Research On Key Technologies Of Cloud Storage Data Confidentiality

With the development of cloud computing,cloud storage has been becoming a popular way of data storage and data sharing for enterprise or individuals.In a cloud storage environment,the protection of data becomes very important because the data is out of user's control and the provider of cloud storage may not be reliable.Currently,encrypting data has become the main strategy to protect data.Because of the complex key management mechanism and poor expansibility,data protection requirements cannot be satisfied in various online applications with a large number of users.Therefore,it is significant to study the efficient scheme on data confidentiality protection in cloud storage environment.The thesis research on both distribution of attribute key and attribute encryption,after analyzing and summarizing the research on the protection of confidentiality on cloud storage data at home and abroad.The main work and innovations of this thesis are as follows:1.Aiming at the problem of "Authority deception" and the large computation cost of attribute restoration in the key distribution center,it proposes an attribute key distribution scheme under the environment of low reliance on trusted centers.In this scheme,the users' attributes are generated by the Cloud Storage Service Provider(CSSP),and then the attributes are divided into several attribute blocks and distributed.The user exchanges attribute blocks with other users and restores the attributes through the Chinese Remainder Theorem after receiving the attribute blocks.The multiple Key Management Centers(KMC)generate the attribute parameters according to the user attributes;the last user calculates the attribute keys through the received attribute parameters.This scheme avoids the problem of " authority deception " with high computational efficiency.Finally,safety analysis and experimental results show that the scheme is safe and efficient.2.Aiming at the problem of the time overhead on the attribute encryption algorithm and the data backward security problem which caused by attribute revocation,a hybrid encryption scheme is proposed in this thesis.The scheme uses CP-ABE scheme and KP-ABE scheme to encrypt and decrypt the data.Encryption process does not require the attributes of all users,reducing the time for data encryption,it can also resist collusion attacks from unauthorized users.In this scheme,a data re-encryption algorithm is proposed.When the status of the user changes,the attribute key will be updated and then the data,which protects the data from backward security.In this scheme,no key negotiation is required,which improves the efficiency of data encryption.Finally,safety analysis and experimental results show that the scheme is safe and efficient.