Comments on “Efficient Public Verification of Data Integrity for Cloud Storage Systems From Indistinguishability Obfuscation”

Recently, Zhang <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> proposed a novel public data integrity verification scheme for the cloud storage using indistinguishability obfuscation ( <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$iO$ </tex-math></inline-formula> ), and extend it to support batch verification and data dynamic operations ( <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">IEEE Transactions on Information Forensics and Security</i> , vol. 12, no. 3, pp. 676–688, Mar. 2017). However, we find that the scheme has two flaws: (a) the self-checking of the uploaded blocks and tags in <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Store</i> phase is not reliable, i.e., it is easy to generate invalid block-tag pairs without being detected; (b) the extended scheme for data dynamic operations suffers from a chosen message attack, i.e., if some uploaded blocks match a certain pattern, the cloud storage is able to replace any existing block by a forged one without being detected, which violates the scheme’s security model. Then, we provide solutions to these problems while preserving all the desirable features of the original scheme.