Research On Integrity Verification Of Query Results In Cloud Computing

Cloud computing has become a new computing and service model,and has been widely applied in all aspects' of people's work and life in recent years.Cloud computing makes software more attractive as a service and changes the way of design and purchase of IT hardware.Developers and businesses do not need to invest a lot of capital in hardware resources or human resources to deploy and use software.In cloud computing,the user's data is stored and processed by a cloud computing service provider that is not fully trusted,which makes the data owner lose physical control of its own data.The cloud service provider may maliciously forge,tamper with or delete data,and access private data in the outsourced database without authorization,it may also execute queries incorrectly,and then return wrong query results.How to prevent the cloud service provider or malicious attacker from destroying data integrity is one of the key issues to be solved for the further application and promotion of cloud computing,and has very important theoretical and practical significance.This dissertation focuses on integrity verification of query results in cloud computing.According to the specific application scenario,the suitable integrity verification schemes of query results are designed,which not only improve the query processing efficiency,and effectively reduce the verification and network communication overhead,but also protect the privacy data in outsourced data.Based on the analysis and summary of existing research work and achievements,this dissertation proposes different types of query verification schemes for different network application environments and privacy requirements.The main research work of this dissertationincludes the following four aspects:(1)A lightweight integrity verification scheme of query results is proposed.The scheme builds an algebraic signature chain using algebraic signature technology,which is more efficient and occupies less storage space.By sorting each searchable attribute,the scheme makes the algebraic signature of each data include information of the data itself,the primary key values and the searchable attribute values of all its successors.In response to a query,the cloud server finds the query results and computes the aggregate value of all the algebraic signatures of the query results to reduce network communication overhead.The client verifies the integrity of the query results by the returned aggregate algebra signature.In addition,the data owner maintains a novel and simple index structure to support dynamic update of the remote outsourced data.The incremental calculation of algebraic signature can be realized by downloading the primary key and the data of updated fields,which can effectively reduce the cost of the signature calculation and network communication.(2)A privacy-preserving aggregation computation and integrity verification of aggregate result scheme is proposed.A novel secret sharing scheme is proposed,which makes the calculated sub-secrets in the same order as the original secrets,so that the sub-secrets can be indexed and range search can be performed on them.Each remote server participating in the aggregate computation calculates the aggregation result of the sub-secrets locally and submits it to the specified server.Furthermore,the scheme makes the sub-secrets uniformly distributed in the target data domain,and the coefficients of the polynomial are selected randomly,therefore the attacker cannot obtain the original value of the secret data.In addition,an authenticated structure is built based on the outsourced data from multiple data sources,called the PAAT,to implement integrity verification of aggregation results.(3)A novel spatial authentication data structure is proposed.Since MR-tree uses boundary rectangle for region shape,the overlapping space of different regions is too large,resulting in unnecessary disk access,and thus reduces query processing efficiency.An efficient authenticated data structure based on SS-tree,called VSS-tree,is designed to support integrity verification of spatial query.Unlike R-tree,SS-tree uses boundary sphere for regin shape,which reduces the height of the authenticated tree and makes the overlapping area small,and thus avoids unnecessary disk access,so that the spatial query efficiency based on the VSS-tree is higher than that based on the MR-tree.The scheme extends the structure of the SS-tree,and associates each node with a digest calculated by a one-way,conflict-resisting hash function.The digest of the root node is signed and published to the remote server.The cloud server builds VSS-tree based on the outsourced data.The cloud server performs a query from top to bottom on the VSS-tree to find the query results and constructs the corresponding verification object.The user verifies the integrity of query results by the verification object and public key published.(4)A scheme that supports kNN query on encrypted data and integrity verification of query results is proposed.First,the system assumes that all participants are not fully trusted,on this basis,an asymmetric scalar-product-preserving encryption method is proposed,which encrypts data points and query points with different encryption keys,while the encryption keys are only visible to the data owner.To protect the privacy of query points,a query user first processes the query points,and then sends the processed query points to the data owner for encryption processing.The query user sends an encrypted query point to the cloud server for kNN query.EASPE is not distance-recoverable.The cloud server can neither compute the distance between any original data point and query point by recovering the original data of the encrypted query points and data points nor compute the distance between the encrypted ones.However,the cloud server can compare the scalar products between any two encrypted data points and a query point for kNN query.Furthermore,based on the encrypted data,the cloud server builds a verifiable spatial authentication index structure VSS-tree to support integrity verification of kNN query results and improve the efficiency of kNN query.