Research Of Cloud Data Deletion Based On Attribute-Based Encryption

The convenience,on-demand configuration,flexible expansion and other advantages of cloud storage attract users to store their data in the cloud,including a large number of sensitive and even confidential data.As the last stage of the life cycle of cloud data,data deletion needs to ensure that the deleted data is unrecoverable.Due to the factors such as the separation of controlment and ownership of the cloud data,and the uncontrollable cloud server for users,when deleting cloud data,the third-party cloud server may not follow the user’s requirements of data deletion for potential benefits,and users cannot verify the deletion result.Therefore,it is necessary to realize the assured deletion of cloud data and support the verifiability of the deletion result.In addition,the amount of cloud data is under explosive growth,so the use of data deduplication technology to optimize storage efficiency and reduce management costs has become a hot research topic in academia and industry.In practical applications,in order to protect data privacy,users usually encrypt the data before uploading it to the cloud,so the same plaintext data may results in different ciphertexts,which brings new challenges to the technology of data deduplication.Therefore,how to design and implement data deduplication schemes in encrypted scenarios is also of great research significance and practical value.In view of the above problems,this thesis has carried out analysis and research on three aspects: assured deletion of data in the cloud environment,verifiability of the deletion results and data deduplication in encrypted scenarios.The main contributions of this thesis are as follows:Firstly,for the problem of assured deletion of data in the cloud environment,an assured data deletion scheme based on the key-policy attribute-based encryption algorithm is proposed.Specifically,the original plaintext is converted into ciphertext by symmetric encryption algorithm at first.Then through the key-policy attribute-based encryption algorithm,Shamir secret sharing algorithm and boolean circuit,the symmetric key is associated with the attribute set,and the private key of the user is associated with the policy of access control,achieving fine-grained access control of the symmetric key.Finally,by revoking the key attribute necessary to access the symmetric key,all users can no longer obtain the symmetric key,thus the original plaintext cannot be decrypted,so as to achieve the purpose of assured deletion.This thesis clarifies the safety of the scheme through theoretical analysis,evaluates the correctness and performance of the scheme through experimental analysis,and confirms its practicability and high efficiency.Secondly,to achieve the verifiability of the deletion results,the large branch tree LBT is introduced in the above assured data deletion scheme.The user constructs a large branch tree based on the ciphertext components obtained in the attribute-based encryption stage,calculates the initial root value of the tree,and then sends the initial value and related information of the ciphertext components to the cloud server.When the cloud server completes the deletion operation,it recalculates the root value of the large branch tree,and returns to the user the new value as a proof of deletion.The user realizes the verification of the deletion result by calculating and comparing the deletion proof.This method overcomes the deficiency that users can only unconditionally trust the results returned by the cloud server,and is superior in performance to the existing verification schemes using Merkle hash tree.Thirdly,for the problem of data deduplication in encrypted scenarios,a data deduplication scheme based on the ciphertext-policy attribute-based encryption algorithm is proposed.The symmetric encryption algorithm is adopted to encrypt the original plaintext to obtain a ciphertext of the data,and the attribute-based encryption algorithm is adopted to encrypt the symmetric key to obtain a key ciphertext,then generates a duplication detection label corresponding to the original plaintext.Through the duplication detection label and the deduplication decision tree,the cloud server judges whether the data is duplicated with the data stored in the cloud without obtaining the content of the plaintext.When duplication is detected,the cloud server no longer stores the repeatedly uploaded data,but re-encrypts the unique copy of the key ciphertext of the data stored in the cloud,which effectively achieves data deduplication and guarantees users who hold the same data can successfully decrypt.Theoretical analysis clarifies the safety of the proposed scheme,and the experimental analysis confirmed the feasibility and efficiency of the scheme.