Yilin Yuan,Fan Yang,Xiao Wang,Yimin Tian,Zichen Li

DOI: https://doi.org/10.7717/peerj-cs.1790

2024-01-17

PeerJ Computer Science

Abstract:Nowadays, more people are choosing to use cloud storage services to save space and reduce costs. To enhance the durability and persistence, users opt to store important data in the form of multiple copies on cloud servers. However, outsourcing data in the cloud means that it is not directly under the control of users, raising concerns about security and integrity. Recent research has found that most existing multicopy integrity verification schemes can correctly perform integrity verification even when multiple copies are stored on the same Cloud Service Provider (CSP), which clearly deviates from the initial intention of users wanting to store files on multiple CSPs. With these considerations in mind, this paper proposes a scheme for synchronizing the integrity verification of copies, specifically focusing on strongly privacy Internet of Things (IoT) electronic health record (EHR) data. First, the paper addresses the issues present in existing multicopy integrity verification schemes. The scheme incorporates the entity Cloud Service Manager (CSM) to assist in the model construction, and each replica file is accompanied with its corresponding homomorphic verification tag. To handle scenarios where replica files stored on multiple CSPs cannot provide audit proof on time due to objective reasons, the paper introduces a novel approach called probability audit. By incorporating a probability audit, the scheme ensures that replica files are indeed stored on different CSPs and guarantees the normal execution of the public auditing phase. The scheme utilizes identity-based encryption (IBE) for the detailed design, avoiding the additional overhead caused by dealing with complex certificate issues. The proposed scheme can withstand forgery attack, replace attack, and replay attack, demonstrating strong security. The performance analysis demonstrates the feasibility and effectiveness of the scheme.

computer science, information systems, artificial intelligence, theory & methods

Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/tnet.2021.3058130

2021-01-01

Abstract:With the widespread application of cloud storage, ensuring the integrity of user outsourced data catches more and more attention. To remotely check the integrity of cloud storage, plenty of protocols have been proposed, implemented by checking the equation constructed by the aggregated blocks, tags, and indices. However, the verifier only has the knowledge of the indices of the audited blocks and tags, which thus requires the cloud to store both data blocks and tags for integrity verification. In this article, we present a compressive secure cloud storage protocol inspired by Goldreich-Goldwasser-Halevi (GGH) cryptosystem. Since the aggregated blocks can be reconstructed from the aggregated tags without the help of data indices, the cloud can only store data tags for providing the verifiable integrity proof. In this way, communication and storage costs can be hugely reduced and user private information can be hidden from the cloud. Furthermore, the proposed protocol only contains a few basic algebraic operations, making it highly efficient. We also provide formal security proof of the proposed protocol regarding forge, replay and replace attacks. In addition, we explore a new technique to support data dynamics. Furthermore, we establish a generic framework of compressive secure cloud storage protocols. Finally, we provide the theoretical analysis and experimental results, which further validate the effectiveness of the proposed protocol.

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Yangfei Lin,Jie Li,Xiaohua Jia,Kui Ren

DOI: https://doi.org/10.1002/cpe.5356

2021-01-01

Abstract:Cloud computing has been an essential technology for providing on-demand computing resources as a service on the Internet. Not only enterprises but also individuals can outsource their data to the cloud without worrying about purchase and maintenance cost. The cloud storage system, however, is not fully trustable. Cloud data integrity auditing is crucial for defending against the security threats of data in the untrusted multicloud environment. Storing multiple replicas is a commonly used strategy for the availability and reliability of critical data. In this paper, we summarize and analyze the state-of-the-art multiple-replica integrity auditing schemes in cloud data storage. We present the system model and security threats of outsourcing data to the cloud with classification of ongoing developments. We also summarize the existing data integrity auditing schemes for multicloud data storage. The important open issues and potential research directions are addressed.

Zheng Tu,Xu An Wang,Weidong Du,Zexi Wang,Ming Lv

DOI: https://doi.org/10.1016/j.jksuci.2023.01.021

IF: 9.006

2023-02-08

Journal of King Saud University - Computer and Information Sciences

Abstract:The security of the data in the cloud server suffers great challenges, and how to ensure the integrity of the outsourced data in the cloud servers is a problem that should be solved. Cloud data auditing technique is such a solution , which allows to check data integrity without retrieving them from the cloud. In case single-copy data may be violated by malicious attackers, Zhang et al. proposed a multi-copy cloud data auditing scheme MCAM in 2020. However, in their scheme, an attacker can forge the evidence for integrity verification only by exploiting public information and the cloud server can compromise the integrity verification even it does not store any data. In this paper, we identify these security flaws in MCAM and design a new evidence verification algorithm to fix them. Then, we propose a multi-copy cloud data auditing scheme based on our evidence verification algorithm and MCAM. In security analysis, we prove that our multi-copy cloud data auditing scheme can fix the security flaws of MCAM. Thus, our scheme is more secure than MCAM. In performance analysis, we show that our scheme is more communication efficient than MCAM. Finally, we point out one potential application of our scheme.

computer science, information systems

Hui Tian,Fulin Nan,Chin-Chen Chang,Yongfeng Huang,Jing Lu,Yongqian Du

DOI: https://doi.org/10.1016/j.jnca.2018.12.004

IF: 7.574

2018-01-01

Journal of Network and Computer Applications

Abstract:With increasing popularity of fog-to-cloud based Internet of Things (IoT), how to ensure the integrity of IoT data outsourced in clouds has become one of the biggest security challenges. However, little effort has been put into addressing the problem. To fill this gap, this paper presents a tailor-made public auditing scheme for data storage in fog-to-cloud based IoT scenarios, which can achieve all indispensable performance and security requirements. Particularly, we design a tag-transforming strategy based on the bilinear mapping technique to convert the tags generated by mobile sinks to the ones created by the fog nodes in the phase of proof generation, which cannot only effectively protect the identity privacy, but also reduce the communication and computational costs in the verification phase; moreover, we present a zero-knowledge proof mechanism to verify the integrity of IoT data from various generators (e.g., mobile sinks and fog nodes) while achieving perfect data-privacy preserving. We formally prove the security of our scheme and evaluate its performance by theoretical analysis and comprehensive experiments. The results demonstrate that our scheme can efficiently achieve secure auditing for data storage in fog-to-cloud based IoT scenarios, and outperforms the straight-forward solution in communication and computational costs as well as energy consumption.

Yangfei Lin,Jie Li,Shigetomo Kimura,Yuanyuan Yang,Yusheng Ji,Yangjie Cao

DOI: https://doi.org/10.1109/jiot.2021.3102236

IF: 10.6

2022-03-01

IEEE Internet of Things Journal

Abstract:The applications of Internet of Things have emerged in every aspect of people's life. The volume of data gathered can be enormous. Enterprises and personal consumers are increasingly reliant on cloud storage services instead of local storage. While they enjoy the convenience of cloud storage services, they also worry about the integrity of the cloud-stored data since they do not physically own the data. To enable public integrity auditing, third-party auditors as trusted ones verify data integrity on behalf of the data owner. However, the vulnerability of auditors should also be considered. We propose a consortium blockchain-based public integrity verification system (CBPIV). In CBPIV, the auditor behaviors are recorded in the consortium blockchain so that authorized parties can audit the auditor to see if the verification results are correct. A smart contract is deployed to check the behavior of the auditor automatically, which can trigger alerts for unusual behaviors. The evaluation on both security and performance shows that our proposed scheme is secure and alleviates the burden on data owners of limited computation capability.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jing Han,Yanping Li,Jianqing Liu,Minghao Zhao

DOI: https://doi.org/10.1109/access.2018.2878468

IF: 3.9

2018-01-01

IEEE Access

Abstract:The Internet of Medical Things (IoMT) is one of the most promising applications of the newly emerging wearable devices and body-area networks. Generally, the IoMT devices are composed of lightweight facilities, which collect the health data (i.e., heart rate, body temperature, and respiratory rate) and upload them to the cloud. As the medical information is sensitive for the data owners (DOs), it is critical to ensure the integrity and confidentiality of these outsourced data. Normally, blinding (or encryption) and auditing are classical methods for achieving these goals. However, until to now, quite a few batch auditing schemes have been proposed, and they all share the following two shortcomings: 1) lacking of an efficient mechanism to identify the corrupted data files once the batch auditing task fails and 2) the communication overhead of audit phase increases linearly with the number of data files being audited or the number of data blocks being challenged. In order to overcome the above issues, in this paper, we propose an efficient batch auditing scheme based on the Lucas sequence for IoMT. To be specific, utilizing the self-query technique and polynomial commitment technique, we reduce the communication complexity of the batch auditing phase from linear to a constant scale. In addition, according to the recursion of the Lucas sequence, we design a novel search method for efficiently identifying the corrupted data files when the batch auditing task fails. The security of our scheme ensures that curious third-party auditor and cloud service provider cannot gain any real-data contents of the DO files. The detailed experiments show that our scheme is more efficient than the existing batch auditing schemes in terms of the communication overhead of the audit phase and the efficiency in identifying the corrupted files when the batch auditing task fails.

Jianming Du,Guofang Dong,Juangui Ning,Zhengnan Xu,Ruicheng Yang

DOI: https://doi.org/10.1038/s41598-024-58325-y

IF: 4.6

2024-03-31

Scientific Reports

Abstract:With the continuous development of cloud computing, the application of cloud storage has become more and more popular. To ensure the integrity and availability of cloud data, scholars have proposed several cloud data auditing schemes. Still, most need help with outsourced data integrity, controlled outsourcing, and source file auditing. Therefore, we propose a controlled delegation outsourcing data integrity auditing scheme based on the identity-based encryption model. Our proposed scheme allows users to specify a dedicated agent to assist in uploading data to the cloud. These authorized proxies use recognizable identities for authentication and authorization, thus avoiding the need for cumbersome certificate management in a secure distributed computing system. While solving the above problems, our scheme adopts a bucket-based red–black tree structure to efficiently realize the dynamic updating of data, which can complete the updating of data and rebalancing of structural updates constantly and realize the high efficiency of data operations. We define the security model of the scheme in detail and prove the scheme's security under the difficult problem assumption. In the performance analysis section, the proposed scheme is analyzed experimentally in comparison with other schemes, and the results show that the proposed scheme is efficient and secure.

multidisciplinary sciences

Zequan Zhou,Xiling Luo,Yupeng Wang,Jian Mao,Feixiang Luo,Yi Bai,Xiaochao Wang,Gang Liu,Junjun Wang,Feng Zeng

DOI: https://doi.org/10.1109/tvt.2023.3295953

IF: 6.8

2023-01-01

IEEE Transactions on Vehicular Technology

Abstract:In vehicular cloud computing (VCC), cloud servers provide enormous storage and powerful computing capacity to Vehicular Ad-hoc Networks (VANETs). Resource-constrained vehicles outsource data to vehicular cloud platforms for timely traffic safety services, e.g., navigation, accident alarms, etc. Auditing the authenticity of data has become a critical issue in outsourcing data to untrusted servers. Existing data audit methods encode all data with error correction codes (ECC) techniques that retrieve corrupted data by downloading all data. The communication overhead of such methods is $O(n)$ ($n$ is the number of data blocks) which is unbearable for vehicles with limited resources. In addition, these schemes employ an inaccurate privacy-preserving model. This will lead to data leakage in the third-party audit process. Although they use randomness to confuse parts of the proof that is used to prove the data state, a small amount of information is still distinguishable. For such, in this paper, we propose a practical data audit scheme with retrievability and indistinguishable privacy-preserving to efficiently audit the state of outsourced data. We improve the Invertible Bloom Filter (IBF) to compress redundancy locally, which can retrieve corrupted data without prior context. Furthermore, we define an indistinguishable privacy-preserving model to capture the complete semantics of repeated audit attacks and achieve indistinguishability in the audit. We prove that our scheme is secure against adaptive chosen message attacks and is indistinguishable privacy-preserving against repeated audit attacks. The experiment results demonstrate that for 1.9GB data when $\sqrt[]{n}$ blocks are corrupted, auditors complete a check in 3.31 seconds with 99% confidence, and vehicles retrieve corrupted data in 3.16 seconds with 16.67MB communication overhead.

telecommunications,engineering, electrical & electronic,transportation science & technology

Qingyang Zhang,Zhiming Zhang,Jie Cui,Hong Zhong,Yang Li,Chengjie Gu,Debiao He

DOI: https://doi.org/10.1109/tpds.2023.3323155

IF: 5.3

2023-12-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:As the disruptor of cloud storage, decentralized storage could lead to a major shift in how organizations store data in the future. To ensure data availability, users generally encrypt the data and distribute it to multiple storage service providers. It is necessary to study data integrity verification in decentralized storage. Although some recent studies have proposed the using blockchain technology to assist auditing work in decentralized storage networks, the on-chain overhead still increases linearly with an increase in audit requests. Blockchain networks will inevitably be overloaded. In this study, we propose an efficient data integrity auditing scheme for multiple copies in decentralized storage. Particularly, using different polynomial commitment schemes, we first propose a basic scheme for verifying multiple copies of a single file, and then we propose an efficient batch auditing scheme for multiple copies of multiple files. Our scheme can significantly reduce the computation overhead of storage service providers while keeping the on-chain storage overhead constant. Security analysis and performance analysis show that our scheme is efficient and practical.

computer science, theory & methods,engineering, electrical & electronic

Lei Zhou,Anmin Fu,Yi Mu,Huaqun Wang,Shui Yu,Yinxia Sun

DOI: https://doi.org/10.1016/j.ins.2020.08.031

IF: 8.1

2021-02-01

Information Sciences

Abstract:<p>In the era of big data, there are several insuperable research challenges in establishing Electronic Medical Record (EMR) for updating massive data with traditional methods. It is an attractive option to create the cloud-based EMR system, since cloud provides elastic and affordable data storage and management services. However, once the medical records are uploaded into the cloud, the owner will lose the control over the data, and sensitive contents might be accessed or modified by unauthorized entities. To address this issue, we propose a multicopy provable data possession for cloud-based EMR systems, which ensures the integrity and privacy of EMR data. In particular, to achieve data updates, we design a novel dynamic structure that improves the Merkle Hash Tree for multicopy storage, which achieves full dynamics efficiently and safely. Moreover, a random masking technique is employed in our proposal to generate distinguishable replica blocks of one block. Our construction prevents a verifier from obtaining medical records from challenge responses, but also eliminates exposing the content to unauthorized entities. Our security analysis shows that our scheme is provably secure. Evaluation experiments demonstrate that the proposal has lower communication and computation costs in comparison with the existing schemes.</p>

computer science, information systems

Xiuguang Li,Zhengge Yi,Ruifeng Li,Xu-An Wang,Hui Li,Xiaoyuan Yang

DOI: https://doi.org/10.3390/s23094307

IF: 3.9

2023-04-26

Sensors

Abstract:With the rapid development of cloud storage and cloud computing technology, users tend to store data in the cloud for more convenient services. In order to ensure the integrity of cloud data, scholars have proposed cloud data integrity verification schemes to protect users’ data security. The storage environment of the Internet of Things, in terms of big data and medical big data, demonstrates a stronger demand for data integrity verification schemes, but at the same time, the comprehensive function of data integrity verification schemes is required to be higher. Existing data integrity verification schemes are mostly applied in the cloud storage environment but cannot successfully be applied to the environment of the Internet of Things in the context of big data storage and medical big data storage. To solve this problem when combined with the characteristics and requirements of Internet of Things data storage and medical data storage, we designed an SM2-based offline/online efficient data integrity verification scheme. The resulting scheme uses the SM4 block cryptography algorithm to protect the privacy of the data content and uses a dynamic hash table to realize the dynamic updating of data. Based on the SM2 signature algorithm, the scheme can also realize offline tag generation and batch audits, reducing the computational burden of users. In security proof and efficiency analysis, the scheme has proven to be safe and efficient and can be used in a variety of application scenarios.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Jie Zhao,Yifeng Zheng,Hejiao Huang,Jing Wang,Xiaojun Zhang,Daojing He

DOI: https://doi.org/10.1016/j.sysarc.2023.102860

IF: 5.836

2023-03-23

Journal of Systems Architecture

Abstract:Cloud-assisted medical cyber–physical systems (MCPSs) leverage the power of cloud computing for scalable storage and management of outsourced medical data. Based on the crucial outsouced medical data, guardians could know patient's health condition timely, doctors can make accurate diagnoses of patients, and medical research centers could also conduct medical big data analysis. However, medical data is highly sensitive and demands strong protection. Meanwhile, the integrity of outsourced medical data is vulnerable to hardware failures, software bugs or human errors. To date, a large number of data privacy-preserving integrity auditing schemes have been presented, but most of them suffer from the burden of complex public key certificate management or the key escrow problem of identity-based cryptography. In this paper, we propose a lightweight certificateless privacy-preserving integrity verification scheme (LCPPIV) with conditional anonymity for cloud-assisted MCPSs by developing an elliptic-curve digital signature and a key exchange mechanism, which can achieve the functionalities of medical data privacy protection, integrity verification of outsourced medical data, conditional anonymity, batch auditing, and secure compensation mechanism, simultaneously. Theoretical security analysis demonstrates that our scheme is provably secure in the random oracle model, with resistance to the public key replacement attack, malicious-but-passive-KGC attack, and response auditing proofs forgery. The performance evaluations indicate that LCPPIV is much more practical for cloud-assisted MCPSs compared with state-of-art data auditing schemes.

computer science, software engineering, hardware & architecture

Jiguo Li,Hao Yan,Yichen Zhang

DOI: https://doi.org/10.1109/jsyst.2020.2978146

IF: 4.802

2021-03-01

IEEE Systems Journal

Abstract:Although cloud storage service enables people easily maintain and manage amounts of data with lower cost, it cannot ensure the integrity of people's data. In order to audit the correctness of the data without downloading them, many remote data integrity checking (RDIC) schemes have been presented. Most existing schemes ignore the important issue of data privacy preserving and suffer from complicated certificate management derived from public key infrastructure. To overcome these shortcomings, this article proposes a new Identity-based RDIC scheme that makes use of homomorphic verifiable tag to decrease the system complexity. The original data in proof are masked by random integer addition, which protects the verifier from obtaining any knowledge about the data during the integrity checking process. Our scheme is proved secure under the assumption of computational Diffie–Hellman problem. Experiment result exhibits that our scheme is very efficient and feasible for real-life applications.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Zirui Guo,Kai Zhang,Lifei Wei,Siyuan Chen,Liangliang Wang

DOI: https://doi.org/10.1016/j.sysarc.2023.102913

IF: 5.836

2023-06-03

Journal of Systems Architecture

Abstract:Multi-copy data possession on multi-cloud storage service provides resource-constrained users with a secure and effective way to process data maintenance. To enable integrity for the outsourced data, numerous multi-copy data auditing schemes for multi-cloud storage have been proposed. Nevertheless, existing solutions suffer from the following limitations: (i) cannot support dynamic data updates; (ii) fail to consider the user revocation feature; (iii) may leak the privacy of user identity. To address these limitations, we propose a new identity-based multi-copy data auditing scheme for multi-cloud storage, termed RDIMM . We introduce a new variant of Merkle Tree to enable fully dynamic data updates, in which all copies of a raw block are kept in the same leaf node. In addition, we design a new key generation strategy and a private key update technique, where the cost of user revocation is independent of the total number of file blocks owned by the revoked user. Moreover, we conduct a comprehensive correctness analysis and security analysis of our proposed RDIMM. In addition, we provide detailed theoretical analysis and experimental simulations, which illustrate the effective functionality and practical performance compared to state-of-the-art works.

computer science, software engineering, hardware & architecture

Yuan Tian,Xuan Zhou,Tanping Zhou,Weidong Zhong,Ruifeng Li,Xiaoyuan Yang

DOI: https://doi.org/10.3390/math12131964

IF: 2.4

2024-06-25

Mathematics

Abstract:With the surge in cloud storage popularity, more individuals are choosing to store large amounts of data on remote cloud service providers (CSPs) to save local storage resources. However, users' primary worries revolve around maintaining data integrity and authenticity. Consequently, several cloud auditing methods have emerged to address these concerns. Many of these approaches rely on traditional public-key cryptography systems or are grounded in identity-based cryptography systems or certificateless cryptography systems. However, they are vulnerable to the increased costs linked with certificate management, key escrow, or the significant expenses of establishing a secure channel, respectively. To counter these limitations, Li et al. introduced a certificate-based cloud auditing protocol (LZ22), notable for its minimal tag generation overhead. Nonetheless, this protocol exhibits certain security vulnerabilities. In this paper, we devise a counterfeiting technique that allows the CSP to produce a counterfeit data block with an identical tag to the original one. Our counterfeiting method boasts a 100% success rate ∀ data block and operates with exceptional efficiency. The counterfeiting process for a single block of 10 kB, 50 kB, and 100 kB takes a maximum of 0.08 s, 0.51 s, and 1.04 s, respectively. By substituting the exponential component of homomorphic verifiable tags (HVTs) with non-public random elements, we formulate a secure certificate-based cloud auditing protocol. In comparison to the LZ22 protocol, the average tag generation overhead of our proposed protocol is reduced by 6.80%, 13.78%, and 8.66% for data sizes of 10 kB, 50 kB, and 100 kB, respectively. However, the auditing overhead of our proposed protocol shows an increase. The average overhead rises by 3.05%, 0.17%, and 0.45% over the LZ22 protocol's overhead for data sizes of 10 kB, 50 kB, and 100 kB, correspondingly.

mathematics

Yu Fan,Yongjian Liao,Fagen Li,Shijie Zhou,Ganglin Zhang

DOI: https://doi.org/10.1109/access.2019.2932430

IF: 3.9

2019-01-01

IEEE Access

Abstract:The advent of cloud computing arouses the flourish of data sharing, promoting the development of research, especially in the fields of data analysis, artificial intelligence, etc. In order to address sensitive information hiding, auditing shared data efficiently and malicious manager preventing, we propose an identity-based auditing scheme for shared cloud data with a secure mechanism to hide sensitive information. This scheme provides a solution that allows users to share plaintext with researchers and keeps sensitive information invisible to the cloud and researchers at the same time. Besides, a formal security analysis is given to prove the strong security of the proposed scheme. Performance evaluation and experimental results demonstrate that our scheme is significantly more efficient over the existing scheme due to our novel mechanism for sensitive information hiding and simplifying signature algorithm. Compared to the existing approach to audit the integrity of shared data with sensitive information hiding, our scheme has desirable features and advantages as follow. Firstly, previous work has failed to construct a secure scheme to prevent malicious manager. We fill this gap and guarantee the integrity and authenticity of shared data. Secondly, our scheme constructs a novel system model to support high concurrency and massive data in the real scenario.

Jian Wen,Lunzhi Deng

DOI: https://doi.org/10.1016/j.sysarc.2024.103267

IF: 5.836

2024-09-03

Journal of Systems Architecture

Abstract:Data integrity auditing provides a method for checking the integrity of outsourced data in cloud storage. However, outsourced data often contain sensitive information (such as names), posing risks of exposure during data sharing. To address this issue, Ming et al. proposed a certificateless integrity auditing scheme for sensitive information protection, claiming its security. However, by demonstrating two specific attack scenarios, we pointed out its security vulnerabilities. Subsequently, we proposed a new certificateless integrity auditing scheme for sensitive information protection in cloud storage (CIAS-SIP), which supports sensitive information protection and does not specify the data blocks that need sanitization by the data owner (DO). In addition, it supports dynamic operations by the DO on outsourced data (insertion, deletion, and modification) and provides security proofs based on the discrete logarithm problem. Finally, we compared CIAS-SIP's performance with three other integrity auditing schemes for sensitive information protection. The results show that CIAS-SIP exhibits superior efficiency.

computer science, software engineering, hardware & architecture