Searchable Encryption And Remote Integrity Checking With Their Applications To Secure Cloud Storage

Nowadays, thedramaticalincrementofinformationleadstotheaugmentofglobaldatasize,whichmakesdatastoragebecomeamuchmoreprofessionalissue. It’sagreatopportunity for cloud storage. However, security problems hinder cloud storage fromfurther popularization. Especially, recent security incidents occurred in several majorcloud computing providers intensify peoples’ worries. Indeed, that exactly shows theimportance of researches on secure cloud storage.From the cloud user point of view, this thesis assumes that cloud storage serviceprovider is untrusted or semi-trusted. With this presupposition, security problems incloud storage are divided into three parts: remote data integrity checking, searchableencryption and access control in cloud storage. Our major work focuses on searchableencryption and access control, and only briefs several existed work for remote dataintegrity checking. Concretely speaking, the three parts of our work are as follows.For remote data integrity checking, we give an adjustable scheme defnition. Tostate the features of provable data possession, proof of retrievability, public ver-ifability, supporting dynamic data, we list several representative constructions.ConsideringmajorityofexistingRDCconstructionsareprovedsecureintheran-dom oracle model, we propose the frst RDC construction, which is secure in thestandard model and supports public verifability.Searchable encryption has two types: searchable symmetric encryption (SSE)andsearchableasymmetricencryption(SAE),sincetheyaresuitablefordiferentapplications. In the symmetric setting, we frstly construct a SSE scheme sup- porting subset-test, then present how to construct schemes supporting superset-test and interaction-test, based on the one for subset-test, respectively. In theasymmetric setting, we propose a SAE scheme supporting boolean formula test.Majority of the above constructions are proved secure in the standard model.Commonly traditional access control systems based on fne-grain encryptions(e.g. CP-ABE) only focus on controlling accesses to data, and don’t take ser-vices built upon these data, such as data searching and integrity checking, intoaccount. However, designing and deploying an access control system per serviceleads to complexity and overhead on computation and storage for a cloud stor-age system. We uniform data and services as resources, then propose a accesscontrol frame work uniformly for resources. The core is called as accountabledecryption, which is frstly proposed by us. We also give a generic constructionof accountable decryption, and its security proofs.