Comments on “Provable Multicopy Dynamic Data Possession in Cloud Computing Systems”

Replication is a fundamental solution for the cloud service provider (CSP) to guarantee data availability. To provide users with convincing evidence that the copies required by them are all stored correctly, a number of multi-copy integrity auditing schemes were presented. Recently, Barsoum and Hasan proposed a map-based provable multi-copy dynamic data possession scheme (IEEE Transactions on Information Forensics and Security, vol. 10, no. 3, pp. 485–497, 2015), which was claimed to be secure and can ensure that the CSP possesses all copies required by the contract. However, in this letter, we show that the scheme is easily subject to a copy-summation attack and a single-copy attack, by which a cheating CSP only needs to invest a storage cost of a single copy—while can still pass the verifier’s challenge at all times. Therefore, the scheme is no longer secure in this case. Furthermore, we propose some simple but effective countermeasures and give a repaired scheme which is free from the above two attacks.