| With the wide application of cloud storage technology,data security has been paid more and more attention by users.Typically,the users store encrypted data in the cloud,which guarantees the security of users data and produces the corresponding ciphertext data reprocessing problem.In particular,ciphertext deduplication and ciphertext conversion are the two most important security functionalities in cloud storage.Although some progress has been made in the study of ciphertext deduplication and ciphertext conversion schemes,there are still many problems to be further studied.Malicious cloud server tends to pretend an uploader to carry on online brute-force attack by interaction with data owners or carry on offline brute-force attack based on hash value of the file in the ciphertext deduplication schemes.Meanwhile,in the process of poof of file ownership,a malicious uploader performs a side-channel attack by the way whether the file is deleted or not.In addition,many existing ciphertext deduplication schemes do not give the solution of offline deduplication.Generally,the ciphertext conversion schemes use proxy re-encryption technology to improve the efficiency of data sharing.In other words,the agent uses re-encryption key to encrypt the ciphertext of authorizer.However,the collusion of the malicious agent and the authorized user may obtain the private key of the authorizer or the other information of the authorizer,which is unfavorable to the data privacy of the authorizer.Aiming to the current security problems of ciphertext deduplication and ciphertext conversion schemes,this thesis has done the following work:1.The thesis proposed a deduplication scheme for encrypted data both online and offline.In the online situation,the cloud server uses the technology of proof of file ownership to verify whether the users own the file.Different users produce different file proof for the same file,which ensures the freshness of the file proof and can resist the replay attack of the file proof.Meanwhile,the proposed scheme uses a random threshold method to resist side channel attacks.In addition,the file rate limit policy and a special hash function are used respectively in the proposed scheme to resist online and offline brute-force attacks.In the offline case,the proposed scheme introduces a trusted third agent to replace the data owner.Security analysis shows that the proposed scheme is semantic security in the random oracle model both online and offline cases.2.Qiu et al.proposed an identity-based proxy re-encryption without random oracles.It was claimed that their scheme can resist collusion attack.However,security analysis shows that their scheme is vulnerable to collusion attack.The thesis proposed an improved identity-based proxy re-encryption scheme,which can resist collusion attack.To resist collusion attack,the improved scheme redefines the proxy re-encryption key generation algorithm and embeds a random number in the partial key of the proxy re-encryption key.The random number is packaged in bilinear pairing,therefore it cannot be acquired by the proxy.Based on the DBDH assumption,the improved scheme is CCA security under the standard model. |
PDF Full Text Request