Research On Encryption Techniques For Data Privacy Preserving On The Cloud Platform

The continuous increase in various types of data has produced an over-whelming flow of data. So it is a promising problem how to store and handle big data. Cloud computing has been a successful computing paradigm since it offers massive data storage and powerful computation for cloud users at affordable price. However, out-sourced storage and computation takes a great challenge for cloud data privacy. For preserving privacy, the data owner encrypts his/her data before outsourcing them to the cloud server. Unfortunately, traditional encryption hinds some useful functions so that the cloud server is unable to do computations over outsourced encrypted data on behalf of the data owner. In this paper, we will do research on how to preserve privacy and usability simultaneously for the outsourced cloud data from the following three aspects:1. How to search over private data outsourced on the cloud platform? In some appli-cations, the data user may need to search over encrypted data in the cloud to get the data he/she interests in. To alleviate concerns, searchable encryption is a feasible technique to achieve this. Unfortunately, existing searchable encryptions can’t deal with two problems as follows:(1) How does the data owner grant its own search ability to other data users by specifying fine-grained access control policy when he can delegate search operations over outsourced encrypted data to the cloud server? (2) How to achieve fine-grained ac-cess control and fast search over outsourced encrypted data simultaneously? For these two problems, we propose two novel ABE variants, dubbed attribute based proxy re-encryption with keyword search (ABRKS) and deterministic attribute based encryption (DABE) respectively.ABRKS enables data owners to delegate search capability to some other data users complying with the specific access control policy. We present two flavors of ABRKS constructions, key-policy ABRKS and ciphertext-policy ABRKS, both of which can be proved secure based on the standard Multilinear Decisional Diffie-Hellman Assumption.DABE achieves fine grained access control and fast search simultaneously by lever-aging the advantages of attribute based encryption and deterministic encryption. We pro-pose a generic construction from traditional ABE and a concrete construction for KP-DABE respectively.2. How to do set operations over private data outsourced on the cloud platform? Apparently, other set operations can be trivial calculated from set intersection. There-fore, we focus on set intersection operation over outsourced encrypted data. We present a novel primitive called attribute based set intersection over outsourced encrypted datasets (ABSI) and give two constructions for key-policy and ciphertext-policy respectively, both of which can be proved secure based on DLN assumption and generic group model. Our schemes have three distinctive properties:(1) They realize fine-grained authorization for set intersection over encrypted outsourced data sets by combining attributebased encryp-tion. (2) The cloud can compute the set intersection on behalf of the data user without being able to learn useful information about the data owners’plaintext data. (3) Com-pared with existing PSI schemes, our schemes do not require interaction with the data owner.3. How to revoke users over private data outsourced on the cloud platform? To share his/her data, data owner encrypts his/her data using attribute based encryption and outsourced the encrypted data to the cloud. In some scenarios, the data owner should revoke some expired data users and how to revoke these data users is always a valuable problem in ABE. We propose an effective scheme dubbed directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation (drvuKPABE), which can be proved secure under Multilinear Decisional Diffie-Hellman Assumption. Our scheme achieves the follow objectives simultaneously:(1) How to mitigate the communication cost for non-revoked users when the trusted authority revokes expired users? (2) How to forbid the revoked users to decrypt ciphertexts that were generated previously? (3) How to account the updating operations over encrypted data?...