Research On Cryptographic Protocol For Secure Data Sharing In Cloud Storage

In recent years,the market demand for services provided by cloud infrastructure has further expanded with the emergence of emerging cloud applications such as Artificial Intelligence,Internet of Things,Fifth Generation Mobile Communication Technology,Software Defined Network and Network Functions Virtualization.More and more embedded devices are joining the Internet to monitor and connect everything,which is expanding the scale of data generation and generating huge amounts of data.As a basic cloud service,cloud storage allows users to store their data by transferring data over the Internet to a remote storage system maintained by a third party.The cloud storage system provides users with an efficient and convenient data management mode,freeing users from the hardware requirements and complexity of storage facility deployment.Data owners choose cloud storage services to securely share their data with data users by virtue of various advantages of cloud storage,and then generate value through data fusion and mining,thus promoting the development of emerging digital industries.Data sharing enables users in different physical locations,holding different terminal devices and using different software to obtain data from others in authorized ways and use it for various operations,calculations and analysis.This makes data no longer an isolated data island and increases the value of data.However,the negative externalities of data sharing activities in the cloud environment,including the security and privacy of data and user identity,have become an unavoidable sticking point when people hesitate to use cloud storage services.Therefore,it is of great significance to establish and improve the secure cloud storage system,realize the secure sharing of cloud data,and enable data to enter the computing process securely.Emerging technologies and surging data volumes put forward more diversified and complicated requirements for cloud storage security,privacy,efficiency and application scenarios.These requirements are reflected in the data source,use,and storage process of the data cloud storage.Requirements at each phase are described as follows.(1)In the data source phase of cloud storage,users sometimes divide specific single identity information into a set of attributes to mark personal identity in order to protect identity privacy.Due to the large number of users on the cloud,while ensuring user identity privacy,we need to consider the following questions:How to manage multiple attributes of many users?How to accurately implement fine-grained authentication process after identity splitting?How to handle the extra computation?How to ensure the reliability of data sources?How to obtain an efficient and fine-grained attribute-based authentication protocol is an urgent problem to be solved.(2)In the data use phase of cloud storage,the current scenario of a single authorization authority is tired of dealing with the increasing number of cloud users.In addition,the system may crash due to single point of failure.Therefore,a high-performance cluster is required to replace a single authorization authority in the authorization phase.When multiple authorization authorities generate authorization for a certain access request of the same user,they need to interact with each other for several times to prevent users from forging the authorization with historical authorization.This increases the communication burden on attribute authorities.How to ensure the accuracy of access rights distribution in data sharing and how to obtain a multi-authority authorization protocol with efficient transmission and less computing loss are the problems that need to be discussed.(3)In the data storage phase of cloud storage,users often outsource the cloud storage data integrity check to a third party due to low performance and lack of attention.However,due to the complexity of the cloud environment,the third party in the cloud is often not trusted.How to outsource the periodic task of checking the integrity of the stored data to a third party with sufficient computing power while ensuring the security of the stored data?How to verify that the auditing tasks outsourced to them are faithfully performed?How to obtain a scheme to ensure the correctness of data storage is an urgent problem for us to solve.In addition,auditing labels are generated for cloud storage data to be audited at the beginning of upload and stored together with the data.In the past,the number of labels was equal to the number of data blocks,which caused considerable additional storage burden and transmission pressure for users.How to reduce the storage of auditing labels in the cloud and obtain a public auditing scheme with both security and efficiency is a problem we need to solve.Then,after data is uploaded to the cloud,users may need to perform dynamic operations on the data,such as adding,deleting and modifying,etc.Besides obtaining the uploaded data,sometimes users also need to share their data with other users.In dynamic operation scenario and data sharing scenario,the technical transformation of the basic auditing scheme to adapt to these specific application scenarios also needs to be further studied.In view of the above challenges arising from the data source,use,and storage process of cloud storage,this dissertation aims to achieve secure sharing of cloud storage data,taking security and efficiency into consideration.The cloud storage data source authentication process is realized by using attribute-based signature scheme,the cloud storage data authorization process is realized by using anonymous key issuing protocol,and the cloud storage data auditing process is realized by using functional commitment scheme.And focus on two scenarios of data dynamic update and group member data sharing.The research is carried out in the context of the application of low-performance terminals in the Internet of Things.The main work is described below.(1)In the data source authentication phase of cloud storage,in order to ensure the reliability of data source,we first constructed an efficient and fine-grained multi-authority attribute-based signature scheme based on co-CDH assumption.Aiming at the innovation of access structure,the threshold structure between attribute authority and root node is added in tree access structure,which makes the scene that attribute-based signature scheme can deal with more flexible.In addition,Blakely’s secret sharing scheme is used to construct a signature scheme,and Hadamard matrix is used to characterize the secret sharing of(n,n)gate.This reduces the computational cost of signature and verification algorithms,and makes the scheme more suitable for cloud storage scenario with low-performance terminals in the Internet of Things.Then,the calculation and transmission efficiency of the scheme are verified by theoretical analysis and experimental simulation.Finally,the dissertation presents a multi-authority attribute-based IoT cloud storage authentication scheme.(2)In the data use authorization phase of cloud storage,to ensure the accuracy of data sharing permissions,we first propose a non-interactive zero-knowledge proof aggregation exponentiation protocol.It helps to aggregate multiple secret values into a single value for a secret transfer.It reduces the amount of transport and storage during interactions without compromising security.Then,we use it to construct an aggregate anonymous key issuing protocol to generate an authorization key for a group of authorization information for user.Similarly,the protocol aims to aggregate multiple transport values into one in an interaction,thereby reducing transport losses while ensuring security.Finally,the calculation and transmission efficiency of the scheme are analyzed from two aspects of theoretical analysis and experimental simulation,which proves that our scheme is secure and effective.(3)In the data storage auditing phase of cloud storage,in order to ensure the correctness of data storage,we first modified the functional commitment scheme proposed by Libert et al.,so as to design an auditable verifiable database(VDB)scheme using the function binding of functional commitment.Two update algorithms are added on the basis of the original Libert’s scheme.Under the l-BDHE assumption,a concrete scheme with updatable functional commitment is constructed.Compared with the Libert’s scheme,our scheme has fewer parameters and are more efficient.Secondly,we point out the security problems caused by the fact that Jiang et al.’s auditing scheme does not consider the real-time generation of auditing labels.A public verifiable and updatable VDB scheme based on functional commitment and group signature is proposed,which does not incur much computational and storage overhead.Then,our scheme is suitable for large-scale data storage,in which the auditing labels of multiple data are combined into a single label,greatly reducing the cost of user communication.Our proposed scheme not only retains all the characteristics of the original VDB scheme,but also implements effective privacy protection integrity audit,traceability and non-frameability.Our scheme uses random masking technique to protect data privacy from auditors,and sparse vectors are used for sampling audit to improve scheme efficiency.In addition,it supports dynamic group membership operations,including join and revocation.Our VDB supports batch auditing,multicloud server,multi-user,and multi-storage vector scenarios.Finally,secure analysis and experimental comparison with existing schemes show that our VDB scheme is secure and effective.To sum up,this issertation aims to establish and improve the secure cloud storage service system.The security and privacy issues involved in the data source,use and storage process of cloud storage are analyzed.More efficient and flexible concrete security solutions are proposed.At the same time,some existing cryptography tools are improved to make them more suitable for specific application scenarios in cloud storage.We provide security proof for each scheme and simulate them using the computing platform Amazon Web Services.We hope that this dissertation can provide some ideas and theoretical basis for building a secure and efficient cloud storage service system.