Research On Key Techniques Of Secure Access To Outsourced Data In Cloud Environment

Cloud computing extends users' abilities to employ IT resources from local to the cloud.Based on cloud computing,the applications,which are resources limited and thus could not be achieved in the past,can be realized right now.Cloud computing can solve the supply and maintenance of large-scale IT resources problems better.However,since users' data are stored in the cloud servers,they cannot manage and maintain the data without the help of the cloud server,thus,they lose control on the outsourced data.In recent years,data leakage issues and the distrust of the cloud server make the security of the outsourced data be the most worrying problem of users.The number of users and data in cloud environment are both large,therefore,the process of data access become more complicate.Meanwhile,it is hard to guarantee the security protection in such scenario.Secure data access in cloud can be divided into two categories: secure data access against external adversary and internal adversary.Secure data access against external adversary mainly refers to a user who is not authorized to access the data.It mainly takes advantage of the authentication and key agreement protocol.Secure data access against internal adversary mainly refers to the cloud server who is not fully trusted.It consists of the confidentiality and the integrity of the data.Encrypting algorithms can be used to protect the confidentiality of the data,however,it makes the ciphertext search to be a necessary link of data access.The integrity of the data can be verified by the provable data possession scheme.So the authentication and key agreement,the ciphertext search and the verification of the data integrity are three important dimensions of secure data access in the cloud environment.These three technologies constitute the key links of the secure data access in the cloud environment.This dissertation is based on the theory of the provably security and takes advantage of cryptography algorithms and tools,we study three main parts of the secure data access in the cloud environment.Our works are as follows:(1)Research on authentication,key agreement between users and cloud servers in cloud environment.To solve the security problems of authentication protocols in the cloud environment,a new 3-layer mutual authentication protocol is proposed,which makes the first step of data access be secure.The authentication and key agreement in this protocol use the password and smart card.The cloud service provider does not store the password of the user,so it avoids the threat when the password is released.Meanwhile,the proposed scheme supports online password updating,perfect forward security and conditional backward security.Based on elliptic curve Diffie-Hellman problem,the security proof of the scheme is given in the random oracle model.Overall consideration of security and efficiency,the proposed scheme has good performance in the existing 3-layer mutual authentication protocols in cloud environment.(2)Research on ciphertext search algorithms.For the problem of low efficiency in the server side in existing ciphertext search schemes when searching keywords of encrypted outsourced data,a common construction of public-key encryption with multi-keyword search(PEMKS)scheme is proposed.Firstly,by using the properties of Lagrange polynomials,a multivariate inverse mapping is designed.Then,based on the multivariate mutual inverse mapping,specific steps of the common construction are given.It can transform one keyword matching into multi-keyword matching in cloud server.This makes the efficiency of the ciphertext search be substantial increased.To illustrate the safety and effectiveness of the proposed construction,a PEMKS scheme is proposed in the standard model.Security analysis shows that the PEMKS scheme constructed by this method can inherit the security of the original PEKS scheme.The performance analysis shows that only one bilinear pairing is used to accomplish the matching determination of multiple keywords can be done.(3)Research on the remote data integrity verification mechanism in cloud environment.For the security problems caused by the existing provable data possession schemes,the schemes do not limit the authority of verifiers,a provable data possession scheme with authentication is proposed.The possession proof of the cloud data is realized by using the digital signature and reusing of the random number.Meanwhile,the mutual authentication between the user and cloud server is also realized in the same process.The new scheme limits the identity of the verifiers.Only the authorized verifier can verify the integrity of the data stored in the cloud which avoids leaking the privacy of the user in the verification process.In the random oracle model,the security proof of the proposed scheme is given under the computational Diffie-Hellman assumption.The computation cost of the user is low in the proposed scheme,so it can meet the performance requirement of lightweight terminals.