Research On Cloud Data Integrity And Usability

With the rapid development of network technology, a large amount of data have been gathered and produced by individuals, companies and organizations. The growth of the data scale is far more than the growth of the processing and storage capacity of computers. Faced with this reality and the trend, users have to outsource their data to the cloud such that they can make access to their data more conveniently and can be relieved from the burden of local data storage and maintenance cost. Although the cloud storage service makes these advantages more appealing than ever before, it also introduces new challenges towards the integrity, and availability of user’s outsourced data. For example, integrity challenges of data corruption are inevitable, cloud service providers are dishonest. The research challenges about data usability towards data integrity such as auditing efficiency, user revocability, key update, according to the different access terminal ciphertext types can be modified etc. prevent the rapid popularization and application of cloud storage service. In this dissertation, we focus on the cloud data integrity and availability research, and the research outcomes are four folds:1. Research on efficient and secure cloud data integrity verification schemes.(1) An efficient and light-weight data owner auditing scheme for secure cloud storage was proposed. Based on elliptic curve digital signature algorithm(ECDSA), the scheme constructed linearly homomorphic authenticator, so that the data owner can verify the data integrity, and does not need to retrieve the entire data and thus dramatically reduces the communication and computation overhead.(2) An efficient public auditing scheme for data storage was proposed. It taked advantage of Schnorr signature algorithm and homomorphic message authentication codes(MACs) to reduce the space used to store the verification metadata. The scheme also employed the random masking technique to make sure that the TPA cannot recover the users’ outsourced data blocks.Security proof shows that these schemes are secure. Furthermore, these auditing schemes can be extended to efficiently perform auditing for multiple different data file simultaneously, and execute dynamic operations efficiently. The experimental results have demonstrated our auditing schemes are much more light-weight than previous auditing schemes. Due to pairing-free in the proposed auditing process, both the schemes can be effectively applied to distributed sensor network scenario, such as computing, storage, bandwidth, limited application environment.2. Research on cloud data auditing mechanism supporting user revocability.(1) A privacy-preserving cloud data integrity verification scheme supporting user revocability was proposed. The scheme exploited the technique of bilinear aggregate signature to help current user audit the data which was sent to the cloud by all the previous users, and can satisfy the user’s data transfer demand of large companies and organizations. Meanwhile cloud users can delegate a third party(TPA) to perform security auditing tasks as it is not economically feasible for them to handle the tasks by themselves. The scheme is provable secure in the random oracle model even when the cloud service provider conspires with revoked users.(2) A privacy-preserving integrity verification scheme for cloud storage supporting user revocability with the unidirectional proxy re-signature technique was proposed. In the proposed scheme, the proxy re-signature key was generated by the current data manager’s private key and the former public key, which could not leak any information, thus it could realize transferring of ownership data caused by the users’ revocability securely. Moreover, the random masking technique was employed to prevent the curious TPA from revealing the primitive data blocks. The scheme is also provable secure in the random oracle model even when the cloud service provider conspires with revoked users.3. Research on efficient cloud data auditing supporting key-updating. An efficient privacy-preserving integrity verification scheme for cloud storage supporting key-updating was proposed. The scheme incorporates zero knowledge proof systems, proxy re-signatures and homomorphic linear authenticators. When the cloud user needs to update his key, instead of downloading the entire file and re-generating all the authenticators, the user can just download and update the authenticators. This approach dramatically reduces the communication and computation cost while maintaining the desirable security. The dissertation formalize the security model of zero knowledge data privacy for auditing schemes in the key-updating context and prove the soundness and zero-knowledge privacy of the proposed construction. We finally develop a prototype to evaluate the performance of our construction. Implementation results match the theoretical analysis and shows that the new scheme is good practicability. It is suitable for computing, storage and bandwidth limited applications in embedded cloud storage systems.4. Research on cloud storage data availability scheme supporting that type information of ciphertext can be modified. In this dissertation, except for the study of the integrity of the cloud storage data, we also further research the usability of the cloud storage data. To address the issue that different types of ciphertext stored in cloud server can be modified, the dissertation first point out that there exist two security flaws in Liu et al.’s scheme. Moreover, a dynamic type and identity-based proxy re-encryption scheme for cloud computing was proposed. The scheme not only keeps the traditional core function of PRE scheme, but also makes sure that the owner of ciphertext can modify the type information at any time. Compared with previous schemes, our scheme is more secure and practical.