Research On Identity Authentication Mechanism And Data Sharing Method For Cloud Storage

With the development of cloud storage technology, the security issues of cloud storage become increasingly prominent. During transmission, data is very susceptible to theft, tampering and fraud attacks. And due to the untrustworthiness of cloud servers, data is vulnerable to attack from the inside of cloud storage when it is stored on the cloud, such as cloud server unauthorized access to data as well as tampering. In order to ensure the confidentiality of data during transmission, cloud storage system must provide authentication mechanism. Currently, there are two authentication mechanisms in cloud storage system. One is PKI-based digital certificate authentication. The other is Password-based authentication. Password-based authentication method is simple, but due to a shorter password, it is difficult to resist password guessing attacks. So its security is poor. In PKI-based digital certificate authentication system, the certification process requires a certificate and its key length is long. Besides its computation is large and the certification process is complex. Because it is difficult to distribute public keys in large networks, PKI-based digital certificate authentication is not conducive to the expansion of cloud storage system. In order to ensure the confidentiality of data stored, the data needs to be encrypted storage. But the encryption of data is inconvenience to data sharing, such as shared key distribution problems and so on.To solve the above problem, this paper studies the cloud storage system authentication mechanisms and data sharing methods. The main work is as follows:1) Proposed a layered system security architecture:Making use of the feature that no public key distribution and short key length of IBC, and combining the characteristics of cloud storage system, this paper designed a hierarchical system security architecture. The security architecture provides a secure foundation for secure data transmission and data sharing in cloud storage system.2) Proposed three identity authentication and common parameter exchange protocols:Based on the above security architecture, this paper proposes three oriented cloud identity authentication and the parameter exchange protocols based identity-based cryptography (IBC) to solve the authentication problem and ensure the security of data transmission in cloud storage system.3) Proposed a data security sharing method for cloud storage:To ensure the data security sharing in cloud storage, this paper make used of IBC proxy re-encryption technology and a trusted third party server to design a data security sharing method.4) Finally, we design and implement a cloud storage and sharing system, and verify the protocols and the data sharing method.