Research On The Methods Of Identity-Based Provable Data Possession For Cloud Storages

In recent years,along with the rapid development of the Internet technology,an increasing number of corporations,organizations,research institutions and individuals outsource their data to cloud servers,thanks to the low maintenance and management costs,scalable hardware and software configurations and convenient access anytime and anywhere.However,every coin has two sides.While people enjoy the low cost and high efficiency of cloud storages,the issue of data security emerges.For the outsourced data,users lose their physical control.Although the cloud service providers may apply general protections for the data,such means rely solely on their reputations and skills,and users have no control.In addition,to maximize the commercial benefit,the cloud service providers may store rarely accessed data on the devices with low performance,low reliability and low prices,or even delete the data which has not been accessed for a long time to save storage space.To solve the contradiction between the convenience and the security problem in cloud storages,researchers proposed provable data possession to verify the integrity of data on the cloud without downloading it.Furthermore,to eliminate the resource cost and insecure factors of PKI,researchers proposed identity-based provable data possession.In these schemes,the identity of the data owner,such as name,phone number or e-mail,is his public key and does not need to be authenticated by the certificates.However,in the complicated application scenarios,the current identity-based provable data possession schemes still have some problems.For the shortcomings of the existing schemes,this dissertation proposes the corresponding solutions.The main work and results are as follows:(1)For an identity-based distributed provable data possession(ID-DPDP)scheme,this dissertation provides a security analysis,and pointed out that the original scheme has a soundness defect,i.e.,by pre-computing the hash values of the data blocks,the cloud servers may generate valid proofs of possession without actually storing the original data blocks.This dissertation proposes the improved ID-DPDP scheme and proves its security based on the random oracle model and the representation problem assumption.Meanwhile,the proposed scheme preserves the functionality,efficiency and the privacy-preserving property of the original scheme.(2)For the high computation costs of the verification phase when multiple data ownersstore their data on multiple cloud storages,this dissertation proposes an identity-based batch provable data possession(ID-BPDP)scheme,which aggregates and verifies proofs of possession of different data owners and different cloud servers.Meanwhile,this dissertation proves the security of this scheme based on the random oracle model and the computational Diffie-Hellman assumption.The performance analyses and simulations show that the computation cost for the verification phase of this scheme is approximately independent to the number of challenged blocks and the number of data owners,therefore achieves efficient batch checking.(3)For the high computation and communication costs of the schemes that support multi-replica checking,this dissertation proposes the general security model of public multi-replica provable data possession schemes.The security model defines the soundness and the privacy-preserving property of a scheme.Based on the security model,an identity-based public multi-replica provable data possession(IDPMR-PDP)scheme is proposed,which not only achieves integrity checking for multi-replica data,but also guarantees that the semi-trusted verifier cannot acquire the content of the data,therefore protects the privacy of the data owner.Meanwhile,this dissertation proves the security of this scheme based on the random oracle model and the generic group model.The performance analyses and simulations show that this scheme fully takes the advantage of the features of the multi-replica data blocks.During the tag-generation phase,the proof-generation phase and the verification phase,the computation and communication costs of this scheme are independent to the number of replicas,therefore the scheme achieves efficient multi-replica checking.(4)For the problems of most existing schemes do not support dynamic data update,a few dynamic schemes have security and efficiency defects,and the computation costs of generating homomorphic verification tags are very high,this dissertation proposes an efficient,dynamic and identity-based multi-replica provable data possession(EDID-MRPDP)scheme.This dissertation constructs a novel homomorphic verification tag with less modular exponentiations and proposes a data structure,namely compressed authentication array(CAA),to eliminate the redundant information in the proofs and auxiliary data.This scheme achieves fully dynamic updates,multi-replica checking,batch checking and identity-based checking,simultaneously.Meanwhile,this dissertation proves the security of this scheme based on the random oracle model and the computational Diffie-Hellman assumption.The performance analyses and simulations show that this scheme reduces the computation costs for the tag-generation and verification phases,as well as the communication cost for the proof-generation phase,therefore the proposed scheme is suitable for large-scale cloud storage applications and light-weight clients.