| As a new kind of technique for resource management, resource dispatch, and resource access, cloud computing makes people’s working and daily life much more convenient. For example, the cost is saved, the ratio of the resource utilization is improved, the resource can be accessed elastically, and the service is available anywhere at anytime. However, just because all the resources are uniformly managed by the cloud service provider the security problem becomes much more prominent, which is becoming a key factor that hinders the development of cloud computing. The directly related security problems to the users include data privacy, data integrity and so on. One fundamental cause of these security problems is that the cloud service provider cannot be fully trusted by the users. In order to protect the data privacy, the cloud users prefer to encrypt their data before outsouring. However, encryption makes the cloud server difficult to operate on these data. So, how to make the encrypted data much more operatable as well as protecting the privacy becomes an important research point in cloud computing. In this dissertation, we study on some related security problems over encryptions in cloud computing, such as searchable encryption, private set intersection, outsourced data integrity verification.As for the searchable encryption, two points are studied. In the first point, we propose a much more pratical searchable public key encryption scheme which supports multiple users. The scheme is based on the special properties of the bilinear map and can be used to realize the sharing of encrypted data among multiple users in cloud computing. The innovations include:the scheme not only satisfies the security for the keyword encryption, but also satisfies the security for the keyword trapdoor; when the keyword encryption is generated, its length has no relationship with the number of users that share the data, and the length is a constant which is twice longer than the element in the group; the scheme achieves the access control over the users to a certain extent, for example, the user revocation, without using the identity based or attribute based encryption; the computation cost is lower than traditional schemes. In the second point, we focus on the security against the off-line keyword guessing attack. The traditional schemes secure against the off-line keyword guessing attak all suppose that the attacker is an outsider which is neither the receiver nor the server. Our innovation is that we break the assumption of the attacker and consider the security against the server for the first time. We analyze the reason that traditional secure schemes cannot resist the server’s attack; formally define the security model against the server’s off-line keyword guessing attack; propose a compiler based on the certificate authority of the public key infrastructure, which could transform the traditional secure scheme into the one secure against the server’s keyword guessing attack.As for the private set intersection which is a special case of seucure multiparty computation, our study is based on the encrypted set elements. Traditional techniques for realizing private set intersection include the oblivious polynomial evaluation, the oblivious pseudorandom functions, the blind signatures, and the bloom filter. Our innovation is that for the first time we introduce the searchable encryption into secure multiparty computation and propose a novel method for private set intersction, which is much more appropriate in cloud computing where the user’s computation resources are limited. We first propose a secure protocol for private set intersction in presence of the semi-honest adversaries, which is more efficient for the user. Concretely, suppose the cardinality of the user’s set is m, then in order to get the intersection securely the user only needs to compute m multiplications, m ordinary hashes, and one modular exponentiation, and this makes the user’s computation cost much lower. In presence of the malicious adversaries, traditional secure private set intersection protocols use the non-interactive zero knowledge proofs to ensure the correctness of the computation. We introduce the succient non-interactive arguments instead for the first time, which reduces the user’s verification cost to a constant level.As for the outsourced data integrity verification, we first try to solve the security problem in the traditional proof of retrievability scheme based on encryption. The user’s data privacy thus is protected against both the server and the third party auditor. Based on this work, we proposed two methods for reducing the verifier’s computation cost. In the first method, we remove the expensive bilinear maps under the help of the data owner in order to reduce the auditor’s computation. In the second method, for the first time we introduce the computationally sound proof to the outsouced data integrity verification in cloud computing, and propose a new kind of integrity verification protocol which is much more efficient.The reason that we choose the computationally sound proof is that its original goal is to reduce the verifier’s computation, which is the same as our goal in cloud computing. In the proposed scheme, the user’s computation can be reduced to a level polylogrithmic to the traditional schemes, which is a high improvement in the computation cost.
|
PDF Full Text Request