Research On Key Technologies Of Secure Meteorological Data Sharing In Cloud Environment

With the rapid development of the Internet,cloud computing is well known and widely used as a pay-per-use mode.Cloud computing can provide available,convenient and ondemand network access to the configurable computing resource sharing pool,which enables users to quickly achieve resources with little interaction with service providers.Cloud computing has been widely used in the field of data services for its advantages of high scalability,low cost and convenient operation.With the continuous improvement of the modernization level of meteorological business,China Meteorological Administration is accelerating the construction of large meteorological data cloud platform in order to cope with the problems of mass storage and instant sharing of meteorological data.However,the openness and information sharing of cloud platforms also bring us the serious security threat.Meteorological data has great value in national defense construction and military activities,so the safety of meteorological cloud platform can not be ignored.Until now,Scholars at home and abroad have done a lot of research on cloud data audit technology,access control technology of attribute-based encryption and ciphertext search technology,and achieved cich research results.On the basis of the existing research results,this dissertation proposes data security sharing technologies for meteorological cloud environment,and verifies the security and effectiveness of the three schemes through theoretical analysis and simulation experiments.Finally,a secured data sharing model for meteorological cloud is proposed,which combines multiple technologies and meets the application requirements of meteorological industry.The main contents and innovation points of the dissertation are as follows:(1)In view of the problem of trust dependence of third party auditor,a data audit scheme with untrusted third party auditor(F-UTPA)is proposed.User and cloud server generate the exchange key through Diffie-Hellman key exchange protocol,which will become the necessary audit element in the final verification stage.Without the considerention of collusion attack,third party auditor will not be able to obtain the exchange key,and will not be able to complete the final verification.The final verification in the audit process can only be completed by the user.The F-UTPA scheme inherits the advantages of public auditing,and still performs a lot of computational work by third party auditor.At the same time,it effectively reduces the trust dependence on third party auditor.It is a lightweight public auditing scheme.(2)Aiming at the problem that single attribute authority can not satisfy attribute diversification and complex expression of access control strategy in cloud environment,a multiauthority access control scheme of attribute-based encryption(MAAC)is proposed.A multiauthority CP-ABE scheme is used.A series of attribute information is used to describe the user's identity.A data access control scheme is constructed to protect the user's privacy.Through the design of multi attribute authority,fine-grained access control of multi-authority is realized,collusion attacks among users are prevented,and data confidentiality is guaranteed.The MAAC scheme introduces the concept of global ID and multi-authority mechanism,which solves the access rights of different types of users among different sub-authorization bodies.It is suitable for data sharing in cloud environment.(3)According to the shortcomings of searchable encryption in semantics and faulttolerance,a keyword-based fuzzy search scheme for encrypted data(KFSE)is proposed.Through the analysis of semantics search technologies,the dissertation focuses on the search methods of Chinese fuzzy pinyin and synonyms.On the basis of the existing encrypted data search schemes,Chinese characteristics of homophone and polysemy are analyzed,synonyms of keyword is constructed using mutual translation between Chinese and English,and the sets are constructed respectively.The KFSE scheme realizes searching for Chinese keywords of fuzzy pinyin and synonyms,and uses pseudo-random function to protect private keys.It solves the problem of fuzzy pinyin and synonyms in searching input text in Chinese environment.At the same time,it effectively avoids information leakage in the process of query by using pseudorandom function.The KFSE scheme has good security and higher search success rate.(4)Taking meteorological cloud platform as a typical application scenario,a secured data sharing model for meteorological cloud is proposed.In order to meet the practical application requirements,the three schemes of data audit,access control and searchable encryption proposed in the dissertation are fused to realize the safe sharing of meteorological data in cloud storage environment.The security sharing model uses CP-ABE to protect the confidentiality of data,and combines multiple attribute management centers to achieve fine-grained access control and flexible multi-authority.The security sharing model supports multi-keyword fuzzy search for encrypted data,and can verify the integrity of cloud data.Security analysis and experimental results show that the security sharing model can provide confidentiality protection for shared data,resist collusion attacks of users,and is suitable for cloud storage environment.