Research On Data Security And Digital Rights Management In Cloud Computing

Cloud computing provides a large number of computational resources such as hardware and software as a service to users, and is becoming one of the most important trends in IT technology. In cloud computing, the users can host data to cloud servers, and due to the cloud service transparency, the authorized users can access the data stored in cloud server through the network. However, the semi-trusted cloud computing platform brings serious data security and user privacy issues.Encryption technology is an effective method to solve the problem of data security, but the traditional encryption technologies have difficulty in efficient key management and access control. The attribute based encryption (ABE) describes the user’s identity with a set of attributes, and introduces access policy based on public key encryption, which can be used to protect the data security and achieve fine-grained access control in cloud computing. In recent years, ABE is widely researched, however, there are still many issues to be resolved, including key escrow, decryption efficiency and attribute revocation. In addition, the research of multiparty access control of encrypted data is just beginning. For instance, multiple users may enforce different access policies to the same data in online social networks. It is also an important direction of data security in cloud computing. Although data encryption can protect data security, it brings the problem of ciphertext retrieval. Comparing with searchable symmetric encryption and public key encryption with keyword search, the multi-user ciphertext retrieval meets the need of large-scale data sharing and retrieval in cloud computing, which will promote the wide application of data sharing in cloud computing. Digital rights management (DRM) is an important application of data security protection. It aims to protect the legal copyright of content providers and ensure the fair usage of digital contents through a series of security technologies. DRM in cloud computing allows content providers to outsource encrypted contents to the cloud servers, and provides content consumption and license acquisition services to users. In the semi-trusted cloud computing platform, the content key protection and user privacy protection have become the research hotspot.This paper aims to study the technology of data security and DRM in cloud computing, involves data encryption, access control, ciphertext retrieval, and privacy protection. These include:secure data sharing based on ABE and attribute based signature (ABS), multiparty access control based on attribute based proxy re-encryption (ABPRE), data retrieval based on attribute based searchable encryption (ABSE), and DRM for content sharing and privacy protection. We briefly summarize the main innovation work as follows:(1) A secure and efficient data sharing scheme based on ABE is proposed. The proposed scheme generates the users’attribute secret key based on additively homomorphic encryption, which solves the key escrow problem. Moreover, the proposed scheme supports partial decryption by the key server, which reduces the computation cost on users, and also achieves efficient and immediate attribute revocation based on proxy re-encryption (PRE). In order to prevent the data stored in the cloud from malicious tampering, a secure data sharing scheme with anonymous authentication based on ABS is proposed. The data owner defines the claim policy when outsourcing encrypted data, and the cloud service provider (CSP) will check the signature of user’s data modification request, thus only the user whose attributes satisfy the claim policy can be allowed to modify the data, which protects the integrity of data in cloud server. The ABS algorithm in the proposed scheme delegates most of the signing computations to CSP, which significantly educes the computation cost on the users, and also protects user privacy obfuscating the attributes of user and access policy.(2) For the access control in cloud computing, a novel multiparty access control scheme based on ABPRE is first proposed. The data owner specifies the initial access policy when outsourcing encrypted data, and the data disseminator can customize new access policy based on PRE. Thus only the user who satisfies the access policies defined by the data owner and data disseminator can decrypt the ciphertext. Comparing with the existing multiparty access control schemes based on access control list, the proposed scheme not only protects data security, but also achieves fine-grained access control. On the basis of the proposed scheme, a multi-owner access control scheme based on identity based broadcast encryption is proposed. The data owner defines a co-owner set when outsourcing ciphertext, thus the users in the co-owner set can update the access policy of the ciphertext according to their privacy concerns. The proposed scheme allows data owner, data co-owner and data disseminator to customize access policies of data, which is suitable for the applications such as online social networks in cloud computing.(3) On the basis of multiparty access control, a secure data retrieval scheme based on verifiable ABSE is proposed. First, the data retriever sends the search token with keywords to the CSP. Then, the CSP checks whether the attributes in the token satisfy the access policy in the ciphertext, and returns the result to the data retriever. The data retriever verifies the correctness of result before decrypting. In addition, the proposed scheme allows data owner to outsource encrypted data anonymously, and data retriever to generate retrieval request with scrambled attributes, which protects the privacy of data owner and data retriever. Comparing with the existing ciphertext retrieval algorithm, our scheme partially decrypts the retrieved ciphertext and reduces the computation on the data retriever.(4) In order to meet the needs of secure content sharing and reasonable authorization, a DRM scheme in cloud computing based on PRE is first proposed. The license server generates the content encryption key with the key server based on PRE and additively homomorphic encryption, and finally distributes it to the user securely, which ensures the security of content. In addition, the proposed scheme allows users to acquire license anonymously from CSP and license server. In order to achieve fine-grained access control, a DRM scheme in cloud computing based on ABE is proposed. The proposed scheme allows the content provider to encrypt content with access policy. Therefore, only the user whose attributes satisfy the access policy and has valid license can recover the content encryption key. Comparing with other DRM schemes in cloud computing, the proposed scheme allows content provider to control that the outsourced contents are only shared by certain users, and also prevents CSP, license server and key server from collecting the user’s private information.