Research And Application Of Identity-Based Provable Data Possession In Clouds

With the explosive growth of data volume and the continuous development of cloud computing technology, more and more users are choosing to outsource their data storage to relieve pressure. Since cloud storage is pay-on-demand, highly extensible and accessible, it has become the preferred way of outsourcing their data. However, users’ concern about the security of their remote data has become the resistance of further development of cloud storage service. Therefore, how to prove the remote data is unmodified has become a core problem in cloud storage.In this thesis, we study provable remote data possession. Based on the predecessors’ research, we design new schemes which not only can meet users’ requirements, but also can reduce their burden and protect privacy. The main work is as follows:1. This thesis presents the research meaning of provable remote data possession and reviews the research status. Then, we introduce the basic knowledge of cloud storage and provable data possession. At last, we give the detail on the classic model of provable data possession including design method, safety requirements and main performance parameters.2. In this thesis, considering users’ requirements and the shortcomings of existing schemes, we design an identity-based authorized third party provable data possession in clouds. The new cheme is based on bilinear pairings and uses identity-based encryption technology to reduce the burden of certificate management. At the same time, the scheme only allowes the third party who has user’s authorization to complete data aduit process. In addition, data block-tag pair check is introduced to achieve fair responsibility for both sides. We give the concrete procedures,security analysis and performance analysis.3. Considering the authorized provable data possession scheme is difficult to revoke the existing authorization, this thesis proposes an identity-based revocable authorization provable data possession scheme. It is still based on bilinear pairings and identity-based encryption. But by introducing the idea of separated authorization, the scheme can revoke the third part’s authorization with a low cost. We also give the scheme design, security analysis and performance analysis.4. This thesis introduces the concept of Hadoop Distributed File System and MapReduce, and gives basic operation methods of Hadoop cloud storage platform. Through simulation experiments,we analyse the computational overhead, additional storage costs and communication overhead of the two schemes in detail.