User Data Security Protection In Cloud Storage

Cloud storage is one of the most popular services supplied by cloud computing for numerous Internet users. Employing cloud storage, users can conveniently and effectively manage their massive amount of data with a low cost. Meaning while, users will lose physical control of their data once they are outsourced to the cloud. Hence, how to guarantee users to effectively manage their data in a secure manner becomes an important issue in cloud storage. This thesis focuses on the security protection of users data in cloud storage. We investigate methods for fine-grained access control of users’ confidential data as well as techniques for integrity checking of users’data.For the effective management of the access control of users encrypted data, we introduce the concept of certificateless mediated decryption by combining the techniques of certificateless encryption, key encapsulation, and secret sharing. After the specification of the formal definition and security model, we put forward a concrete certificateless mediated decryption scheme and prove its adaptive chosen-ciphertext security in the random oracle model. The scheme involves a user (delegator), a mediator and a delegatee. It realizes the sharing of the delegator’s confidential data by sharing the encapsulated key between the mediator and the delegatee. Even if the mediator and the delegatee collude together, they cloud not get the delegator’s private key and any data information contained in other ciphertexts of the delegator. Then we apply our certificateless mediated decryption scheme to cloud storage system and propose a fine-grained access control scheme of users’cipher-texts, in which the certificateless mediated decryption scheme plays a core role.With respect to data integrity checking, following a deep analysis of some existing Provable Data Possession (PDP) schemes, we come up with a publicly verifiable certificateless remote provable data possessions scheme (CL-PDP) using a certificateless homomorphic signature scheme. The security of the scheme is proved under the classical CDH assumption. In the proposed CL-PDP scheme, there is no need to download the complete data for the checking its integrity, and any legal user in the system can perform integrity checking for any user’s data. Moreover, to deal with the situation where a data requester need verify the integrity of multiple files from different users, we present a multi-file integrity batch verification scheme through the use of an aggregate signature scheme with designated verifier. In this scheme, the data requester can verify multiple files’ integrity at the same time. In this way, the efficiency for checking multiple files’ integrity can be greatly improved.As for the performance of our proposed schemes, we at first give a theoretical analysis on the computation and communication cost for the certificateless mediated decryption scheme and the CL-PDP scheme. Then we verify the correctness and effectiveness of the schemes by experiment simulation. The results show that our schemes can achieve a fairly good efficiency.Since data security is one of the most important requirements in cloud storage, the study on the protection of data confidentiality and data integrity in this paper have good theoretical significance and practical application value for the development and extensive use of cloud storage.