Research On Remote Data Integrity And Authentication Technologies

Cloud computing is an important trend of current information technology development. It makes both computation and storage resources inexpensive to buy and easy to access, for both small-scale enterprises and personal users. Currently many large companies are developing cloud computing products, such as the Amazon Elastic Compute Cloud, Google Cloud storage, Microsoft Azure cloud platform, etc.When cloud computing is developing quickly, it is unavoidable that it also brings a lot of security problems. In this dissertation, we focus on the data integrity and authentication problems. In the cloud storage, users’data are stored in remote cloud servers. Traditional data integrity checking needs data to be downloaded to the local disks, but this is not suitable for cloud environments, because users can store huge amount of data in the cloud. Remote data integrity checking makes it possible for users to perform data integrity checking even when they do not have access to the original data. In the aspect of authentication, two-factor authentication schemes based on passwords and smart cards have advantages of being easy to use, supporting pay-as-you-go, with no necessity of using trusted third party, as well as providing more security guarantees than single-factor authentication, and are therefore suitable for cloud environments. In this dissertation, we present a survey of previous remote data integrity checking protocols and two-factor authentication schemes. We found that previous protocols and schemes cannot satisfy users’needs in aspects of dynamic data updates, public verifiability, security and performance. We did comprehensive research on designing novel protocols and schemes to satisfy users’needs. The main contributions are as follows:1. A privacy preserving remote data integrity checking protocol that supports data dynamics and public verifiability is proposed. The proposed protocol does not need to use a trusted third party auditor. Previous remote data integrity checking protocols can support data dynamics and users’privacy, but can only rely on the trusted third party auditor to realize public verifiability, which tremendously reduces protocols’applicability. The proposed protocol supports fully public verifiability, i.e., anyone can perform integrity checking on users’data without disclosing data privacy. Through both theoretical analysis and experimental results, we show that the proposed protocol is highly efficient, which makes it very suitable for cloud computing. 2. A multiple replica remote data integrity checking protocol that supports public verifiability is proposed. Previous remote data integrity checking protocols can only support public verifiability in the single-replica setting. Multiple-replica storage is very important in increasing data dependability and availability. The proposed protocol supports integrity checking in the multiple-replica setting, in which the integrity of t file replicas that are stored on t servers can all be guaranteed, and servers’total storage costs are at least t times the storage cost of storing one single replica. Experimental results show that the proposed protocol achieves high performance, which is suitable for cloud computing.3. A two-factor authentication scheme that is resistant to the offline password guessing attack and the masquerade attack is proposed. We did a cryptanalysis of a recent two-factor authentication scheme, and found that it cannot resist the offline password guessing attack or the server masquerade attack. Based on the cryptanalysis, we propose a novel security enhanced authentication scheme, which prevents these attacks, and does not have security holes. Performance analysis shows that the proposed scheme has high efficiency.4. A countable ticket-based two-factor authentication scheme is proposed. Previous ticket-based authentication schemes use costly modular exponentiations, which brings servers expensive costs under the increasing number of cloud users. In addition, previous schemes do not support mutual authentication between the server and the user. The proposed scheme constructs tickets by using one-way hash functions, exclusive-or, and string concatenation operations, so it does not need to perform modular exponentiations. The proposed scheme supports mutual authentication between the server and the user, and is highly efficient.5. A two-factor authenticated key agreement scheme that has perfect forward secrecy is proposed. We did a cryptanalysis of a recent scheme, and found that it cannot resist the offline password guessing attack, and does not have perfect forward secrecy, which makes any previous session keys disclosed once the adversary gets the long term secret key of the server. Based on the analysis, we propose a novel security enhanced scheme, which is resistant to the offline password guessing attack, and also has perfect forward secrecy.