Research On Data Encryption And Desensitization Technology For Cloud

Cloud computing have become essential infrastructure for enterprises and individuals.However,data security incidents on cloud computing have occurred frequently,which can cause enormous economic losses and social impacts.Ex-isting methods encrypt sensitive data and then transmit them to the cloud.Thus,the cloud provider can only see the ciphertext and the data control is completely in the hands of users.This brings new technical challenges.First,data encryp-tion and cloud service function preservation are often contradictory.Second,as numerous cloud services have different data formats and data transmission protocols,the amount of customized adaptation projects for each cloud service is huge.Third,it is difficult to efficiently and automatically identify private and sensitive data from the massive data stored in cloud services.To solve the three challenging problems,this thesis makes the following contributions:1.To solve the problem that cloud storage applications are difficult to be adapted to data encryption,this paper proposes an adaptive data encryption system for browser-based cloud storage applications,CloudCrypt.The sys-tem can automatically identify and adapt various cloud applications,ensuring encryption protection for sensitive data of various cloud applications.Experi-ments show that CloudCrypt can be applied to many typical cloud applications.Moreover,it can automatically encrypt various cloud applications and introduce small overhead.2.To solve the problem that diverse sensitive information is difficult to be detected and identified,this thesis presents a sensitive information recognition and desensitization system for cloud storage applications,CloudDLP.The sys-tem proposed the improved end-to-end text recognition model CTPN-MASK and the sensitive data recognition model BERT-CRF,which can effectively solve the problem of poor recognition of sensitive content recognition and de-sensitization.Experiments show that the accuracy of image desensitization and document-oriented intelligent recognition can achieve 93.4%and 97.9%,respectively.3.To solve the conflicts between encryption and full functions of cloud applications,this thesis presents a ciphertext search system based on a secure gateway,EncBox.The system not only supports data encryption protection,but also largely maintains the original search functions of cloud services.EncBox does not require the cooperation of cloud providers.Experiments show that it introduces small overhead and can support rich search functions.