Research On Key Thchnologies Of Secured Data Sharing In Cloud Storage

Cloud storage is primarily a new model for internet applications. By virtualization, distributed computing technology, cloud storage aims to allocate storage resources to users according to their different needs. In this way, such model is able to meet the requirement of IT resource extension caused by the increasingly growth of data set. With the usage of cloud model, physical security might be lost because of sharing storage resource with other people. For instance, once a user puts data on the cloud, he can not guarantee its physical security. With the widely application of the cloud storage technology, security problem becomes increasingly significant. Therefore, proactive measures must be taken in order to guarantee the development of cloud storage.For security problem of data sharing in cloud storage, this paper puts forwards three algorithms:key distribution, data encryption and attribute key revocation. A security data sharing model based on these algorithms is proposed to resolve the problems of third-part trust, collusion attack and data backward secrecy. The main contributions of this paper are summarized as follows:1、To achieve data access control applicable to un-trust cloud storage system and solve the key-escrow problem, this paper puts forwards an attribute key distribution algorithm. The proposed algorithm addresses the key-escrow problem by dividing key generation center into several distributed parts. The security and performance analyses indicate that the proposed algorithm protects the confidentiality of key during distribution and about 34% of the required time is saved.2、Attribute encryption algorithm comes with a drawback which is known as collusion attack. This paper puts forwards a mixed data encryption algorithm to solve the problem. During encryption process, symmetrical parameter and access police are added in the encrypted data to provide access control and data confidentiality. Moreover, data re-encryption algorithm is proposed to protect the data backward secrecy during attribute key revocation. Furthermore, security and performance analyses indicate that the proposed algorithm is both secure and efficient for cloud storage. About 40% of the required time is reduced during data encryption.3、Ciphertext Policy Attribute-Based Encryption (CP-ABE) is becoming a promising cryptographic solution to the security problem of shared data in cloud storage. However, applying CP-ABE in the data sharing system introduces a challenge which regard to the user revocation since the access policies are defined only over the attribute universe. This paper proposes a secure key updating scheme based on LKH++ ALKH(Attribute LKH). ALKH construct a secure tree to manage attribute keys. The building method of the key tree and holding way of keys are proposed in this paper to reduce computation, storage and communication overhead for each user. In addition, ALKH supports rekeying to enhance security and survivability against key management center revocation. Performance analysis shows ALKH is highly efficient in term of security, computation and storage. The complexity is declined from O(2n) to O(log2n).4、To share data with the legitimate users, a cloud based data sharing system utilizes storage facility from a cloud service provider. In contrast to traditional solutions, cloud storage stores the shared data in the large data centers outside the trust domain of the data owner, which may trigger the problem of privacy and data confidentiality. Based on the proposed key generation, data encryption and key revocation algorithms, this paper proposes a secure data sharing model to protect the shared data from unauthorized access. Different from the prior works, symmetric and attribute keys are used to encrypt the shared data and several distributed parts are used to distribute keys. Moreover, key updating and data re-encryption algorithms are used to provide data with backward secrecy. Extensive security and performance analyses indicate that our sharing model highly minimizes the security and privacy risks of sharing data in cloud storage.