Security In Cloud Computing With Multi-User Data Sharing

Cloud computing has become one of the most important trends in information technology. Especially for enterprises with limited budgets, they can achieve cost savings and flexibility by outsourcing data and services to the cloud. However, most of the enterprises choose to outsource only the data and services that are unrelated to the business to the cloud. The main reason is that they worry about their sensitive data will be leaked by the cloud service provider (CSP).This thesis designs secure protocols and secure schemes for the multi-user sharing cloud computing services environment. As a typical application, an enterprise outsources its data to a cloud, and authorizes its staffs to access the data. We consider the CSP as a potential attacker. The security problems exist in such an environment can be classified into the following types:(1) Data security. There is a need to ensure that only the authorized data users can access the data that concerns about corporate secrets.(2) User revocation. There is a need to revoke the right of accessing data from a staff that has left the enterprise.(3) User search privacy. There is a need to protect the search privacy for the data users when they are querying data from the cloud.First of all, for data security exising researches suggest to outsource only encrypted data to the cloud. In this way, only the entities with decryption keys can decrypt the ciphertext. However, existing encryption schemes are inefficient to achieve fine-grained access control over the ciphertexts. Second, since the data stored in the cloud is in the encrypted form, the data owner should re-encrypt the ciphertexts and distribute new decryption keys to the remaindering users, once a user is revoked. When user revocations are frequent, there is a burden on the data owner. Third, the data stored in the cloud can be classified into two types:public data and private data. Searchable encryption (SE) scheme can be used to protect user privacy while querying the private data. Private search on streaming data (PSSD) protocol can be used to protect user privacy while querying the public data. However, existing secure schemes and secure protocols, which incur high computation cost and communication cost at either the client or the cloud, go against the original intention of cost effectiveness and cannot satisfy user requirements of retrieving data anytime and anywhere. Based on the above analyses, the main contributions of this thesis are as follows:1. A hierarchical attribute-based encryption (HABE) scheme is proposed. The HABE scheme, which identifies each user with an exact ID and a set of attributes, can efficiently achieve fine-grained access constrol and generate secret keys in a hierarchical way. Therefore, the HABE scheme is more suitable for the multi-user sharing cloud computing services environment.2. A time-based proxy re-encryption (TimePRE) scheme is proposed. The TimePRE scheme allows the CSP to automatically re-encrypt the ciphertext based on the time. Therefore, a user can be revoked without the help of the data owner.3. An efficient searchable encryption (ESE) scheme is proposed. The ESE scheme allows the CSP to involve in the process of decryption to generate an intermediate result of the decryption without knowing the content of data. Therefore, the decryption cost incurred on the client can be largely reduced.4. A cooperative private search (COPS) protocol is proposed. The COPS protocol introduces a middleware between the users and the CSP, wihch allows multiple users to combine their queries to reduce the computation costs incurred on the CSP while providing the same level of privacy as the PSSD protocols.5. An efficient information retrieval for ranked queries (EIRQ) protocol is proposed. The EIRQ protocol allows the CSP to provide a ranked query service, where the users can retrieve only certain percentage of matched files on demand.The research results of this thesis will create a new situation for the study in multi-user secure data sharing in cloud computing, and to promote deeply academic discussions and broadly practical applications in the research area of cloud computing security.