Blockchain-Based Secure Storage Technology For Cloud Data

Cloud computing technology is widely used in IT information industry due to its advantages,i.e.,high efficiency,high scalability and low cost.With the rapid growth of the outsourced data volume,cloud storage service provider(CSP)usually utilizes the deduplication technology to reduce the redundancy of data and improve the storage utilization of cloud system.Meanwhile,the user will also execute encryption algorithms to achieve the data security,where the outsourced data will be encrypted into the ciphertext and finally stored on the cloud servers.However,different ciphertexts for identical data will be generated by the traditional encryption,which makes the deduplication technology fail to work.To realize the deduplication with encrypted data,the most existing works will not only adopt a deterministic encryption algorithm,namely convergent encryption(CE),to generate the same ciphertexts from two identical data,but also achieve the data confidentiality and security with the assistance of a fully trusted third-party management entity.However,the cloud storage system is vulnerable to the collusion attack with the third-party management entity.Moreover,the cloud storage service provider always requires the users to trust it completely and outsource their data to the cloud servers,where the data ownership of the users becomes separated from data management.The users' data stored on the cloud servers may face some malicious behaviors launched by adversaries,such as brute-force attack,unauthorized access,data alteration or loss.Therefore,how to solve the security problems existing in this centralized storage mode,and effectively prevent the users' data from being disclosed are the urgent problems.Blockchain,as a secure distributed ledger technology,owns some advantages,e.g.,decentralization,immutability and traceability,which has been widely concerned by the academia and industry.In this thesis,we will focus on blockchain-based security storage technology for cloud data,which aims to combine blockchain technology with cloud storage technology to solve the security problems caused by the centralized storage mode in the traditional cloud platform,and achieve the confidentiality,security and integrity of data stored on the cloud storage system.Our main works are summarized as follows:(1)We propose a blockchain-based secure authorized deduplication scheme.Specifically,our proposed scheme constructs a hierarchical role hash tree(HRHT)by the balanced binary search tree(AVL),which can map the relationship between the users' previlges and role keys to realize authorized deduplication.So the authorized users can access the specific data.Meanwhile,the scheme utilizes the smart contract deployed on the blockchain to build a secure transaction creation mechanism,so that the verification information can be integrated into effective transaction records and finally submitted to the blockchain.Due to the decentralization of the blockchain,the transaction information cannot be tampered with by everyone,and the verification information on the blockchain can be guaranteed with high security.In addition,our scheme proposes remote audit protocol and local audit protocol,to check the integrity of cloud data.Especially,the remote audit protocol is used to prevent the outsourced data from illegaly modifing,replacing or forging by malicious cloud storage service provider,while the local audit protocol is used to check whether the downloaded data is identical to the original data.(2)We propose a blockchain-based secure key management scheme for cloud storage,to achieve the security and reliability of convergent key.Firstly,to resist the brute-force attack launched by the adversaries,our proposed scheme uses oblivious-pseudo random function(OPRF)to generate the randomized convergence key,so as to improve the confidentiality of the oursourced data.Secondly,our proposed scheme employs secret sharing mechanism to improve the reliability of the convergent key management,where the convergent key will be divided into several key fragments and uploaded to the blockchain.Even if a certain number of key fragments are lost or damaged,the user can recover the convergent key by partial transaction records.In addition,our proposed scheme can effectively support file-level and block-level data deduplication.Security analysis and performance evaluation demonstrate that our scheme can ensure the convergence key security and the data confidentiality with high computing efficiency.(3)We propose a blockchain-based integrity verification scheme for cloud data.To check the integrity of encrypted data,our proposed scheme utilizes the blockchain-based block parameters to generate the challenge information in the process of integrity verification,so as to ensure the challenge information will not be tampered with or predicted by the adversaries.Meanwhile,we construct a secure and trusted challenge-response mechanism by the smart contract and homomorphic linear authenticator(HLA),which can ensure that any auditor can execute the data integrity verification without knowing the content of original data.In addition,our proposed scheme utilizes the smart contracts to execute secure payment protocols,where the user can automatically pay the storage service fee to cloud storage service providers after passing the integrity verification.Especially,the user will get the compensation from the cloud storage service provider when the data integrity verification fails(that is,the data stored on the cloud server is damaged or lost).Especially,our scheme supports the dynamic update for cloud data.Security analysis and experimental performance show that our scheme can effectively achieve the integrity auditing of data with low computational overhead.(4)We propose a secure storage scheme for medical big data based on blockchain.To ensure the security of the electronic health record(EHR),our proposed scheme will create a trusted tamper-proof signature from the patient's EHR based on homomorphic tag,and integrate the tamper-proof signature into the transaction deployed on blockchain by using smart contract.By the tamper-proof signature,the auditor can check the correctness of the patient's EHR without knowing its original content.Meanwhile,our proposed scheme deploys the key agreement mechanism to ensure the security of the key,and prevent the key from being illegal modification during the transmission between the patients and medical institution.In addition,our proposed scheme will construct a secure multi-party payment protocol by the smart contract,so as to realize the fair payment among the patients,the medical institution and cloud storage service providers.Security analysis and experimental performance show that our scheme can thwart the tampering attack,collusion attack and man-in-the-middle attack launched by the adversaries,but also have low computational overhead.