Research On The Data Security In The Untrusted Cloud Environment

Both the data auditing and the searchable encryption are the fundamental techniques for the data protection and utilization in the cloud.The traditional solutions for data audit-ing and searchable encryption require the secure cloud environment.However,the cloud environment is not always secure in reality.First,the entities in the cloud are not full trusted.For example,in public auditing,the third party auditor may cheat data users for some potential reasons.If the third party auditor cheat data users,the data users will not get the right results of the integrity of the data.Second,transmission channels in the cloud are not always trustworthy.There exists a potential eavesdropper who can eavesdrop on transmission channels and obtain the information transmitted via the channels.Most ex-isting searchable encryption schemes cannot guard against this eavesdropper.Third,the misbehaviors executed by the cloud server are exist.The cloud server may try to get the access patterns from the search behavior performed by the authorized users in search-able encryption schemes.With the access patterns,the cloud server may retrieve parts of information in the data without decrypting it,or may obtain the additional information corresponding to users.Ever worse,the cloud server can perform keyword guessing at-tacks on searchable encryption schemes,and try to get some keywords involved in the encrypted data.To solve the problems above,this thesis focuses on designing some practical da-ta protection and utilization techniques in the untrusted cloud environment.This thesis focuses on the following problems:(1)the secure public auditing for the data integrity with the untrusted third party auditor;(2)the secure searchable encryption scheme for the cloud data without secure channels;(3)the secure searchable encryption scheme for concealing the access pattern from the cloud server with insecure channels;(4)the secure searchable encryption against keyword guessing attacks for sharable cloud data without secure channels.The main contributions of this thesis are as follows.(1)Propose,design and implement a secure public auditing scheme for the cloud data with the untrusted third party auditorBy performing Diffie-Hellman key exchange protocol between the data owner and the cloud server,we propose a novel public auditing scheme,referred to as SL-PA,to eliminate the data owner's dependence on the third party auditor.SL-PA has the follow-ing advantages:First,although the third party auditor is no longer trustworthy,the main computation tasks are still performed by the third party auditor;Second,the last step of data auditing called verification is performed by the data owner,and the computation overhead of the verification is endurable for a general cloud user;Third,neither the third party auditor nor the cloud server can cheat the data owner by forging the data.(2)Propose and design the multi-party key exchange based searchable encryption within insecure channelsThis thesis utilize the indistinguishability obfuscation technique to design a multi-party key exchange protocol in the cloud.Based on this protocol,we design a novel searchable encryption scheme,called IO-SE,to guarantee the secure keyword search on the encrypted data with insecure channels.Scheme IO-SE has the following advantages:First,with the multi-party key exchange protocol,the data owner can securely share se-cret keys with the authorized users.With the secret keys,the authorized users can perform search on the encrypted data,and decrypt the corresponding search results.Second,the potential eavesdropper cannot decrypt the encrypted data,and perform search on the en-crypted data,with the intercepted information.Third,scheme IO-SE can perform the secure search without the authority.Even the unauthorized users perform the search on the encryption data,they will not get the right search results.(3)Propose,design and implement a non-interactive searchable encryption in the cloud without secure channelsBy utilizing the proxy re-encryption technique,this thesis propose a novel searchable encryption scheme,referred to as NI-SE,to implement a non-interactive keyword search over the encrypted data without secure channels.Scheme NI-SE has the following ad-vantages:First,the searchable encryption scheme is secure-channel-free,which implies that the potential eavesdropper will not be able to crack the scheme with the intercepted information.Second,the scheme is non-interactive,which means that the data owner and data users will not interact with each other,the interactions will only be occurred between cloud users and the cloud server.Third,the data owner delegates the search ability to data users via the cloud server,without leaking the search ability to the clouds server.Finally,scheme NI-SE is an implementable solution which is efficient.(4)Propose,design and implement a searchable encryption with the access pattern concealingBy utilizing the blind storage technique,and the privacy set intersection technique,this thesis propose a novel searchable encryption scheme,referred to as Sift,to conceal the access pattern from the cloud server without secure channels.As the improved version of scheme NI-SE,scheme Sift inherit the advantages of scheme NI-SE,such as secure-channel-free property,non-interactivity and so on so forth.Moreover,scheme Sift applies blind storage to store the data,and designs a novel index based on the privacy set inter-section technique.With the new designed index and the data storage method,the cloud server will be not able to learn the access patterns.Besides,we evaluate the performance of Sift by the implementation.The evaluation results shows that Sift is a efficient and practical searchable encryption scheme in reality.(5)Propose,design and implement an efficient searchable encryption against key-word guessing attacks for sharable electronic medical records in cloud-based systemSince keyword guessing attacks are seriously harmful to the cloud-based medical data,this thesis implement a novel searchable encryption scheme,called SE~2,against the keyword guessing attacks for the sharable medical data in the cloud.This thesis analyzes the potential risks from the keyword guessing attacks on the medical data,and clarifies the necessity for the searchable encryption to solve keyword guessing attacks problem.SE~2can guard against the keyword guessing attacks within the cloud environment without secure channels.Comparing with the traditional searchable solutions,SE~2considers that the data owner would like to share his medical records with many people,and guarantees the better performance for the sharable medical records.Finally,the security analysis and the evaluation prove that SE~2is both secure and efficient.