Secure Computations And Deduplication Management Over Encrypted Data In Cloud Computing

Cloud computing offers various services such as storage and computing by re-arranging various resources over the Internet.It helps cloud users release the heavy burden of computing and break the bottleneck of limited local resource to satisfy their requirements on complicated computation and storage.With the cloud computing,cloud users need to outsource their personal data and then take advantage of cloud services.However,outsourcing the data to the cloud separates the data ownership from data management,which may pose threats to user privacy and data security as the cloud,as a third party,cannot be fully trusted.To improve the social acceptance of the cloud computing,sensitive data are suggested being encrypted before being outsourced to the cloud.However,data encryption brings some new challenges to the convenience of cloud service.First,encryption affects deduplicated data storage and flexible data sharing.Traditional encryptions are single user systems,which cannot support flexible data sharing,especially for data deduplication in cloud storage.Deduplication in cloud computing improves the utilization of cloud storage space by reducing repeated data storage.But it should guarantee secure access of multiple data holders to the single copy of same files.Hence,how to achieve data deduplication management with access control becomes a key issue for cloud storage.Second,encryption limits the usability of various computations/mathematic models over the data,which seriously affects its practical use.Traditional encryptions are unable to support computation over ciphertexts,while Fully Homomorphic Encryption(FHE)is still far away from practical usage due to high computation and storage costs.Third,secure access control over the result of processed encrypted data is highly expected.Current data processing and computation over encrypted data is executed only for a single user,which is time-consuming for multi-user access.In addition,how to realize fine-grained access control over the processing result of encrypted data becomes a significant research issue,which also affects the quality and completeness of data collection.In this PhD thesis,we present a few of schemes to address the aforementioned issues caused by data encryption.Specially,the contributions of the thesis can be summarized as below:1)Regarding to the encrypted data processing and its result access,we proposed two schemes based on Partially Homomorphic Encryption(PHE).The first scheme combines the features of partial homomorphism and re-encryption and designs a new algorithm to realize homomorphic re-encryption with two-level decryption.Based on this algorithm,seven privacy-preserving operations over ciphertext are constructed,which also support secure and flexible access to the data processing result.Hence,this scheme can protect the privacy and security of data providers.However,one drawback of this scheme is that it needs to execute the whole scheme for each requester of the data processing result,which has high computation and communication costs and cannot support fine-grained access control over the data processing result.In order to solve this problem,we designed the second scheme.It takes advantage of the homomorphism of attribute-based encryption and combines it with PHE to achieve fine-grained access control over the data processing result of multiple computations.This scheme realizes seven computing operations over ciphertext and solves the problem of secure access control,which can reduce the security risk of user privacy leakage and adapt to various application scenarios,such as e-health and e-education,etc.2)We proposed two schemes to realize deduplication of encrypted data storage in cloud computing.The first scheme employs elliptic curve algorithm to check the ownership through authentication.It eliminates the upload of duplicated data and reduces the computation cost of data holders.Moreover,it keeps the hash code of original file from all attackers,which can avoid some common attacks(e.g.,brute-force dictionary attack).But this scheme needs interaction between data holders and cloud service provider.For overcoming this weakness,the second scheme applies bilinear pairing to achieve offline public proof of ownership.In addition,it solves the problem of user revocation through two-level encryption,which prevents the access to the original data by the data holder that has deleted its data in cloud storage.It supports data deduplication management when data holders are offline,which releases the computation burden of data holders and is suitable for resource-limited users.Similarly,both schemes offer the following functionalities: encrypted data update,data deletion,ownership management and valid data replication.But the main difference between the two schemes is that the second scheme can support public verifiability of ownership and user revocation.3)We designed two schemes for privacy-preserving trust evaluation as a concrete application of encrypted data processing and analysis.The two schemes are based on PHE through aggregation of trust evidence.Based on the aggregation,two effective and reliable trust evaluation algorithms were proposed by applying Rayleigh cumulative distribution function,time-decay function and mean truncation algorithm.Both comprehensively take into consideration the number and the generation time of trust evidence in trust evaluation for the purpose of resisting multiple attacks,such as bad-mouthing attack and on-off attack.Our schemes can adapt to various scenarios.In fact,this work can be regarded as a concrete use case of encrypted data processing schemes,which further proves the potential possibility of encryption in practical use.