Research On Key Problems Of Secure Data Outsourcing In Cloud Computing

As the cloud computing technology develops during the last decade, outsourcing data to cloud service for storage becomes an attractive trend. With data outsourcing, users would be able to assign the "data storage tasks" to cloud service providers by pay-per-use manner, and spare efforts on heavy data maintenance and management. However, data outsourcing, which essentially migrates the data control from users to cloud service providers, raises new challenges on security and privacy:Since cloud service providers are not fully trusted, they may abuse control in the received data, and potentially intercept and leak users’ sensitive information, which may lead to users’ invaluable loss.This dissertation focuses on the essential issues in data outsourcing, including,1) How to realize scalable and controllable data sharing, simultaneously supporting au-thorized users’ keyword-based queries on encrypted data;2) How to design a sophis-ticated storage strategy, such that user can not merely efficiently retrieve encrypted cloud data, but also do not need to worry about the loss of his/her "wealth" as a result of cloud servers’ crashes;3) How to improve the efficiency of cryptographic access control mechanism on encrypted data, leading to better adaption in cloud computing (in particular, mobile cloud computing). Regarding above issues, our contributions are summarized as following.1) Data Sharing and Retrieval in Multi-User Setting. Aiming at making an impact based on previous literature such as the case that all the users need to share a common secret key, this research explores the issue in hybrid cloud. In a hybrid cloud computing model, this research utilizes the primitive of public key encryption with keyword search, and proposes a basic schema for secure data sharing and retrieval. The basic schema avoids relying on the shared secret key among users, and also supports flexible access control as well as keyword-based retrieval on cloud data.In order to improve the efficiency of "test"-based retrieval in the proposed basic schema, this research proposes an optimization strategy based on symmetric encryption and one-way function. In addition. This research designs a tree-based index instead of the "test" method, and reduces the complexity of file retrieval from O(n) to O(logn), where n is the number of encrypted files having been stored in cloud server. This re-search also extends the schema to support fuzzy keyword search on encrypted data. The extension takes advantage of the functionality of "auxiliary computing" provided by the private cloud, and overcomes the disadvantage of user’s insignificant decryption in the literature about fuzzy keyword search on encrypted data.This work is applicable to the scenario where an enterprise uses a public cloud service for archived data but continues to maintain in-house storage for operational customer data.2) Reliable Storage and Retrieval on Cloud Data. To the best of the knowledge, the reliability of outsourced searchable encrypted data is inspected for the first time. We propose the STRE (STorage and REtrieval) mechanism, which utilizes the feature of distributed data storage in multi-cloud setting, and guarantees the recoverability of cloud data through redundancy coding. STRE also uses the idea of index-based search and supports keyword-based retrieval on encrypted data. In addition, compared with current literature, STRE is advanced in flexible storage strategy and partially hidden search pattern. This work is applicable to the situation of single user’s reliable storage and retrieval.3) Secure Outsourcing Cryptographic Access Control on Encrypted Data. Motivated by the low efficiency of cryptographic access control mechanism (in partic-ular, attribute-based encryption) in cloud computing (in particular, mobile cloud com-puting), we attempt to introduce outsourcing computation to reduce the load of local computation.For the first time, we propose the KP-ABE (key-policy attribute-based encryption) supporting outsourced key-issuing and decryption. Compared with the original schema (without outsourcing), our outsourced scheme reduces the load of local computation from linear growth complexity to3modular exponentiations in key-issuing and2bi-linear pairings in decryption. We also extend our basic outsourced KP-ABE schema to capture fine-grained access policy expression (i.e., access tree-based policy) and rely on weaker security assumption, respectively. We also design the CP-ABE (ciphertext-policy attribute-based encryption) sup-porting outsourced encryption and decryption. Compared with the existing work in which the same outsourcing functionality is realized, our schema relieves the depen-dency on the structure of access policy, and achieves constant efficiency (4modular exponentiations) for users in encryption. This work is applicable to the scenario of generic data sharing in multi-user setting, and can function as a building block for other controllable data sharing mechanisms.