Research On Data Encryption Schemes Based On Password-Hardened

With the rapid development of the Internet,more and more users are using various online services provided by service providers,which causes a huge amount of user private data is stored on servers.However,increasing data breaches make people worry about the security of their private data stored on servers.To solve the problem of user privacy leakage caused by data breaches,some service providers encrypt the data in servers,while bringing new challenges.On one hand,the length of the key should be long enough and unauthorized users cannot obtain the correct key.On the other hand,users should be able to recover the correct key when logging into servers through different devices.The password-hardened encryption can solve both problems at the same time.The password is hardened under a key held by an external server,and derives a strong encryption key to encrypt user data.It ensures that only the user who provides the correct password can successfully log into the server and recover the correct decryption key.However,existing password-based data encryption schemes often face the problems of strong security assumptions and leaking user privacy data.Combining the above problems and the vulnerability of passwords to brute-force attacks,we proposed two new schemes.The main contributions can be summerized as follows:1.This thesis proposes an server-assisted password-hardened data encryption scheme named SPHE.In SPHE,users provide passwords to the server,and external servers assist the server in enhancing the password.The external servers share a master key in a threshold manner,as long as no more than t(where t is the threshold)external servers are compromised simultaneously,SPHE can ensure the security of user passwords and privacy data.SPHE also solves the single-point failure in PHE and the eavesdroppingimpersonation attack in TPHE.This thesis evaluates the performance of the SPHE,showing that it is efficient and saves more than half of the computation and communication costs compared to TPHE scheme.2.This thesis proposes a password-hardened cloud storage encryption scheme named UPHE.It deploys multiple key servers to interact with users to harden passwords,derives a signing key pair(usk,upk)to register with the cloud server,and generates a strong key to encrypt user data.UPHE optimizes the password-hardened algorithm and solves the limitation in existing schemes.Zero-knowledge proof and ciphertext integrity verification are added to UPHE to detect malicious behavior of both the key servers and the cloud server,while ensuring the correctness of the scheme.This thesis evaluates the performance of UPHE,which demonstrates the security and efficiency of UPHE.