Research On Practical Cloud Data Auditing Protocol

Cloud storage provides services for files' remote management and backup,which makes it possible for users to access data anytime,anywhere,through any network accesss point.This storage mode provides customized services to users,which not only reduces the overhead of data management for users,but also makes it more convenient for users to access and recover data.However,it is also risky for users to upload their data to a third-party.Especially for companies or enterprise users to simply encrypt the managed file is far from satisfactory.In order to give users the ease of storing data to the cloud service providers,they must give users the right to verify their data integrity on the cloud server.At the same time,the dynamic operation of data occurs frequently in the real cloud environment,and it is necessary to give users the right to update their data stored on the cloud server.Therefore,it is a great challenge to design a cloud storage protocol,which perfectly integrates the seemingly contradictory data integrity verification and data dynamic operation.Solving this challenge has both theoretical and practical significance.The purpose of this thesis is to design a practical cloud data auditing protocol.The main tasks are as follows:1.We review the existing cloud data auditing protocols.The advantages and disadvantages of each scheme are analyzed in details.We study the construction technique of the scheme to avoid the same security holes happen in our own design.Combined with the requirements in real-world scenario,we hope to provide a perfect solution.2.We propose a cloud data auditing protocol based on homomorphic message authentication code in which we use algebraic one-way function to solve the security issues happen in the case of small data domain.We construct the secure cloud data auditing protocol without adding too much computing and storage costs.We not only complete the scheme theory construction and prove the security of the scheme,but also implemente a system prototype using programming language,test and analyze the performance of each algorithm in the scheme.3.In real scenario,users do not simply store data on the cloud servers,they also perform dynamic operations on the data frequently.We improve the data authentication structure of Merkle Hash Tree(MHT)to make the tree nodes contain more information.So that each file blocks' dynamic operations will have no influence on other blocks,especially tags of the file blocks will no longer need to recalculate.In other word,we separate the file tag calculation and verification of the file blocks' location information completely.We implement the dynamic operation of the data without affecting the original efficiency.In constructing the scheme,we put the users' metadata that should maintained by the user on the cloud with its ciphertext.The user simply keeps the encryption key and the message authentication code key,thus reduce the storage costs of the user which makes the scheme more practical.