Construction of security protection scheme for user's privacy data based on cloud computing

Source: Internet
Author: User
Keywords Cloud computing security data security

Cloud computing technology to provide users with multi-functional, personalized service at the same time, it is also easy to cause the user's personal privacy data leaked. The application provider stores the data information in the data center of a third-party cloud computing service provider, and users access the data information through a variety of third-party excuses provided by the cloud services provider. In the process of data access, cloud computing service providers play a key role in the effective protection of users ' privacy data security has a direct impact. In the Cloud Computing Application service mode, the user privacy data and the traditional personal privacy information are very different, how to effectively protect the user's personal privacy data security is the challenge in the field of information security. How to ensure that the user identity will not be exposed by cloud computing service providers, theft, has become the cloud computing security in the field of urgent problems to be solved.

This article aims at the more common data privacy disclosure problem in cloud Computing application service. The use of public encryption based on user identity, combined with secret sharing strategy to protect the security of user privacy data, as well as the new user identity will not cause new privacy data leakage, with high performance, low cost, small energy consumption characteristics.

1, based on user identity encryption technology (IBE)

In the face of the information security threat brought by CA certification Center in traditional security authentication system, it can be prevented by using the encryption algorithm based on user identity. The encryption algorithm based on user identity was originally designed to solve the impact of CA Certification Center on e-mail authentication system, to ensure the uniqueness of email name in e-mail system, and to convert the string into a public key corresponding to the user by using algorithm strategy, which avoids the need for users to use the public key of other users. The malpractice of the authentication center to reconnect, also reduces the workload of the Key Management Center, the private key is transmitted through the security channel to the corresponding user, thus, based on the user identity encryption algorithm workflow as shown in Figure 1.

  

The encryption algorithm based on user identity mainly includes two special advantages: first, when the user and other users transfer ciphertext, no need to interact with the Key Management center data can achieve data encryption, and only the target users can decrypt the ciphertext to see; the second is in the data encryption process, User identity definition work is simple and fast, only need a string of unique character characters can realize the difference of user identity, so as to guarantee the uniqueness of the user's public key.

2, based on Ibe cloud computing Data Privacy protection Scheme construction

2.1 User Authorized Access

In the cloud computing environment, the data provider can make use of the security parameter generator in the Ibe encryption strategy to control the user's permission to upload the data information effectively. According to the user's public key to encrypt the data information, thus, only the user with the public key can get the encrypted data information through the personal private key, but the encryption of all data information using the Ibe encryption strategy will consume a large cost, usually, only use the Ibe to encrypt the key data information, For example, user personal identity privacy data, user upload data location and so on. Moreover, in the cloud computing service delivery platform, the user identity should be unified authentication and management, to ensure that each user has a unique identity. Thus, the data provider can implement the authentication to the cloud computing service provider. Whether it is a provider of cloud services recognized by a data provider, or a cloud service provider with which it works, the data decryption cannot be realized even if the cloud services provider obtains encrypted data, provided the data provider does not authorize it.

2.2 Data-tolerant recovery

The secret sharing strategy is to use polynomial to divide the secret into N parts and set threshold K (n>k), so as long as the user has more than K share, the secret can be restored. In secret sharing strategy, the secret can be either data location information, user identity information, or a string of data key. Usually, the secret share is distributed in the storage space provided by the cloud computing service provider, as long as the untrusted cloud service provider's storage space is less than n-k, the service provider cannot break the secret, thus enhances the security of the user's personal privacy data. At the same time, the secret sharing strategy can satisfy the distributed characteristics of cloud computing technology, so long as the correct secret share is greater than K, the original secret can be reconstructed, and the user can get the right personal data.

  

2.3 Authorization Data validation

In order to ensure that the data information used by the users of cloud computing originates from the encrypted data uploaded by the data provider, the data transmission and storage are not cracked by the outside illegal intruders, so the secret sharing strategy can be validated by introducing the verification link in the secret sharing strategy. In order to ensure the security and integrality of the encrypted data, the data provider must be authenticated by digital signature when it needs to access the data, and then use its own unique information to sign the data information.

Therefore, the Privacy data security solution proposed in this paper includes four steps: System initialization, secret distribution, secret share verification, secret reconfiguration. The specific protection scenario is shown in Figure 2.

3. Conclusion

Cloud Computing user privacy data protection and traditional user data security is different, because the cloud computing technology has distributed characteristics, its boundaries are also fuzzy, coupled with cloud computing service provider space Open, easy environment, therefore, effectively solve the cloud computing service provider of user privacy data protection problem is very important, In this paper, the privacy protection scheme of cloud computing based on Ibe can ensure that the user's privacy data is not compromised and has a good application prospect.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.