Year

2020

Degree Name

Doctor of Philosophy

Department

School of Computing and Information Technology

Abstract

The widely applied cloud has brought the rapid increase in digital data. In spite that the internet services are widely adopted in the daily life, cloud clients take a great concern to security and privacy of their digital data because of losing the direct control of their data managed by the cloud server. Security and privacy become significant barriers to the spread of various internet technologies, such as cloud computing and cloud storage. To protect the data privacy, cloud clients can upload their data in the encrypted form. However, this creates a barrier for data classification and search operations. Testing if two ciphertexts contain the same plaintext is a promising approach to address the problem. It implies that the clients can query if the plaintext embedded in a ciphertext is equal to that in the queried ciphertext without decryption. Although it is not hard to achieve with cryptography, the security against the insider attack (by the cloud server) is challenging. In addition to ensuring data privacy while allowing searching and classification using advanced encryption, the integrity of (possibly encrypted) data is another critical security issue that must be well addressed. For ensuring data integrity, the cloud clients can adopt cryptographic protocols such as proof of storage (PoS) which enables a cloud storage provider to prove that a client’s data is intact. However, the existing PoS protocols are not designed for the pay-as-you-go (PAYG) business model in which payment is made based on both storage volume and duration. Moreover, none of the existing works have considered the condition that the clients make any changes to storage duration. The data privacy and integrity issues in the above scenarios are the main concerns in cloud storage, since the attacker including the cloud server has incentive to learn the data content or cover up data loss accidents. Therefore, it is crucial to adopt practical privacy-preserving methodologies to address privacy and integrity concerns in the cloud.

In this thesis, we propose a novel equality test scheme aiming to solve the problem of equality test over ciphertext. Our scheme adopts the identity-based approach to make the solution more practical. To further ensure the integrity of cloud data, which can be first encrypted using our identity-based encryption with equality test, we propose cryptographic protocols suitable for the novel PAYG payment model to address the problems of data integrity checking in the cloud. The first protocol is time encapsulated that ensures the original file can be retrived after successful auditing by a client. The second protocol is a privacy-preserving public auditing protocol that allows a third-party auditor (TPA) to audit outsourced data on behalf of its clients without sacrificing the data or the timestamp (i.e., time of storage). We also suggest a data integrity checking scheme to simultaneously check the data content and storage duration represented by an updatable timestamp with strong privacy against TPA. All the aforementioned works are with provable security based on the intractability of some computationally hard problems. We compare our works with the existing significant works in order to analyze their efficiency in practice.

Share

COinS
 

Unless otherwise indicated, the views expressed in this thesis are those of the author and do not necessarily represent the views of the University of Wollongong.