The Reserarch Of Efficient Signature And Authenticated Encryption Mechanism In Cloud Computing

With the rapid development of cloud computing and the explosive growth of the user and the service content, the cloud computing is faced with various challenges in different aspect such as security, availability and perfromance. In the cloud network, users are lack of the control for the date and computing stored in the server, which means they are not sure whether the date be safe or the tasks be properly executed. The dynamic, stochastic, complex and open cloud network makes the traditional security scheme not applicable, and it also hinder the futhur development and application of cloud computing. There it is necessary to design a corresponding security mechanism to protect the confidentiality, integrity and availability of data, and make sure the data is performed correctly in cloud server.In the open network environment, the communication security need to achieve two characteristics both confidentiality for message and certification for the sender’s. Under normal circumstances, people use encryotion and signature technology to achieve these two objectives. Because it can realize the confidentiality of mssage and authentication of the sender at the same time, the authenticated encryption scheme draws much attention of scholars since it was first proposed. Besides, there are frequent data sharing in the cloud network, which will lead to disputes in the ownership of data. Compared to the authentication encryption based on the symmetric technology, the authentication encryption based on the asymmetric technology can provide the non-reputation of the data, so it is more suitable for the cloud computing.Because of the diversification user demand and mutil-layered service provider, it is unable to meet the security requirements of cloud network by using only the traditional asymmetric cryptography. Based on the identity-based cryptography, the attribute-based cryptography extends the content of identity as a collection of a series of attributes, and integrate the access structure into the identity-based cryptography, which makes only the users meeting the specified attribute or access structure can perform encryption or generate signature. The attribute-based cryptography can be applied in cloud computing to protect the privacy with its emphasis on the anonymity.This paper mainly focuses on the research of signature and authenticated encryption mechanism in cloud computing, main content includes:(1) The basic math theory and related cryptography tools are revieded in this paper, includes the difficulty problems, access structure, bilinear map theory and the theory of provable security. Then, the paper illustrates the formal definition and security model of asymmetric cryptography.(2) Aiming at a common defect of attribute-based threshold ring signature schemes that failed to resist the collusion attack by malicious members, the paper proposes an attribute-based alterable threshold ring signature scheme with conspiracy attack immunity. Once users’signature attributes meets required threshold value k of the access structure, they can generate a valid signature passed through the verification. The scheme keeps not only the anonymity, but also traceability, which means the attribute authority can trace the signature’s owner in case of necessity. Finally, the proposal satisfies existential unforgeability and anti-collusion attack against adaptive chosen message attack in the random oracle machine, and the proposal meets the requirement of indistinguishability among the users with the same attribute for signature.(3) As for there are some defects like highly cost of revocation, coarse granularity of revocation in the existing attribute-based encryption scheme supporting the revocation, the paper proposes a ciphertext-policy attribute-based encryption scheme supporting fine-grained directly attribute revocation. By embedding the relative secret information about user’s revocation attributes, the scheme can protect the ciphertext from being descrypted by illegal users. And the paper gives a strict formal definition of the revocable attribute-based encryption, and proves the proposed scheme have the ciphertext indistinguishability under the adaptive chosen attacks in the random oracle model and the dicision q-BDHE assumption.(4) As there are some defects like inefficient, hidden security dangers, lacking for a formal security proof in the existing division threshold authenticated encryption scheme, the paper proposes a threshold authenticated encryption scheme based on the message blocking, and gives a formal definition and security model of such schemes. In the random oracle model, the scheme is proved to have the confidentiality and unforgeability under the adaptive chosen message attacks by a formal analysis.(5) Base on the above theoretical research and the characteristics of cloud network, the paper developes a simulation system of authentication and encryption algorithm by Java Web. And the paper proves that all the proposed schemes performance better in efficiency compared with the existing schemes.