| Cloud computing has garnered much interest in recent years in the computing industry, the media, and academia. It is a form of pay-per-use distributed computing. Cloud computing promises many benefits to the IT profession:the ability to scale resources to meet varying customer demand in real-time, to deliver new computing services faster, and to significantly lower capital and operational costs.In spite of its popularity, however, cloud computing has raised a range of significant security and privacy concerns which hinder its adoption in sensitive environments. Therefore, compared with the traditional models, in cloud computing model ensuring confidentiality and integrity of the end-users’data is far more challenging. Moreover, cloud services are usually multi-tenancy services, meaning that a single infrastructure, platform, or software provides its services to multiple mutually untrusted parties simultaneously. Therefore, confidentiality of these parties’data need to be protected against each other. Key management is one of the most basic data protection measures, further study of this problem could make a contribution to improve the security and practicability of cloud computing. With elliptic curve cryptography, random oracle model and hash function, the disserta-tion did in-depth research in cloud security architecture, key updating, re-encryp-tion, digital signature and group key agreement protocol. The main work of this dissertation is summarized as follows:1) A new cloud computing security architecture is proposed. An ECC-based backbone key management algorithm (to support the identity management function) is added in the architecture. The architecture supports fine-grained access control and scalability of cloud computing security network. We introduce time-bound key management scheme and access key hierarchy based key management scheme to implement efficient key updating when members join or leave the architecture. At the same time, the calculation time of the key derivation and signature check phase is reduced. These new key management schemes enhance the security, practicabi-lity and integrity simultaneously of cloud computing security architecture.2) A new key updating scheme, two data re-encryption based protocols and a certificateless digital signature scheme are proposed. The key updating scheme is implemented on the upper deck of the encryption scheme KP-ABE. Simultaneously we introduce a user-centric privacy-preserving cryptographic access control proto-col based on the new key updating scheme. The new protocol can provide security, privacy-preserving, efficiency and scalability, flexibility, simplicity and extensi-bility without relying on any specific cloud providers. We introduce a proxy-based re-encryption method with BBS encryption and El Gamal cryptosystem scheme. The limitation is the use of asymmetric keys for encryption per access to the data and the ensurance that the proxy must be fully trusted. Then we propose a model in which cloud providers implement re-encryption to deal with the defects of the first scheme. Cloud providers implement all data re-encryption operations and enhance the scalability. When group membership changes, this scheme could guarantee data confidentiality, forward secrecy and backward secrecy. Since some early CL-DS schemes have defects of expensive computational overhead resulting from the use of the bilinear pairings and MTP function and the lack of ability to resist various attacks, we use ECC to construct an efficient scheme with strong security and low computational overhead. CL-PKC has two kinds of adversaries with different attack powers. They launch challenge-response games. We define the attack model of the scheme. The proposed scheme is the existential unforgeability against the adaptive chosen message and identity attacks.3) An ECC-based group key agreement protocol is proposed. Most of the PKI based authenticated group key agreement protocols have low computing efficiency and high computation cost. In consideration of their low efficiency in low power mobile devices not suitable for mobile cloud network, our protocol has the follow-ing main characteristics:1. The protocol needs not to use the bilinear pairings and MTP operation.2. It can protect against known attacks.3. Members could join and leave flexibly.4. The protocol gets rid of the public key authentication CA and reduces the computational overhead with IBC and ECC.5. We can implement the scheme easily in mobile cloud network.
|
PDF Full Text Request