| Cloud computing and Peer-to-Peer (P2P) computing are two main distributed computing technologies, which can effectively support large-scale distributed applications on the Internet. P2P cloud storage service system is a new Internet application mode. It combines the advantages of both technologies, which uses highly scalable P2P network architecture to integrate the idle storage resources of system users to provide a storage space of low cost and huge capacity, and utilizes the management and operation mechanism of cloud computing to provide services of high performance, high reliability and high quality. It has the characteristics of large scale, distributivity, openness, dynamicity, heterogeneity and privacy, which makes it face more complex and challenging security issues. Thus, it is necessary to design effective security control mechanisms from three important aspects of data, application and user to address the key security issues.In P2P cloud, cloud servers and users may not be entirely trusted. How to ensure the confidentiality of data stored in the system, and realize the secure and flexible data sharing is one of the key security issues. To address the issue, based on Attribute-Based Encryption (ABE) technology, a secure, efficient and fine-grained data Access control mechanism for P2P Cloud, namely AAPC, is proposed. In AAPC, a novel ciphertext-policy ABE scheme is designed, which is used to encrypt data and enforce fine-grained data access control. To solve the problem of user access privilege revocation, a proxy re-encryption scheme is further designed. It combines P2P reputation system to enable the data owner to delegate the complicated revocation work to cloud servers and reputable peers, which greatly reduces the computation overheads brought to the data owner and cloud servers. Security analysis demonstrates that AAPC is provably secure under the standard security model, and can resist collusion attacks and protect user access privilege information effectively. Performance evaluation shows that compared with other similar ABE schemes and related revocation schemes, all the system operation time in AAPC is very short, the generated keys and ciphertexts are very small, and when users are more large-scale and dynamic, AAPC can achieve more significant efficiency benefits.In the network coding-based content distribution application of P2P cloud, the pollution attack against network coding is very serious. How to resist this attack to ensure the security of content distribution is one of the key security issues. To address the issue, based on Elliptic Curve Cryptography (ECC), a Homomorphic Signature mechanism, namely EHS, is proposed. Using EHS, system peers can verify encoded blocks on-the-fly efficiently to discover corrupted blocks quickly. To further improve the verification efficiency and maintain high security, a batch verification approach and a cooperative security approach are employed which enable peers to verify multiple blocks in batch and alert other corrupted peers when corrupted blocks are discovered. Compared with other corruption detection mechanisms for network coding, EHS has relatively high security and small computation overheads and communication overheads.EHS belongs to a kind of pollution detection mechanism and compared with this mechanism, attacker identification is a more effective approach to resist pollution attacks. Based on EHS, an Identity-based Malicious peer Identification mechanism,namely IMI, is proposed. To identify malicious peers rapidly, a lightweight block verification approach based on the null space properties of network coding is employed. Moreover, a lightweight block signature approach is proposed, which holds every peer accountable for the blocks it sends out. Combining EHS with IMI, a complete mechanism for defending pollution attacks against network coding in P2P cloud is formed, which has the characteristics of high security, low cost and suitability for arbitrary network topologies. The simulation experiments show that in practical application scenarios, IMI can guarantee very low pollution in network and can quickly identify all malicious peers.In P2P cloud, there may be some malicious users, which will damage the system functions and will launch Sybil attacks, that is, gain multiple system identities to strengthen the attacks against system. How to determine whether a user can join the system to resist this attack is also a key security issue. To address the issue, based on Identity-Based Cryptography (IBC), an Admission control mechanism for P2P Cloud, namely IAPC, is proposed. IAPC contains four protocols, which are used to securely and efficiently assign identities to users respectively in different practical scenarios, In basic protocol, cloud servers authenticate users using callback method, and then assign random identities to legitimate users based on their IP addresses and generate corresponding key pairs for them. Extended protocol1enables cloud servers to delegate the work to multiple reputable peers. The other two protocols are for users who use Network Address Translation (NAT) technology and extend the above two protocols respectively. They assign identities to users based on their IP addresses and port numbers, and add cryptographic puzzles when distributing private keys to them. Users must pay some computational costs to gain private keys, which prevents malicious users from continuously using many port numbers to obtain a lot of identities. IAPC does not need to work for complex identity certificate management and effectively solves the security problems, such as key escrow, user revocation, IP address translation, etc. It maintains reasonable computation time and limits the rate at which malicious users can gain identities. The system has good scalability. |
PDF Full Text Request