Techniques For Data Storage Security In Cloud Environment

Recently, trailing grid computing, distributed computing, parallel computing, utility computing, and etc., cloud computing has become a hotspot in IT. Different from the industry which concerns three service forms of cloud computing, namely SaaS(Software as a service), PaaS(Platform as a service) and IaaS(Infrastructure as a service), academic interests lie most on problems incurred when users abstractly outsource storage and computation to cloud servers. Here, data storage security is the foundation and a key point for the application of cloud computing. Undoubtedly, as the owner of the data, even if users outsource the entire data to cloud servers, they should have every right for accessing and manipulating the data, and could prevent malicious servers from any possible illegal operation on it. In the literature of cryptology, servers are usually deemed trusted, while situations where servers are semi-trusted or untrusted are seldom concerned. However, as to cloud computing, when valuable mass data are stored at servers, circumstances where servers are semi-trusted or untrusted are most worth discussing. Therefore, this dissertation focuses on protecting the rights of users, embarks on withstanding infringements from malicious servers, and tries to contribute to theoretical research of cryptology under cloud computing.Among all kinds of manipulations on the data, search, modification and sharing are the commonest and most practical ones. Aiming at satisfying these three manipulations, we design a multi-user conjunctive keyword searchable encryption scheme using a cubic chaotic hash function, Tate pairing and Elgamal, an incremental encryption scheme with support to insertion, deletion and substitution of single symbol using AES, a trusted sharing over cloud storage scheme based on DLP. At last, the forementioned three schemes are integrated to achieve a complete practical secure scheme for cloud storage.First, a cubic chaotic hash function and a harmonically-coupled chaotic pseudo-random bit generator are designed. Chaotic systems, due to their sensitivity to initial values and pseudo-randomness of phase paths, are often utilized to construct hash functions and pseudo-random bit generators. A cubic chaotic map, maintained as a single-peak surjection, is designed. Bifurcation graph and Lyapunov exponent both suggest, compared to skew tent map and Logistic map, it owns excellent chaotic properties and preferable running time. Afterwards, a cubic chaotic hash function is constructed with reference to a framework in the literature. Avalanche effect, text hash values and statistics all suggest, compared to the literature, when a single bit of the message is flipped, the changing number of bits in the output comes nearer to64, and the fluctuation is lower. Next, a novel way of coupling, independent variable harmonical coupling, is presented. Applying it to skew tent map, we attain a chaotic system. Bifurcation graph and Lyapunov exponent both illustrate its fine chaotic properties. Based on it, a pseudo-random bit generator is designed following a framework in the literature. Frequency test, serial test, poker test, runs test, and auto-relation test all suggest the generated sequences are qualified. Moreover, the pseudo-random bit generator owns ideal linear complexity and rather large cipher space. At last, a simple stream cipher cryptosystem is designed. The experiment demonstrates that the proposed cryptosystem works correctly.Second, a multi-user conjunctive keyword searchable encryption scheme is designed. In order to prevent cloud servers from eavesdropping, data stored at the servers should all be in ciphertext forms. When the data is rather large, due to the limited bandwidth and storage on the client side, users are incapable of fetching the entire data and decrypting it to extract needed parts. However, traditional encryption algorithms, such as DES, AES and RSA, don't support searching at all. Thus, it's necessary to present searchable encryption schemes. Based on the proposed cubic chaotic hash function, using bilinear pairing, the presented searchable encryption scheme fixes a flaw that users have to give all the keywords in a previous scheme. Analysis illustrates that the new scheme not only maintains the security properties of the original one, such as query privacy, query unforgeability, and revocability, but also allows users to provide just part of keywords. The computation of the new one is comparatively little. The most time-consuming computation, namely bilinear pairing, resides at the server and occurs most in the WriteFile phase. The communication of the new one also occurs most in the same phase. Both of them imply good perspective for applications. At last, a simple example of the new scheme is implemented using Elgamal.Third, a trivial incremental encryption scheme for tiny modifications is designed. In real applications, plaintexts to be encrypted are usually not isolated but related. The commonest situation is that the plaintext to be encrypted is a revision of its previous form. Incremental encryption utilizes the ciphertext of the previous form and the information on revision to obtain the new ciphertext, which reduces the computation dramatically. Aiming at fixing a flaw that only substitution of single symbol is supported in a previous scheme, the presented incremental encryption scheme imports insertion and deletion of single symbol. At last, a simple illustration is given by using AES.Fourth, the model of trusted sharing over cloud storage is defined and the corresponding scheme is designed. Sharing the data with other users is one of the commonest operations. When the data at the server is ciphertext, apparently the user shouldn't decrypt it and send it to others, or reveal his/her decryption cipher to others. He/She'd better modify the data slightly, and provide others with a "handle". Thus, it's necessary to design schemes for trusted sharing over cloud storage. The presented model involves three entities, contains seven algorithms, demands security properties such as completeness, data confidentiality, permissions non-transferability and tamper-proof, and proposes routines for a trusted sharing over cloud storage scheme. The proposed scheme aims at relying less on random numbers and making up the missing defence against tampering. Analysis shows that it not only maintains the security properties of the original one, such as data confidentiality and permissions non-transferability, but also withstands tampering from the server and depends rather less on random numbers. Its computation cost and communication cost are comparatively small, which implies good perspective for application. A simple example of the new scheme is given at last.At last, a cloud data storage access scheme is constructed based on the results above. It trivially integrates the fore-mentioned three schemes, such as multi-user conjunctive keyword searchable encryption, incremental encryption for tiny modification, and trusted sharing over cloud storage, and satisfies search, modification, and sharing queries from users. A detailed example under a base field of length1025bits is given.