R&D: Certificateless Integrity Auditing Scheme for Sensitive Information Protection in Cloud Storage

Journal of Systems Architecture has published an article written by Jian Wen, School of Big Data and Computer Science, Guizhou Normal University, Guiyang, 550001, China, and School of Mathematical Sciences, Guizhou Normal University, Guiyang, 550001, China, Lunzhi Deng, School of Mathematical Sciences, Guizhou Normal University, Guiyang, 550001, China, and Guizhou Provincial Specialized Key Laboratory of Information Security Technology in Higher Education Institutions, Guiyang, 550001, China.

Abstract: “Data integrity auditing provides a method for checking the integrity of outsourced data in cloud storage. However, outsourced data often contain sensitive information (such as names), posing risks of exposure during data sharing. To address this issue, Ming et al. proposed a certificateless integrity auditing scheme for sensitive information protection, claiming its security. However, by demonstrating two specific attack scenarios, we pointed out its security vulnerabilities. Subsequently, we proposed a new certificateless integrity auditing scheme for sensitive information protection in cloud storage (CIAS-SIP), which supports sensitive information protection and does not specify the data blocks that need sanitization by the data owner (DO). In addition, it supports dynamic operations by the DO on outsourced data (insertion, deletion, and modification) and provides security proofs based on the discrete logarithm problem. Finally, we compared CIAS-SIP’s performance with three other integrity auditing schemes for sensitive information protection. The results show that CIAS-SIP exhibits superior efficiency.“