Research On Methods Of The Data Integrity Verification In Cloud Computing

Cloud Computing has received increasing attention from academia and industry since its concept came out, and has evolved into a mature business computing model nowadays. In cloud computing, CSP(Cloud Service Providers) offer effective and economic infrastructure services through integrating kinds of resource for the users who outsource heavy computing and storing tasks to the cloud servers using heterogeneous networks when and wherever they need. At the same time, users are able to share the data in cloud with others in a simple way.However, with the outsourcing of data storage and computation, concerns are beginning to grow about the security issues in cloud computing. The analysis shows that the access control model, data privacy and many other security issues impede the development of cloud computing and its further popularization seriously. A problem should be noticed is that after storing data to remote servers, users lose their physical control over data and instead delegate the management of data to the CSP which are always un-trusted. There might be some concealment by the CSP for their own benefits when it comes to security threats both from outside and inside, with the consequences of data loss, tampering and damage. Therefore, how to verify the integrity of data in cloud is one of the urgent security problems in cloud computing.Traditional ways to ensure the data integrity are precomputing MACs or signatures for the entire data file, however, they are not suitable for cloud computing. The reason is that those methods require the whole data to be downloaded to the local disks before checking the data integrity, and users would suffer severely the large communication overhead as the data stored in remote servers always have a large quant.Recently, many schemes were proposed to solve the problem of remote data integrity checking. In all these works, great efforts were made to manage data infinite public verification with high efficiency both on computation and communication.As cloud computing develops, new cloud computing models depend on specific application scenarios and requirements begin to emerge. Unfortunately, most of previous works are not appropriate in these models. For example, in the mobile cloud computing environment, a practical data auditing scheme is required to have less computational complexity considering the resource constrained mobile devices. Also, security issues such as access control and identity privacy-protection are significant challenges in multi-users data sharing cloud computing environment.For the above considerations, this thesis proposes two data integrity checking schemes which respectively is applicable to mobile cloud computing and multi-users data sharing computing environment. Specifically, the main contributions are summarized as follows:(1) Design an efficient data integrity checking scheme, IBPS-PDP (Identity Based Proxy signature-Probable Data Possession),in mobile cloud computing, which reduces the computation load for both mobile data owner and public verifiers based on the advantages of ID-based technology. Introduce a proxy signer to mobile cloud computing model to generate verifiable tags for data owner, and reduce the computation overhead of mobile devices. What’s more, simplify public key certificate management and verification for verifiers. The security of this scheme is proved under the random oracle model. Analysis shows that the proposed scheme has low computational cost in the mobile devices compared to previous works, and is suitable for mobile cloud computing.(2) Propose an efficient integrity checking protocol, ABS-PDP(threshold Attribute-Based Signature Probable Data Possession),with identity privacy-protection. This scheme is suitable for multi-users data sharing storage environment. Threshold Attribute-Based signature allows any user who meets access control policy to generate valid signatures for shared data, and performs well especially for distributed network environment. In this scheme, the privacy of the signer is protected as it’s not possible for verifiers to infer signer’s attributes except the ones that are attached to the signatures, which means that the other attributes of the signer remain hidden. The analysis shows that this scheme is more flexible in access control policy and is more efficient in large group environment as the computational cost is independent of the group size. Finally, prove the security of this scheme under the random oracle model.At the end of this thesis, summarize the contributions of works, and explain the issues in remote data integrity checking that need to be further investigated.