Data Protection And Secure Sharing For Cloud Storage

Currently,the data security problem is still the primary factor that restricts the further development of cloud storage market.It is well known that data for public cloud are transferred over the open Internet and stored in the servers of semi-trusted cloud service providers,which makes a great challenge for data secrecy and integrity protection as well as data sharing on cloud storage.In this paper,some basic knowledges and theories related with cloud storage security are introduced,basic knowledges about elliptic curve and hardness problem are summarized,and the formal definition and theoretical model of security protocols are discussed firstly.Then,two-factor authentication methods for public cloud are studied,and the characteristics of USB Token based authentication are discussed while introducing the detailed authentication protocols using DLP and ECDLP,and how to achieve user anonymity with random number related algorithms are introduced as well.Next,dynamic provable data possession technologies are studied,and the characteristics of multi-replica cloud storage are discussed while introducing the design of identity-based provable data possession scheme,and how to improve the efficiency with homomorphism mapping is described at the meanwhile.Lastly,data sharing methods for cloud storage are studied,and the characteristics of encrypted data sharing are discussed while introducing the design of dynamic data sharing scheme which takes advantage of bilinear pairing,and how to improve the sharing efficiency with homomorphism mapping technology is introduced too.The main innovation points of this paper are listed in the following.(1)In view of the opening environment of public cloud storage,two two-way identity authentication protocols based on the security theory of DLP and ECDLP are designed,which take USB Token and password as two authentication factors,and make use of pseudorandom permutation functions.The protocol are not only free of password verification table and clock synchronization,but also achieves user anonymity as well.(2)In view of the user demands for multi-replica on cloud storage,a multi-replica provable data possession scheme using skip list,random mask and homomorphism tags is designed.The scheme takes identity-based cryptosystem as its security theory foundation,and achieves the features of dynamic data updating and public verification.(3)According to the loose organization features of users in the public cloud storage,a secure encrypted data sharing scheme based on one-way trapdoor function and identity-based cryptosystem is designed.The scheme enables users to take part in or withdraw from the sharing group dynamically by combining broadcast encryption skill and proxy re-encryption skill together.Finally,an open cloud storage platform which takes advantages of all of the three innovations mentioned above is developed based on the openstack IaaS service,which proves the feasibility and effectiveness of all the cloud storage security theories proposed in this paper.