Distributed trust evaluation protocol and secure data query schemes for intercloud

Abstract

The aim of Intercloud is to facilitate the sharing of data and cloud resources so that more co-operative cloud services can be provided. In this thesis, we investigate two important security issues for supporting Intercloud, namely distributed trust evaluation and secure data query. In the first part of the thesis, we present a distributed trust evaluation protocol with privacy protection for Intercloud. First, feedback privacy is protected by homomorphic encryption with verifiable secret sharing. Second, to cater for the dynamic nature of Intercloud, trust evaluation can be conducted in a distributed manner and is functional even when some of the parties are offline. Third, to facilitate customized trust evaluation, an innovative mechanism is used to store feedback, such that it can be processed flexibly while protecting feedback privacy. The protocol has been proved based on a formal security model. Simulations have been performed to demonstrate the effectiveness of the protocol. In the second part of the thesis, we design and evaluate a privacy-preserving range query scheme for cloud storage, which can protect the privacy of record and range queries. During range comparison, our scheme neither leaks the order relationship between the upper/lower bound of a range query and the encrypted index, nor produces false positives in the query results. The experimental result indicates that our scheme can achieve higher security while maintaining good efficiency. In the third part of the thesis, we investigate another secure data query issue, which is about access pattern leakage attack on searchable encryption under an Intercloud environment. Basically, both records and queries are distributed among servers of different cloud service providers, so that each cloud server can only have partial information about queries and their results. To minimize the query response time while protecting information disclosure, we formulate the record and query assignment as an optimization problem, and solve the problem (i.e., finding the best possible solution) by the minimum cut algorithm. Numerical results show that certain access pattern information can be saved by our assignment strategy while maintaining good query response time.