Research On Privacy Preserving Deduplication And Computation For Outsourced Data

The global data scale is growing explosively with the rapid development of cloud computing and the Internet of Things(Io T),with which the era of big data has arrived.Because of the great storage and computing capability of the cloud,more and more data owners are turning to outsource the storage and management of their data to the Cloud Service Provider(CSP).Due to the untrustworthiness of the cloud and the needs of privacy protection,data are usually encrypted by their owners before being uploaded to the cloud.However,application of traditional data encryption technique in this scenario could suffer from a number of problems.For example,resource-constrained Io T users may want to enable the users or organizations with some attributes to access their data and perform aggregate statistical analysis accordingly,and many duplicate data might be stored on the cloud.The encryption will hinder the aggregation and the deduplication on these data.On the other hand,deep learning based on big data has shown promising performance in speech and text recognition and disease diagnosis.Many organizations wish to training deep learning models collaboratively on their combined datasets,so as to improve the learning accuracy.But they are usually unable to share their datasets due to the requirements of data confidentiality or laws and regulations.How to realize privacy-preserving collaborative deep learning is also an urgent problem to be solved.However,the primary issue in either data outsourcing or collaborative learning is the secure and efficient mutual authentication between entities in the Internet.In this dissertation,we carry out research basing on the above application scenarios and security problems.Major contributions of this dissertation include:(1)We propose a lightweight handover authentication scheme with location privacy-preserving in mobile wireless networks.There are more than one entity in the scenarios such as data outsourcing and collaborative deep learning,including the communication between users and the cloud and the communication among users.The first problem to be solved is mutual authentication between entities.With the popularity of mobile smart devices,the handover authentication in mobile wireless network becomes a typical authentication scenario.Previous handover authentication schemes either require the mobile node(MN)to authenticate with the current access point(AP)first to obtain some significant materials needed for his authentication with the target AP,or require the MN to undertake expensive computation.We design a secure and efficient handover authentication scheme utilizing the identity-based signcryption technique,which enables the sender to sign and encrypt data simultaneously in a single operation and saves the computation overhead significantly compared to traditional“signature-then-encryption” approach.Only four point multiplications need to be performed on a resource-constrained MN during the whole handover process.In addition,security analysis demonstrates that our scheme achieves the location privacy-preserving for mobile users and perfect forward/backward secrecy.(2)We propose a secure and efficient client-side deduplication scheme for outsourced data.With the dramatic increase of the amount of data stored on the cloud,a lot of data will be duplicate.However,in order to ensure data confidentiality,users will usually encrypt the data before outsourcing them to the cloud.The same data will be encrypted into different ciphertexts by different users with their own keys,making duplicate data seems different,which will hinder data deduplication by the cloud.Convergent encryption(CE)makes deduplication possible since it naturally encrypts the same plaintexts into the same ciphertexts.One attendant problem is that a huge number of convergent keys will be produced.Locally storing these convergent keys still consumes a lot of storage of the user,while outsourcing them to the cloud faces the same deduplication problem as outsourcing data.Several deduplication schemes have been proposed to deal with the convergent key management problem.However,they either need to introduce key management servers or require interaction between data owners.We design a novel client-side deduplication protocol named Key D by utilizing the identity-based broadcast encryption(IBBE)technique.Before data outsourcing,users use CE to encrypt data and use IBBE to encrypt convergent keys,and then outsource all the ciphertexts to the cloud.Uses can recover their data from the cloud as needed.No independent key management server is needed in our scheme,and users only interact with the cloud service provider(CSP)during the process of data upload and download.Formal security analysis demonstrates that Key D ensures data confidentiality and semantic security of convergent keys,and well protects users' ownership privacy simultaneously.We have also carried on the detailed performance comparison with previous works through experiments,showing that our scheme makes a better tradeoff among the storage cost,communication and computation overhead.(3)We propose a secure Io T data outsourcing scheme with aggregate statistics and finegrained access control.Many Io T devices,especially wearable devices,involves a lot of private information about users,such as health data.Io T users are usually limited in storage and computation capability,so they are willing to encrypt their data and outsource them to the cloud.However,the encryption will lead to some problems.The first is that the Io T users may want to enable those users with some attributes to access their data to provide more professional and comprehensive analysis and suggestions.Attribute-based encryption(ABE)has been widely used in access control of outsourced Io T data,but it does not support computation such as aggregate statistics on ciphertext data.Homomorphic encryption can realize computation on ciphertext data,but its inefficiency makes it not practical enough in the Internet of Things.We design a novel and practical Io T data outsourcing scheme utilizing Corrigan-Gibbs et al.'s computation of aggregate statistics and ciphertext-policy attributebased encryption(CP-ABE)technique,supporting both secure aggregation and fine-grained access control of outsourced Io T data.Users only have to bear a small amount of computation in the process of data upload and recovery.Security analysis demonstrates that the scheme well protects the confidentiality of Io T data.We also provide a thorough and detailed performance comparison to prove that our scheme enjoys a better performance on both the client side and the fog server side.(4)We propose a privacy-preserving collaborative deep learning system over multiple datasets.With the advent of the era of big data,deep learning based on neural network has become a popular method for modeling,classification and recognition of complex data because of its unprecedented accuracy.It is even beginning to be used for disease diagnosis and cancer identification.However,many(medical)institutions and organizations can not share their datasets due to privacy issues and legal regulations,while training on a single dataset will often lead to overfitting.Several collaborative learning systems based on stochastic gradient descent(SGD)algorithm have been proposed to enable multiple participants to train a common model without sharing their private input datasets.But most of them need a parameter server to maintain global parameters.The parameter server is usually assumed to be honest,meaning that it will not deviate from protocols,and these systems are not secure against the collusion attack between the parameter server and learning participants.We design a privacy-preserving collaborative deep learning system(PCDL)basing on ring allreduce technique and additively homomorphic encryption.Participants in our system can realize collaborative learning without sharing their datasets,and no parameter server or other third party is involved in the whole process.Parameters of the neural network are updated just through the communication between learning participants.Compared to previous collaborative learning systems,the proposed learning system is secure against collusion attacks and with no loss of learning accuracy.