Research On Critical Techniques Of Data Security And Control In Cloud Computing System

With the widely employment of cloud computing in the fields of business,government,national defense and military,data security has been a serious problem which is attracting more and more attentions nowadays.Considering that traditional data security mechanisms are not applicable to the open,dynamic and elastic cloud architecture,many studies have been conducted to provide secure data storage and management schemes in the cloud environment.However,with the variety of cloud service and user requirement,existing data security schemes are still faced with many challenges: complex system structure,high resource consumption,low flexibility and lack of the cipher-data processing functionality.Therefore,it's quite significant to resolve the data security threat and provide efficient data security guarantees for the cloud.This dissertation focuses on the data security and control techniques in cloud computing system.After analyzing the cloud architecture and its data security requirements,we summarize the existing security solution as well as its shortage.To address the requirements of data confidentiality,reliability,integrity and functionality in the cloud computing system,we conduct our research in the aspect of secure data storage,integrity protection,ciphertext forwarding functionality and access control schemes.Specifically,the construction of this dissertation can be summarized as follows:1.Two kinds of weakly secure regenerating code against eavesdropper are proposed.Considering that existing secure regenerating codes bring in too much loss of storage capacity,the construction method of H-WSRC codes is presented first.The H-WSRC combines the secure hash function and PM-MBR code,thus guarantees data security and reduces the random symbols that need to be mixed during the encode procedure,which can improve the secret storage capability.Furthermore,combining the “all or nothing transform”and the regenerating codes with exact repair strategy,another weakly secure regenerating code A-WSRC is introduced.This kind of code does not introduce any loss of storage capacity and achieve the optimal performance.The analysis result indicates that the weakly secure regenerating codes proposed in this dissertation can both guarantee users' data security against the eavesdropper with limited capabilities.Besides,its performance of secret storage capacity and encode/decode speed is better than other similar schemes.2.A privacy-preserving public auditing scheme for regenerating coded cloud – PARCC is proposed.PARCC scheme aims to solve the data integrity checking and fault reparation problems without the help of data owners in the regenerating coded cloud,thus it can greatly reduce the consumption of the data owner using the cloud services.Specifically,PARCC scheme allows data owners to empower the third-party auditor TPA to remotely check the data integrity and privilege a semi-trusted proxy to repair the failed coded blocks as well as authenticators.As the basis of our PARCC protocol,a novel authenticator method which is better appropriate for the regenerating code scenario is introduced firstly.This authenticator is constructed on the BLS signature and satisfies the homomorphic property,thus it can be efficiently generated by the data owner simultaneously with the encoding procedure.Moreover,a lightweight privacy-preserving method is put forward for PARCC scheme to avoid the data leakage during the data auditing and fault reparation procedure.3.A secure and efficient data forwarding scheme for cloud storage is proposed.The construction allows the data owner to directly forward the ciphertext instead of retrieve original data back first.First,a security enhance AONE algorithm and a variant of ElGamal-based proxy re-encryption scheme are designed.Combining them with the systematic-RS code,the constructed cloud can not only provide data reliability and confidentiality,but also support the ciphertext forward functionality.During the data forwarding procedure,our proposed scheme need the cloud update a small number of blocks instead of re-encrypt all of them,thus can significantly improve the efficiency and reduce the resource consumption of both the user and cloud.Besides,our data forwarding scheme also satisfies another practical property that the original data owner can no longer decrypt or access the forwarded data,thus can protect the rights and interests of the data consumer.4.A flexible and efficient attribute-based access control mechanism is proposed.Taking the traditional CP-ABE algorithm as a basis,a semi-trusted proxy is introduced into the system.During the data publish phase,the encryption procedure of ABE algorithm is split and most of the operations are delegated to the proxy,thus can greatly reduce the computation overhead of the data owner.During the access policy update phase,the overencryption and multi-secret sharing method is brought in and the cloud can independently conduct the operations of the second-key re-selection and ciphertext update,thus avoid the data owner implementing the ABE decryption and data retrieval.Theoretical and experimental analysis shows that,the proposed scheme can guarantee secure and effective access control to the data,and significantly improve the data owner's overhead for data publish and privilege management.Besides,the optimization is more effective while the access structure grows larger,so our proposed scheme is appropriate for the cloud computing system which is faced with large number of users,complex access structure and frequent policy update scenario.Above research is conducted based on the analysis of the requirement of data security in cloud computing systems and aims to resolve the problem that existing solutions is not satisfactory in their efficiency and practicability.The constructions given in this dissertation provide efficient and flexible secure data storage,integrity protection,directly ciphertext forwarding and fine-grant access control etc..We believe that these mechanisms will promote the development of security assurance techniques for cloud data,and are of great significance to accelerate the utilization of the cloud computing.