The Research Of Data Privacy-preserving Mechanism For Cloud Storage

Cloud computing is one of the hottest technologies these days. Cloud storage extends theconcept of cloud computing, which has been rapidly used in various fields. The character of datamanagement and ownership separation, which means the cloud storage service provider is notcompletely trusted, leads to the difficulties of data security and privacy protection. This thesis isconducted by a series of research and development in these areas, mainly including:（1）This thesis summarizes the existing schemes for data privacy protection, and analyzes theiradvantages and disadvantages. A novel data privacy protection model based on data partition andclassification is proposed. The model can protect the privacy of cloud data, and users can choose theappropriate encryption classification according to different security requirements of data. Therefore,the proposed scheme can achieve the flexibility of cloud storage applications.（2）According to the data privacy based on data partition and classification, this thesisproposes a multi-authority access control scheme with a central agency based on CP-ABE, which issuitable for private cloud storage environment. The Weighted Access Structure (WAS) is introducedto support a variety of fine-grained threshold access control policy. Then the scheme is proved to besecure and the experimental results show the costs of the generation and distributation of keycomponents, and the cost of data owner can be greatly reduced during user’s access being revoked.（3）According to the data privacy based on data partition and classification, this thesisproposes a multi-authority access control scheme without a central agency based on CP-ABE,which is suitable for public cloud storage environment. An optimization of WAS allows differentlevels of operation for the same file in cloud stoarge system. The concept of identity dyeing isintroduced to improve the users’ information privacy further. The re-encryption algorithm isimproved in the scheme so that the data owner can revoke user’s access in a more flexible way.Then the scheme is proved to be secure. The experimental results show that removing the centralagency can resolve the existing performance bottleneck in the multi-authority architecture with acentral agency, which significantly improves user experience when a large number of users areapplying for accesses to the cloud storage system at the same time.