Research On Key Techniques For Secure Cloud Data Sharing And Processing

Along with the development of cloud computing/big data,more and more enterprises and persons outsource their data to the cloud.If the outsourced data stored in the remote server remains as plaintext,and the cloud storage server is only thought to be semi-trusted,it can leak the data to the malicious adversaries.A common way to protect the data privacy is first encrypting the data and then outsourcing them to the cloud,however this will result making use of the outsourced data being inconvenient.In this paper,we mainly focus on secure cloud data sharing and processing.Secure cloud data sharing refers that,after someone outsourcing his encrypted data to the cloud,how to secure share the data to other ones without leaking the cloud data to the malicious cloud servers and users.Secure cloud data processing refers to how to secure store and analysis the outsourced data.When outsourcing the encrypted data to the cloud,the adversaries can launch the chosen ciphertext attack,thus it is important to choose a CCA-secure encryption scheme for cloud storage.Fully homormorphic encryption(FHE)is suited for secure data processing on the outsourced data,but there are not many ways to construct FHE until now,we try to give a new way to construct FHE and apply it in the cloud data processing field.Concretely,our contribution can be summarized as following:1.Currently almost all the encryption schemes for outsourcing data can only be chosen plaintext secure,which is not enough for most applications,so we try to design new compact CCA-secure encryption schemes which are suited for cloud storage.Concretely,we propose two CCA-secure El Gamal schemes.The first one,which is a PKE scheme proved secure in the random oracle based on the CDH assumption,has almost no additional overhead compared with the traditional IND-CPA secure El Gamal scheme,except one additional modular exponentiation for the decryption.The second scheme,which is a KEM scheme proved secure in the standard model based on a new non-interactive assumption,has only two group elements.We also generalize our technique to several existing well-known CCA secure KEMs,including the BMW KEM and the HK KEM,and show that our new schemes are even more efficient than these well-known schemes.Finally,we propose a new framework for efficient and secure data outsourcing to the Cloud based on our new schemes.2.Currently E-health cloud systems are more and more widely employed,but the security of these systems need more consideration for protection of sensitive health infor-mation of patients,especially on how to secure sharing E-health information among doctors and patients.In this paper,we describe several identity related cryptographic techniques for securing E-health system,which include new IBE schemes,new identity based proxy re-encryption(IBPRE)schemes.We also prove these schemes' security and give the performance analysis,the results show our IBPRE scheme is especially high efficient for re-encryption,which can be used to achieve cost-effective cloud usage.3.Currently almost all the proxy re-encryption schemes can not easily achieve the nontransferable property and support message-level based fine-grained delegation,and these two properties are important for secure cloud data sharing.Thus we introduce a new cryptographic primitive: PRE~+ ,which can be seen as the dual of traditional proxy re-encryption(PRE)primitive.All the traditional PRE schemes until now require the delegator(or the delegator and the delegatee cooperatively)to generate the reencryption keys.We observe that this is not the only way to generate the re-encryption keys,the encrypter also has the ability to generate re-encryption keys.Based on this observation,we construct a new PRE~+ scheme,which is almost the same as the traditional PRE except the re-encryption keys generated by the encrypter.We also roughly evaluate our PRE~+ scheme's performance,the results show our scheme is efficient and practical.Finally we proposed a scalable and controllable framework Scanf based on PRE~+ for cloud storage sharing service.4.Currently there are known only a few ways to construct a fully homomorphic encryption.In this paper,we propose a novel way to construct fully homomorphic encryption,namely by using garbled circuits.Concretely,we first define a new cryptographic primitive named reusable garbled gate which comes from the area of garbled circuits,then based on this new primitive we show that it is very easy to construct fully homomorphic encryption.However,the instantiation of reusable garbled gates seems to be difficult,in fact,we can only instantiate this new primitive based on indistinguishable obfuscation(i O),which until now has no efficient realization,this is sharply contrasted with the very fast garbled circuits developed at present.Furthermore,reusable garbled gates can be a core component for constructing the reusable garbled circuits,which can reduce the communication complexity sharply,while reducing the communication complexity is a central goal for modern research on garbled circuits.We believe that reusable garbled gates and/or their variants can be realized efficiently in the future, and thus promise a new way to provide fast fully homomorphic encryption.