Research On Security Mechanism Of Cloud Backup Service

Today, with the application data of enterprises changing and growing rapidly, network storage technology is also developing rapidly to adapt to the needs of the user changes. Cloud storage service allows users to access the data on server at any place, any time and any way. For organization with unpredictable storage requirements or cheap storage requirements, cloud storage servive allows users to buy storage capacity according to the users’actual needs. So, it provides a good expansibility.Compared to the conventional storage technology, despite cloud storage has many advantages, but it also facing many challenges. Among all the challenges, the security of cloud storage has been become the main factor which restrict its development and application. In many of the safety problems, this paper care about two of the most important safety problems:the first is how to ensure the preservation of the server complete accurate the user data, another one is how to ensure that the data to users of the legitimate access. By using the hash functions, signature schemes, homomorphism, lattice-base cryptography, attribute-based encryption and provable security theory and technology, some efficient and secure data integrity checking schemes are presented. This paper also discusses how to design a data access control scheme which can apply to cloud storage environment.Firstly, two homomorphisms hash function based provable data possession schemes (HH-PDP and V-HH-PDP) have been proposed. Currently, most of the PDP protocols use the homomorphisms technology, to which a large amount of calculations are leaded. It includes a lot of operations of modular exponentiation or bilinear map. Additionally, most of the existed protocols can’t provide all the agreement needs:public verifiability, dynamic data and privacy preserving. No practicable protocol is designed for the power constrainted devices such as cell phones, PDA and mobile devices. To solve these problems, we put forward two new PDP protocols. The first scheme we proposed in this paper is HH-PDP, which is a homomorphisms hash function based PDP protocol. It can well satisfy the additional requirements including public verifiability, data dynamic and privacy preserving. The key technology we used in this construction is that we consider the file as a collection of big integers, rather than elements in a large field. In additional, we further present a variant of HH-PDP by selecting and simplifying some parameters of the HH-PDP, V-HH-PDP achieves an optimal calculation efficiency and communication costs. The new proposed V-HH-PDP scheme is so efficient that it is suitable for power-limiited devices. However, V-HH-PDP achieves the efficientcy by losing the public verifiability of HH-PDP for cost. Experimental simulation shows that the computational overhead of HH-PDP is about7.2%lower than that of conventional PDP scheme which with the same characteristics. Without considering the nature of the public verifiable, computational overhead of V-HH-PDP is only about14.6%of that of conventional PDP scheme. Simulation results concide with the theoretical analysis.Secondly, a lattice based provable data possession scheme (L-PDP) is proposed in this paper. First, put forward a lattice based homomorphism signature scheme (L-HSS). If the assumption of small integer solutions (SIS) is hold, L-HSS is proven to satisfy strongly existentially unforgeability in the model of choose message attack (CMA). Then, a method of generating the lattice based homomorphic verifiable tags (L-HVTs) is presented, and homomorphic verifiable tag is a basic component of a PDP protocol. Finally, based on our L-HVTs, we proposed the first lattice based PDP scheme (L-PDP). L-PDP is proven to guarantee data possesion in the random oracle model (ROM). As far as we know, this protocol is the first lattice based construction applies in cloud storage field. According to the complexity analysis, the computational cost of L-PDP is mainly concentrated in the preprocessing (coding and the generation of tags) phase. The communication costs of proof generating phase and proof verification phase is independently with the size of the file (length). The client or the third party auditors only need to store the homomorphic verifiable tags, and need not to store the original file blocks.Thirdly, to satisfy the special security requirement of the ciphertext-based access control in the cloud storage service model, dynamic ciphertext access control (CP-ABE_CSUCON) model cloud storage is proposed. The CP-ABE_CSUCON model, which is based on the usage control and attribute-based encryption, can achieve an efficient, fine-grained and flexible ciphertext access control in the cloud storage. We reseach the CP-ABE_CSUCON model from aspects of the definition and system structure of a access control model. We present the corresponding data structure of security algorithm, and analyze its security. Compared with the existing scheme, the new scheme not only support a variety of subject and object attribute based on the fine-grained access control strategy, and through the attributes of the hierarchical management reduce the complexity of the rights management. We test the efficiency of our scheme and the experimental results show that the proposed scheme achieves a better efficiency than existing solutions under multi-users authorized in the environment of cloud storage.