Comments on “A secure anti-collusion data sharing scheme for dynamic groups in the cloud”
Very recently, Zhu and Jiang (2016) [1] suggested a secure anti-collusion data sharing scheme for dynamic groups in the cloud. In this letter, we found that Zhu–Jiang's scheme is insecure against forgery attack in registration phase for existing users. Our proposed attack demonstrates that any...
Saved in:
Published in | Information processing letters Vol. 140; pp. 34 - 36 |
---|---|
Main Authors | , , , , |
Format | Journal Article |
Language | English |
Published |
Elsevier B.V
01.12.2018
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Very recently, Zhu and Jiang (2016) [1] suggested a secure anti-collusion data sharing scheme for dynamic groups in the cloud. In this letter, we found that Zhu–Jiang's scheme is insecure against forgery attack in registration phase for existing users. Our proposed attack demonstrates that any outside adversary can masquerade as the group manager to issue invalid or expired secret keys to the existing group users. After that, we present our suggestion to tackle the problem without sacrificing any original characters (such as high efficiency and group-dynamicity) of the scheme.
•Zhu and Jiang suggested a secure data sharing scheme for dynamic groups in the cloud.•We show that an attacker can personate the group manager to issue the private keys.•A fix is also suggested without losing any feature of the original scheme. |
---|---|
ISSN: | 0020-0190 1872-6119 |
DOI: | 10.1016/j.ipl.2018.04.005 |