Research On Key Technologies Of Data Secure Outsourcing In Cloud Storage

With the explosive increase of data,cloud storage has become a prevalent way,which provides users with a fast and convenient way to manage data.However,in cloud storage,users’ outsourced data is transmitted on an open network.Due to the complexity of the network,these data may face various security threats: 1)users need to authenticate to cloud service providers while accessing the cloud storage service;most of the existing research works suffer from password guessing attacks,which cannot meet the requirements for cloud service providers to securely and efficiently authenticate users’ identities.2)different users may upload the same data to the cloud server,which will cause redundant storage overhead.In order to ensure the confidentiality of data,different users encrypt the same data using the traditional encryption method to generate different ciphertext.If the cloud server saves multiple different ciphertext copies of the same data,redundant storage costs will be caused.Most of the existing encrypted data deduplication studies are unable to effectively verify the cloud server’s ownership of user data,and cannot support users to directly benefit from the de-duplication strategy.3)the outsourced data stored by users is physically uncontrollable,so that the outsourced data may be compromised or even lost and deleted.Existing research work is unable to effectively test the behavior of trusted third-party auditors,and encrypted deduplication and data integrity check functions will be deceived by the semi-honest cloud server.4)the outsourced data may contain users’ privacy.Existing retrieval schemes cannot be directly applied to the retrieval of attribute value type database.In this dissertation,we conduct in-depth research on key technologies of data outsourcing in cloud storage,including the following contents.1.Research on the techniques in authentication for cloud storage(1)With the two-layered encryption technique,we design a password-protected key management system for cloud storage,dubbed PUOKMS.In PUOKMS,a user,entering her/his correct password,can generate a secret hardened password for decryption.While ensuring high efficiency,PUOKMS can resist impersonation attacks and collusion attacks.(2)With the servers-aided encryption mechanism,we “seamlessly” integrate two authentication factors(i.e.,password +hardware token)into one authentication credential.We design a non-interactive reverse firewall signature mechanism,which reduces the costs on the user side while guaranteeing security.Based on the two mechanisms,we propose a secure and efficient authentication scheme from password-protected hardware tokens,dubbed ATTACH.ATTACH achieves a strong security guarantee with high efficiency.2.Research on the techniques in data deduplication for cloud storage(1)With bloom filter and message-locked encryption techniques,we conceive a proofs of ownership-based client-side encrypted data deduplication scheme,dubbed CSED.CSED can resist brute-force attacks and illegal content distribution attacks.Additionally,CSED would reduce the costs in the client side significantly.(2)With the integration of the bidirectional proofs of ownership(Po Ws),cryptographic accumulator,and servers-aided message-locked encryption(MLE)techniques,we propose a secure transparent encrypted data deduplication scheme,which ensures users can directly benefit from the deduplication and supports users to check the deduplication pattern by a sampling mechanism.Meanwhile,we integrate transparent auditing and transparent encrypted deduplication into a system,dubbed BLIND.BLIND achieves a strong security guarantee with high efficiency.3.Research on the techniques in public data integrity verification for cloud storage(1)With the blockchain technique,we propose an efficient public integrity verification scheme against malicious auditors.In the proposed scheme,we design a smart contract to verify the validity of each recorded entry.We propose an auditing record chain built on the Ethereum blockchain to link all auditing entries according to the same data to reduce the checking costs significantly.(2)With the blockchain and aggregated signature techniques,we construct a transparent data integrity auditing scheme that goes one step beyond existing public data integrity verification and private data integrity verification.The auditing task neither relies on the third-party auditor(TPA)nor the users.Transparent data integrity auditing can resist the cloud server’s misbehaviors: do not perform tasks,generate a biased auditing result,and procrastinate integrity auditing.4.Research on the techniques in data retrieval for cloud storage(1)We present a multi-user dynamic symmetric searchable encryption(DSSE)scheme for an attribute-value type database based on blind storage,dubbed MDSSE.In MDSSE,the counters’ information for keywords is stored in the cloud server via the blind structure.Meanwhile,each data owner computes labels for her/his outsourced data and stores these labels in a triple dictionary.MDSSE supports that authorized users can retrieve data by keywords and attributes,and ensure the outsourced data confidentiality.(2)We propose a multi-user setting DSSE scheme for the cloud-assisted e Health system that supports the attribute-value type database.Each doctor generates labels for her/his outsourced e Health records(EHRs)and stores them in a triple dictionary.Meanwhile,during searching,a researcher generates decryption keys by interacting with a group of identity servers in an oblivious way,and then she/he searches the database to retrieve target EHRs.There are two highlights in this paper.The first one is we propose a two-factor authentication scheme based on password and hardware token,which can resist backdoor attacks and lost exhaustion attacks.The second one is,based on the blockchain technology,we propose a transparent data integrity auditing and transparent deduplication scheme,which can resist malicious behaviors of cloud server.