Comments on “Identity-Based Distributed Provable Data Possession in Multicloud Storage”

In 2015, Wang proposed the first identity-based provable data possession scheme named ID-DPDP ( IEEE Transactions on Services Computing , vol. 8, no. 2, pp. 328-340, Mar./Apr. 2015) to verify outsourced data publicly without the implementation of PKI. Unfortunately, in this letter, we demonstrate that this scheme is insecure in the sense that cloud servers can generate valid proofs without possessing the original data blocks. We also show another security issue in this scheme which leads to some data blocks can never be verified unless all the data blocks are challenged. Meanwhile, we provide solutions to these problems while preserving the security features of the original scheme.