Research On Key Technologies Of Secure Data Sharing And Update In Cloud Environment

As one of the important Iaa S(Infrastructure as a Service)applications of cloud computing,cloud storage can reduce the users' storage and computing cost,support remote distributed real-time access,and extend the available space according to users' need dynamically.Thanks to this,more and more data can be stored,calculated and shared in the cloud.However,with the increase of data volume and the popularity of big data processing technologies,the data as well as user privacy in cloud storage suffers to significant security threats because of its agreement based service,not fully trusted CSP(Cloud Service Provider),system vulnerabilities,outside attacks and other reasons.It has gradually become a major challenge facing the development of cloud storage and also the focus of attention in academia and industry.Modern cryptography provides many cryptographic techniques suitable for data security.In particular,as a variant of the traditional public key cryptosystem,broadcast encryption and attribute-based encryption have the unique advantages of supporting one-to-many secret communication and fine-grained access control,as well as protecting user privacy,and can be a good solution for large-scale cloud storage.Users' data security sharing and privacy protection needs.However,when the above cryptosystem is directly applied to cloud data security sharing,it still faces many actual security threats,such as the permission change problem caused by the user leaving the system dynamically,the data security problem caused by the key leakage,and secure update for the stored data,etc.In response to the above problems,this dissertation expands the broadcast encryption system,ciphertext-policy attribute-based encryption system and distributed storage encoding scheme to make it more suitable for the actual cloud data security sharing and update scenario.Specifically,this article mainly achieved the following research results:(1)Secure data sharing mechanism based on broadcast encryptionBroadcast encryption is a secure mechanism for secure distributing data content to legitimate users through broadcast channels,and it is also used in cloud storage systems as key technologies for key management and content sharing.However,the basic broadcast encryption scheme cannot effectively deal with the dynamic change of user permissions in the cloud storage environment,and the communication and computing costs in data distribution are too high.To solve the above problems,we study the private key revocable broadcast encryption mechanism and propose a secure data sharing scheme supporting efficient synchronous evolution for ciphertext and key(CKSE-SDS),which proved to be CCA secure under the random oracle model.This scheme uses RSA cryptographic accumulators to control user broadcast encryption private key updates.When the group member set changes dynamically,it is only necessary to update the accumulator set in real time to achieve constant updating of the unrevoked user key.Performance analysis and security certification show that the scheme has greater advantages in computing efficiency and communication overhead when the user's private key is updated,which can support rapid key revocation,and has high flexibility and good scalability while ensuring security.(2)Secure data sharing mechanism based on attribute-based encryptionThe openness and dynamic nature of cloud storage applications have brought new challenges to user rights management and data security in a secure data sharing mechanism based on attribute-based encryption.On the one hand,from the perspective of enhancing system security,when a user's authority changes dynamically,the user's original authority should be revoked in time and updated to the new authority.On the other hand,private key security is the basis and premise for the corresponding security guarantee provided by the cryptosystem.The security risks brought by the leakage of the private key threaten the availability of attribute-based cryptosystems in cloud storage applications.Aiming at the damage caused by the dynamic change of user rights and private key leakage faced by the attribute-based cryptosystem in big data applications,we study the revocable attribute-based encryption and the forward-backward secure attribute-based encryption,and obtains the following results:1)By constructing the attribute version key and user version key in ciphertext-policy attribute-based encryption,we propose an updatable attribute-based encryption scheme supporting dynamic change of user rights(SDCUR-UABE),which solves the dynamic change of user access rights in cloud data security sharing realized by attribute-based encryption The computational overhead and communication overhead are too large,and the security of the scheme is proved under the random prediction model.Theoretical analysis shows that the scheme can guarantee the security of the ciphertext data in the system after the user's permission is changed.Compared with existing similar schemes,the newly constructed scheme has advantages in both safety and application scenarios.Simulation experiments also show its high efficiency in practical applications.2)By key segmentation and adding time labels,data can be updated directly on the basis of the original ciphertext,we propose a forward-backward secure ciphertext-policy attribute-based encryption with user revocation(UR-FBS-CPABE)to ensure that the newly encrypted data and the ciphertext generated in the previous time period are still secure after the private key of the current time period of the user is leaked.Theoretical analysis and simulation experiments show that the scheme not only has advantages in security and function,but also can effectively solve the computational efficiency and communication overhead of ciphertext update when the user's private key is leaked in the cloud storage system,and meet the efficiency requirements of practical applications.(3)Updatable distributed storage encoding mechanism based on KHPRFCryptographic keys have a life cycle,and the security of their storage and use directly affects the security of the ciphertext.On the one hand,the widespread use of unprotected mobile electronic devices increases the probability of an attacker stealing a user's private key;on the other hand,for long-term stored ciphertext,the situation that multiple users share the same decryption key increases the possibility of key leakage.Therefore,the stored ciphertext data needs to be updated regularly to reduce the data security risk caused by the leakage of symmetric keys.In addition,as far as the practical application of cloud storage is concerned,while considering data confidentiality,it is also necessary to consider the problem of data availability based on redundant coding technology.Aiming at the needs of distributed storage of cloud data and the periodic ciphertext update directly on each storage node,we study the distributed encoding storage technology that supports ciphertext data update,and propose a distributed data encoding storage scheme supporting updatable encryption(DDES-UE).By using key homomorphic pseudorandom functions(KHPRF)to construct an updatable encryption scheme,the problem of excessive calculation and communication overhead of ciphertext updates can be avoided;Based on ciphertext segmentation and improved FMSR coding,distributed data storage is realized to ensure the availability of stored data and direct data update of each storage node.Security proofs and performance analysis show that the proposed scheme can not only ensure the security of data storage,but also support the secure and efficient data recovery when some storage nodes are damaged.Compared with the traditional data re-encryption,the DDES-UE solution can avoid the calculation and communication overhead caused by client-side data re-encryption and data uploading,downloading,decoding and merging.(4)Fast update mechanism of distributed coded storage data based on OAEPIn response to the needs of distributed data storage and periodic ciphertext update,as well as the efficiency of distributed ciphertext update,we uses optimal asymmetric encryption padding(OAEP)technology to propose a distributed data encoding storage scheme supporting efficient user access revocation(DDES-UAR).Based on ciphertext partitioning and improved FMSR coding,distributed data storage is realized to ensure the availability of stored data.When the node data is updated,the client only needs to generate and calculate the ciphertext update token once,and then the cloud storage server uses the generated update token to calculate and update the data of each storage node.Performance analysis and simulation experiments show that the computational overhead of ciphertext update in a distributed scenario is within an acceptable range.Compared with data re-encryption and the DDES-UE scheme,it has more computing advantages and can meet the actual ciphertext update requirements in distributed encoding storage environment.