Research On Assured Deletion Of Cloud Storage Data Based On SGX

With the development of science and technology,the data of users such as individuals and enterprises continues to increase,and many users choose to outsource their local data to cloud storage servers.When a user needs to delete data,because the data has left the local area,the user cannot directly control his data,and cannot guarantee that the data is actually deleted from the hardware storage space of the cloud storage server.When any user and cloud storage service provider cannot access the data in the cloud storage system,cannot be restored,or cannot generate useful information after restoration,the problem is defined as the assured deletion of cloud storage data.At present,there are many assured deletion methods for cloud storage data based on cryptography.The basic idea is to use a key to encrypt data,outsource the data to the cloud in cipher text form,and delete the corresponding data encryption key when data needs to be deleted,so as to achieve the purpose of deleting data.Many of these methods encrypt the data encryption key twice or more before storing the key in a thirdparty key management center,and there are complex encryption processes and key storage security issues.In addition,the third-party key management center that stores the keys is a third-party service like the cloud storage server,so its credibility cannot be guaranteed.For the existing problems,the main work of this paper is as follows:First,an assured deletion scheme for cloud storage data is proposed.This solution uses the idea of a cryptographic-based cloud storage data assured deletion solution.Before storing the data to the cloud storage service provider,the data encryption key is used to encrypt the data and the data encryption key is stored to a trusted third-party key management center.When the data owner needs to delete data,it uses the data deletion key to re-encrypt the data to overwrite the original data on the cloud storage server,and requests the trusted third-party key management center to delete the data encryption key.Finally,in order to verify whether the cloud storage data is actually deleted,a trusted third-party key management center is used to verify the deletion result and feed back to the data owner whether the result is successful.Secondly,a method for assured deletion of cloud storage data based on SGX is proposed,and the security mechanism provided by Intel SGX technology is used to ensure the reliability of the third-party key management center and the secure management of keys.Use Intel SGX's sealing mechanism to store data encryption keys,use Intel SGX's memory isolation mechanism to ensure the security of core code,data,and keys,and use the remote authentication of Intel SGX to ensure the credibility of the platform of the user and the third-party key management center.To achieve the purpose of determining and safely deleting the key.Finally,through simulation experiments and results of security analysis and performance analysis,the proposed scheme can effectively ensure the assured deletion of cloud storage data and the security of keys stored in a third-party key management center.This solution can effectively avoid brute force cracking,man-in-the-middle attacks,and collusion attacks,and can also achieve fine-grained deletion of cloud storage data,and the time overhead after the introduction of Intel SGX has little effect on the overall performance of the framework.