Research And Application On Data Security And Privacy Protection Method In The Cloud Environment

Cloud computing is a new mode of computing and storage.Users do not need to master professional skills,as long as they pay according to their own needs,they can enjoy convenient network services.When we use cloud services,we need to upload data to the cloud server.In this process,we inevitably face the challenge of data security.How to ensure the privacy and security of data in the cloud environment has become an urgent problem to be solved.The protection of data privacy and security in the cloud environment is mainly divided into two aspects,one is to protect the privacy of data,the other is to ensure the integrity of data.Identity authentication is the primary security mechanism for cloud services,which can effectively prevent illegal users from acquiring the private data in the cloud server.However,existing authentication schemes have privacy protection defects and high computational complexity.At the same time,for the data stored in the cloud server,the integrity of the data needs to be guaranteed.The computational cost of existing data integrity auditing scheme is too high to meet the requirements of mobile device access.This thesis mainly studies identity authentication and data integrity auditing,and combines SM9 cipher algorithm to propose efficient security mechanisms.The research work of this thesis mainly includes the following contents:(1)In view of the problem that identity authentication scheme has privacy protection defects in the cloud environment,we combine password,mobile device and biometric information to construct a multi-factor identity authentication scheme in the cloud environment.The scheme allows user to log in anonymously and realizes mutual authentication.The scheme introduces biometric information as an authentication factor,which is more secure than traditional password authentication.Through security analysis,the scheme can resist internal attacks and replay attacks.Compared with some existing authentication schemes,this scheme has high authentication efficiency.(2)Aiming at the problem of low efficiency of digital signature verification in the cloud environment,we combine SM9 cipher algorithm to design an identity-based aggregate signature scheme(SM9-IBAS).Aggregate signature can combine many signatures generated by multiple users into one signature.The verifier only needs to verify this aggregated signature to implement the verification of multiple signatures,which greatly improves the efficiency of verification.In random oracle model,it is proved that the SM9-IBAS scheme is existentially unforgeable against adaptive chosen message and ID attacks.Compared with some existing aggregate signature schemes,the SM9-IBAS scheme is more efficient in batch verification under the premise of ensuring security.(3)In view of the problem that the existing data integrity auditing scheme has high computational complexity in the cloud environment,we combine the SM9-IBAS scheme and the third party auditor to design an identity-based data integrity auditing scheme for cloud storage.Due to the lower computational complexity of the SM9-IBAS scheme,this scheme has performance advantages compared to existing data integrity auditing schemes.