEEE Transactions on Information Forensics and Security, purported to be secure within the considered security model. Contrary to their claims, this paper unveils a critical security vulnerability in their protocol. Specifically, we demonstrate that the proxy delegated by the data owner possesses the capability to fabricate an authenticator for any data block, thereby undermining the claimed security of the protocol. Our objective is to highlight this design flaw to prevent similar weaknesses in future protocol development. This analysis serves as a valuable contribution to the ongoing efforts in enhancing the security of public auditing protocols in cloud computing environments.

Keywords: Cloud storage, Public auditing, Authenticator, Forgery attack.