The Research On Privacy Protection For Outsourced Data In Cloud Computing

Cloud Computing has evolved to be a fundamental technology for modern IT infrastructure.While using cloud computing services,the users have outsourced large amounts of sensitive data to the cloud platforms.However,the cloud service providers are not fully trustable for the users and there also exist certain malicious adversaries in cloud systems which inherently have security vulnerabilities.In such a case,the outsourced cloud data is under serious privacy threatens.Hence,privacy protection for cloud data turns to be a great security challenge for the development of cloud services.Due to the outsourcing model of computing and storage,data of cloud users is directly under the control of untrustable cloud service providers,for which the traditional security technologies of platform consolidation or data concealing are no longer able to provide reliable privacy protection for cloud data.In this paper,we refer to the data encryption technology and give thorough analysis on the privacy concerns in different life-cycle phases of cloud data.Then we conduct our research mainly focusing on three aspects,i.e.,secure data access control,secure data search,and secure outsourcing of data computing.The main contributions of our work can be summarized as follows:To protect data privacy for access control in cloud,we proposed an unlinkable and fine-grained cross-cloud access control scheme which is called PCAC.PCAC simultaneously realizes three kinds of security properties: semantically indistinguishable user credentials,hidden access control policies and unlinkable data access sessions,while maintaining fine-grained access control policies with general logical structure.Compared with existing solutions,PCAC can not only protect the sensitive user attributes and access control policies,but also effectively resist the statistical analysis and linkability attack against untrusted malicious entities.Thus it can provide more comprehensive privacy protection for cloud data access control.Moreover,compared to most cryptography-based solutions,PCAC conducts the processing of user authentication in a cloud-dominated manner,which greatly reduces the computation and communication burden in the user side.To improve the search functionalities of existing searchable encryption schemes,we proposed a novel searchable encryption scheme that supports advance data search function.Our scheme first achieves Generalized Pattern-matching Search on Encrypted cloud data(GPSE).GPSE allows the users to specify different matching rules with basic wildcards and conduct more complex and targeted data search on encrypted cloud data.Specifically,GPSE follows the principle of decoupling matching rules from underlying cryptographic algorithms and realizes different kinds of matching rules under a unified data encryption mechanism.Extensive experiments demonstrate that GPSE achieves high search efficiency and high search accuracy.Formal security analysis proves that GPSE is secure under known-plaintext attack model.To solve the problem that existing solutions for secure computing outsourcing can not effectively commodate complex string processing,we proposed a scheme that achieves secure outsourcing of string pattern matching(SOPM).SOPM can compare the encrypted string patterns with encrypted target strings under generalized pattern matching rules,and return the exact frequency and position of the appearance of the string pattern in the target strings.SOPM realizes outsourced computing of complex string process while protecting data privacy.The contribution of SOPM is that it first achieves exact and fine-grained generalized pattern matching upon encrypted string data.Security analysis proves that SOPM is CCA-secure and it can effectively hide the statistical features of encrypted characters and a portion of the input and output patterns.