Research On The Key Technologies Of Data Security In Cloud Storage

Cloud computing is the development and application of concepts such as parallel comput-ing,distributed computing,grid computing.It is an evolution and rise of the concepts such as infrastructure-as-a-service,platform-as-a-service and software-as-a-service,which real-izes the long-term dream that "computing as an infrastructure".However,unlike traditional computing and storage model,cloud computing network model requires cloud users to out-source their sensitive data to remote cloud storage servers.Without the physical control of their data,data processing and applications of users will rely on the security and efficiency of the adopted access control mechanisms and outsourcing computation mechanisms.Thus,besides the provided efficiency and flexibility advantages to cloud users,cloud computing also faces many security challenges.Among these challenges,the storage security of data outsourcing is one of the important problems to be solved.This thesis focuses on the research about the key cryptography technology of data outsourc ing security around the cloud computing area.It mainly focuses on efficient and dynamic cloud data integrity auditing,cloud data localization technology,secure data deduplication and secure data deletion technology and so on.1 In cloud storage auditing research,publicly verifiable data auditing scheme that sup-ports group user data update is presented in this thesis.The proposed scheme com-bines vector commitment,asymmetric group key negotiation and the group signature cryptographic technology to achieve security audit function of users' data.Mean-while,it also offers several new features,including traceability,countability and user revocability and so on.What's more,our program is among the first to figure out and solve the problem of supporting dynamic ciphertext audit for the user group.From the theoretical point of view,we further conduct security and performance analysis of the proposed scheme,which proves the scheme proposed in our thesis is secure.Further performance simulation analysis shows that our program satisfies practice re-quirements,and its computing and storage overhead is highly efficient.2 In the secure cloud data localization research,to solve the problem of data re-outsourcing,we propose data outsourcing model of cooperation to profit between cloud service providers,and design corresponding challenge/response method to prevent the cloud provider from re-outsourcing usersdata.This scheme combines cryptographically se-cure provable data possession scheme,security signature scheme and data interactive space-time delay constraints,which can effectively prevent the cloud service provider from re-outsourcing users' data to other cloud service provider.Our scheme,with-out downloading users' file data,is able to perform verification on data outsourcing malicious activities for cloud storage server.Moreover,it overcomes the drawbacks of using the server to perform server localization,which can effectively ensure the security of our scheme by utilizing collusion restriction between service providers,data integrity auditing programs,and communication,computing and storage restric-tions.The detection probability and the homomorphic operations over tags determine the high efficiency of our program,which also ensure our program in response to the massive data validation extracts only a small proportion of the data sample to achieve a higher probability.3 In secure cloud data deduplication,the computing cost on data duplication validation of the existing scheme based on random tags is linear with the number of data items.In response to this problem,we propose an efficient decision-tree-based data dedupli-cation solution.It reduces the computational overhead on data duplication validation from linear stage to logarithmic level.It greatly reduces the computational overhead of Abadi et al.' scheme.The performance advantage is obvious when our scheme is ap-plied to vast amounts of data deduplication.The schemes based on static and dynamic decision tree are designed in our scheme,where the latter can effectively perform data insertion and deletion operations in the cloud platform.Particularly,when operating massive data deduplication,our solutions achieve notable high efficiency in terms of computational overhead.Finally,we conduct security and efficiency analysis on the above schemes.Further realization and experiment analysis of schemes shows that,the practical computation of our schemes agree well with the theoretical analysis on data duplication validation,and the computational overhead can be reduced from the linear level to the logarithmic level.4 In secure data deletion of cloud data,we propose secure data deletion solution under the circumstances with cross-user data deduplication.Our solution realizes secure user data deletion by utilizing method based on secure deduplication encryption,which also supports secure and efficient operation on data update,including data insertion,deletion and modification and so on.Security and performance analysis demonstrate that,our solution can effectively support secure and efficient deletion operation on duplication data.The technical support on dynamical data in this solution can be effectively applied to version control procedure when data are frequently updated.At present,cloud computing has attracted a common academia and industry attention.S-tudying the key technologies on cloud storage security is of great significance for the pro-motion of cloud computing with healthy,rapid and long-term development.Therefore,the proposed solutions to cloud storage security in this thesis not only have important theoretical significance,but also have great application prospects and practical value.