Insecurity of an identity-based public auditing protocol for the outsourced data in cloud storage

Public auditing protocol is very significant for implementing secure cloud storage since it can be used to check the integrity of the data stored in the cloud without downloading them. Recently, Zhang and Dong presented an identity-based public auditing (IBPA) protocol using the bilinear pairing and claimed that their protocol is provably secure in the random oracle model. Through proposing two concrete attacks, we demonstrate that the adversary against Zhang-Dong's protocol can break the data integrity without being found by the auditor. The analysis shows that their protocol is not secure for the cloud storage.