Research On Key Technology Of Information Security In Management-type SaaS

Software as a service (SaaS) is an application model which is regarded as a new hostedservice that springs up in the21st century. Software is deployed as a hosted service and tenantaccessed over the Internet. Because the ownership is separated from both usufruct ofapplication and maintenance of data, the problem of sensitive information security becomeone of the core constraints of SaaS.In order to protect tenant’s sensitive information security, accordance with the problemsthat it increased the system complexity, rose tenants’ costs, lowed the computationalefficiency of ciphertext, and lacked of secure information sharing scheme, based on the basictheories of cryptography and information security, they were researched to protect tenant’ssensitive text-information security of the single granularity and multi-granularity, thenumerical information of the real field in single tenant and share information between twotenants through the service provider (SP). The main researchs and results are as follows:(1) Based on hierarchical ideology, non-credible private key generator (PKG) hierarchialidentity-based signature (IBS) for single and batch validation were improved. It is shown bysafety analysis that they are resistant to the existential forgery under an adaptivelychosen-message attack.(2) For the secturity problems of the single granularity text-information, based on thenon-credible PKG hierarchial IBS for single and batch validation, the scheme of non-crediblePKG Hierarchial IBS for single and batch validation was proposed. It is shown by safetyanalysis that it has the confidentiality of sensitive information, and the feasibility of privatekey generated and delivered, and the privacy of user’s private key, the integrity and thenon-repudiation of sensitive information.(3) Aiming at the secturity problems of the multi-granularity text-information, based onboth hierarchial CES-CommitVector and universal designated multi-verifiers signature, thenon-credible PKG scheme of both hierarchial IBS CES-CommitVector and hierarchialdesignated multi-verifiers IBS CES-CommitVector were proposed. It is shown by safetyanalysis that both of the content extaction singnatures are correct, and equivalent to signaturethat signer sign the extraction subdocuments directly, user’s privator keys are privacy when PKG between SP and tenant are not collusion, they have CES’s privacy and unforgeability.(4) After four properties of Josep Domingo’s privacy homomorphism (PH) were prove, aPH in real field was constructed. It is shown by example and safety analysis that it candirectly run the arithmetic operations including addition, subtraction, multiplication anddivision on encrypted data in real field, be against the known-plaintext attack, and be sure tothe confidentiality and privacy of the numerical sensitive information. Comparing to JosepDomingo’s PH, it is not has the risk of leakage of magnitude, overcomes the problem that thedifferent denominator of the encrypted data can not be directly perform homomorphiccomputing, and saves the storage space.(5) Based on the ideology of information sharing across private databases, theinformation sharing scheme of both intersection and intersection size were proposed, whichcould fairly share the attributesof intersection and intersection size of private encryptedrelational database between two tenants by un-creditible SP. It is shown by the completenessand security proven that they are safty in the semi-honest model, and meet the minimalnecessary information sharing. It is shown by the efficiency analysis that the costs ofcomputation and communication are40.00%and4.00%of two-party secure computation,25.00%and66.67%of those in utilizing the fair sharing information by AGRAWAL’sprotocol.(6) Based on the ideology of information sharing across private databases, theinformation sharing scheme of both equijoin and equijoin size were proposed, which canfairly share the tuples of equijoin and equijoin size of private encrypted relational databasebetween two tenants by un-creditible SP. It is shown by the completeness and security proventhat they are safty in the semi-honest model, meet the minimal necessary information sharing.It is shown by the efficiency analysis that the equijoin schme’s cost of computation andcommunication are57.14%and75.00%, of those in utilizing the fair sharing information byRakesh’s protocol, the equijoin size schme’s cost of computation and communication are4×104Ceand4×107.(7) An information security testing and application SaaS platform of beef production wasconstructed. It is shown by test and analysis that All of tenant’s sensitive text-informationsecurity of single granularity and multi-granularity, the numerical information of the real fieldin single tenant and share information between two tenants through SP are feasible.