Research On Cryptographic Protocols For Secure Cloud Data Storage

Along with the development of cloud computing,cloud storage is more and more important nowadays.Compared with locally maintaining massive storage,cloud storage can easily achieve convenient access,fast uploading/downloading and cheap cost.However,when the data is outsourced to the cloud server,its security can not be guaranteed.Thus how to ensure the security of the outsourced data is a very important problem.Many cryptographic protocols have been designed to solve this problem,aiming at protecting the confidentiality,integrity and usability of the outsourced data.Secure cloud storage auditing protocol is a kind of cryptographic mechanism to ensure the outsourced data's integrity.This thesis proposes several new cryptographic protocols to strengthen the security of cloud storage,mainly concentrating on secure cloud storage auditing.The main contribution of this thesis is the following:1.We study on the cloud storage auditing protocol based on distributed string test.First we show that the verifiable cloud storage auditing protocol proposed by Chen et al.based on distributed string equality test is not secure.In particular we give two attacks.The first attack takes advantage of the fact that,when the data owner uploads a file to the cloud server,the indexes of the blocks in the file are the same for different files,and they are used repeatedly as inputs for pseudo-random function.Based on this fact,the adversary can easily forge the tags of data blocks.The second attack takes advantage of the fact that,there can exist same inner product for many different challenge vectors and blocks.Based on this fact,the adversary can modify data blocks but still can return correct proofs to satisfy the verification equation.Finally,we give an improved secure cloud storage audit protocol,which strengthen such kind of cloud storage auditing protocol to be more secure.2.We study on the cloud storage auditing protocol which can support multi-user modification.Such kind of protocol mainly focuses on the integrity check for outsourced storage with multi-user modification.We analyze that two such protocols proposed by Yuan et al.are not secure.Specifically,the problem can be reduced to the signature schemes that are applied to the generation of authentication tags in these two protocols.After observing many pairs of data blocks and their corresponding tags,the adversary can easily forge the tags for the data blocks.Malicious cloud servers can forge any pairs of data blocks and their authentication tags,which leads to the insecurity of these two cloud storage auditing protocol.Finally we propose new algorithms for authentication tag generation to resist the attack and give its security analysis.3.We study on the public verifiable cloud storage auditing protocol based on homomorphic tags.Homomorphic signature can be used to aggregate the messages and their corresponding authenticators,which shrinks the size of authenticators and reduces the communication cost.Thus the technique of homomorphic signature can be used to design secure and efficient cloud storage audit protocols.Recently Tian et al.proposed one such kind of protocol,however we show this protocol is not secure.Concretely we prove that the signature algorithm,one of the core building blocks of this protocol,is not secure.The adversary can easily forge data blocks' authentication tags.The malicious cloud server even does not need to store any data while has the ability to forge the correct proof to satisfy the verification equation.Finally we improve the publicly verifiable cloud storage auditing protocol with a secure signature generation algorithm,and analyze its security.4.We study on the cloud storage auditing protocol supporting dynamic updating of outsourced data based on adjacent hash table.Such kind of protocol mainly aims at solving the problem of integrity checking of cloud storage while simultaneously allowing the dynamic updating of outsourced data.We show one such kind of protocol proposed by Chen et al.is not secure.In this protocol,the adversary can forge the authentication tag of any data block with some pairs of data blocks and their corresponding tags.After successfully forging the authentication tags,the malicious cloud server can modify or even delete the data blocks of data owner,while it still can provide correct proof to satisfy the verification equation.Finally we give an improved cloud storage auditing protocol and analyze its security.5.We study on the group-user based privacy-preserving cloud storage auditing protocol.In this protocol,the third party auditor cannot derive the real data from the blinded data blocks in the phase of data uploading and useful information from the response proof in the auditing phase.Recently,Shen et al.proposed such a kind of protocol,however we show this protocol is not secure.Concretely the signature of the outsourced data block corresponding to the authenticator in this protocol can be easily forged.This means that the cloud server can modify all outsourced data blocks and still provide evidence that the outsourced data blocks are well stored.Finally we give an improved lightweight and group-user privacy preserving cloud audit protocol that can resist the attacks and analyze its security and efficiency.