Study Of The Key Technology Of Data Security In Cloud Environment

With the development of cloud computing, people begin to move the data from local systems to the cloud environment, to reduce cost and meet the requirement of dynamic expansion of IT resources. However, the cloud user does not have control right of the cloud system and can't prevent the cloud service provider from unauthorized accessing,leakaging data and other internal attacks. Therefore, how to ensure the data security in the cloud is the urgent problem need to be solved.This dissertation focuses on key technologies of data security in the cloud, including the data integrity verification, searchable encryption,secure data deletion and so on. The mainly work and achievements are as followings:(1) A multi-function data possession scheme is proposed. The scheme is built with the verification list ,homomorphic verifiable tag,randomization technique, public key cryptography, digital signature and other techniques. The verification list scheme, which is a firstly proposed method in this dissertation, is used to implement the dynamic data integrity verification function. The homomorphic verifiable label and randomization technology are used to realize the high efficiency of data integrity verification. The public key cryptography and digital signature mechanism are respectively used to implement the public verification and proof protection.The analysis results show that the proposed scheme satisfies the definition of provable data possession scheme under random oracle model, and has the advantages of proof anti-replay attack, proof anti-substitution attack and privacy verification. Compared with other schemes, the proposed scheme performs well in functions, security and complexity.(2) A searchable encryption scheme for data sharing is proposed. The cipher policy attribute encryption is used to solve the multi-user ciphertext query and the fine-grained access control. The attribute proxy re-encryption is used to solve the query policy update. The analysis result shows that the new scheme is selective structure security (SS-CKA)under the assumption of q-parallel BDHE. The complexity of the new scheme in terms of computation, storage and communication is linearly related to O (|S|) (|S| represents the number of attribute set elements).Compared with other schemes, the advantages of the new scheme is that it supports three abilities at the same time, including multi-user querying,fine-grained access control and access control strategy update.(3) A provable data deletion scheme is proposed. The scheme is achieved based on dynamic provable data possession mechanism. The data deletion is implemented by using the invalid data replacement and custom destruction mode and the verification of data deletion result is implemented by using the provable data possession scheme. The scheme is analyzed from correctness, security and complexity. The results show that the scheme is correctness and secure under the assumption of hash function and the large number decomposition. Compared with other schemes, the proposed scheme is excellent that it can simultaneously hold three features, including the controllable data deletion, verifiable data deletion results and the hidden data deletion operation. Furthermore, it can support both the plaintext and ciphertext storage application scenarios.(4) A data protection solution for mobile cloud storage is proposed.The solution consists of two parts protection, including client data protection and cloud data protection. The trusted computing and transparent encryption technology are used to realize the mobile platform authentication and data access control in client platform. The searchable keyword encryption mechanism is used to meet the data confidentiality and data search requirement in cloud. It also uses the security agent architecture to support the expansibility and applicability of the solution.The solution is reasonable by evaluated from the security,feasibility and expansibility. Compared with other solutions, the proposed solution is better as it enhanced the security of data both in cloud and client, and the security agent component is controlled by the users themselves, without the business model assumptions based on trusted third party proxy.