Research On Attribute-based Cloud Data Auditing Protocols

Cloud storage can greatly reduce the burden of data management for users,and get access to cloud data anywhere at anytime.Thus,it gains popularity during the past few years.Nevertheless,cloud service provider is not fully trusted,it brings some security risks when cloud storage is in a booming development.Data integrity,as a core security issue in reliable cloud storage,has attracted much attention from both industry as well as academia.A data auditing protocol is an effective tool to verify cloud data integrity by involving spot-checking and homomorphic cryptography.It enables a verifier to efficiently check the integrity of the outsourced data without downloading the entire file in the cloud which can dramatically reduce the communication overhead between the servers.However,the exisiting cloud data protocols are mostly based on public key infrastructure or a certain identity,which bring complex key management challenges.To address the issues above,this thesis puts forward the concept of attribute-based cloud data auditing protocols for the first time by borrowing the idea of attribute-based cryptography,and studies the security model,protocol design and implementation of attribute-based cloud data auditing protocols.The main contributions of this thesis are listed as follows:1.We summarize the related work of the cloud data auditing protocols and find that the existing cloud data auditing protocols are all based on public key infrastructure or based on a certain identity,and therefore need to rely on public key certificates or the local maintenance of a certain string as their own identities,which undoubtedly increases the burden for the users.This paper presents the concept of attribute-based cloud data audit protocol,which makes a useful exploration for the new design of cloud data auditing protocols.2.We proposed the primitive of fuzzy identity-based cloud data auditing,the first in such an approach,in which cloud users can utilize their own fingerprints,iris and other biometrics as their identity information to complete the cloud data uploading and auditing work.We formalize the system model as well as the security model for this new primitive.We then present a concrete construction of fuzzy identity-based auditing protocol.The new proposed protocol offers the property of error-tolerance to deal with the noise in multiple biometric samples.We prove the security of the proposed protocol under the classical Shacham-Waters framework.Finally,we develop a prototype implementation of the protocol which demonstrates the practicality of the proposal and the stability of the system.3.Based on fuzzy identity-based cloud data auditing protocols,we propose attribute-based cloud data auditing protocols,in which the attribute sets can be regarded as a set of the identities of the user.It can bind the private key to achieve the cloud data uploading.In the auditing phase,cloud data users can specify some certain people with similar sets of attributes to verify the integrity of the cloud data,if and only if the two sets of attributes are sufficiently close.We formalize the system model and security model in this thesis and present a concrete scheme.The proposed scheme can provide an attribute privacy preserving and can resist collusion attack.We prove the security of our protocol based on the computational Diffie-Hellman assumption and the discrete logarithm assumption in the selective-ID security model.Finally,the protocol is implemented to test the efficiency of the algorithm.