Cloud Storage Data Security Deduplication And Integrity Audit Protocol Design And Implementation

With the widespread use of cloud computing and cloud storage services,an increasing number of enterprises and individual users outsource their data information to cloud service providers so that they can enjoy the data storage and computing services provided by cloud service providers anytime and anywhere,and it also can reduce data storage and maintenance costs.However,more and more data is stored in the cloud,which leads to a lot of redundant data.For cloud service providers,how to reduce the storage of the same files has become an urgent demand to save cloud storage space.At the same time,the cloud server is honest and curious,it may try to steal user's data information.Therefore,before uploading data to the cloud server,users usually need to encrypt the data to achieve data privacy protection.In addition,users outsource their data information to the cloud server,which will lead to their loss of the absolute control of the data.Cloud server may intentionally or unintentionally destroy the user's data,so how to ensure the security of cloud data has become a nonnegligible problem.Therefore,this paper focuses on the deduplication of the encrypted data and data integrity audit in cloud storage.The main work is as follows:(1)Aiming at the security defects existing in convergent encryption of client-side data deduplication scenario,we use blind signature to construct a secure key generation protocol,by introducing a Key Server to achieve the secondary encryption of keys,which efficiently prevents violence dictionary attacks.On this basis,we further propose a block key signature-based Proof of Ownership method for users to prove their ownership of a file to cloud server through a more safe and valid way,and it can realize both file-level and block-level deduplication of encrypted data simultaneously.In addition,the theoretical analysis and simulation results show that the scheme can satisfy more security attributes and better performance.(2)For the existing public audit scheme,only a single group manager is considered in the group users.By improving the revocable group signature and(t,s)threshold scheme,a public auditing scheme EPAM is designed for sharing data among multiple managers.The scheme can realizes the identity privacy,traceability and non-frameability of the user,and the security analysis shows that the scheme EPAM can be proved to be secure in the random oracle model.In addition,compared with the existing schemes,the experimental results show that the scheme EPAM has a small computational overhead.(3)We make use of the elastic computing service ECS,object storage service OSS and relational database service RDS of Aliyun.At the same time,we use the JPBC library function and JavaWeb development tools to realize the prototype system of a cloud storage data secure deduplication and integrity auditing.The system can simulate the design of our scheme and the existing scheme,so as to verify the computational cost of each scheme in different aspects,so that we can compare and analyze the performance of different schemes.