Research On Deduplication Methods For Encrypted Data In Cloud Storag

With the continuous increase of locally generated data,the user generally chooses to upload his/her to the cloud storage system.The cloud server provides data storage and management services for the user.Over time,the scale of data stored in the cloud server increases explosively,resulting in a large amount of data redundancy in the cloud server.In order to reduce storage costs,reclaim storage space and improve the utilization of storage space,data deduplication technology came into being.Data deduplication means that the cloud server only stores one duplicate data for the same data,and creates access links for other users who own the duplicate data.With the continuous improvement of the user’s security awareness,the user gradually realize that the data stored in the cloud server may be leaked,destroyed or modified.In order to protect data privacy,the user usually encrypt the data before uploading it to the cloud server.However,because different users hold different keys,the same plaintext data is encrypted into different ciphertext data,which makes it difficult to perform data deduplication operation for the cloud server.Therefore,the compatibility of data deduplication technology and data encryption technology,that is the problem of encrypted data deduplication,is one of the current research hotspots in the field of cloud storage security.This thesis mainly studies the duplication methods of encrypted data in cloud storage.In order to solve the computational efficiency and security problems in the current encrypted data deduplication scheme,the following three schemes are proposed:(1)Data sharing is very important for medical researchers to do research on certain diseases in cloud-assisted electronic medical systems.Nonetheless,there are large amounts of duplicate data in shared electronic medical records,which incurs redundant storage.In addition,data sharing of electronic medical records might expose the sensitive information of patients.In order to address above problems,we propose an encrypted data deduplication and sharing scheme for cloudassisted electronic medical systems in this thesis.In order to protect the sensitive information privacy and enhance the deduplication efficiency,we replace the patient’s sensitive information of electronic medical records by wildcards before encrypting the whole electronic medical records.In this way,the authorized researcher can decrypt and obtain the electronic medical record,but cannot obtain the patient’s sensitive information in the electronic medical record.Moreover,we clarify the diagnose information of the electronic medical records into different types according to the duplicate ratio.The authorized researchers can selectively download data according to the duplicate ratio of diagnostic information.The proposed scheme can resist brute-force attacks and single-point-of-failure attack.The experimental results show our proposed scheme is more efficient than the existing schemes.(2)In the encrypted data deduplication scheme based on popularity,convergent encryption algorithm is generally used to encrypt the data with high popularity,and double-layer encryption algorithm is used to encrypt the data with low popularity.However,these schemes have huge computational overhead because of the adopted double-layer encryption for the whole data and the complex symmetric key delivery.In order to address this problem,we design a lightweight encrypted data deduplication scheme based on data popularity.We propose a new outer-layer encryption strategy,which only encrypts part of the inner-layer convergent ciphertext.This strategy reduces the computational overhead of outerlayer encryption,while ensuring that unpopular data is still semantically secure.In addition,we use a new method to transfer the key of the outer-layer encryption.It not only reduces the computational overhead of the user to generate and encrypt the symmetric key,but also reduces the computational overhead of the cloud server to decrypt the symmetric key when popularity transition arises.Finally,the experimental results demonstrate that our scheme is more efficient than existing schemes.(3)In order to solve the problem of how to use data deduplication technology to save storage space and ensure data security at the same time,some studies introduce the concept of data popularity to find a balance between data deduplication technology and data security.However,the existing schemes do not consider the problem of data access control.If the revoked user obtains the ciphertext of popular data,he also can decrypt the ciphertext to obtain the plaintext data.In this thesis,we propose an encrypted data deduplication scheme supporting dynamic ownership management,which can prevent the revoked user from obtaining plaintext data.We use proxy re-encryption algorithm to encrypt convergent ciphertext which is able to prevent ciphertext data from leaking information of popular data.Besides,we design a new proof of ownership protocol to prevent the revoked user from regaining access to the data.In this way,the revoked user will not be able to obtain plaintext data.