Research On The Key Technologies Of Data Security And Privacy Preserving In Cloud Computing

Cloud computing provides various kinds of resources such as hardware and software as a service to users. In cloud computing, users store data into the cloud, and access their data through the network. Currently, there is an increasing trend of outsourcing enterprise data to the cloud for efficient data storage and management. However, since the cloud service provider is untrusted, this introduces many new challenges toward data security and privacy. With the popularity of cloud computing, how to provide dependable and secure cloud data sharing, data collaboration and data publication techniques are urgent problems in cloud computing.This thesis concentrates on cloud computing security and privacy-preserving issues. We study cloud computing security issues about secure data sharing and data collaboration service respectively. Meanwhile, a privacy-preserving cloud data publishing algorithm which not only satisfies differential privacy but also realized high data utility is proposed. The main contributions of this thesis are as follows:? This thesis proposes a secure, effective, scalable and privacy-preserving data sharing scheme by exploiting CP-ABE and combining it with technique of IBE.In order to provide a dependable cloud data sharing service that allows users dynamic access to their data, the proposed scheme ensures fine-grained data access control, backward secrecy and security against collusion of users with the cloud and supports user addition, revocation and attribute modifications which are not provided by current works. Moreover, the scheme does not disclose any attribute of users to the cloud so that keeps the privacy of the users away from the cloud. Security analysis show that the proposed scheme is semantical security in the random model. In addition, we evaluate the performance of the proposed scheme about computation complexity, communication cost and ciphertext size.The results show that the proposed scheme is highly efficient.? This thesis proposes a secure cloud data collaboration scheme with explicit dynamic data/user. One critical issue is how to enable a secure data collaboration service including data access and update in cloud storage services. A data collaboration service is to support the availability and consistency of the shared data among multi-users. The proposed scheme employs a multi-level HIBE scheme to guarantee data security against the cloud. It realizes a one-to-many encryption paradigm and data writing operation simultaneously to achieve secure data collaboration in cloud computing. Moreover, the proposed scheme provides dynamic operations such as data creation/deletion and user addition/revocation.Security analyses show that the scheme is IND-ID-CCA security under the BDH assumption and can realize fine-grained access control, collusion resistance and backward secrecy. In addition, we evaluate the performance of the scheme about computation complexity, communication cost, user revocation cost and storage cost. The result shows that the scheme is highly efficient? This thesis proposes a privacy-preserving data publishing algorithm based on wavelet-coefficient techniques which satisfies differential privacy in cloud computing. The collection of daily life information by some cloud data centers(e.g.,governments and corporations) has provided tremendous opportunities to make knowledge-based decisions. Driven by enormous benefits, there is a demand for the publishing of these data among various entities. By analyzing a real WLAN trace dataset, this thesis finds that the existing anonymization techniques cannot provide strong and provable privacy guarantees. Differential privacy is the only model that can provide strong and provable privacy guarantees. However, the existing studies on differential privacy fail to provide effective data utility for query operations on multi-dimensional and large-scale datasets. The proposed algorithm first builds a noisy wavelet-coefficient synopses of a dataset. Then,a polylogarithmic noise is added to each wavelet coefficient in the synopses to generate a noisy synopses which can be published. Furthermore, the extensive experimental results show the sanitization algorithm achieves high data utility under differential privacy on an enterprise-scale WLAN trace dataset.