Research On Provable Data Possession Schemes In Cloud And Related Problem

Verifying the integrity of outsourced data is of crucial importance in the cloud storage servers (CSS), thus, the numerous Provable Data Possession (PDP) schemes have been proposed to settle this kind of problems. Most of the existing PDP schemes are public verifiability and they are not controllable since there are a huge number of verifiers, while the existing private PDP scheme are limited to a minor-ity of verifiers. However, in some cases, different users need to validate different data so as to use the data correctly. Therefore, the specific data must be matched with the specific users accordingly, but the existing PDP schemes cannot satisfy these requirements. Moreover, it also cannot add and revoke verifiers efficiently and dynamically in these PDP schemes.This thesis mainly presents two types of provable data possession schemes: provable data possession scheme with data hierarchy in cloud and identity-set based provable data possession scheme in cloud. Moreover, we present the modified role-based signature(RBS)and its full security proof under the role-based access control (RBAC) structure which is involved in the PDP scheme with data hierarchy in cloud. Our main research results are summarized as follows:1) Firstly, we construct a PDP scheme with data hierarchy in cloud. In our scheme, the data owner integrates different data into the data hierarchy, and then clas-sifies and authorizes clients different permissions to access the data in the data hierarchy. Moreover, the CSS send a commitment-value which is previously obtained from the data owner to the trusted third party to arbitrate between them when the controversy on the integrity of data happens without revealing the secret keys. It is efficient to add and revoke verifiers in the PDP scheme with data hierarchy.2) Next, we propose an identity-set based PDP in cloud to settle the problem of verifying subset in user groups. The existing PDP schemes including the PDP scheme with data hierarchy in cloud cannot solve this problems. Then, we devise a new PDP scheme by using identity-set based broadcast encryption (SBE). In our scheme, through using SBE. we construct two types of modes: selection mode and revocation mode. In the selection mode, we can efficiently authorize a minority of users permissions to validate integrity of the data; in the revocation mode, we can revoke a minority of users permissions to validate integrity of the data. In a word, subset of users'dynamically verifying problem is solved efficiently in our scheme.3) Finally, we present a modified RBS scheme based on the Zhu et al.'s role-based cryptosystem (RBC), and its full security proof. Since the PDP scheme with data hierarchy in cloud in the paper uses the hierarchical structure in RBAC, but Zhu et al. have not proposed the security analysis of the RBS in their RBC. Therefore, we propose a modified RBS scheme, and proof that this scheme is existentially unforgeable under the weak attack based on strong Diffie-Hellman(SDH)hard problem assumption and the random oracles model by Forking lemma.