Research On Provable Data Deletion In Cloud Storage

Cloud storage allows customers to store their data on remote cloud servers to reduce the burden of data management and storage.However,provable data deletion is an issue that is important and challenging but received much less attention.The salient features of cloud services such as multi-tenancy,virtualization and elasticity cause logically deleted data can be easily exposed to non-authorized users.Moreover,cloud server might not delete customers' data according to their request for hidden commercial value.Hence,assured deletion is highly required to preserve the cloud users' privacy and is a necessary part of data retention regulations in cloud storage.How to achieve provable data deletion is a challenge.To address the issues above,this thesis investigates the design goals of assured data deletion and formalizes its security model,then proposes two provable data deletion schemes in cloud storage by borrowing the idea of existing cryptographic primitives and data structure.The main contributions of this thesis are listed as follows:1.We summarize the related work of the assured data deletion and find that existing cloud data deletion schemes are mostly time-based.When file is created,the user needs to set an expiration time for the file.The trusted key manager will remove the coerespoding key when the expiration time is reached.In some protocols,by revoking the policy,the corresponding control key is removed,making the file unrecoverable.Those schemes rely heavily on trusted key managers,and will cause single-point-of-failure problem.The introduction of multiple key management centers leads to higher computational overhead and communication overhead.2.We propose a provable data transfer scheme to achieve the data integrity,availability and secure deletion in data migration between two clouds.Specifically,by combining the PDP and provable data deletion,our scheme not only allows the cloud to generate a concise proof to convince the data owner that the outsourced data are transferred to the server without any corruption,but also enables the cloud from which the data are migrated to prove the deletion of the transferred data.Due to the limited storage space and bandwidth of data owners,we achieve the proof of secure data migration with small resource cost.3.We propose a new approach to address the data deletion issue by utilizing attribute-based encryption primitive.Specifically,we describe a key-policy attribute-based encryption for assured deletion that allows users to achieve fine-grained access control and verifiable data deletion.Our scheme associates outsourced data with attributes and achieves assured data ddeletion to make them unrecoverable to everyone by revoking the attribute that is indispensable for users to access the file.Our construction makes use of the attribute revocation cryptographic primitive and Merkle Hash Tree to achieve fine-grained access control and verifiable data deletion.The detailed security proof and implementation results demonstrate the security and practicality of our proposal.