Research On Provable Data Possession Technology For Cloud Storage

With the continuous development of emerging fields such as the Internet of Things,big data,and artificial intelligence,the data generated and used by people is exploding.Cloud storage has become a crucial data storage infrastructure,providing on-demand access,elastic deployment,cost-effective and easily accessible data storage services for more and more governments,enterprises and individuals.While cloud storage offers the convenience of storing and managing massive amounts of data,it also brings new security issues.In the event of a fire,earthquake,power outages,hardware or software failures,or network attacks,the user’s data on the remote servers of Cloud Storage Provider(CSP)may be corrupted,and even malicious CSP can tamper with,destroy,and delete user’s data for financial or other purposes.What is even more worrisome is that after users using cloud storage services to upload local data to cloud servers,the original data is often deleted by users to save local storage resources.This separation of data ownership and physical control of cloud storage makes it impossible for users to truly understand the actual storage status of data in the cloud,and it is difficult to take timely measures to reduce the loss once the data is damaged.Therefore,how to securely and efficiently verify whether the CSP holds user data intact has become a hot topic of research for scholars in recent years.This thesis starts from the cryptographic tools,and considers two cases:traditional public-key cryptosystems and post-quantum cryptosystems,and carry out the research on provable data possession technology for cloud storage in three aspects,which are based on bilinear map,based on lattice,and based on NTRU lattice,respectively.The main research contents and innovative results are as follows.(1)This thesis proposes a multi-replica provable data possession scheme with user revocationTo address the user revocation problem encountered by multiuser groups when sharing data that cannot be achieved by existing multi-replica provable data possession schemes,this thesis proposes a multi-replica provable data possession scheme which could support user revocation.First,it adopts the BLS signature based on bilinear map to generate data block tags,and uses homomorphic verification tag technique to aggregate the data block tags of different replicas,generate corresponding proof based on the challenge information,and verify the possession of all replicas at the same time.Then,the verifier local revocation backward unlinkability group signature is introduced to accomplish the revocation process without the signer’s participation while ensuring the anonymity of the user’s signature before revocation.Finally,theoretical analysis and experiments show that the scheme is provably secure under the random oracle model,and outperforms similar schemes in terms of performance.(2)This thesis proposes a lattice-based provable data possession scheme based on smart contractsThere are some issues,such as the existing provable data possession schemes which based on traditional public-key cryptosystems can not resist quantum attacks,a third party auditor(TPA)relied by public authentication can not be trusted,and data privacy leakage.To address these issues,this thesis proposes a lattice-based privacy-preserving provable data possession scheme based on smart contracts.First,it utilizes the lattice-based linearly homomorphic signature to verify the possession of data using proofs generated by a small number of data block tags.Second,the scheme uses blockchain to replace the original TPA,the provable data possession can be automatically executed by deploying smart contracts with a deposit mechanism to achieve fair and trusted transactions.Third,the scheme uses a new random mask technique by adding random variables to making it impossible for auditors to get user data through the proof submitted by CSP.Finally,theoretical analysis and experiments show that the scheme is provably secure under the random oracle model,and it enables privacy protection.The total running time of the scheme increases with the dimensions of lattice and the number of the blocks.Compared with similar schemes,the total running time is reduced by about 18%,and the running time of the proof generation and verification are reduced by about 70%and 95%,respectively.(3)This thesis proposes an efficient and compact provable data possession scheme based on FALCONFor the existing provable data possession schemes based on lattices,when the dimensions of the lattice are very large,the generation of trapdoors and signatures requires very complex computations,which can lead to long lengths of public keys and signatures as well as low signature efficiency.To address these issues,this thesis proposes an efficient and compact provable data possession scheme based on FALCON.First,the scheme involves only multiplication and small integer modulo operations on polynomial rings due to the use of NTRU lattice,so the signature is much shorter than other lattice-based schemes with the same security guarantees,while the public key is approximately the same size.Then,the signature generation phase introduces Fast Fourier Sampling instead of the preimage sampling algorithm,which improves the efficiency of the signature.Finally,theoretical analysis and experiments show that the scheme is provably secure under the random oracle model,and compared with the similar scheme,the signature length is reduced by 35%,the proof verification time is reduced by about 60%,and the tag generation time is reduced from 37%to 58%with increasing security level.In summary,this thesis carries out research on provable data possession technology for cloud storage,the proposed scheme based on traditional public-key cryptosystem can achieve simple,secure and efficient possession verification,and the proposed schemes based on postquantum cryptosystem can achieve secure and efficient possession verification against quantum attacks,which has certain theoretical value and practical significance for improving the security of cloud storage data.