Research On Data Security And Sharing Scheme For Cloud Storage

The rapid development of cloud storage accelerates the sharing and use of information,providing users with efficient,convenient and real-time data storage services.However,because cloud service providers are not completely trusted,this poses great challenges to users' data security and privacy protection.This thesis mainly studies the storage security,sharing security and integrity of data in cloud storage,and combines cryptography to effectively solve the problem of how to ensure the confidentiality and integrity of user data while achieving secure and efficient access.The research work of this thesis mainly includes the following contents:1.In the existing identity-based encryption(IBE)data sharing schemes,the private keys of all users are completely transparent to the private key generator(PKG)and the computational complexity is high.To solve the problem,by combining IBE and splitting the private key method,an efficient identity-based proxy re-encryption scheme is proposed to implement a secure data sharing mechanism.In the scheme,PKG only generates partial keys for the user,which ensures the user's data confidentiality and privacy.It is provably secure under the decisional bilinear Diffie-Hellman(DBDH)assumption in the random oracle model.In addition,the scheme can resist collusion attacks and support user revocation.Compared with existing schemes,it has lower computational complexity.2.Most of existing identity-based proxy re-encryption schemes do not support revocation and the computational complexity is too high.To solve the problem,we combine the properties of constrained pseudo-random functions(PRFs)and key homomorphic PRFs to construct a secure and efficient proxy re-encryption scheme.In the scheme,the data owner authenticates the requesters and distributes the decryption keys by an identity-based key exchange protocol.Meanwhile,a proxy re-encryption scheme is used to achieve data sharing and ciphertext update.The scheme implements secure fine-grained access control and guarantees confidentiality of shared keys and resists collusion attacks.In addition,compared with some existing schemes,it has lower computational complexity and communication cost.3.In the traditional ciphertext-policy attribute-based encryption(CP-ABE)scheme,a trusted central authority is employed to manage attributes and distribute keys.To solve the problem that the central authority has a large workload and is vulnerable to attack,a secure revocable multi-authority ciphertext policy attribute encryption(MA-CP-ABE)access control scheme is proposed,in which the requester can decrypt the ciphertext with only a small amount of computation.It is also proved that the proposed MA-CP-ABE scheme can prevent static corruption of authorities in the standard model under the decisional q-parallel bilinear DiffieHellman exponent assumption.Theoretical analysis and experimental simulation results show that our scheme has lower communication cost and lower computational complexity than some existing schemes.4.To solve the problem that the existing data integrity auditing scheme has high computational complexity in the tags generation phase and does not support dynamic data operations,a trusted proxy server and a new authentication structure are introduced,and a secure and efficient dynamic integrity auditing scheme is proposed.The scheme combines Merkle hash tree and B* tree to give a new authentication structure MHB*T,which improves data retrieval efficiency and supports dynamic operation.It is secure against forge attacks under the assumptions of the discrete logarithm problem and the computational Diffie-Hellman problem in bilinear groups in the random oracle model.Theoretical analysis and experiment results show that the proposed scheme is provably secure and has low communication cost and computational complexity,and is suitable for mobile users with limited resources.