| With the development of cloud storage technology,more and more users store data in the cloud.The technology of cloud storage saves users' local storage space at the cost of losing absolute control over data,which leads to some cloud storage data security issues.On the one hand,when the user deletes the data stored in the cloud,the cloud server only deletes the pointer,link or decryption key while the complete ciphertext data is still stored in the cloud.Once the attacker has saved the information in advance,he can steal and decrypt the cloud ciphertext to obtain the data.On the other hand,the increasing amount of data in the cloud will bring about numerous redundant data,which will waste the cloud storage space.In view of the above problems,this thesis focuses on assured deletion protocol and ciphertext deduplication protocol in cloud storage.It combines the research at home and abroad,the threats and the existing security protection strategy about the two kinds of problems in network security.Based on the principle of cryptography,this thesis makes improvements on the existing methods,and presents the solutions of cloud storage security.(1)The assured deletion protocol in cloud storage.In order to solve the problem that the cloud server still keeps the whole ciphertext after the data is deleted,the protocol first samples the data,then uploads the sampled ciphertext to a trusted third party for storage,and stores the remaining ciphertext in the cloud.When the data owner performs the data deletion operation,both the decryption key kept in the cloud and the sampled ciphertext stored by the trusted third party will be deleted.Since the cloud stores the incomplete ciphertext,even if the attacker attacks the cloud server,he is unable to decrypt the data information successfully.In order to solve the problem that the user's local decryption time increases with the data volume,the author proposes a partial outsourcing and decryption method.This method outsources complex bilinear pairing operations to the cloud server,and the user's local server performs simple decryption operations.Theoretical analysis and the simulation results shows that the protocol can meet the security requirements,reduce the local decryption time of the user and improve the efficiency.(2)The ciphertext deduplication protocol in cloud storage.This protocol extends the cloud storage assured deletion protocol so that it can simultaneously implement the ciphertext deduplication function.The ciphertext deduplication protocol consists of two parts:a duplicate data detection protocol and a user ownership certification protocol.Decision tree-based detection methods are used in the duplicate data detection protocol to improve inspection efficiency.The user ownership certificate protocol uses the information stored by the trusted third party for authentication without additional overhead.Theoretical analysis shows that these two parts of the protocol can meet the security requirements of cloud storage.(3)A subsystem for deterministic deletion and ciphertext deduplication of cloud storage data.This chapter explains the overall process of the protocol and briefly describes the functions that each module of the system needs to implement.Finally,the author concludes the research work and present some prospects of further studies on several aspects of cloud storage,such as the coding technology of cloud storage data and the implementation of the subsystem. |
PDF Full Text Request