Research On Mechenism Of Data Confidentiality And Data Integrity On Cloud Storage

Data sharing for the cloud storage is becoming a significantly important research subject ever since the increasing amount of data.Data sharing security on cloud server includes data confidentiality and data integrity.For data confidentiality,Attribute-based Encryption(ABE)is a suitable access control encryption system that applied to cloud storage.It remains lots of problems,for example,user revocation safety,key-escrow problem,multi-authority realization,etc.For data integrity,the traditional signature and verification process is no longer satisfy the demands of cloud environments.It is hard to guarantee data integrity on cloud server because of machine damage,adversary attack and dishonest of cloud server.However,it is impossible that we leave data integrity verification burden to users.Apart from this,the responsibility is difficult to judge if users and the cloud hold their own words when data was missing.Thus,our research focus on dealing with data sharing security on cloud server.Our research mainly from three aspects.The cryptanalysis of attribute-based data sharing scheme for data access security for cloud computing,the mechanism of multi-authorities custom reading and writing strategy cloud sharing,the mechanism of anonymous dynamic integrity verification.The details are as follows:1.The author analyzes an attributed-based data sharing scheme supporting fine-grained revocation proposed by Hur and state its loopholes.Hur claimed that he solved fine-grained user revocation problems.However,the author provides two kind of attack that break through its former and backward security.On the one hand,the revoked user(deleted from one attribute group)can still decrypt the ciphertext as long as he possesses at least one legal attribute belong to ciphertext's access structure.On the other hand,collusion attacks conducted by revoked user and the cloud server cannot be prevented.Even though the revoked user does not meet the first attack condition,he can still update it revoked attribute key by colluding with the dishonest cloud server.The author provides suggestions to prevent such attacks in Hur's scheme.2.There are very few studies focus on separating user operation permissions in attributebased data sharing system.The existing studies has defects of low signature efficiency,long signature length and complex verification algorithm.The author proposes a decentralized ciphertext policy attributed-based data sharing scheme that alows data owners to define the read-only users and read/write users separately.By connecting the access structure directly to ciphertext,owners can make sure only read/write users can modify the data.Read-only users and read/write users can decrypt the ciphertext by combining qualified attribute keys.To realize such function,the author combines the CP-ABE algorithm and BLS algorithm together.The author proposes a scheme with high compatibility with existing CP-ABE scheme to define different user operation permission.The author provides the security analysis and performance simulations as well.3.The majority of existing public auditing scheme are short of identity preserving mechanism and dynamic user operation.The only anonymous public auditing scheme failed to realize dynamic user operation,let alone efficient and secure revocation process.The author develops an Identity-Preserving public Integrity Checking scheme with Dynamic Groups(IPIC-DG)for cloud storage.Firstly,the IPIC-DG scheme can realize the whole anonymity.On the one hand,no one except the group manager can discover the real identity of users.On the other hand,even the manager,who issues user's secret key,is not capable of forging signatures on behalf of others.Secondly,the author proposes an anonymous public integrity verification protocol that not only supports integrity checking without retrieving whole data from the cloud,but also protects the signer's identity during the whole process.The author utilizes group signature to construct a homomorphic authenticator on each file block to guarantee the anonymous remote data integrity checking.Thirdly,the scheme supports a way of dynamic user operation that greatly improves the efficiency and feasibility of user revocation.At last,the author formally proves our IPIC-DG scheme anonymous under chosen ciphertext attack and existential unforgeable under chosen message attack.Experimental results show that IPIC-DG scheme advance the state-of-art in both computation complexity and communication overhead.