Next Article in Journal
Voltage Lifting Techniques for Non-Isolated DC/DC Converters
Next Article in Special Issue
Zero-Trust Security Authentication Based on SPA and Endogenous Security Architecture
Previous Article in Journal
New Miniature Narrow Band Microstrip Diplexer for Recent Wireless Communications
 
 
Article
Peer-Review Record

Dynamic Data Integrity Auditing Based on Hierarchical Merkle Hash Tree in Cloud Storage

Electronics 2023, 12(3), 717; https://doi.org/10.3390/electronics12030717
by Zhenpeng Liu 1,2, Shuo Wang 1, Sichen Duan 1, Lele Ren 1 and Jianhang Wei 2,3,*
Reviewer 1:
Reviewer 2:
Reviewer 3:
Reviewer 4:
Electronics 2023, 12(3), 717; https://doi.org/10.3390/electronics12030717
Submission received: 4 January 2023 / Revised: 26 January 2023 / Accepted: 30 January 2023 / Published: 1 February 2023
(This article belongs to the Special Issue Advanced Techniques in Computing and Security)

Round 1

Reviewer 1 Report

Contributions:
In order to address the problem of untrustworthiness of Cloud Service Providers (CPSs), resulting in insecure data storage, the authors propose an auditing method based on hierarchical Merkle trees. The goal of the proposed scheme is to allow verification of the integrity of outsourced data in the cloud.

Comments:

The paper is not ready for a journal publication and needs several improvements.

-First, I would suggest to improve the organization, by adding a Preliminary Section containing the material needed to understand the proposed scheme. For example, the scheme described in Section 4 uses a bilinear map, but a definition of bilinear maps is missing in the paper. Such a preliminary section should follow immediately the Related Works section.

-Afterwards, I would suggest to reorganize Section 3, by adding a formal definition of the proposed primitive. Indeed, the description of the algorithms  KeyGen, RepGen, and so on, is quite informal and very confusing. Moreover, a more formal definition of security for the primitive is needed. The lack of a precise definition of security also reflects in the fact that the authors have provided only an "Intuition" for the security of the proposed scheme, but a formal proof of security is missing.

-Finally, there are several typos and the English, as well the writing style,  should be improved.

 

-

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

The paper proposes the use of a Hierarchical Merkle Hash Tree structure to decrease the number of invalid retrievals, shorten the authentication path of the nodes, and improve auditing efficiency and dynamic updates efficiency. Also, they provide a mechanism to monitor the CSP and use the monitoring logs to recover damaged data. however, I have the following remarks:

 

  1. The system design introduces 2 third parties for auditing and monitoring which is almost very expensive. the question is why trust third parties while not trusting the cloud provider? What are the guarantees to ensure that third parties do their tasks as predefined in the SLA? The model supposes that third parties are trusted, but in reality, there are no guarantees which is the most drawback of third parties in general. A discussion section at the end explaining the author's choices and their assumptions regarding third parties will provide more trust in the use of third parties.
  2. In section 4: the verification phase needs more details, on how the challenges are generated. A real example will improve the feasibility of the proposed approach. Also, the equations require more explanation about their meaning and their elements.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 3 Report

Authors are advised to incorporate the following:

In the Abstract:

1.    In the abstract (line 13) it is recommended to change the text as: “A safe and efficient audit method based on hierarchical à must change to “In this research, A safe and efficient auditing scheme is proposed which is based on hierarchical Merkel tree.” The reason for this change is: in your results (refer to Figures 8-10 you mentioned “our scheme”.

2.    If possible, enhance your conclusion and add more to future work (in the next step).

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 4 Report

 

  1.  All abbreviations must be appropriately defined in the paper.
  2. The author must use the same style for defining the abbreviation in the paper, i.e., skip table (ST). Or a Location Array and Doubly Linked Info Table (DLIT). Refrain from defining the abbreviation again and again in the paper.
  3. Check all the captions of the figure and the text or title of all the figures, whether all are defined correctly. 
  4. How the proposed solution is different from the Ref.[35].
  5. RepGen(F, m) → {mij} what is the meaning of this expression.
  6. What is the difference between bid, and j?
  7. We use the "version" what the version is? Is it a random number or a timestamp?
  8. How are the M and C in {F*, M, {σi}, C} computed?
  9. Without the notation table, it is hard to read the paper. The authors need to add a notation table in the paper.
  10. The authors need to add background knowledge to enhance the paper's quality and give some details on equations (1) and (2).
  11. The threat model needs to be included in the paper, and the authors need to add the threat model in the revised paper.
  12. ``Due to the different number of blocks in each file, the whole HMHT may not be a balanced binary tree, but hierarchically, each subtree is internally balanced." this needs to be explained further.
  13. Currently, the paper is hard to read, and the structure of the paper needs to be improved.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

I am satisfied with the new version of the paper.

Reviewer 4 Report

The authors have reviewed the paper significantly.

Back to TopTop