Doctor of Philosophy
School of Computer Science and Software Engineering
Zhou, Miao, Data security and integrity in cloud computing, Doctor of Philosophy thesis, School of Computer Science and Software Engineering, University of Wollongong, 2013. http://ro.uow.edu.au/theses/3990
Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., network, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. During the last a few years, data security and integrity in cloud computing has emerged as a significantly important research area that has attracted increasing attention from both industry and academia. The virtual environment of cloud computing allows users to access computing power that exceeds what is contained within their own physical worlds. To enter this virtual environment, cloud users must transfer data throughout the cloud. Typically, cloud users know neither the exact location of their data nor the other sources of the data collectively stored with theirs. Consequently, several data security and integrity concerns have arisen, including key management, access control, searchable encryption techniques, remote integrity checks and proof of ownership in the cloud.
The first aspect of the work presented in this thesis is tree-based key management in cloud computing. Data encryption before outsourcing to the cloud is a common way to protect data privacy. Thus, key management is a challenging issue in cloud computing. It is the ability to correctly assign, monitor and secure keys which defines the level of operational security provided by any encryption implementation. The fundamental idea of this work is to design a secure and flexible key management mechanism for the outsourced data in cloud computing. In this thesis, an innovative tree-based key management scheme is proposed. The outsourced database remains private and secure, while some selected data and key nodes are shared with other parties in the cloud. Flexibility of key management is achieved and the security is proved in the standard model.
The second aspect of the work presented in this thesis is fine-grained access control. In order to secure the outsourced data in the cloud, designing efficient and secure access control is a challenging issue. Unlike traditional access control in which the data users and storage servers are in the same trust domain, access control techniques are very different in cloud computing, as the cloud servers are not trusted by most cloud users. The key idea of this work is to attribute sets-based access control. This thesis points out that any access policy can be defined as a logical expression formula over different attribute sets. Logical expression indicates what kind of user is allowed to access the data. A fine-grained and efficient access control is proposed, based on logical expression.
The third aspect of the work presented in this thesis is efficient searchable encryption techniques in cloud computing. Because the data is usually encrypted before being outsourced to the cloud, searching the encrypted data in cloud computing has recently gained attention and led to the development of efficient searchable encryption techniques. The fundamental idea of this work is to reduce the search cost on encrypted data. In this thesis, a practical keyword searching mechanism is proposed. The solution is very simple. It enables efficient multi-user keyword searches and hides the private information in the search queries. The security is proved in the standard model.
The fourth aspect of the work presented in this thesis is public remote data integrity checks. As the clients store important data in remote cloud storage without a local copy, it is important to check the remote data integrity. Design of efficient remote integrity check protocols without downloading the data is a challenging issue in cloud computing. The key idea of this work is a public remote integrity check based on zero-knowledge proof. In this thesis, an innovative public remote integrity check scheme (PRIC) is proposed. No information of either the verified data or the homomorphic tags is leaked. In addition, the experiment result shows that PRIC is efficient, especially when the data size is large or the integrity check is frequent. The security of PRIC is proved in the random oracle model.
The last aspect of the work presented in this thesis is proof of multiparty ownership for encrypted data in the cloud. There are many applications of ownership sharing by different users and the design of the proof protocols of joint ownership is a challenging issue. Meanwhile, the design of proof-of-ownership mechanisms for encrypted data is even more difficult. This is because encryption of the same file by different users with random keys results in different ciphertexts, and the cloud server cannot store the same hash root value for ownership verification. In this thesis, a proof of multiparty ownership solution (PMOW) with encrypted data is proposed. Every user can prove that he/she holds the plaintext of the encrypted file when the server stores one ciphertext only. In addition, a PMOW system is constructed. The security of PMOW is proved in the ideal cipher model.
The major contribution of this thesis is innovative and improved approaches to secure data in cloud computing. Using these approaches developed, a trustworthy cloud environment can be achieved.