Research On Secure Data Escrowing And Sharing Technology In Cloud

The application of cloud computing technology enables people to escrow a large amount of data to the cloud,which reduces the user's hardware investment,improves the utilization of computing resources.At the same time,it also brings security issues: the cloud has full control of user data,and data privacy is difficult to guarantee.In response to the above problems,the existing studies have given two methods for coping,one based on ciphertext and one based on plaintext.The former encrypts the data so that even if the data leaks,the adversary is hard to decrypt it for obtain valid information.The latter certifies the cloud service provider by adding some tokens in the plaintext to prove that the data has leaked.If the file is stored in the cloud in ciphertext,a corresponding problem arises: how to ensure the efficient and secure distribution of the key when sharing files.The mainstream solution is attribute-based encryption,but research has shown that it is not mature in terms of practicality.When documents are escrowed in the cloud in the form of clear text,then users will bear the risk of cloud service providers leaking data to others.After in-depth study of the existing leak tracking technology,it is found that the current scheme can only unilaterally prove the data leakage from the user's perspective,but it cannot prove that the data was not intentionally leaked by its owner to scuttle the cloud service provider for obtain legal compensation.This paper makes a detailed analysis of the above problems,separately proposed the improvement plan.For the defects of the current attribute-based encryption scheme,this paper proposes an improved construction method.Its main feature is to take into account four aspects at the same time:(1)Construction based on the lattice;(2)Support for multi-agency attribute authorization;(3)Support for multi-valued attributes;(4)Public key sizes only positively correlated with the number of attribute authorization agencies.Compared with the traditional bilinear pairing construction,the lattice-based construction can make the encryption and decryption more efficient and safer;the multi-institution attribute authorization can effectively prevent the single-organization corruption problem;the multi-valued attribute support can make the access control granularity even more refinement;public keys are not proportional to the number of attributes,making storage less expensive and easier to manage.Finally,the correctness and security of the scheme are proved.It is concluded that the scheme meets the chosen plaintext attack security model.In the case of plaintext,where the parties do not trust each other,a data escrow agreement that the two parties cannot deny in the event of a data leakage is proposed to cryptographically constrain both the cloud service provider and the user.The protocol embeds the signature of the cloud service party in the user's data through interaction.During the execution phase of the protocol,the other party's information obtained through the protocol is encrypted.This means that both parties cannot use the other party's information legally,thus when the data is leaked,upon detection,the identity of the offender can be proved.Finally,the code of the proposed protocol was implemented and tested experimentally.The test results verify the correctness and security of the scheme.Compared with existing solutions in terms of functionality and efficiency,the results show that the security of the proposed protocol satisfies the hosting requirements of non-sensitive information and saves more computing resources and storage resources than the full-homomorphic encryption scheme.