Research On Provenance Security Service Model And Protocol Based On Cloud Computing

Data provenance, which can realize tracking and auditing function and provide a guarantee for the reality of data, records the whole process of data from production to death. Therefore, the security of data provenance itself is very important. We must ensure the security properties of the provenance such as integrity, confidentiality, non-repudiation and availability. The rise of cloud computing brings a broader prospects and new security challenges to the data provenance. Security protocol is a cryptography based message exchange protocol. It is an important means in the field of information security and can effectively guarantee the safety of data provenance during the propagation process. The security issue of data provenance in cloud is an important branch of the security area, and the research on security data provenance in cloud has just started. It will become a new research hot spot in the future.The current security research on data provenance is mainly focus on the provenance model. Combining with the characteristics of cloud computing environment, this paper studied the security of provenance fro m the application perspective, and proposed the secure provenance model and related protocols. The main contents are as follows.This paper studied cloud security structure, and provided the cloud security provenance service model. A classify provenance service strategy was provided in the model. The classify strategy can make people choose different service according to different demands. The paper adopted a PKI and IBC combined authentication scheme. The IBC trust domain was divided in the cloud. PKI based identity authentication mode was taken out of the domain, while IBC based mode was used in the domain. After the identity authentication, the paper applied role based access control to provenance collection and inquiry. The provenance collection protocol and cross-domain authentic protocol were designed. Provenance collection protocol ran at the phase of provenance collection. The collection structure was proposed. Across-Domain authentication protocol was used to identity authentication between entities in different domain. The paper proposed the process checking algorithm of protocol. At last, the cross-domain authentication protocol and the provenance collection protocol with BAN logistics were analyzed.