Research On Secure Cloud Ciphertext Deduplication Based On SGX

As more and more users outsource their data to cloud servers,the amount of data stored on cloud servers has exploded.The cloud storage server stores multiple copies of the same file because the data outsourced by different users to the cloud storage server may be duplicate,resulting in data redundancy.In order to solve the above problems,data deduplication technology emerges.By deleting duplicate data,the cloud servers reserve only one physical copy of the same file for different users.For client users,subsequent uploaders of the same file do not need to upload the same file repeatedly,reducing the bandwidth consumed by client data upload and improving the file storage efficiency.For cloud storage service providers,the data deduplication technology not only reduces data redundancy,improves storage space utilization,and improves data access efficiency.However,in order to solve the problem of privacy disclosure and protect user privacy,data owners usually store data in ciphertext in the cloud server,which brings certain difficulties to the design of ciphertext based deduplication schemes.Therefore,the goals of data encryption and deduplication are contradictory.On the other hand,users are worried that their data files will be tampered with or deleted by the server,which puts forward a new requirement for our deduplication system,that is,how to help client users verify the integrity of their data to the server while ensuring the support of deduplication.Cloud audit with ownership transfer of data integrity audit label is a verifiable data holding scheme in a deduplication system,satisfying both verifiability and transferability.In particular,not only can cloud data be transferred to other cloud clients,but integrity verification tags can also be transferred to the new data owner.More specifically,it requires that an audit tag belonging to the old owner can be converted to that of the new owner by replacing the key used to generate the audit tag while still maintaining verifiability.To this end,this thesis nalyzes and studies the security of data stored on cloud servers,specifically as follows:(1)We design a ciphertext-based data deduplication scheme,which uses Intel SGX as a trusted execution environment on the server instead of a trusted third party to perform sensitive operations,and verifies the client user’s data ownership of a file.Meanwhile,the data sealing mechanism provided by Intel SGX is used to store the file encryption key securely and persistently on the cloud server so as to complete the secure key distribution to subsequent file uploaders.(2)We found that the existing integrity audit scheme that supports label transfer is inefficient,which brings great communication overhead between the client and the cloud server.In this thesis,we use Intel SGX to propose a security audit protocol with efficient ownership transfer for cloud data.Specifically,our scheme completes the ownership transfer of data integrity tags on the cloud server,reduces the communication overhead caused by ownership transfer,and improves the efficiency of audit label transfer.