Research On Data Integrity Checking For Cloud Storage

With the rapid development of information technology,the data captured by vari-ous fields are growing explosively.It means that the demand of people for storage space is increasing.However,it is difficult for user or organization to store the massive data in local since they have the limited storage resources.As a result,the cloud storage service emerges and is widely used by people.With cloud storage services,users can migrate their local data to the cloud.It greatly relieves the burden of local storage and reduces the cost of data management for users.Nevertheless,the data stored in the cloud might be corrupted or lost due to the system vulnerability and hardware/software failures in the cloud.To maintain the reputation,the cloud service providers always hide the fact that data is corrupted or lost.Therefore,how to establish a mechanism that can help users securely and efficiently verify the integrity of data stored in the cloud has become a hot in the research field of cloud computing data security.This dissertation tries to solve four problems in the cloud storage data integrity checking,including the privacy of shared data,the security of the user's private key,the revocation of the proxy and the reduction of data redundancy.Specifically,the main contributions are as follows(1)Identity-based shared data integrity checking scheme with sensitive informa-tion hiding.In cloud storage system,the shared files stored in the cloud might contain some sensitive information.If these files are directly uploaded to the cloud to be shared and used by others,the sensitive information in the files will be inevitably exposed to the cloud and others.Encrypting the whole shared file can realize the sensitive information hiding.However,it will make this shared file unable to be used by others.To solve this problem,we propose an identity-based shared data integrity checking scheme with sensitive information hiding In this scheme,a sanitizer is used to sanitize the data blocks corresponding to the sensitive information of the file and implements an efficient transformation of the authenticators.Generally,the sanitizer uses the wildcards to replace the contents of data blocks corresponding to sensitive information.It makes the file stored in the cloud able to be shared and used by others on the condition that sensitive information is not exposed.Meanwhile,the sanitizer does not need to interact with user when transforming the authenticators.It makes the cloud s-torage data integrity checking still able to be efficiently executed.Besides,the proposed scheme is based on identity-based cryptography,which simplifies the complex certificate management.The secure analysis and the performance eval-uation show that the proposed scheme is secure and efficient.(2)Cloud storage data integrity checking scheme without user's private key s-torage.In most,if not all,of the existing cloud storage data integrity checking schemes,a user needs to employ his private key to generate the data authentica-tors for verifying the integrity of data.Thus,the user has to possess a hardware token(e.g.USB token,smart card)to store his private key.If this hardware token is lost or broken,the data integrity checking would be unable to work.To over-come this problem,we construct a cloud storage data integrity checking scheme without user's private key storage.In order to avoid using the hardware token to store the user's private key,we use biometric data(e.g.iris scan,fingerprint)as the user's fuzzy private key.Meanwhile,we utilize a linear sketch with coding and error correction processes to confirm the identity of the user.In addition,to make the cloud storage data integrity checking perform as usual,we design a new signature scheme which is compatible with the linear sketch and supports block-less verifiability based on the idea of fuzzy signature.The security proof and the performance analysis show that the proposed scheme achieves desirable security and efficiency.(3)Lightweight identity-based cloud storage data integrity checking scheme sup-porting proxy update and workload-based payment.In the lightweight cloud storage data integrity checking schemes introducing the proxy,the proxy might be revoked or the proxy's warrant might expire.However,this problem is not consid-ered in existing lightweight data integrity checking schemes.It makes the revoked proxy or the proxy with expired warrant still able to process data on behalf of the user.To address this problem,we design a lightweight identity-based cloud stor-age data integrity checking scheme supporting proxy update and workload-based payment.In this scheme,we introduce a proxy to help user generate the data authenticators for verifying the integrity of data,which releases the computation burden of user.Meanwhile,the user issues a warrant with a valid time period to the proxy.It makes the revoked proxy or the proxy with expired warrant unable to process data on behalf of the user any more.Nevertheless,the authenticators generated by the revoked proxy or the proxy with expired warrant can still be used to verify data integrity.Furthermore,we design an effective mechanism for paying the proxy,which realizes the payment based on workload.The security proof and the performance analysis indicate that the proposed scheme is secure and efficient.(4)Cloud storage data integrity checking scheme with deduplication support-ing strong privacy protection.In all of the existing cloud storage data integrity checking schemes with deduplication,the adversary can extract the useful infor-mation of the file by launching the offline brute-force dictionary attacks when the file is predictable or from a small space.It incurs the leakage of user privacy.In order to deal with this problem,we propose a cloud storage data integrity check-ing scheme with deduplication supporting strong privacy protection.To protect the privacy of user,we design a novel method to generate the file index for du-plicate check,and use a new strategy to generate the key for file encryption.To improve the storage efficiency of the cloud,the users possessing the same file will produce the same ciphertext and the same authenticators.It means that the deduplication over ciphertexts and authenticators is feasible on the cloud side.Furthermore,the user only needs to perform lightweight computation to gener-ate data authenticators,verify cloud data integrity,and retrieve the file from the cloud.To show the security and efficiency of the proposed scheme,we give the security analysis and the performance evaluation results.