Research On Key Technologies Of Data Integrity And Confidentiality Protection In Cloud Storage

Cloud storage is one of the important IaaS(Infrastructure as a Service) applications of the cloud computing. It has been getting increasingly widespread usage in many scenarios, such as the data archive, online document editing, data backup and disaster recovery, and personal SkyDrive. It provides users the on-demand storage space in the form of resource pool. Therefore, it can reduce the users’ storage cost, provide the professional management and maintainment service, support the whenever and wherever data access, and extend the available space according to users’ need dynamically. Cloud storage can provide the convenient data storage and access services to the mass of Internet users.However, the data in cloud storage suffers to significant security threats that need to be solved in the development process of cloud storage, because of its agreement based service, not fully trusted CSP(Cloud Service Provider), system vulnerabilities, outside attacks and other reasons. Therefore, this dissertation discusses several critical problems on the data integrity and confidentiality protection in cloud storage. It focuses on how to check the data integrity remotely, how to avoid the leakage of confidential data resulted from data remanence, and how to achieve the encryption and deduplication of confidential data concurrently. Its main works and contributions are as follows.(1) Homomorphic hash based provable data possession of dynamic multiple replicas.Although CSP usually commits to store multiple replicas for users’ data, the users cannot check whether CSP stores the committed amount of replicas and whether these replicas are complete. Therefore, a homomorphic hash based provable data possession scheme of dynamic multiple replicas is proposed.First, users encrypt the file and mask the encrypted file to get multiple different replicas. This can guarantee that CSP stores the committed amount of replicas. Second, users compute a set of verification tags for the blocks of encrypted file by using the homomorphic hash. This can make the batch sampling verification to all of replicas possible. Furthermore, the wrong replicas and wrong blocks can be found out and recovered by using other replicas when the batch verification fails. At last, file updates including the block insertion, modification and deletion can be supported by introducing a Map-Version table to record the block Serial Number(SN), Block Number(BN) and Version Number(VN), replacing the BNs in algorithms with the SNs and adding the VNs into some algorithms. The security proof shows that the scheme can satisfy the correctness and soundness, and resist to the replacement attack, replay attack and forgery attack. The result of performance analysis and test shows that the scheme brings relatively low computation, storage and communication costs.(2) Dynamic provable data possession based on pre-computed challenges.With the development of mobile Internet, users may use the smart mobilephone, tablet PC, PDA and other mobile terminates to check the integrity of cloud data, but these devices have only limited computation, storage and bandwidth resources to support the integrity verification. Therefore, a dynamic provable data possession scheme based on pre-computed challenges is proposed.In the scheme, users pre-compute a certain amount of challenges and utilize the hash and exclusive-or computations to generate the corresponding verification tags. While verifying the data integrity, CSP is required to generate a proof with the same computations. Users will check whether the proof equals to a tag to determine the data integrity. This scheme can also support the data and challenge updates, which are usually not achieved in the provable data possession based on pre-computed challenges. The security proof shows that the scheme can satisfy the correctness and soundness, and resist to the replacement attack, replay attack and forgery attack. The result of performance analysis and test shows that the scheme brings relatively low computation, storage and communication costs. Specifically, the low computation cost of users and the low communication cost between the users and CSP in the verification process make it very suitable to the scenarios in which some thin terminates are used to check the data integrity.(3) Confidential data assured deletion with data dynamics.The confidential data may be leaked because of the data remanence in cloud storage. For example, CSP may not delete the data that is expired or asked to be deleted by users, or may not delete all the replicas of a file. Therefore, a confidential data assured deletion scheme with data dynamics is proposed.The scheme combines key deriving tree, AON(All-Or-Nothing) encryption, secret sharing and DHT(Distributed Hash Table) network to achieve its goals. First, it uses the key deriving tree to generate a control key for every data block, and stores the key generating parameters into the cloud. Then, it uses the AON encryption to encrypt users’ authentication key — MTKS(Minimum Tree Key Set) into a ciphertext and a stub. Among them, the stub is securely sent to users as an authentication parameter, while the ciphertext is distributed into the DHT network by utilizing the secret sharing technology. The scheme achieves several goals by utilizing these technologies. First, when the data is expired or is asked to be deleted, its MTKS will become unrecoverable. This will cause that the data cannot be decrypted forever. Second, it realizes the block-level access control and simplifies the key management. Third, it provides the encryption protection to the confidential data and resists to the sniffing and hopping attacks to get the MTKS. The result of performance analysis and test shows that the scheme performs well on storage cost, key initializing cost and other operation costs. Therefore, the data assured deletion function will not bring much expense to the users and CSP. Additionally, the scheme can support data updates. This make the assured deletion technology can be also applied to dynamic data.(4) Confidential data deduplication based on MHT(Merkle Hash Tree) and homomorphic MAC.To achieve the encryption and deduplication of confidential data concurrently, two confidential data deduplication schemes which are separately based on MHT and homomorphic MAC and separately called as MHT-Dedup and hMAC-Dedup are proposed.In the MHT-Dedup, CSP generates a MHT from the data ciphertext to detect the duplicate files. Therefore, it achieves the determined Po W(Proof of o Wnership) for the confidential data. While in the hMAC-Dedup, CSP generates a verification tag for every block of the data ciphertext by using the homomorphic MAC, and detects the duplicate files by sampling the ciphertext blocks and their verification tags. Therefore, it achieves the probabilistic Po W for the confidential data. Both of them achieve the cross-user file-level client-side deduplication and local block-level client-side deduplication concurrently, and avoid the target collision attack and other attacks resulted from the hash-as-a-proof technology. The result of performance analysis and test shows that the MHT-Dedup brings lower storage cost, while the hMAC-Dedup brings lower computation and communication costs. Therefore, while implementing the confidential data deduplication in cloud storage, the MHT-Dedup or hMAC-Dedup can be selected flexibly according to the particular environment and demands. Compared to the existing confidential data deduplication schemes, the MHT-Dedup and hMAC-Dedup perform better on the replication detection and system security.